NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...
09.21 12:09
Updated CISA exploited...
09.21 12:09
Several orgs purported...
09.21 12:09
New CISA guidance seek...
09.21 12:09
Lumma Stealer deployed...

NetWork | ZeroBOX

IP Address	Status	Action
104.237.62.212	Active	Moloch
164.124.101.2	Active	Moloch
194.180.49.211	Active	Moloch

Name	Response	Post-Analysis Lookup
api.ipify.org	A 173.231.16.77 A 64.185.227.156 CNAME api4.ipify.org A 104.237.62.212	173.231.16.77

UDP Requests

GET 200 http://194.180.49.211/D/cborinew.txt

GET 200 http://194.180.49.211/D/DLLL.txt

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 194.180.49.211:80 -> 192.168.56.101:49162	2029538	ET HUNTING EXE Base64 Encoded potential malware	Misc activity
TCP 194.180.49.211:80 -> 192.168.56.101:49162	2029538	ET HUNTING EXE Base64 Encoded potential malware	Misc activity
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
TCP 104.237.62.212:443 -> 192.168.56.101:49167	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49167 -> 104.237.62.212:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity
TCP 192.168.56.101:49167 -> 104.237.62.212:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49167 -> 104.237.62.212:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
TCP 192.168.56.101:49167 -> 104.237.62.212:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts