NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 07:09
Iranian Hackers Tried ...
09.21 06:09
Prime Day is approachi...
09.21 06:09
heise-Angebot: NEU im ...
09.21 06:09
Datenschutzvorfall bei...
09.21 05:09
Ausfallzeiten gegen nu...
09.21 05:09
There’s No Lower Spec ...
09.21 05:09
[PASCON 2024-영상] 박재민 엔...
09.21 04:09
[PASCON 2024-영상] SK쉴더스...
09.21 04:09
[PASCON 2024-영상] 윤영 익스...
09.21 03:09
[PASCON 2024] 옥타코 이재형 ...

NetWork | ZeroBOX

IP Address	Status	Action
132.226.8.169	Active	Moloch
164.124.101.2	Active	Moloch
172.67.191.205	Active	Moloch
182.162.106.32	Active	Moloch

Name	Response	Post-Analysis Lookup
apps.identrust.com	A 182.162.106.33 CNAME a1952.dscq.akamai.net A 182.162.106.32 CNAME identrust.edgesuite.net	23.67.53.27
checkip.dyndns.org	A 132.226.8.169 CNAME checkip.dyndns.com A 193.122.130.0 A 132.226.247.73 A 158.101.44.242 A 193.122.6.168	158.101.44.242
rakishev.org	A 104.21.20.56 A 172.67.191.205	172.67.191.205

TCP Requests

UDP Requests

GET 200 http://checkip.dyndns.org/

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49174 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49171 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2043238	ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 132.226.8.169:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49167 -> 172.67.191.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49169 172.67.191.205:443	C=US, O=Let's Encrypt, CN=E1	CN=rakishev.org	0c:42:8c:32:44:4b:bd:de:80:d0:00:61:41:12:03:95:25:52:06:2c
TLSv1 192.168.56.103:49174 172.67.191.205:443	None	None	None
TLSv1 192.168.56.103:49175 172.67.191.205:443	None	None	None
TLSv1 192.168.56.103:49170 172.67.191.205:443	C=US, O=Let's Encrypt, CN=E1	CN=rakishev.org	0c:42:8c:32:44:4b:bd:de:80:d0:00:61:41:12:03:95:25:52:06:2c
TLSv1 192.168.56.103:49171 172.67.191.205:443	C=US, O=Let's Encrypt, CN=E1	CN=rakishev.org	0c:42:8c:32:44:4b:bd:de:80:d0:00:61:41:12:03:95:25:52:06:2c
TLSv1 192.168.56.103:49167 172.67.191.205:443	C=US, O=Let's Encrypt, CN=E1	CN=rakishev.org	0c:42:8c:32:44:4b:bd:de:80:d0:00:61:41:12:03:95:25:52:06:2c

Snort Alerts

No Snort Alerts