NetWork | ZeroBOX

IP Address	Status	Action
146.59.70.14	Active	Moloch
104.18.145.235	Active	Moloch
104.21.21.189	Active	Moloch
104.21.65.24	Active	Moloch
104.244.42.193	Active	Moloch
104.26.4.15	Active	Moloch
104.26.8.59	Active	Moloch
104.26.9.59	Active	Moloch
104.76.78.101	Active	Moloch
148.251.234.83	Active	Moloch
148.251.234.93	Active	Moloch
149.154.167.99	Active	Moloch
164.124.101.2	Active	Moloch
171.22.28.213	Active	Moloch
172.67.134.35	Active	Moloch
185.225.75.171	Active	Moloch
171.22.28.226	Active	Moloch
172.67.142.109	Active	Moloch
172.67.165.223	Active	Moloch
172.67.75.163	Active	Moloch
172.67.75.166	Active	Moloch
175.120.254.9	Active	Moloch
182.162.106.33	Active	Moloch
185.225.74.144	Active	Moloch
193.42.32.118	Active	Moloch
194.169.175.127	Active	Moloch
194.169.175.128	Active	Moloch
194.169.175.232	Active	Moloch
208.67.104.60	Active	Moloch
211.171.233.129	Active	Moloch
213.180.204.24	Active	Moloch
34.117.59.81	Active	Moloch
45.132.1.20	Active	Moloch
45.15.156.229	Active	Moloch
45.9.74.80	Active	Moloch
49.12.118.149	Active	Moloch
62.217.160.2	Active	Moloch
77.88.55.60	Active	Moloch
77.91.68.249	Active	Moloch
79.137.192.18	Active	Moloch
87.240.132.78	Active	Moloch
87.240.137.164	Active	Moloch
91.215.85.209	Active	Moloch
93.186.225.194	Active	Moloch
94.142.138.113	Active	Moloch
94.142.138.131	Active	Moloch
95.142.206.0	Active	Moloch
95.142.206.1	Active	Moloch
95.142.206.2	Active	Moloch
95.142.206.3	Active	Moloch

Name	Response	Post-Analysis Lookup
zexeq.com	A 211.40.39.251 A 115.88.24.200 A 181.170.86.159 A 175.119.10.231 A 190.139.250.133 A 175.120.254.9 A 211.181.24.133 A 201.119.22.36 A 211.171.233.129 A 190.224.203.37	181.170.86.159
octocrabs.com	A 172.67.200.10 A 104.21.21.189	172.67.200.10
apps.identrust.com	A 182.162.106.33 CNAME a1952.dscq.akamai.net A 182.162.106.32 CNAME identrust.edgesuite.net	23.43.165.66
twitter.com	A 104.244.42.193	104.244.42.129
ipinfo.io	A 34.117.59.81	34.117.59.81
sso.passport.yandex.ru	A 213.180.204.24 CNAME passport.yandex.ru	213.180.204.24
colisumy.com	A 93.112.205.101 A 187.18.108.158 A 211.104.254.139 A 211.168.53.110 A 84.224.231.39 A 211.119.84.112 A 211.59.14.90 A 180.94.156.61 A 211.171.233.129 A 195.158.3.162	187.18.108.158
sun6-23.userapi.com	A 95.142.206.3	95.142.206.3
api.db-ip.com	A 172.67.75.166 A 104.26.4.15 A 104.26.5.15	104.26.5.15
rangeroverfan.org	A 104.21.66.240 A 172.67.165.223	104.21.66.240
galandskiyher5.com	A 194.169.175.127	194.169.175.127
onualituyrs.org	A 91.215.85.209	91.215.85.209
sun6-22.userapi.com	A 95.142.206.2	95.142.206.2
yandex.ru	A 5.255.255.77 A 77.88.55.88 A 77.88.55.60 A 5.255.255.70	77.88.55.88
foxandcatbet.org	A 104.21.71.26 A 172.67.142.109	104.21.71.26
elijahdiego.top	A 45.132.1.20	45.132.1.20
dzen.ru	A 62.217.160.2	62.217.160.2
neuralshit.net	A 172.67.134.35 A 104.21.6.10	172.67.134.35
www.maxmind.com	A 104.18.145.235 A 104.18.146.235	104.18.145.235
iplis.ru	A 148.251.234.93	148.251.234.93
telegram.org	A 149.154.167.99	149.154.167.99
vk.com	A 87.240.129.133 A 87.240.132.72 A 87.240.132.67 A 87.240.137.164 A 93.186.225.194 A 87.240.132.78	87.240.137.164
iplogger.org	A 148.251.234.83	148.251.234.83
sun6-20.userapi.com	A 95.142.206.0	95.142.206.0
api.2ip.ua	A 104.21.65.24 A 172.67.139.220	104.21.65.24
t.me	A 149.154.167.99	149.154.167.99
lakuiksong.known.co.ke	A 146.59.70.14	146.59.70.14
sun6-21.userapi.com	A 95.142.206.1	95.142.206.1
steamcommunity.com	A 104.76.78.101	104.76.78.101
jackantonio.top	A 45.132.1.20	45.132.1.20
api.myip.com	A 172.67.75.163 A 104.26.9.59 A 104.26.8.59	104.26.8.59
db-ip.com	A 104.26.5.15 A 104.26.4.15 A 172.67.75.166	104.26.4.15

TCP Requests

UDP Requests

GET 200 https://api.myip.com/

GET 200 https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1

HTTP/1.1 200 OK Server: kittenx Date: Tue, 17 Oct 2023 07:18:12 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 333368 Connection: keep-alive X-Powered-By: KPHP/7.4.114837 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixlang=17; expires=Fri, 11 Oct 2024 07:55:18 GMT; path=/; domain=.vk.com Set-Cookie: remixstlid=9109910959643139006_imeyPH694VJwPOYKbZekgdyYvycjLzClzItC9YfDpIz; expires=Wed, 16 Oct 2024 07:18:12 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixlgck=e5cda5eec07ea55f93; expires=Sat, 12 Oct 2024 08:26:07 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstid=576096751_W1fMGiCUfMAkM5FQkfUmzK7UF2xy08dw1zQaIYRzC3X; expires=Mon, 21 Oct 2024 21:55:11 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front225207 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend

Source	Destination	ICMP Type	Data
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49183 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49176 104.26.8.59:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49230 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49222 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49226 95.142.206.3:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49239 95.142.206.0:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49241 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49224 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49227 95.142.206.3:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49235 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49246 95.142.206.2:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49247 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49244 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49245 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49248 87.240.132.78:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49249 95.142.206.1:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49260 104.26.9.59:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49257 104.21.65.24:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=*.2ip.ua	89:d4:db:86:86:4b:66:21:04:8f:0e:6c:cc:a5:4a:d5:67:73:3c:c9
TLSv1 192.168.56.102:49276 104.26.4.15:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5
TLSv1 192.168.56.102:49294 213.180.204.24:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018	C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru	3a:82:43:a9:43:9c:c8:90:01:04:4f:74:1b:6c:cd:4b:9b:19:7d:93
TLSv1 192.168.56.102:49286 62.217.160.2:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018	C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru	6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2
TLSv1 192.168.56.102:49292 104.21.65.24:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=*.2ip.ua	89:d4:db:86:86:4b:66:21:04:8f:0e:6c:cc:a5:4a:d5:67:73:3c:c9
TLSv1 192.168.56.102:49273 104.26.9.59:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49280 77.88.55.60:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018	C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai	e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24
TLSv1 192.168.56.102:49301 104.26.4.15:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5
TLSv1 192.168.56.102:49316 87.240.137.164:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49295 87.240.137.164:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49329 104.76.78.101:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5
TLSv1 192.168.56.102:49306 172.67.75.166:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5
TLSv1 192.168.56.102:49332 172.67.75.163:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49318 95.142.206.1:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49342 93.186.225.194:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49343 172.67.142.109:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=foxandcatbet.org	b9:77:79:a2:00:91:6e:0c:9e:08:d1:dd:e6:2a:05:ec:07:b8:62:f7
TLSv1 192.168.56.102:49356 104.21.21.189:443	C=US, O=Let's Encrypt, CN=E1	CN=octocrabs.com	77:33:49:da:ac:e1:32:31:64:ad:8a:16:84:a3:aa:04:d0:fc:15:d7
TLSv1 192.168.56.102:49345 172.67.165.223:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=rangeroverfan.org	39:d6:2c:66:18:a0:24:e5:a4:2d:5a:5a:58:90:fa:6d:50:e8:05:54
TLSv1 192.168.56.102:49362 93.186.225.194:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49365 172.67.134.35:443	C=US, O=Let's Encrypt, CN=E1	CN=neuralshit.net	48:34:be:08:a6:7d:1e:ee:b7:5d:2d:12:63:b2:18:02:6a:d9:0d:74
TLSv1 192.168.56.102:49366 93.186.225.194:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49368 95.142.206.3:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49371 93.186.225.194:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09

ICMP traffic

IRC traffic

Suricata Alerts

Suricata TLS

Snort Alerts