NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
162.159.135.233	Active	Moloch
164.124.101.2	Active	Moloch
173.231.16.77	Active	Moloch

Name	Response	Post-Analysis Lookup
discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.133.233 A 162.159.129.233 A 162.159.130.233	162.159.129.233
api.ipify.org	A 173.231.16.77 A 64.185.227.156 CNAME api4.ipify.org A 104.237.62.212	104.237.62.212

UDP Requests

POST 100 https://discordapp.com/api/webhooks/1163583965509197905/ZzAXRCqQ-ibE4oUwqs0NHv2AGzFsUnKD01ZpDXfNz05uyDGnR6CuWR8nGyVChCCCECqd

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
UDP 192.168.56.101:54148 -> 8.8.8.8:53	2035466	ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
TCP 173.231.16.77:443 -> 192.168.56.101:49165	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 173.231.16.77:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity
TCP 192.168.56.101:49165 -> 173.231.16.77:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 173.231.16.77:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity
TCP 192.168.56.101:49166 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49166 -> 162.159.135.233:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 173.231.16.77:443	2047703	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.101:49166 162.159.135.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	6e:02:1b:20:66:69:87:fb:2c:cb:b1:55:96:c9:78:3a:9c:81:1d:f4

Snort Alerts

No Snort Alerts