NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...
01.18 09:01
IT Sicherheitsnews tae...
01.18 08:01
TikTok’s national secu...
01.18 08:01
US-Gericht bestätigt T...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.222.26	Active	Moloch
95.214.27.121	Active	Moloch

Name	Response	Post-Analysis Lookup
imageupload.io	A 104.21.83.102 A 172.67.222.26	104.21.83.102

TCP Requests
- 192.168.56.101:49165 172.67.222.26:443
  imageupload.io
- 192.168.56.101:49167 95.214.27.121:80

UDP Requests

GET 200 https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg

GET 200 http://95.214.27.121/mashilao.txt

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 172.67.222.26:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 95.214.27.121:80 -> 192.168.56.101:49167	2020425	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1	Exploit Kit Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49165 172.67.222.26:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=imageupload.io	7f:d3:2d:a3:40:e0:de:64:4d:f5:a5:0f:96:b0:ae:07:58:85:a8:85

Snort Alerts

No Snort Alerts