NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 08:11
[UPDATE] [niedrig] Lin...
11.14 08:11
[UPDATE] [mittel] Pyth...
11.14 08:11
[UPDATE] [mittel] Linu...
11.14 08:11
[UPDATE] [hoch] expat:...
11.14 08:11
[UPDATE] [hoch] Python...
11.14 08:11
Dringend patchen: Krit...
11.14 08:11
Gratis-Tool: Sicherhei...
11.14 08:11
Datenleck bei Online-A...
11.14 08:11
Update now! November P...
11.14 08:11
‘Squid Game’ Returns i...

NetWork | ZeroBOX

IP Address	Status	Action
103.47.144.44	Active	Moloch
151.101.196.209	Active	Moloch
164.124.101.2	Active	Moloch
185.199.109.133	Active	Moloch
20.200.245.247	Active	Moloch

Name	Response	Post-Analysis Lookup
objects.githubusercontent.com	A 185.199.109.133 A 185.199.111.133 A 185.199.110.133 A 185.199.108.133	185.199.108.133
repo1.maven.org	A 151.101.196.209 CNAME dualstack.sonatype.map.fastly.net	199.232.196.209
jinvestments.duckdns.org	A 103.47.144.44	103.47.144.44
github.com	A 20.200.245.247	20.200.245.247

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:53778 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.102:53778 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
UDP 192.168.56.102:51405 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.102:51405 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49163 151.101.196.209:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1	CN=repo1.maven.org	94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3
TLS 1.2 192.168.56.102:49166 185.199.109.133:443	C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1	C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io	a1:46:14:c7:2a:1d:52:79:f6:aa:2b:b2:c5:0a:3b:d3:f5:02:06:75
TLS 1.2 192.168.56.102:49165 151.101.196.209:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1	CN=repo1.maven.org	94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3
TLS 1.2 192.168.56.102:49162 20.200.245.247:443	C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1	C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com	a3:b5:9e:5f:e8:84:ee:1f:34:d9:8e:ef:85:8e:3f:b6:62:ac:10:4a
TLS 1.2 192.168.56.102:49164 151.101.196.209:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1	CN=repo1.maven.org	94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3

Snort Alerts

No Snort Alerts