NetWork | ZeroBOX

IP Address	Status	Action
104.21.38.114	Active	Moloch
104.21.63.150	Active	Moloch
104.21.63.180	Active	Moloch
104.26.5.15	Active	Moloch
109.107.182.3	Active	Moloch
121.254.136.18	Active	Moloch
144.76.136.153	Active	Moloch
162.159.135.233	Active	Moloch
164.124.101.2	Active	Moloch
172.104.165.191	Active	Moloch
172.253.56.127	Active	Moloch
172.67.132.113	Active	Moloch
172.67.138.35	Active	Moloch
172.67.139.220	Active	Moloch
172.67.166.192	Active	Moloch
172.67.212.188	Active	Moloch
172.67.75.163	Active	Moloch
173.231.16.77	Active	Moloch
176.113.115.84	Active	Moloch
176.123.10.211	Active	Moloch
185.172.128.19	Active	Moloch
185.82.216.111	Active	Moloch
194.33.191.102	Active	Moloch
194.33.191.60	Active	Moloch
195.20.16.45	Active	Moloch
23.67.53.27	Active	Moloch
34.117.186.192	Active	Moloch
34.117.59.81	Active	Moloch
45.15.156.229	Active	Moloch
5.42.64.35	Active	Moloch
5.42.64.41	Active	Moloch
77.105.147.130	Active	Moloch
87.240.132.67	Active	Moloch
91.215.85.209	Active	Moloch
95.142.206.0	Active	Moloch
95.142.206.1	Active	Moloch
95.142.206.2	Active	Moloch
95.142.206.3	Active	Moloch
20.150.38.228	Active	Moloch
20.150.79.68	Active	Moloch
204.79.197.219	Active	Moloch
211.53.230.67	Active	Moloch
45.15.156.187	Active	Moloch
91.222.236.186	Active	Moloch
91.92.254.7	Active	Moloch
91.92.242.146	Active	Moloch

Name	Response	Post-Analysis Lookup
medfioytrkdkcodlskeej.net	A 91.215.85.209	91.215.85.209
zexeq.com	A 211.53.230.67 A 123.213.233.131 A 211.119.84.111 A 14.33.209.147 A 123.140.161.243 A 196.188.169.138 A 195.158.3.162 A 211.40.39.251 A 181.168.176.36 A 210.182.29.70	211.53.230.67
apps.identrust.com	A 23.67.53.27 A 23.67.53.17 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 121.254.136.9 A 121.254.136.18	23.67.53.27
vdfgdfbfdbdfbdfgroup.sbs	A 172.67.222.70 A 104.21.38.114	172.67.222.70
ipinfo.io	A 34.117.59.81 A 34.117.186.192	34.117.59.81
zen.topteamlife.com	A 172.67.138.35 A 104.21.26.173	172.67.138.35
91920b82-9195-455d-9a5f-23f11e556e53.uuid.dumperstats.org		185.82.216.111
mrproper.org	A 104.21.63.180 A 172.67.171.152	104.21.63.180
sun6-23.userapi.com	A 95.142.206.3	95.142.206.3
sun6-22.userapi.com	A 95.142.206.2	95.142.206.2
walkinglate.com	A 172.67.212.188 A 104.21.23.184	172.67.212.188
vsblobprodscussu5shard58.blob.core.windows.net	CNAME blob.sat09prdstrz08a.store.core.windows.net CNAME blob.SAT09PrdStrz08A.trafficmanager.net A 20.150.38.228 A 20.150.79.68 A 20.150.70.36	20.150.38.228
iplis.ru	A 104.21.63.150 A 172.67.147.32	172.67.147.32
domen414.com	A 172.67.166.192 A 104.21.91.52	172.67.166.192
msdl.microsoft.com	CNAME msdl.microsoft.akadns.net CNAME msdl-microsoft-com.a-0016.a-msedge.net CNAME a-0016.a-msedge.net A 204.79.197.219	204.79.197.219
vk.com	A 87.240.129.133 A 87.240.132.72 A 87.240.132.67 A 87.240.137.164 A 93.186.225.194 A 87.240.132.78	87.240.132.72
iplogger.org	A 104.21.4.208 A 172.67.132.113	104.21.4.208
sun6-20.userapi.com	A 95.142.206.0	95.142.206.0
api.ipify.org	A 173.231.16.77 A 64.185.227.156 CNAME api4.ipify.org A 104.237.62.212	64.185.227.156
api.2ip.ua	A 104.21.65.24 A 172.67.139.220	172.67.139.220
stun1.l.google.com	A 172.253.56.127	172.253.56.127
xmr-asia1.nanopool.org	A 103.3.62.64 A 139.99.102.73 A 139.99.101.232 A 139.99.102.71 A 139.99.102.74 A 139.99.102.72 A 139.99.101.198 A 139.99.102.70 A 139.99.101.197 A 172.104.165.191	172.104.165.191
sun6-21.userapi.com	A 95.142.206.1	95.142.206.1
still.topteamlife.com	A 172.67.138.35 A 104.21.26.173	172.67.138.35
vanaheim.cn	A 91.222.236.186	91.222.236.186
api.myip.com	A 172.67.75.163 A 104.26.9.59 A 104.26.8.59	104.26.9.59
transfer.sh	A 144.76.136.153	144.76.136.153
db-ip.com	A 104.26.5.15 A 104.26.4.15 A 172.67.75.166	104.26.4.15
vsblobprodscussu5shard10.blob.core.windows.net	CNAME blob.sat09prdstrz08a.store.core.windows.net CNAME blob.SAT09PrdStrz08A.trafficmanager.net A 20.150.79.68 A 20.150.38.228 A 20.150.70.36	20.150.38.228
server6.dumperstats.org	A 185.82.216.111	185.82.216.111
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.130.233 A 162.159.129.233 A 162.159.133.233	162.159.135.233

TCP Requests

UDP Requests

GET 200 https://api.myip.com/

GET 200 https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1

HTTP/1.1 200 OK Server: kittenx Date: Fri, 15 Dec 2023 08:35:33 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 329068 Connection: keep-alive X-Powered-By: KPHP/7.4.115321 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixlang=17; expires=Tue, 17 Dec 2024 15:55:25 GMT; path=/; domain=.vk.com Set-Cookie: remixstlid=9058728353611061410_GSrQzanWtItcYo98z5g2UY78Nc9QWKB7g1hNRmBz7Mc; expires=Sat, 14 Dec 2024 08:35:33 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixstemp=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure Set-Cookie: remixlgck=8a59f5cefbfa04a843; expires=Mon, 16 Dec 2024 00:49:39 GMT; path=/; domain=.vk.com; secure; HttpOnly Set-Cookie: remixstid=70432860_W5hTZSThpaynvZVzJR6vI1hqy1jgDAaLZrZ5K3R3GLD; expires=Wed, 18 Dec 2024 18:24:30 GMT; path=/; domain=.vk.com; secure Cache-control: no-store X-Robots-Tag: noindex,nofollow Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front220007 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: oX61eZzK9s-xkaRoWaV_TpE7TRBENw

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49175 172.67.75.163:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49201 104.21.38.114:443	C=US, O=Let's Encrypt, CN=E1	CN=vdfgdfbfdbdfbdfgroup.sbs	be:9c:16:40:0f:33:52:e2:62:c6:95:50:66:2d:56:52:bb:a2:ae:b3
TLSv1 192.168.56.102:49183 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49212 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49218 95.142.206.0:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49234 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49227 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49238 95.142.206.1:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49239 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49241 95.142.206.1:443	None	None	None
TLSv1 192.168.56.102:49243 95.142.206.0:443	None	None	None
TLSv1 192.168.56.102:49247 95.142.206.2:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49254 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49256 95.142.206.3:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49255 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49257 95.142.206.3:443	None	None	None
TLSv1 192.168.56.102:49236 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49267 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49242 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49271 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49251 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49270 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49280 172.67.139.220:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=2ip.ua	df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f
TLSv1 192.168.56.102:49279 172.67.75.163:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49289 172.67.132.113:443	C=US, O=Let's Encrypt, CN=E1	CN=iplogger.org	1e:76:b5:78:be:35:ec:fb:3f:26:d0:5f:1c:2a:2d:33:0e:51:6f:7e
TLSv1 192.168.56.102:49281 172.67.75.163:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65
TLSv1 192.168.56.102:49284 104.21.63.150:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=iplis.ru	04:2b:ef:ab:43:60:60:33:69:03:f3:51:37:11:c8:29:26:89:a4:93
TLSv1 192.168.56.102:49299 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49320 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49305 144.76.136.153:443	C=US, O=Let's Encrypt, CN=R3	CN=transfer.sh	eb:93:df:77:44:ea:3e:bd:4e:9e:67:5e:66:84:77:b7:96:ce:0f:82
TLSv1 192.168.56.102:49314 104.26.5.15:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5
TLSv1 192.168.56.102:49321 87.240.132.67:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com	6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09
TLSv1 192.168.56.102:49324 95.142.206.1:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com	bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24
TLSv1 192.168.56.102:49328 172.67.139.220:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=2ip.ua	df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f
TLSv1 192.168.56.102:49339 104.21.63.180:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=mrproper.org	14:ea:69:cf:02:60:60:31:ca:c1:73:e0:08:32:fb:f0:1c:3b:a4:6e
TLSv1 192.168.56.102:49341 172.67.166.192:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=domen414.com	8d:05:bd:c1:10:73:1e:9b:6c:63:b2:d4:99:bf:3f:a0:6a:76:8e:3c
TLSv1 192.168.56.102:49348 204.79.197.219:443	C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=msdl.microsoft.com	1e:ad:90:78:48:f7:11:32:f5:23:1c:08:ec:53:07:87:4a:98:82:8e
TLSv1 192.168.56.102:49349 20.150.79.68:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=*.blob.core.windows.net	6e:0d:1b:21:93:e6:c6:eb:18:68:57:6a:7e:85:c2:b6:90:ce:6b:9d
TLS 1.3 192.168.56.102:49357 172.104.165.191:10343	None	None	None
TLSv1 192.168.56.102:49350 20.150.38.228:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=*.blob.core.windows.net	6e:0d:1b:21:93:e6:c6:eb:18:68:57:6a:7e:85:c2:b6:90:ce:6b:9d

ICMP traffic

IRC traffic

Suricata Alerts

Suricata TLS

Snort Alerts