NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
08.02 05:08
66a3594e79991.msi
08.02 05:08
guardservice.exe
08.02 05:08
build_2024-07-24_23-16...
08.02 05:08
%E5%AE%89%E8%A3%85%E5%...
08.02 10:08
payload_1_3.ps1
08.02 10:08
payload_1_2.ps1
08.02 10:08
payload_1.ps1
08.02 09:08
wemustbegood.js
08.02 09:08
SNK.txt.exe
08.02 09:08
sos.txt.exe

Latest News
08.02 07:08
Hungry for resources, ...
08.02 07:08
How Karolinska is mode...
08.02 06:08
Why zero trust is the ...
08.02 06:08
‘Marketing’, experienc...
08.02 06:08
Over 35k Domains Hijac...
08.02 06:08
Cybersecurity M&A ...
08.02 05:08
씨플랫폼, 사이버아크와 총판 계약 체결....
08.02 05:08
Hackers Actively Explo...
08.02 05:08
U.S. Releases High-Pro...
08.02 05:08
국정원, 사이버 위기 골든타임 사수 ‘사...

NetWork | ZeroBOX

IP Address	Status	Action
104.21.76.57	Active	Moloch
164.124.101.2	Active	Moloch
173.231.16.76	Active	Moloch
185.172.128.53	Active	Moloch
91.92.255.226	Active	Moloch

Name	Response	Post-Analysis Lookup
iplogger.com	A 172.67.188.178 A 104.21.76.57	172.67.188.178
api.ipify.org	A 64.185.227.156 CNAME api4.ipify.org A 173.231.16.76 A 104.237.62.212	64.185.227.156

TCP Requests

UDP Requests

GET 200 https://iplogger.com/19nVA4

GET 200 http://api.ipify.org/?format=dfg

GET 200 http://185.172.128.53/syncUpd.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2047702	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup	Misc activity
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2047719	ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:50062 -> 185.172.128.53:80	2011227	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	Potentially Bad Traffic
TCP 192.168.56.101:50062 -> 185.172.128.53:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.172.128.53:80 -> 192.168.56.101:50062	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.172.128.53:80 -> 192.168.56.101:50062	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:50064 -> 104.21.76.57:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:50064 -> 104.21.76.57:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 173.231.16.76:80	2029622	ET POLICY External IP Lookup (ipify .org)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49166 -> 173.231.16.76:80	2011227	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:50064 104.21.76.57:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=iplogger.com	58:f1:b8:44:37:6f:27:f8:01:6a:79:0e:7e:47:5b:b5:88:ec:1d:cc

Snort Alerts

No Snort Alerts