NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...
09.22 02:09
Hacker behind Snowflak...
09.22 01:09
03 - Identifying Signs...
09.22 01:09
Hacktivist Group Twelv...
09.22 01:09
Join us at Microsoft I...

NetWork | ZeroBOX

IP Address	Status	Action
131.255.215.165	Active	Moloch
164.124.101.2	Active	Moloch
172.67.139.220	Active	Moloch

Name	Response	Post-Analysis Lookup
cajgtus.com	A 109.98.58.98 A 201.119.21.50 A 217.219.131.81 A 148.230.249.9 A 131.255.215.165 A 211.168.53.110 A 187.152.15.89 A 211.181.24.133 A 189.61.54.32 A 211.181.24.132	181.123.219.23
api.2ip.ua	A 104.21.65.24 A 172.67.139.220	172.67.139.220

TCP Requests

UDP Requests

GET 200 https://api.2ip.ua/geo.json

GET 200 https://api.2ip.ua/geo.json

GET 200 http://cajgtus.com/lancer/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2027026	ET POLICY External IP Address Lookup DNS Query (2ip .ua)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49171 -> 172.67.139.220:443	2033214	ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 172.67.139.220:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 172.67.139.220:443	2033214	ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 172.67.139.220:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49172 -> 131.255.215.165:80	2002400	ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)	A Network Trojan was detected
TCP 192.168.56.103:49172 -> 131.255.215.165:80	2036334	ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key	A Network Trojan was detected
TCP 131.255.215.165:80 -> 192.168.56.103:49172	2036335	ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	A Network Trojan was detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49171 172.67.139.220:443	C=US, O=Google Trust Services, CN=WE1	CN=2ip.ua	ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1
TLSv1 192.168.56.103:49164 172.67.139.220:443	C=US, O=Google Trust Services, CN=WE1	CN=2ip.ua	ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1

Snort Alerts

No Snort Alerts