NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.11 05:11
구글크롬 브라우저 향상된 보호(Encha...
11.11 04:11
Cybercriminals Use Exc...
11.11 03:11
한국인터넷진흥원 ESG 주간동향 보고서(...
11.11 03:11
Cheap Sensor Changes P...
11.11 03:11
LG Is Said to Add Axis...
11.11 03:11
호텔식 샤브뷔페 ‘샤브올데이’, 빼빼로데...
11.11 03:11
Africa’s Biggest Phone...
11.11 02:11
Cloud Security Strateg...
11.11 02:11
Cloud Security Strateg...
11.11 02:11
Cloud Security Strateg...

NetWork | ZeroBOX

IP Address	Status	Action
117.18.232.200	Active	Moloch
164.124.101.2	Active	Moloch
43.159.81.48	Active	Moloch

Name	Response	Post-Analysis Lookup
www.honorofkings.com	A 43.159.81.48 CNAME www.honorofkings.com.acc.edgeonedy1.com	43.159.81.48

TCP Requests

UDP Requests

GET 200 https://www.honorofkings.com/download/HonorOfKings_App_Android_9.4.1.5_r1897027_4101_rw.apk

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 43.159.81.48:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 43.159.81.48:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49172 -> 117.18.232.200:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 117.18.232.200:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49174	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 117.18.232.200:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49178	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49177 -> 117.18.232.200:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49164 43.159.81.48:443	C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3	C=CN, ST=Guangdong Province, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.honorofkings.com	c3:d0:95:e0:5c:9d:df:ea:ce:6b:1e:e7:b7:b1:6e:1b:f0:0e:db:1f
TLSv1 192.168.56.101:49165 43.159.81.48:443	C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3	C=CN, ST=Guangdong Province, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.honorofkings.com	c3:d0:95:e0:5c:9d:df:ea:ce:6b:1e:e7:b7:b1:6e:1b:f0:0e:db:1f

Snort Alerts

No Snort Alerts