NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.28 05:04
Decoding njRAT traffic...
04.28 05:04
더우드랜드, 푸르메재단 어린이재활병원에 ...
04.28 05:04
S2W, 일본 ‘머티리얼 디지털’과 협력...
04.28 05:04
28th April – Threat In...
04.28 05:04
NVIDIA Riva Vulnerabil...
04.28 05:04
Look! It’s a Knob! It’...
04.28 05:04
US Shoppers Pay for Tr...
04.28 05:04
Deliveroo Shares Jump ...
04.28 05:04
Data Centers Are Emerg...
04.28 05:04
Dubai Data Center Lead...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.186.113.60	Active	Moloch

Name	Response	Post-Analysis Lookup
paste.ee	A 23.186.113.60	23.186.113.60

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
TCP 192.168.56.103:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 23.186.113.60:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.103:49167 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.103:49167 -> 23.186.113.60:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 23.186.113.60:443 -> 192.168.56.103:49169	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.103:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.103:49167 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts