NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.22 04:04
js
04.22 04:04
theme-gob.js.pobrane
04.22 04:04
styles.bddaac3b9c17e03...
04.22 04:04
m=el_main_css
04.22 04:04
polyfills.fef7ba441b9f...
04.22 04:04
inline.31e1fb380eb7cf3...
04.22 04:04
Maltiverse by Lumu-WHI...
04.22 04:04
24px.svg
04.22 04:04
main.c8f60e07ba9fb781d...
04.22 04:04
saved_resource.html

Latest News
04.22 06:04
Erlang/OTP RCE (CVE-20...
04.22 06:04
Alphabet Fights Google...
04.22 06:04
Bulletproof hosting pr...
04.22 06:04
Barclays, Citigroup Pr...
04.22 05:04
20 Spam Text Message E...
04.22 05:04
Trekulator: A Reproduc...
04.22 05:04
1753CTF - Luck (PWN)
04.22 05:04
Roblox User Group Re-C...
04.22 04:04
CVE-2025-32433: Maximu...
04.22 04:04
Remembering UCSD p-Sys...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.186.113.60	Active	Moloch
74.208.132.59	Active	Moloch

Name	Response	Post-Analysis Lookup
paste.ee	A 23.186.113.60	23.186.113.60

TCP Requests

UDP Requests

GET 200 http://74.208.132.59/112/weneedbestthingswithgreatnewsevengivenbestforentiretime.hta

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 23.186.113.60:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49165 -> 23.186.113.60:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2054041	ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)	Misc activity
TCP 23.186.113.60:443 -> 192.168.56.101:49167	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49162 -> 74.208.132.59:80	2022520	ET POLICY Possible HTA Application Download	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 74.208.132.59:80	2027261	ET INFO Dotted Quad Host HTA Request	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 74.208.132.59:80	2024449	ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl	Attempted User Privilege Gain
TCP 192.168.56.101:49165 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 23.186.113.60:443	2034978	ET POLICY Pastebin-style Service (paste .ee) in TLS SNI	Potential Corporate Privacy Violation
TCP 74.208.132.59:80 -> 192.168.56.101:49162	2024197	ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts