NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
05.01 07:05
Alleged ‘Scattered Spi...
05.01 07:05
메타인프렙, 5월 AP 수학·과학 시험 ...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
Salt Typhoon hacks ‘a ...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
RSAC 2025 executive in...
05.01 07:05
Restaurant Software Ma...
05.01 07:05
EBay Projects Solid Sa...
05.01 06:05
Chinese Hacking Compet...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.199.111.133	Active	Moloch
51.79.145.144	Active	Moloch
51.79.145.202	Active	Moloch

Name	Response	Post-Analysis Lookup
raw.githubusercontent.com	A 185.199.109.133 A 185.199.111.133 A 185.199.110.133 A 185.199.108.133	185.199.111.133
xmr-asia1.nanopool.org	A 103.3.62.64 A 51.79.145.202 A 172.104.165.191 A 51.79.145.144	103.3.62.64

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:53004 -> 164.124.101.2:53	2033268	ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49165 -> 185.199.111.133:443	906200068	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49164 51.79.145.144:10343	None	None	None
TLS 1.3 192.168.56.101:49165 185.199.111.133:443	None	None	None
TLS 1.3 192.168.56.101:49166 51.79.145.202:10343	None	None	None

Snort Alerts

No Snort Alerts