NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.28 11:04
Life on K2-18b? Don’t ...
04.28 11:04
Thiel-Backed Fintech N...
04.28 11:04
[UPDATE] [niedrig] GNU...
04.28 11:04
[UPDATE] [mittel] popp...
04.28 11:04
[UPDATE] [mittel] popp...
04.28 11:04
[UPDATE] [mittel] Red ...
04.28 11:04
[UPDATE] [hoch] popple...
04.28 11:04
Sicherheitslücken: Att...
04.28 11:04
⚡ Weekly Recap: Critic...
04.28 10:04
Cybersecurity CEO Char...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
183.111.199.219	Active	Moloch

Name	Response	Post-Analysis Lookup
mogimall.com	A 183.111.199.219	183.111.199.219

UDP Requests

HEAD 200 https://mogimall.com/pds/mogimall/giftorder/giftorder.exe

GET 200 https://mogimall.com/pds/mogimall/giftorder/giftorder.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 183.111.199.219:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 183.111.199.219:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49162 183.111.199.219:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=mogimall.com	7b:ee:76:73:30:74:b9:01:f6:da:ff:d2:21:4f:a1:81:15:14:40:9f
TLSv1 192.168.56.101:49164 183.111.199.219:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=mogimall.com	7b:ee:76:73:30:74:b9:01:f6:da:ff:d2:21:4f:a1:81:15:14:40:9f

Snort Alerts

No Snort Alerts