Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
9181
2023-08-23 09:38
mando.txt.ps1
0d66795d34805b160d9b4bb76d6c1c72
Generic Malware
Antivirus
VirusTotal
Malware
powershell
Check memory
unpack itself
powershell.exe wrote
WriteConsoleW
Windows
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://amazmaip.beget.tech/mna.ico
3.6
21
ZeroCERT
9182
2023-08-23 09:38
1.ps1
edae302f66b7950350d270ddbcecdbad
Generic Malware
Antivirus
unpack itself
WriteConsoleW
Windows
DNS
Cryptographic key
1.4
ZeroCERT
9183
2023-08-23 09:36
http://mobifts.ebay.com
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://mobifts.ebay.com/favicon.ico
http://mobifts.ebay.com/
2
Info
×
mobifts.ebay.com(23.36.221.41)
104.75.1.243
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.8
guest
9184
2023-08-23 09:35
http://s.mzstatic.com
3f18d0428c1b0d54212846fe41b074ac
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
icon
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://s.mzstatic.com/
http://s.mzstatic.com/favicon.ico
2
Info
×
s.mzstatic.com(104.71.48.27)
184.86.216.24
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
9185
2023-08-23 09:33
http://silverbullet-external-a...
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://silverbullet-external-ats.itunes.apple.com/
2
Info
×
silverbullet-external-ats.itunes.apple.com(17.36.202.11)
17.56.10.18
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.8
d0bbART
9186
2023-08-23 09:31
calc.exe
3abbc9069a163b18c039db37099e3e4b
Malicious Library
UPX
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
2
Info
×
151.99.215.148
104.17.3.184
2.8
M
29
ZeroCERT
9187
2023-08-23 09:31
http://comm-cohort.ess.apple.c...
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
comm-cohort.ess.apple.com(17.188.180.227)
17.188.180.227
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
5.4
d0bbART
9188
2023-08-23 09:30
http://static.fnap6-1.fna.fbcd...
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
Code Injection
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Keyword trend analysis
×
Info
×
http://static.fnap6-1.fna.fbcdn.net/
https://static.fnap6-1.fna.fbcdn.net/
2
Info
×
static.fnap6-1.fna.fbcdn.net(151.99.215.148)
151.99.215.148
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
d0bbART
9189
2023-08-23 09:29
http://comm-main.ess.apple.com
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
MSOffice File
PNG Format
JPEG Format
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
comm-main.ess.apple.com(17.188.182.97)
17.188.182.97
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
5.4
guest
9190
2023-08-23 09:28
http://comm-cohort.ess.apple.c...
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
Code Injection
RWX flags setting
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
DNS
2
Info
×
comm-cohort.ess.apple.com(17.188.181.34)
17.188.182.98
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
5.4
d0bbART
9191
2023-08-23 09:28
163.exe
5db85d975cd395bcd3301d63adba461e
Generic Malware
Malicious Library
UPX
Malicious Packer
PE File
PE32
VirusTotal
Malware
0.4
M
9
ZeroCERT
9192
2023-08-23 09:25
http://challenges.cloudflare.c...
880b2ed0181f9c6ca6b85ba7ead160c7
PNG Format
MSOffice File
JPEG Format
Code Injection
RWX flags setting
unpack itself
Windows utilities
Tofsee
Windows
1
Keyword trend analysis
×
Info
×
http://challenges.cloudflare.com/
2
Info
×
challenges.cloudflare.com(104.17.2.184)
104.17.3.184
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2.2
guest
9193
2023-08-22 22:18
img.tim.it - 22 mag 2023, 04:1...
45ef9a630cfbff9b2511aea336ddb9e1
PDF
guest
9194
2023-08-22 22:18
temp · GitHub.webarchive
1d030551b2e7fb0348de7735ee262f09
PWS/Dexter
Generic Malware
Javascript_Blob
crashed
0.2
guest
9195
2023-08-22 22:10
http://proxy.safebrowsing.appl...
Downloader
Create Service
Socket
P2P
DGA
Steal credential
Http API
Escalate priviledges
PWS
Hijack Network
Sniff Audio
HTTP
DNS
ScreenShot
Code injection
Internet API
persistence
FTP
KeyLogger
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://proxy.safebrowsing.apple/
2
Info
×
proxy.safebrowsing.apple(17.253.115.198)
17.253.115.198
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
d0bbART
First
Previous
611
612
613
614
615
616
617
618
619
620
Next
Last
Total : 48,166cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword