NetWork | ZeroBOX

IP Address	Status	Action
103.235.46.191	Active	Moloch
117.50.14.72	Active	Moloch
119.206.200.180	Active	Moloch
119.206.200.181	Active	Moloch
14.0.113.218	Active	Moloch
164.124.101.2	Active	Moloch
39.156.66.111	Active	Moloch

Name	Response	Post-Analysis Lookup
web.7k7k.com	A 14.0.113.218 CNAME web.7k7k.com.cdn20.com	14.0.113.218
www.7k7k.com	A 119.206.200.181 CNAME www.7k7k.com.cdn20.com	119.206.200.181
libs.baidu.com	CNAME developer.n.shifen.com A 39.156.66.111	39.156.66.111
n.7k7kimg.cn	CNAME n.7k7kimg.cn.cdn20.com A 14.0.113.218	14.0.113.218
g.7k7k.com	A 119.206.200.181 CNAME g.7k7k.com.wswebpic.com	119.206.200.181
down.7k7k.com	CNAME down.7k7k.com.cdn20.com A 119.206.200.180	119.206.200.180
login.7k7k.com	A 117.50.14.72	117.50.14.72
hm.baidu.com	A 103.235.46.191 CNAME hm.e.shifen.com	103.235.46.191

TCP Requests

UDP Requests

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202104/27fca.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202104/73214.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202104/9f98d.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202012/0addb.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202104/4f21f.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202103/49bf9.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202010/925f8.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202103/51b8e.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202102/595cb.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202008/ab4d3.jpg

GET 200 https://n.7k7kimg.cn/uploads/gameimg/202103/52c69.png

GET 200 https://hm.baidu.com/hm.js?4f1beaf39805550dd06b5cac412cd19b

GET 200 https://hm.baidu.com/hm.js?2cc039dda4311ed9739f2308bd58c84e

GET 200 https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=40257087&si=4f1beaf39805550dd06b5cac412cd19b&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD

GET 200 https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=19596027&si=2cc039dda4311ed9739f2308bd58c84e&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD

POST 200 http://login.7k7k.com/box_post_login

GET 302 http://www.7k7k.com/client

GET 200 http://g.7k7k.com/

GET 200 http://web.7k7k.com/g/css/index.css?rev=3da80293

GET 200 http://down.7k7k.com/www/ver.json

GET 200 http://n.7k7kimg.cn/uploads/cdn/web_sq/img/u_photo.png?v3

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202009/c89a7.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/c7841.jpg

GET 200 http://web.7k7k.com/g/img/ban_bg.jpg

GET 200 http://web.7k7k.com/g/img/logo.png

GET 200 http://libs.baidu.com/jquery/1.7.2/jquery.min.js

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/73aaf.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/6691e.jpg

GET 200 http://web.7k7k.com/g/img/btn_bg_b.png?v5

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/ddd11.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201803/55d64.jpg

GET 200 http://web.7k7k.com/g/img/n_bg.jpg

GET 200 http://web.7k7k.com/g/img/i_home.png

GET 200 http://web.7k7k.com/g/img/i_hot_n.png

GET 200 http://web.7k7k.com/g/img/i_game_n.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/0570b.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/a15bf.jpg

GET 200 http://web.7k7k.com/g/img/i_charge_n.png

GET 200 http://web.7k7k.com/g/img/i_server_n.png

GET 200 http://web.7k7k.com/g/img/i_vip_n.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/01440.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/b2801.jpg

GET 200 http://web.7k7k.com/g/img/shearch_bg.png?v4

GET 200 http://web.7k7k.com/g/img/i_search.png

GET 200 http://web.7k7k.com/g/img/i_allgame.png

GET 200 http://web.7k7k.com/g/img/i_newgame.png

GET 200 http://web.7k7k.com/g/img/i_arrow.png

GET 200 http://web.7k7k.com/g/img/rep_png.png

GET 200 http://web.7k7k.com/g/img/vip_year0.png

GET 200 http://web.7k7k.com/g/img/vip_gzhy0.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/523db.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/a28d9.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/e0b62.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/29cb2.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201801/17c9a.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201912/08358.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201912/0aa11.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201912/36c66.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201912/a3e9b.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201912/3d17b.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201704/0c7c9.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201901/f26e4.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/ec43a.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/104e7.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/0907f.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201907/f2f92.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202006/ea426.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201909/2726e.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201909/6e919.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202005/d0de1.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/2cc1f.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/1eab5.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/a2d2f.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/605d4.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201707/4e257.gif

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/d7301.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/e1f17.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/3b655.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201702/d221f.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/735c8.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202009/82bbf.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/79fea.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201704/0735e.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201711/4cae5.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201805/5ef00.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201904/da695.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201904/786ab.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201812/ebf85.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201905/c7f23.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201905/12a59.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201906/c6bda.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202102/5215f.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202011/4c251.png

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201906/7e7af.png

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/js/hwSlider.min.js

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/js/logFn_dm.min.js?vv0.2.871622543665

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/layer/layer.js

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/layer/skin/layer.css

GET 200 http://web.7k7k.com/g/js/index.js?rev=e4622737

GET 200 http://web.7k7k.com/api/feiyun_api.php?calllback=&callback=jQuery17201390108715650153_1623252553844&_=1623252578708

GET 200 http://web.7k7k.com/g/img/left2.png

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/css/logFn.min.css?v=0.2.9

GET 200 http://web.7k7k.com/g/img/right2.png

GET 200 http://web.7k7k.com/g/img/fla_nav.png

GET 200 http://web.7k7k.com/api/sq_playgame.php?calllback=&act=gameall&uid=&callback=jQuery17201390108715650153_1623252553845&_=1623252578732

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/63654.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201901/d7e18.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201704/5678a.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/201703/8ba6f.jpg

GET 200 http://n.7k7kimg.cn/uploads/gameimg/202006/a92df.jpg

GET 200 http://web.7k7k.com/g/img/rec_r.png

GET 404 http://g.7k7k.com/img/chk_1.png

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_t.png?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/line.png?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_input.png?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_log.jpg?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/chk_1.png?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_reg.jpg?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_long.jpg?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_qq.jpg?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_b.png?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_wx.jpg?v=201767183157

GET 200 http://n.7k7kimg.cn/uploads/cdn/api/star.png

GET 200 http://web.7k7k.com/g/img/i_hot.png

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49220 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 103.235.46.191:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 14.0.113.218:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 103.235.46.191:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49220 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49219 14.0.113.218:443	C=US, O=DigiCert Inc, CN=GeoTrust RSA CN CA G2	C=CN, ST=北京市, O=北京迦游网络科技有限公司, CN=*.7k7kimg.cn	3f:87:76:1b:3d:a0:48:ff:98:9a:83:23:12:fa:a9:e9:d5:5c:01:0e
TLSv1 192.168.56.101:49218 14.0.113.218:443	C=US, O=DigiCert Inc, CN=GeoTrust RSA CN CA G2	C=CN, ST=北京市, O=北京迦游网络科技有限公司, CN=*.7k7kimg.cn	3f:87:76:1b:3d:a0:48:ff:98:9a:83:23:12:fa:a9:e9:d5:5c:01:0e
TLSv1 192.168.56.101:49225 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49226 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49228 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49234 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49236 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49241 103.235.46.191:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	1a:fd:44:9a:f4:5b:3e:9d:58:95:e7:5d:0b:e4:ea:a3:54:5d:85:b7
TLSv1 192.168.56.101:49230 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49231 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49238 14.0.113.218:443	None	None	None
TLSv1 192.168.56.101:49242 103.235.46.191:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	1a:fd:44:9a:f4:5b:3e:9d:58:95:e7:5d:0b:e4:ea:a3:54:5d:85:b7

Snort Alerts

No Snort Alerts