NetWork | ZeroBOX

IP Address	Status	Action
101.227.25.210	Active	Moloch
114.115.214.33	Active	Moloch
115.238.192.239	Active	Moloch
115.238.192.248	Active	Moloch
120.27.82.56	Active	Moloch
122.225.67.180	Active	Moloch
139.129.105.182	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
180.163.122.224	Active	Moloch
47.117.78.230	Active	Moloch

Name	Response	Post-Analysis Lookup
cdn-ssl-wan.ludashi.com	A 115.238.192.240 A 115.238.192.241 A 115.238.192.239 A 115.238.192.242 A 115.238.192.238 A 115.238.192.248 A 115.238.192.243 A 115.238.192.244 CNAME cdn-ssl-wan.ludashi.com.m.alikunlun.com	115.238.192.238
wan.ludashi.com	A 139.129.105.182	139.129.105.182
cdn-wan.ludashi.com	A 183.146.18.241 A 115.220.8.210 A 183.146.18.240 A 183.146.18.238 A 183.146.18.243 A 183.146.18.239 A 183.146.18.242 A 58.215.157.209 A 183.146.18.248 CNAME cdn-wan.ludashi.com.w.kunlunle.com A 122.224.49.208 A 122.225.67.180 A 58.216.17.181 A 183.146.18.244	122.225.67.192
cdn-file-ssl-wan.ludashi.com	A 115.238.192.240 A 115.238.192.241 CNAME cdn-file-ssl-wan.ludashi.com.m.alikunlun.com A 115.238.192.242 A 115.238.192.238 A 115.238.192.248 A 115.238.192.243 A 115.238.192.244 A 115.238.192.239	115.238.192.239
cdn-file-ssl-pc.ludashi.com	A 180.163.122.226 A 180.163.122.228 A 180.163.122.230 A 180.163.122.229 A 180.163.122.224 A 180.163.122.225 A 180.163.122.231 CNAME cdn-file-ssl-pc.ludashi.com.m.alikunlun.com A 180.163.122.227	180.163.122.228
i.ludashi.com	A 120.27.82.56	120.27.82.56
cdn-file.ludashi.com	A 101.227.25.230 A 101.227.25.210 A 101.227.25.231 A 101.227.25.209 A 101.227.25.211 A 101.227.25.212 A 101.227.25.229 CNAME cdn-file.ludashi.com.m.alikunlun.net A 101.227.25.228	101.227.25.212
s.ludashi.com	A 47.117.78.230 A 114.115.214.33	114.115.221.211

TCP Requests

UDP Requests

GET 200 https://cdn-ssl-wan.ludashi.com/assets/superjs/pageMicro.js?v=20210527

GET 200 https://cdn-ssl-wan.ludashi.com/assets/superjs/modules/commonTool.js?v=20210527

GET 200 https://cdn-ssl-wan.ludashi.com/assets/superjs/modules/commonLoginApi.js?v=20200810

GET 200 http://s.ludashi.com/wan?type=weiduan&action=install&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=3198fe798dd9371f1a1b673d412602e1&from=tp_scbybt&forcetick=38266125

GET 200 http://cdn-file-ssl-wan.ludashi.com/wan/wan/7z.dll

GET 200 http://s.ludashi.com/wan?type=weiduan&action=7z_noexist&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=b66114296225ca89357975808c8201b6&from=tp_scbybt&forcetick=38266187

GET 200 http://s.ludashi.com/wan?type=weiduan&action=7z_download_start&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=2a1a43be6e7fcdbeaec42ddf0f59f465&from=tp_scbybt&forcetick=38266187

GET 200 http://s.ludashi.com/wan?type=weiduan&action=7z_download_success&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=76aa7ce20c8482e4d2b27579e9a19d03&from=tp_scbybt&forcetick=38267031

GET 200 http://cdn-file-ssl-pc.ludashi.com/pc/cef/CefRes.dll?t=202106151647

GET 200 http://s.ludashi.com/wan?type=weiduan&action=res_down_success&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=0351e7d49752fc50b3d45b851d5c1ecb&from=tp_scbybt&forcetick=38277546

GET 200 http://cdn-file-ssl-wan.ludashi.com/pc/game/flash/pepflashplayer.7z?t=202106151648

GET 200 http://s.ludashi.com/wan?type=weiduan&action=pepflash_down_success&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=826d4532b60a11f8167a6de2a2ebb3b4&from=tp_scbybt&forcetick=38280015

GET 200 http://s.ludashi.com/wan?type=weiduan&action=add_uninst_item&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=04827975d3650ab9d840f338a616b9f7&from=tp_scbybt&forcetick=38280281

GET 200 http://s.ludashi.com/wan?type=weiduan&action=add_desk_icon&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=b0ea6c10aa2f9f8637adaf8dca6545cc&from=tp_scbybt&forcetick=38280328

GET 200 http://s.ludashi.com/wan?type=weiduan&action=install_extra&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=e55055547e8d2a8cd6a58b02d78635ef&from=tp_scbybt&forcetick=38284656

GET 200 http://s.ludashi.com/wan?type=weiduan&action=inst_open&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=d9da2c7d1d42abeeb954adc866e09c16&from=tp_scbybt&forcetick=38284656

GET 200 http://s.ludashi.com/wan?type=weiduan&action=wd_install_success&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=3c8bbce5d85ff18952d12d4d3f3c0fbb&from=tp_scbybt&forcetick=38289750

GET 200 http://s.ludashi.com/wan?type=weiduan&action=inst_succ&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=451727ea8e9bb803e49df4ef62ea6542&from=tp_scbybt&forcetick=38289750

GET 200 http://wan.ludashi.com/micro/cqbz/index_lds.html?channel=tp&from=tp_repush_wd_cqbz_528

GET 200 http://s.ludashi.com/wan?type=weiduan&action=run&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=e9a12aa16e6ff34eb8e20e934148f43d&from=tp_scbybt&forcetick=38293062

GET 200 http://s.ludashi.com/wan?type=weiduan&action=wd_show_success&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=8b4326d365a719ea3d64e7e755a4de6d&from=tp_scbybt&forcetick=38294421

GET 200 http://s.ludashi.com/wan?type=weiduan&action=main_show&channel=tp&mid=6d265a9f1396f919574a9f73e7d7fa5d&mid2=f56088de10f508450c772dfdc290e24fb765fb882b68&uid=d&appver=&modver=5.3.125.462&sign=360b234ed2d7c7100458a3db8cec87d4&from=tp_scbybt&forcetick=38294421

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/upload.jpg

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/main.css?t=20210323

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/bg.jpg

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/news-bg.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/log_btn.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/reg.jpg?t=20200105

GET 200 http://cdn-wan.ludashi.com/assets/superjs/config.js?v=20210527

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/button_right.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/nav01.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/hovers.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/nav03.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/nav04.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_reg_pwd.png?t=20191021

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_reg_code.png?t=20191021

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/checkbox.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/third_qq.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/third_weixin.png

GET 200 http://cdn-file.ludashi.com/assets/jquery/jquery183.js

GET 200 http://cdn-file.ludashi.com/assets/sea/sea.js

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/button_left.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/nav02.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_log_act.png?t=20191021

GET 404 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/line.png

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_log_pwd.png?t=20191021

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_reg_act.png?t=20191021

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/input_log_code.png?t=20191021

POST 200 http://wan.ludashi.com/api/CheckGameStatus?callback=jQuery18304274775074992668_1623743310671

GET 200 http://wan.ludashi.com/announce/list?callback=jQuery18304274775074992668_1623743310672&type=2&gid=cqbz&skip=0&num=5&_=1623743312955

GET 200 http://s.ludashi.com/wan?type=accurate&action=t0&channel=tp&from=tp_repush_wd_cqbz_528&mid=6d265a9f1396f919574a9f73e7d7fa5d&appver=5.3.125.462&uid=0&game=cqbz&timestamp=1623743312959&ex_ary[guid]=

GET 200 http://cdn-file.ludashi.com/wan/micro/cqbz/assets_lds/cir.png

GET 200 http://i.ludashi.com/ajax/gettoken?user_from=youxi&callback=jQuery18304274775074992668_1623743310671&_=1623743313409

GET 200 http://s.ludashi.com/wan?type=accurate&action=t1&channel=tp&from=tp_repush_wd_cqbz_528&mid=6d265a9f1396f919574a9f73e7d7fa5d&appver=5.3.125.462&uid=0&game=cqbz&timestamp=1623743322985&ex_ary[guid]=

GET 200 http://s.ludashi.com/wan?type=accurate&action=t2&channel=tp&from=tp_repush_wd_cqbz_528&mid=6d265a9f1396f919574a9f73e7d7fa5d&appver=5.3.125.462&uid=0&game=cqbz&timestamp=1623743342984&ex_ary[guid]=

GET 200 http://s.ludashi.com/wan?type=accurate&action=t3&channel=tp&from=tp_repush_wd_cqbz_528&mid=6d265a9f1396f919574a9f73e7d7fa5d&appver=5.3.125.462&uid=0&game=cqbz&timestamp=1623743373002&ex_ary[guid]=

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 180.163.122.224:80 -> 192.168.56.102:49813	2014819	ET INFO Packed Executable Download	Misc activity
TCP 115.238.192.239:80 -> 192.168.56.102:49808	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 180.163.122.224:80 -> 192.168.56.102:49813	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 180.163.122.224:80 -> 192.168.56.102:49813	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.102:49835 -> 115.238.192.248:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49835 115.238.192.248:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018	CN=*.ludashi.com	de:bb:03:64:46:22:7a:b6:88:99:ca:90:fc:d7:1b:f7:af:40:25:e3

Snort Alerts

No Snort Alerts