NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...
11.13 09:11
IT Sicherheitsnews tae...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
2025년 글로벌 인터넷플랫폼 동향 조사...
11.13 08:11
Amazon to Close Its Fr...

NetWork | ZeroBOX

IP Address	Status	Action
103.28.53.180	Active	Moloch
104.21.17.25	Active	Moloch
104.21.67.197	Active	Moloch
107.178.171.23	Active	Moloch
144.168.44.250	Active	Moloch
154.215.102.140	Active	Moloch
164.124.101.2	Active	Moloch
184.168.131.241	Active	Moloch
194.63.249.211	Active	Moloch
205.201.140.137	Active	Moloch
23.227.38.74	Active	Moloch
34.102.136.180	Active	Moloch
34.80.190.141	Active	Moloch
35.209.112.216	Active	Moloch

Name	Response	Post-Analysis Lookup
www.wounded-deer.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.templejc.space
www.multitraditional.com	CNAME multitraditional.com A 144.168.44.250	144.168.44.250
www.waaaghstore.com	CNAME www35.wixdns.net CNAME balancer.wixdns.net CNAME 47363d5c-balancer.wixdns.net CNAME td-balancer-ae1-190-141.wixdns.net A 34.80.190.141	34.80.190.141
www.shopcavo.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
kakosidobrosam.gq	A 104.21.67.197 A 172.67.180.37	104.21.67.197
www.tigersonindonesia.com	CNAME tigersonindonesia.com A 103.28.53.180	103.28.53.180
www.jjayphoto.com	A 154.215.102.140	154.215.102.140
www.wxsocial.net	CNAME wxsocial.net A 184.168.131.241	184.168.131.241
www.poetasamigosypensadores.com	CNAME poetasamigosypensadores.com A 35.209.112.216	35.209.112.216
www.m-midas.com	A 194.63.249.211	194.63.249.211
www.ossotasarim.com	CNAME www.ossotasarim.com.cdn.cloudflare.net A 104.21.17.25 A 172.67.219.157	172.67.219.157
www.dawnjarvisltd.com	CNAME us17-76bc7bfd-e6119fae940acdf99cd5171f5.pages.mailchi.mp CNAME terminator.capstone.com.akadns.net A 205.201.140.137 A 205.201.132.26	205.201.132.26
www.deliciousnukes.com	CNAME deliciousnukes.com A 34.102.136.180	34.102.136.180
www.seswebsite.com	A 107.178.171.23	107.178.171.23

TCP Requests

UDP Requests

GET 200 https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E322EE0C66235D8B40A9334F1FF263B9.html

GET 200 https://kakosidobrosam.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F6E7D76D7517CFB3E9EF1C0C7D4E0D6D.html

POST 301 http://www.dawnjarvisltd.com/ushb/

GET 301 http://www.dawnjarvisltd.com/ushb/?mHIx40=3SmC3UZByhcbL2mGDdoUlUv2kDP+K/S2WzQTgf/dbZLTYyxdpUCpCwWiKx+wC7XxiANrTe4Z&_jAPiL=UfgdTxvpJHM

POST 0 http://www.waaaghstore.com/ushb/

GET 404 http://www.waaaghstore.com/ushb/?mHIx40=d2db7vz8b4gdNrrt4qkzq0tG6Pmid53TShP84iPEhYJEnjJIFmT0kwvEdr2qbrsXJSoEJg75&_jAPiL=UfgdTxvpJHM

POST 0 http://www.shopcavo.com/ushb/

GET 403 http://www.shopcavo.com/ushb/?mHIx40=QYepAKqqZzG2kR/57317p6KhzVHBF5g+kyT5gGECjnJqX6eG1WlH3e963VsDQqp1ReenidM4&_jAPiL=UfgdTxvpJHM

POST 0 http://www.jjayphoto.com/ushb/

GET 200 http://www.jjayphoto.com/ushb/?mHIx40=l2QH2d7PUWvRkU9SKQdvN0s95WcJxjd9CPijL6arS0ynTjqyQUYKcLuVD3sUO6nj8FIa5lUc&_jAPiL=UfgdTxvpJHM

POST 0 http://www.poetasamigosypensadores.com/ushb/

GET 301 http://www.poetasamigosypensadores.com/ushb/?mHIx40=fbMAEC5I5bGZsvMeVZfdSh5kpbdGGNxOXI23Y+fwKREdh+1jMwB4L2byPtlzBsiu6rKFsHuZ&_jAPiL=UfgdTxvpJHM

POST 405 http://www.deliciousnukes.com/ushb/

GET 403 http://www.deliciousnukes.com/ushb/?mHIx40=CoY64qMwiO6SnAqEo6cwd7vVtOzq42WOKh1biPKYD71bz+rRFAinell2lJMFOMTK0ellYB+l&_jAPiL=UfgdTxvpJHM

POST 301 http://www.tigersonindonesia.com/ushb/

GET 301 http://www.tigersonindonesia.com/ushb/?mHIx40=LS6MOTI15xEst6X5E3hLeUbVHph5If8WCZS1PbHDLcXlz/LjLfM6q15glOfELeIimIqtDGOZ&_jAPiL=UfgdTxvpJHM

POST 0 http://www.ossotasarim.com/ushb/

GET 301 http://www.ossotasarim.com/ushb/?mHIx40=Kis9qagQgFI/pgEC90LDhBb2/hkn9V+B079wctmSP192jSk/5pov+dY2uUpHLbHPLnwA/Tk/&_jAPiL=UfgdTxvpJHM

GET 0 http://www.seswebsite.com/ushb/?mHIx40=TZZwrrhqgDwgA3wgZEkIn+5Y0i33oms/xFRek6mxYnSgwbHptw7FsqII1T+6/LgkP21MZkXY&_jAPiL=UfgdTxvpJHM

POST 0 http://www.wounded-deer.com/ushb/

GET 403 http://www.wounded-deer.com/ushb/?mHIx40=JW6wJS/fCyqdc2JhPnJNDDubHmZuYWrni9atbTQ1vgM5IXg85tcAFndz4NRwlP6sL42SfpTd&_jAPiL=UfgdTxvpJHM

POST 301 http://www.m-midas.com/ushb/

GET 301 http://www.m-midas.com/ushb/?mHIx40=KETTpM1456fImzG2o/HCqgJBte/IHmJz01Qx96IPJzNgkPHHpmXueOKRfDyrAPg68mjcbOiZ&_jAPiL=UfgdTxvpJHM

POST 0 http://www.multitraditional.com/ushb/

GET 301 http://www.multitraditional.com/ushb/?mHIx40=Oc4WjS4DBu5AvhP85U59EprkqoXzMyfsJMpdZ9aVqZv/kvrlgbGtP2m1bh6Ukc03AoFAKmiH&_jAPiL=UfgdTxvpJHM

POST 0 http://www.wxsocial.net/ushb/

GET 301 http://www.wxsocial.net/ushb/?mHIx40=jD+SQ9M5OhBQJ5/3QGxgtYDN3MBJME7yhC8sQwvm8GBIEkJ4Y0691HdGHFaX56NR4IeIxVKV&_jAPiL=UfgdTxvpJHM

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:62324 -> 164.124.101.2:53	2025104	ET INFO DNS Query for Suspicious .gq Domain	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 104.21.67.197:443	2025108	ET INFO Suspicious Domain (*.gq) in TLS SNI	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 104.21.67.197:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49199 104.21.67.197:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a2:99:7f:61:26:e9:24:3e:96:d0:98:83:eb:e0:35:eb:07:a8:19:f8

Snort Alerts

No Snort Alerts