NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
162.55.60.2	Active	Moloch
136.143.186.12	Active	Moloch
164.124.101.2	Active	Moloch
184.168.113.171	Active	Moloch
185.26.122.80	Active	Moloch
185.53.178.54	Active	Moloch
192.145.237.146	Active	Moloch
195.110.124.133	Active	Moloch
20.239.76.242	Active	Moloch
37.220.1.68	Active	Moloch
45.33.6.223	Active	Moloch
66.29.131.66	Active	Moloch
84.32.84.32	Active	Moloch
98.124.224.17	Active	Moloch

Name	Response	Post-Analysis Lookup
www.ketotop5reviews.com	CNAME ketotop5reviews.com A 192.145.237.146	192.145.237.146
www.tugrow.top	A 66.29.131.66	66.29.131.66
www.morubixaba.com	A 84.32.84.32 CNAME morubixaba.com	84.32.84.32
www.dsgdltrg.top	A 20.239.76.242	20.239.76.242
www.selectenoil.ru	A 185.26.122.80	185.26.122.80
www.amateurshow.online	A 37.220.1.68	37.220.1.68
www.kbtcoin.store	A 98.124.224.17
www.redhelpers.com	A 185.53.178.54	185.53.178.54
www.grandiosoyacht.com	CNAME grandiosoyacht.com A 195.110.124.133	195.110.124.133
www.my-bbs.com	CNAME zhs.zohosites.com A 136.143.186.12	136.143.186.12
www.fatimaest.com	CNAME fatimaest.com A 184.168.113.171	184.168.113.171
www.sqlite.org	A 45.33.6.223	45.33.6.223

TCP Requests

UDP Requests

POST 200 http://www.redhelpers.com/hjdr/

GET 200 http://www.redhelpers.com/hjdr/?JoeyZNb=YpqjTLELgUY/d4HafFE0oWZw/2NHDnY7eLtpu3Vtdcx4Jmz4rSZ5sKv2kTetxC3MAYUYmW4b6AXmlFI5jsCc5u3R6xF6PL4DkSBTPts=&kiz0=gXOMyhyi

GET 200 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip

POST 404 http://www.kbtcoin.store/hjdr/

GET 404 http://www.kbtcoin.store/hjdr/?JoeyZNb=OwT5fv3sMTyOF+WfoJr7V4VQqd+KzZL/KnHGdxnHtEh6vKw2S4OQP3sFw22/E53lopKvyHA6/BpX1iqNoYoz3wrhxCmlsV1/FTq7bdo=&kiz0=gXOMyhyi

POST 404 http://www.grandiosoyacht.com/hjdr/

GET 404 http://www.grandiosoyacht.com/hjdr/?JoeyZNb=ZIVepfGD+AffZCHV3Ol2oKUOXbfpNq4HeENG2f+1jk6NDjMSW9zSeGZmFetCeOX/fHb8BZzbaKu2Gddb3M9ccYXeJy9E2DDJWKKyeEo=&kiz0=gXOMyhyi

POST 404 http://www.my-bbs.com/hjdr/

GET 404 http://www.my-bbs.com/hjdr/?JoeyZNb=gZwhwv+rj0JfbTlqQcvCJrahgucLKkM9Bn0g5rP7m3ePlM4d2wH7QHnXu7wnbI4S+7v4pDbRSdO7OKXzsqAdXWWFdviCngERcentyWw=&kiz0=gXOMyhyi

POST 404 http://www.ketotop5reviews.com/hjdr/

GET 301 http://www.ketotop5reviews.com/hjdr/?JoeyZNb=Yijs5dzIRgyLtiEm8YVKzxzJARaaz1ygyQUAo47Y9YLXxcdZabP3kXt0loAI/PeeKKlEWCnqNGNFZU2DmCnSgcsd1psmTY3qHW8m6k0=&kiz0=gXOMyhyi

POST 0 http://www.morubixaba.com/hjdr/

GET 200 http://www.morubixaba.com/hjdr/?JoeyZNb=64l4nBwickRj5+B55yI4aT/AdbB/zOm/2hMG5E84rPCqZYVtS3+3gGKYYg0k5NU9ycD4+LRnqZYt8h6mEz9Kk96FRyUaLOgeH1rhAn8=&kiz0=gXOMyhyi

POST 404 http://www.tugrow.top/hjdr/

GET 404 http://www.tugrow.top/hjdr/?JoeyZNb=2Lz3cRNcgovZAvoxkyTJJkVbnS/f0a6U88mjUIjg2Los90+Pf0cBdPH279Q+Q6Q5Wf8ziDEK77rXCjEWctJre0mQm9v094R3uDXqBk4=&kiz0=gXOMyhyi

POST 404 http://www.fatimaest.com/hjdr/

GET 301 http://www.fatimaest.com/hjdr/?JoeyZNb=n5l8tCTW94Gw/giJefkHUbcRETzENs4hM9d2TK2mvTwTwL/1t4K1O3bDrGWsk3Qh+CJ6/CMThOr1qV0fFyX4yPVWltqTiQZmXL1as4k=&kiz0=gXOMyhyi

POST 301 http://www.amateurshow.online/hjdr/

GET 301 http://www.amateurshow.online/hjdr/?JoeyZNb=xX5SVKkWhoDut3GzBaDmppnEHsg/q+4SKSfyO6xSWbIBYORImKJaBpt9iPBmVz2FT2wLfcB9Y2Q6assiK3BzS8oN8k0Uh6RuPdoxrUM=&kiz0=gXOMyhyi

POST 404 http://www.selectenoil.ru/hjdr/

GET 404 http://www.selectenoil.ru/hjdr/?JoeyZNb=sypAAqbL6Kbr584vXjavsMmnNbwkS+CAk00myYDn5pA6KuObmwsMPbuKx5sNOB5qiBdVaRcAgh8i/dcpaiFWtM7VI0mAReEdx1J8t80=&kiz0=gXOMyhyi

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49178 -> 66.29.131.66:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
UDP 192.168.56.101:52815 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
UDP 192.168.56.101:51901 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts