NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 10:11
Strengthening Supply C...
11.20 10:11
Strengthening Supply C...
11.20 10:11
AI Boom Turns Power Fi...
11.20 10:11
Lazard to Advise GoCar...
11.20 09:11
Malicious QR codes
11.20 09:11
Vista Said to Near Log...
11.20 09:11
Microsoft Launches Win...
11.20 09:11
Enhancing Cyber Resili...
11.20 09:11
VCs Look to Secondary ...
11.20 09:11
An Animated Walkthroug...

NetWork | ZeroBOX

IP Address	Status	Action
123.58.214.101	Active	Moloch
154.212.44.122	Active	Moloch
164.124.101.2	Active	Moloch
185.245.180.25	Active	Moloch
203.161.55.102	Active	Moloch
35.241.42.217	Active	Moloch
38.47.207.132	Active	Moloch
38.47.232.178	Active	Moloch
38.47.232.233	Active	Moloch
45.33.6.223	Active	Moloch

Name	Response	Post-Analysis Lookup
www.gospelstudygroup.org	A 185.245.180.25 CNAME hks369amp.online	185.245.180.25
www.tqfabxah.com	A 35.241.42.217	35.241.42.217
www.aritum.top	A 203.161.55.102	203.161.55.102
www.ay62m.top	CNAME ay62m.top A 38.47.207.132	38.47.207.132
www.winnscce.com	A 123.58.214.101	123.58.214.101
www.ybw73.top	CNAME ybw73.top A 38.47.232.233	38.47.232.233
www.carolinappttery.com	A 123.58.214.101	123.58.214.101
www.yedurrum.xyz
www.sjzsls.com	A 154.212.44.122	154.212.44.122
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.w90dm.top	CNAME w90dm.top A 38.47.232.178	38.47.232.178

TCP Requests

UDP Requests

POST 404 http://www.sjzsls.com/9ypd/

GET 404 http://www.sjzsls.com/9ypd/?PJd=Fp4YMLPzXpbUfY9ET0WH3a72p3fXf7YhU2uVF/1Su8SRdO97GHvogqvz+96x72oMEQq3eHyW0zw8RVfXjuFBE/DSpz5ZNszOE2hxgYcLkAt/YsxuqXlLrzOhs3BZhOu+6KXTzoA=&roo=krO0qmwhIp_LJR2y

GET 200 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip

POST 404 http://www.winnscce.com/xk70/

GET 404 http://www.winnscce.com/xk70/?PJd=E9dNAQXSau8gxD7ycO4dLfQfH5YRjq6/aXbIhWqdNKhuK+zum8oLAEgkUh6j+ec/Dsz5NNoJPY83q7uKVhR+kQSzALNmdhL2cm95N3pKuY1dSsInVS8QGD1t6OErSJExWBCOe4E=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.w90dm.top/8ms4/

GET 404 http://www.w90dm.top/8ms4/?PJd=udGRhKSFzWywOShfg4LrArlkOSU57jdgfHHoAEODJUB2/fB/f7uvWahs0ChcgR3p3uHY1bC8mP+rUPbsneCLatPp1qyYsRzD0wOOKHTt4GdecEtntAcROmt09OnVjaXmhkctiwE=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.ay62m.top/orwn/

GET 404 http://www.ay62m.top/orwn/?PJd=3cBNLJTm2SpTWV5+FkCnTYkROdg55TQjKQDEk1HDa97easJD35wZE2GMsxRselnzvm7j4PFdEanRmF1YrarFthUoWpYtpzXpGMx8vyWuQ49fEDOcUJzL6xCqo7J2o8DZINEYFF8=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.carolinappttery.com/q380/

GET 404 http://www.carolinappttery.com/q380/?PJd=ehUrFCKl0QR4T29AJZh5dRT/ZDPm9qTvUW59H2BhLEsiO0kIW28uNcfa56DEKhzH0iD+lYFdD8RRxblUIft60LyxhWLZTQGF9CEZTcwXHMEEzcDS8bPwZbiqnYj5NbIEEA54k2w=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.ybw73.top/zfmd/

GET 404 http://www.ybw73.top/zfmd/?PJd=Wy9Xy0arXTA/u2vvBYrKIOUBpzUpOEWJyNtxnnOaFAzOmZ+G/QUaP7IPedalQRfZTnOTlfhQhpBKLAk/X9K39OImH5VRArdmcUQpro/j/mKcwsNXkqPqNRMPQWcketlQaFqDwMQ=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.aritum.top/f2qc/

GET 404 http://www.aritum.top/f2qc/?PJd=+PlbwI8tNruUpga2nartzvIoOczIwOvbU1ANxXfMuvMQEzSRrWQM3cmspk1IFvcCMV40t1yig50Ax37YShWjrdIjOvIEgJJROzqkte3OBXYcjah0B7lnBY2SKVXOZr2cpq5/qwU=&roo=krO0qmwhIp_LJR2y

POST 405 http://www.tqfabxah.com/f5wa/

GET 200 http://www.tqfabxah.com/f5wa/?PJd=gvfimVYyVoaIA6LSQiLyJJ4rCFA+SDI9PWBc8jEgnhWVxILhAYweklxvvqcAelfwJ0IvmpbMteemAhVl67fWtrB9/BgWrmQnFTV5QmYGhYRFat8wsaPDvDNh/p04Lm04k2miCbo=&roo=krO0qmwhIp_LJR2y

POST 404 http://www.gospelstudygroup.org/qmdw/

GET 404 http://www.gospelstudygroup.org/qmdw/?PJd=kZQE5+J7NyHk1VKpZsdFopgUcfLAHlvR1AW0jxdBnvp4EB411rckL9DsM1GhyImy3YF39ksngIoiWe7h2+CLHpk3uYhNkgQe0XYv/yb90vBP9OLAjjQiCyGhN1bVP2EzpaLZrOo=&roo=krO0qmwhIp_LJR2y

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:61950 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 38.47.232.178:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 203.161.55.102:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
UDP 192.168.56.101:58297 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts