NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.02 09:05
main.exe
05.02 09:05
pkbc.exe
05.02 09:05
knfl.exe
05.02 09:05
test2.ps1
05.02 09:05
pupa.pdf.lnk
05.02 09:05
ssasr.dll
05.02 08:05
가상자산 관련 외부평가위원 위촉 안내.h...
05.02 06:05
anchor.html
05.02 06:05
anchor.html
05.02 04:05
Synaptics.exe

Latest News
05.02 04:05
Injection as a way of ...
05.02 03:05
SGA그룹, 창립 22주년 ‘SGA 3....
05.02 03:05
아우토크립트, 중장비-로봇 보안 시장 수...
05.02 03:05
팔로알토 네트웍스, SASE 기반 보안 ...
05.02 03:05
Temu Ditches Chinese I...
05.02 03:05
윈스테크넷-으뜸정보기술, 클라우드 서비스...
05.02 03:05
Auslegungssache 133: T...
05.02 03:05
렙타일페어, 경상북도 경주시 HICO에서 개최
05.02 03:05
안랩, 세계 최대 사이버 보안 컨퍼런스 ...
05.02 03:05
국정원, 세계 최대 사이버 방어훈련 ‘락...

NetWork | ZeroBOX

IP Address	Status	Action
104.21.64.12	Active	Moloch
119.176.27.237	Active	Moloch
119.63.197.139	Active	Moloch
124.156.105.121	Active	Moloch
164.124.101.2	Active	Moloch
198.54.117.242	Active	Moloch
223.5.5.5	Active	Moloch
23.225.34.75	Active	Moloch
43.129.138.220	Active	Moloch

Name	Response	Post-Analysis Lookup
ip.cn	A 104.21.64.12 A 172.67.174.23	172.67.174.23
cdn.cuilet.com	A 23.225.34.75	23.225.34.75
cdn.sackow.com	A 23.225.34.75	23.225.34.75
21yp37sq.sched.sma.tdnsv5.com	A 119.176.27.237 A 116.196.150.173 A 123.6.37.172 A 14.205.93.60 A 116.196.152.179 A 60.13.97.138 A 116.136.189.55 A 112.84.131.219 A 119.176.27.126 A 119.188.149.190 A 113.201.158.62 A 119.188.150.101 A 42.177.83.115	60.13.97.138
58.common.gazigz.cn
sp0.baidu.com	CNAME www.a.shifen.com A 119.63.197.151 A 119.63.197.139 CNAME www.wshifen.com	119.63.197.139
site.ip138.com	A 124.156.105.121	124.156.105.121
apps.game.qq.com	A 43.129.138.220 CNAME ins-5qs8jncn.ias.tencent-cloud.net A 43.129.139.164	43.129.139.164
cdn.cuilet.com		23.225.34.75
d76b29f56b8bed99.gazigz.cn
cdn.qqb3.com	A 198.54.117.242	198.54.117.242

TCP Requests

UDP Requests

GET 200 https://site.ip138.com/domain/read.do?domain=cdn.cuilet.com&time=1724129865281

GET 200 https://ip.cn/api/index?ip=cdn.cuilet.com&type=1

GET 200 http://cdn.qqb3.com/API/General/client_log_user

GET 200 http://apps.game.qq.com/comm-htdocs/ip/get_ip.php

GET 200 http://cdn.qqb3.com/API/General/lsrpu

GET 200 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 404 http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 404 http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 404 http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 404 http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 404 http://cdn.sackow.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.qqb3.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.comhttp://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.comhttp://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.comhttp://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

GET 200 http://cdn.cuilet.comhttp://cdn.cuilet.com/api/filegoto1/d76b29f56b8bed99

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49183 -> 124.156.105.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:57081 -> 164.124.101.2:53	2047079	ET INFO External IP Check Domain in DNS Lookup (ip .cn)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49184 -> 104.21.64.12:443	2047080	ET INFO Observed External IP Lookup Domain (ip .cn in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49184 -> 104.21.64.12:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:57082 -> 8.8.8.8:53	2047079	ET INFO External IP Check Domain in DNS Lookup (ip .cn)	Device Retrieving External IP Address Detected
TCP 198.54.117.242:80 -> 192.168.56.101:49161	2527003	ET Threatview.io High Confidence Cobalt Strike C2 IP group 4	Misc Attack
TCP 192.168.56.101:49164 -> 119.63.197.139:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49183 124.156.105.121:443	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4	CN=site.ip138.com	1f:4a:7e:5a:dd:da:5b:38:e0:1d:40:26:d9:97:cc:dc:1c:db:bc:36
TLSv1 192.168.56.101:49184 104.21.64.12:443	C=US, O=Google Trust Services, CN=WE1	CN=ip.cn	15:f7:45:c7:89:82:91:c9:28:a1:91:a4:e0:c9:e1:00:f1:64:f3:a1
TLSv1 192.168.56.101:49164 119.63.197.139:443	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018	C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	ef:0f:be:13:02:e2:c4:d4:89:ba:8f:ba:88:ef:6f:95:dc:cf:7b:e0

Snort Alerts

No Snort Alerts