NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.03 01:05
奇安信情报沙箱.html
05.03 12:05
Download Microsoft Edg...
05.02 09:05
Portal Orzeczeń Sądu R...
05.02 09:05
Portal Orzeczeń Sądu R...
05.02 05:05
dd.exe
05.02 05:05
ff.exe
05.02 05:05
FJHFFRR.exe
05.02 05:05
ZXCDW12.exe
05.02 09:05
main.exe
05.02 09:05
pkbc.exe

Latest News
05.03 01:05
Preparing for the Next...
05.03 12:05
구글 크롬 브라우저 확장 프로그램 mcp...
05.03 12:05
Pro-Russian hacktivist...
05.03 12:05
Malware gains persiste...
05.03 12:05
Malicious npm package ...
05.03 12:05
Malicious PyPi, npm pa...
05.03 12:05
Harrods discloses cybe...
05.03 12:05
Cyber attack disrupts ...
05.03 12:05
Apple issues global sp...
05.03 12:05
Suspected cyberattack ...

NetWork | ZeroBOX

IP Address	Status	Action
116.255.160.63	Active	Moloch
164.124.101.2	Active	Moloch
58.218.215.167	Active	Moloch
61.160.192.103	Active	Moloch
8.210.224.3	Active	Moloch

Name	Response	Post-Analysis Lookup
bakad.qqfarmer.com.cn	A 116.255.160.63	116.255.160.63
images.qqfarmer.com.cn	A 61.160.192.103 CNAME images.qqfarmer.com.cn.w.kunlunca.com	61.160.192.103
down.qqfarmer.com.cn	A 58.218.215.168 A 180.101.203.233 A 58.218.215.167 A 180.101.203.220 A 61.160.192.115 A 58.218.215.165 A 180.101.203.234 CNAME down.qqfarmer.com.cn.w.kunlunea.com A 61.160.192.117 A 61.160.192.116 A 61.160.192.114 A 61.160.192.118 A 58.218.215.158 A 180.101.203.202 A 58.218.215.140 A 180.101.203.203	180.101.203.232
ad.qqfarmer.com.cn	A 8.210.224.3	8.210.224.3

TCP Requests

UDP Requests

POST 200 http://ad.qqfarmer.com.cn/login.php?id=p&r=0.368447953602299

POST 200 http://ad.qqfarmer.com.cn/login.php?id=v&r=0.494936139322817

POST 200 http://ad.qqfarmer.com.cn/login.php?id=n&r=0.480842764023691

POST 200 http://ad.qqfarmer.com.cn/login.php?id=l&r=0.560313974739984

POST 200 http://ad.qqfarmer.com.cn/login.php?id=x&r=0.44646016205661

GET 200 http://down.qqfarmer.com.cn/libeay32_0626_5f86d65a1686e6bb031048d04bb3fe04.xml?r=0.313291363418102

GET 200 http://images.qqfarmer.com.cn/504486-20170712112840415-1890262410.gif

GET 200 http://images.qqfarmer.com.cn/504486-20162218235650745-1529273276.gif

GET 200 http://images.qqfarmer.com.cn/hongbao_nav.gif

GET 200 http://images.qqfarmer.com.cn/504486-20161218235650745-1529273276.gif

GET 200 http://down.qqfarmer.com.cn/ssleay32_0626_e503921a6061251302cb45772cb75f42.xml?r=0.329597188392654

GET 200 http://ad.qqfarmer.com.cn/xml/encrypt.js?r=0.952554038958624

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	116.255.160.63	8	#
116.255.160.63	192.168.56.103	0	#
192.168.56.103	8.210.224.3	8	#
8.210.224.3	192.168.56.103	0	#

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 58.218.215.167:80 -> 192.168.56.103:49170	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 58.218.215.167:80 -> 192.168.56.103:49176	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts