Click to jump to signature section
| Source: http://zer0bot.com/ | Avira URL Cloud: detection malicious, Label: phishing |
| Source: http://zer0bot.com/img/flags/PT.png | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/img/flags/EN.png | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/img/flags/ES.png | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/css/index.css | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/img/flags/CN.png | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/img/logo.png | Avira URL Cloud: Label: phishing |
| Source: https://zer0bot.com/ | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/img/background.png | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/favicon.ico | Avira URL Cloud: Label: phishing |
| Source: http://zer0bot.com/ | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is well-known and has a strong online presence., The legitimate domain for Netflix is 'netflix.com'., The provided URL 'zer0bot.com' does not match the legitimate domain for Netflix., The URL 'zer0bot.com' contains a zero in place of an 'o', which is a common tactic in phishing to mimic legitimate domains., The URL does not contain any reference to Netflix, which is suspicious., The presence of a PIN input field could indicate an attempt to collect sensitive information under false pretenses. DOM: 0.0.pages.csv |
| Source: http://zer0bot.com/ | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is well-known and has a strong online presence., The legitimate domain for Netflix is 'netflix.com'., The provided URL 'zer0bot.com' does not match the legitimate domain for Netflix., The URL 'zer0bot.com' contains a zero in place of an 'o', which is a common tactic in phishing URLs., The URL does not contain any reference to Netflix, which is suspicious., The presence of a PIN input field could indicate an attempt to capture sensitive information. DOM: 0.2.pages.csv |
| Source: http://zer0bot.com/ | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is well-known and has a strong online presence., The legitimate domain for Netflix is 'netflix.com'., The provided URL 'zer0bot.com' does not match the legitimate domain for Netflix., The URL 'zer0bot.com' contains a zero in place of an 'o', which is a common tactic in phishing to create a visually similar but fraudulent domain., The URL does not contain any reference to Netflix, which is suspicious given the brand association., The presence of a PIN input field could indicate an attempt to collect sensitive information under false pretenses. DOM: 0.3.pages.csv |
| Source: 0.6.d.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses `eval` to execute remote code, sends user data to external servers, and employs heavy obfuscation techniques. Additionally, the script's purpose is unclear and inconsistent with its apparent functionality, further increasing the risk. Overall, this script demonstrates a high level of malicious intent and should be treated with caution. |
| Source: http://zer0bot.com/ | HTTP Parser: Number of links: 0 |
| Source: http://zer0bot.com/ | HTTP Parser: Base64 decoded: http://zer0bot.com:80 |
| Source: http://zer0bot.com/ | HTTP Parser: Title: Netflix does not match URL |
| Source: http://zer0bot.com/ | HTTP Parser: Has password / email / username input fields |
| Source: http://zer0bot.com/ | HTTP Parser: Form action: login.php |
| Source: http://zer0bot.com/ | HTTP Parser: Form action: login.php |
| Source: http://zer0bot.com/ | HTTP Parser: No favicon |
| Source: http://zer0bot.com/ | HTTP Parser: No favicon |
| Source: http://zer0bot.com/ | HTTP Parser: No favicon |
| Source: http://zer0bot.com/ | HTTP Parser: No favicon |
| Source: http://zer0bot.com/ | HTTP Parser: No favicon |
| Source: http://zer0bot.com/ | HTTP Parser: No <meta name="author".. found |
| Source: http://zer0bot.com/ | HTTP Parser: No <meta name="author".. found |
| Source: http://zer0bot.com/ | HTTP Parser: No <meta name="copyright".. found |
| Source: http://zer0bot.com/ | HTTP Parser: No <meta name="copyright".. found |
| Source: chrome.exe | Memory has grown: Private usage: 7MB later: 51MB |
| Source: global traffic | TCP traffic: 192.168.2.9:58514 -> 162.159.36.2:53 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.215 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.73.143 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.19.104.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.215 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 162.159.36.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.141.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.17.190.73 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 142.250.186.35 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 13 Mar 2025 09:26:54 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1657set-cookie: PHPSESSID=af303dcf7898518da94a29303a4af8c9; path=/expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cachecontent-encoding: gzipvary: Accept-EncodingData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 58 5b 53 e3 b8 12 7e a7 8a ff a0 d5 3e b2 8e 27 e4 42 60 6c 76 18 c8 b2 99 9d 64 b8 64 29 76 5e 4e c9 92 6c 2b 91 25 23 29 b7 f9 5b e7 27 9c 3f 76 4a 76 9c 08 13 20 55 e7 52 b5 79 88 6d a9 bb d5 fd f5 c5 dd 3e 3c 08 7e 22 12 9b 55 4e 41 6a 32 7e 7e 78 10 d8 2b e0 48 24 21 a4 02 9e 1f 1e d8 35 8a c8 f9 e1 01 00 00 04 86 19 4e cf 47 d4 c4 9c 2d 03 bf 7c 5c ef 65 d4 20 80 53 a4 34 35 21 9c 99 d8 eb 41 e0 57 9c c5 ae 40 19 0d e1 9c d1 45 2e 95 81 00 4b 61 a8 30 21 5c 30 62 d2 90 d0 39 c3 d4 2b 1e 7e 01 4c 30 c3 10 f7 34 46 9c 86 cd 5f 80 4e 15 13 53 cf 48 2f 66 26 14 b2 94 be 3e 9d 33 31 05 a9 a2 71 08 53 63 72 7d e6 fb 98 88 c6 44 13 ca d9 5c 35 04 35 be c8 33 3f 92 d2 68 a3 50 fe a9 d3 68 35 8e 7d c2 b4 f1 b1 d6 db 8d 46 c6 44 03 6b 0d 81 a2 3c 84 da ac 38 d5 29 a5 06 02 26 0c 4d 14 33 ab 10 ea 14 b5 7a 6d 6f dc c2 dd 4b 39 60 dd d9 57 75 71 3a 16 74 d4 97 e8 e4 6e 29 90 f9 31 c1 57 f7 97 d9 75 73 f8 b8 bc bf 6b 5e 5f e8 c7 fe 83 7f b5 58 ac a6 f8 78 78 f3 47 6f 78 fc fb 08 02 ac a4 d6 52 b1 84 89 10 22 21 c5 2a 93 33 ed 20 a7 b1 62 b9 01 5a e1 ad 69 8b c5 a2 91 48 99 70 da c0 32 f3 15 c5 28 37 38 45 3e ca 59 63 a2 7f 4d 79 48 35 04 48 af 04 06 84 c6 54 9d 07 7e 29 a8 72 48 01 d8 0b 0b 4b 04 2d 1e 4c 10 ba 2c 71 d8 38 71 97 2a 3b 51 fe 94 cb 3c a7 6a a2 7d 2c 15 fd 74 dc 68 36 1b bd 12 eb 59 46 fc 72 b7 00 7a a2 77 c1 3a 38 e9 f7 1e 1e ae 7c a6 b3 bf c6 bf b5 d3 d1 e0 66 f2 90 fb df 27 f3 64 25 79 f7 e1 b7 f9 dd f4 d1 9f df 1d 3d e0 f6 e4 76 7a 79 94 3e 3c e1 e3 7c d8 fb 76 45 17 e8 54 bd 0a ab 0b c3 3a 72 f6 36 6a 67 e8 4c ea 91 b3 db a0 cf 9f 0d 3f a2 d7 5f ee 92 a7 db 8b 3f 87 cb 2f 27 f9 70 11 f5 57 fd bb 36 6f 26 47 df 9a 9d 9b a3 66 b7 9f 9f dc 9e de 1e fd 78 7a ec 26 f7 11 e9 75 66 ed ec ba 7d fb e3 f1 68 2f 83 02 7f 9d ab 87 07 41 24 c9 aa 72 b5 40 73 80 39 d2 3a 84 02 cd 23 a4 40 79 f1 e8 32 47 82 78 3c a9 16 08 52 53 08 8a 90 0f 61 2c 85 f1 34 fb 41 cf 40 b3 d1 a1 d9 47 90 23 42 98 48 ce c0 f1 87 7c f9 d1 d6 07 5b 15 ec 2f 20 6c 73 86 cd 6a c4 04 55 5e cc 67 8c b8 64 05 29 7a ae 8c 17 29 24 08 5c 27 ef cf 70 5b 5e 90 73 40 c1 19 cd 8c 91 a2 c6 |
Edit tour
chrome.exe (PID: 1952 cmdline: 
