NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
54.225.165.85	Active	Moloch
92.62.115.177	Active	Moloch

Name	Response	Post-Analysis Lookup
sweyblidian.com	A 92.62.115.177 A 185.100.65.29	92.62.115.177
api.ipify.org	A 54.225.165.85 A 23.21.252.4 A 50.19.242.215 A 54.225.169.203 CNAME nagano-19599.herokussl.com A 54.225.155.255 A 50.16.249.42 CNAME elb097307-934924932.us-east-1.elb.amazonaws.com A 23.21.76.253 A 54.235.175.90	107.22.233.72

TCP Requests

UDP Requests

GET 200 http://api.ipify.org/?format=xml

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49806 -> 54.225.165.85:80	2029622	ET POLICY External IP Lookup (ipify .org)	Potential Corporate Privacy Violation
TCP 92.62.115.177:80 -> 192.168.56.102:49812	2031074	ET MALWARE Win32/Ficker Stealer Activity	A Network Trojan was detected
TCP 92.62.115.177:80 -> 192.168.56.102:49811	2031074	ET MALWARE Win32/Ficker Stealer Activity	A Network Trojan was detected
TCP 192.168.56.102:49811 -> 92.62.115.177:80	2031132	ET MALWARE Win32/Ficker Stealer Activity M3	A Network Trojan was detected
TCP 192.168.56.102:49812 -> 92.62.115.177:80	2031132	ET MALWARE Win32/Ficker Stealer Activity M3	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts