NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
104.21.36.66	Active	Moloch
13.59.53.244	Active	Moloch
164.124.101.2	Active	Moloch
52.58.78.16	Active	Moloch
66.235.200.121	Active	Moloch
85.233.160.22	Active	Moloch

Name	Response	Post-Analysis Lookup
www.pegasusmustang.icu
www.pawfectweddingday.com	CNAME pawfectweddingday.com A 66.235.200.121	66.235.200.121
www.birworld.com	A 172.67.186.196 A 104.21.36.66	172.67.186.196
www.woodburybankruptcylawyer.com	A 52.58.78.16	52.58.78.16
www.ilearn-online.net	A 85.233.160.24 A 85.233.160.22 CNAME fwd3.hosts.co.uk A 85.233.160.23	85.233.160.22
www.wholeitaly.com	A 13.59.53.244 CNAME prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com A 3.143.123.90 A 18.119.87.32	3.143.123.90

TCP Requests

UDP Requests

POST 0 http://www.wholeitaly.com/gno4/

GET 404 http://www.wholeitaly.com/gno4/?4hIPNx=E0wmqjZ/tSyoDlBP4LYhfYpkZeQjBGQBk3/BLkEL7fo+9SBw3/N4xVcwHlHHqW/od4t3AXIt&nfut_N=xPJx_6PP

POST 200 http://www.ilearn-online.net/gno4/

GET 200 http://www.ilearn-online.net/gno4/?4hIPNx=3B2cNDucHr8z5Q1kju7M0bYTMmXODI/oRPM2NCfflpIYpoZfCkz+7l9iNcaIcgUCcEMAmp3f&nfut_N=xPJx_6PP

POST 0 http://www.pawfectweddingday.com/gno4/

GET 301 http://www.pawfectweddingday.com/gno4/?4hIPNx=q1DetQwdceRPWoytmhQ4nwfD+Z4EH5xXw2Ctr7u5RyW6HsSuiO9ckxpYxxO1za4hJkczZyUl&nfut_N=xPJx_6PP

POST 410 http://www.woodburybankruptcylawyer.com/gno4/

GET 410 http://www.woodburybankruptcylawyer.com/gno4/?4hIPNx=IX00HVZE6wNbZHoXEB5NAw0ghhV/6sfnbQoOE50bd3DvkQc+f/6CS20MU3b9Ys97YVAzlRrq&nfut_N=xPJx_6PP

POST 0 http://www.birworld.com/gno4/

GET 404 http://www.birworld.com/gno4/?4hIPNx=7Bwa5rl2dbMxzce1f9bdhEV4tVywZ6cDJS3P1JuiERFNLVrtvFTVSz7FmGC37GENo4kdSeM/&nfut_N=xPJx_6PP

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59369 -> 164.124.101.2:53	2026888	ET INFO DNS Query for Suspicious .icu Domain	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts