NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
104.16.12.194	Active	Moloch
164.124.101.2	Active	Moloch
198.49.23.145	Active	Moloch
34.102.136.180	Active	Moloch
75.2.73.220	Active	Moloch

Name	Response	Post-Analysis Lookup
www.procircleacademy.com	CNAME target.clickfunnels.com A 104.16.15.194 A 104.16.16.194 A 104.16.12.194 A 104.16.13.194 A 104.16.14.194	104.16.13.194
www.a3i7ufz4pt3.net
www.totally-seo.com	A 198.49.23.145 CNAME ext-sq.squarespace.com A 198.185.159.144 A 198.49.23.144 A 198.185.159.145	198.49.23.144
www.zmzcrossrt.xyz	A 75.2.73.220 CNAME ytptranspx.xshoppy.shop	99.83.183.31
www.thesoulrevitalist.com	A 34.102.136.180 CNAME thesoulrevitalist.com	34.102.136.180

TCP Requests

UDP Requests

POST 502 http://www.totally-seo.com/p2io/

GET 400 http://www.totally-seo.com/p2io/?VPXhs=TySV6YYxUBKYb4HOwOCoDLKT5SC+Z4HfI/KqKrWSPqp5raNcMGgDmwJErp1xJY1yPtBpBPJW&nHLD_L=8p-HvnrH7hptqnk

POST 0 http://www.zmzcrossrt.xyz/p2io/

GET 301 http://www.zmzcrossrt.xyz/p2io/?VPXhs=tbodHACq9TgEm1QCflemmH955SxRRtof3zi2445TBfF16F/HFiIOFPSeH8a5z8Uvje9sxZdT&nHLD_L=8p-HvnrH7hptqnk

POST 0 http://www.procircleacademy.com/p2io/

GET 302 http://www.procircleacademy.com/p2io/?VPXhs=tgVoMP8jv8oJh0LH0MPWwDnGYGbnfEGTJ+yRL/Ijcc1+MHyU0MyQxKIFLUwq3WzUPcz2/uvN&nHLD_L=8p-HvnrH7hptqnk

POST 405 http://www.thesoulrevitalist.com/p2io/

GET 403 http://www.thesoulrevitalist.com/p2io/?VPXhs=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr&nHLD_L=8p-HvnrH7hptqnk

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49208 -> 75.2.73.220:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts