NetWork | ZeroBOX

IP Address	Status	Action
175.208.134.138	Active	Moloch
164.124.101.2	Active	Moloch
23.105.131.228	Active	Moloch
31.3.244.76	Active	Moloch

Name	Response	Post-Analysis Lookup
itisalllove.servepics.com	A 31.3.244.76	31.3.244.76
newme122.3utilities.com	A 23.105.131.228	23.105.131.228
newme1122.3utilities.com

UDP Requests

GET 200 http://itisalllove.servepics.com/georgia/city/reason.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:62008 -> 164.124.101.2:53	2028698	ET POLICY DNS Query to DynDNS Domain *.servepics .com	Potentially Bad Traffic
TCP 31.3.244.76:80 -> 192.168.56.102:49169	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
UDP 192.168.56.102:61848 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:63345 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:55103 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:51220 -> 164.124.101.2:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:56023 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:53172 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:60364 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:58643 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:57223 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:65483 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:61567 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:54232 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:51615 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:54374 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:60981 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:64845 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:51775 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:62172 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:57303 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:56111 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:56856 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:64444 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:56907 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.102:64077 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts