popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 6 UDP 10 HTTP(S) 6 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
74.208.236.24 Active Moloch
Name Response Post-Analysis Lookup
prodownload.live
A 74.208.236.24
74.208.236.24
GET 200 http://prodownload.live/iam//index.php
REQUEST
RESPONSE
BODY 

            

        


    



        
            

    
        GET
        
        200
        http://prodownload.live/ixset.php?ip=175.208.134.150&mcid=1
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://prodownload.live/ixpkey.php
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://prodownload.live/ixptexts.php
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://prodownload.live/setad.php
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://prodownload.live/ixlive.php?uid=1
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.101:49202 ->
                74.208.236.24:80
            
            2029286
            ET MALWARE CrownAdPro CnC Activity M3
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.101:49203 ->
                74.208.236.24:80
            
            2029287
            ET MALWARE CrownAdPro CnC Activity M4
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.101:49199 ->
                74.208.236.24:80
            
            2029143
            ET MALWARE CrownAdPro CnC Activity M1
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.101:49201 ->
                74.208.236.24:80
            
            2029285
            ET MALWARE CrownAdPro CnC Activity M2
            Malware Command and Control Activity Detected
        

        
        

            
                TCP
                192.168.56.101:49204 ->
                74.208.236.24:80
            
            2029288
            ET MALWARE CrownAdPro CnC Activity M5
            Malware Command and Control Activity Detected
        

        
    




Suricata TLS


    
No Suricata TLS




                            
Snort Alerts


    
No Snort Alerts