NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
139.144.16.247	Active	Moloch
164.124.101.2	Active	Moloch
3.134.125.175	Active	Moloch

Name	Response	Post-Analysis Lookup
0.tcp.ngrok.io	A 3.134.125.175	3.134.39.220

TCP Requests

UDP Requests

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

GET 200 http://139.144.16.247/thisisahiddendirectory/Connection.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2022642	ET INFO DNS Query to a *.ngrok domain (ngrok.io)	Potential Corporate Privacy Violation
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2022642	ET INFO DNS Query to a *.ngrok domain (ngrok.io)	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts