popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 9 UDP 11 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
3.131.207.170 Active Moloch
Name Response Post-Analysis Lookup
2.tcp.ngrok.io
A 3.131.207.170
52.14.18.129

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:61479 -> 164.124.101.2:53 2022642 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation
TCP 192.168.56.101:49205 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49201 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49203 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49208 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49204 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49202 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49209 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49206 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
UDP 192.168.56.101:59369 -> 164.124.101.2:53 2022642 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation
TCP 192.168.56.101:49207 -> 3.131.207.170:11797 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 3.131.207.170:11797 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts