popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 5 DNS 4 TCP 3 UDP 10 HTTP(S) 1 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.192.141.1 Active Moloch
104.23.98.190 Active Moloch
164.124.101.2 Active Moloch
178.32.120.127 Active Moloch
185.65.135.248 Active Moloch
GET 200 https://bitbucket.org/Sanctam/sanctam/raw/0ceb71c1535ed3e19820cb4ba88d04169dbe5ca6/includes/xmrig
REQUEST
RESPONSE
BODY 

            

        


    



        
        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.102:49168 ->
                185.65.135.248:58899
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.102:49169 ->
                104.192.141.1:443
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.102:49172 ->
                104.23.98.190:443
            
            906200070
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
            undefined
        

        
        

            
                UDP
                192.168.56.102:62824 ->
                164.124.101.2:53
            
            2024789
            ET POLICY DNS request for Monero mining pool
            A Network Trojan was detected
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLS 1.2 

                192.168.56.102:49168 

                185.65.135.248:58899
            		
            C=US, O=Let's Encrypt, CN=R3
            CN=sanctam.net
            38:bc:f2:94:62:8a:02:9e:90:64:d5:0f:bc:00:83:12:36:86:2c:2a
        

        
        

            
                TLS 1.2 

                192.168.56.102:49169 

                104.192.141.1:443
            		
            C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
            unknown=Private Organization, unknown=US, unknown=Delaware, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org
            4e:6a:4c:3b:82:15:ef:df:97:38:5e:50:ef:b9:86:42:84:3b:89:f0
        

        
        

            
                TLS 1.3 

                192.168.56.102:49172 

                104.23.98.190:443
            		
            None
            None
            None
        

        
    





                            
Snort Alerts


    
No Snort Alerts