popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 1 DNS 0 TCP 103 UDP 3 HTTP 20 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
45.227.253.62 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49214 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49186 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49183 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49166 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49186 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49183 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49166 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49175 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49175 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49214 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49220 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49220 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49217 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49217 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49227 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49227 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49208 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49235 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49235 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49254 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49254 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49177 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49177 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49211 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49202 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49202 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49248 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49248 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49208 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49211 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49224 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49224 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.102:49230 -> 45.227.253.62:443 2013926 ET POLICY HTTP traffic on port 443 (POST) Potentially Bad Traffic
TCP 192.168.56.102:49230 -> 45.227.253.62:443 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts