popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 6 DNS 1 TCP 0 UDP 17 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
217.10.68.145 Active Moloch
217.116.122.143 Active Moloch
79.141.72.138 Active Moloch
79.141.72.156 Active Moloch
79.141.72.52 Active Moloch
Name Response Post-Analysis Lookup
stun.sipgate.net
A 217.10.68.145
A 217.10.68.152
217.10.68.152

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:61481 -> 217.116.122.143:3479 2033078 ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 217.116.122.143:3479 -> 192.168.56.101:61481 2018908 ET INFO Session Traversal Utilities for NAT (STUN Binding Response) Generic Protocol Command Decode
UDP 217.10.68.145:3478 -> 192.168.56.101:61481 2016150 ET INFO Session Traversal Utilities for NAT (STUN Binding Response) Attempted User Privilege Gain
UDP 217.10.68.145:3478 -> 192.168.56.101:61481 2018908 ET INFO Session Traversal Utilities for NAT (STUN Binding Response) Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2018907 ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag true) Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2018905 ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true) Generic Protocol Command Decode
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain
UDP 192.168.56.101:61481 -> 217.10.68.145:3478 2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request) Attempted User Privilege Gain

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts