popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 3 UDP 10 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
194.226.139.38 Active Moloch
Name Response Post-Analysis Lookup
ns3.ru.web.msk.host
A 194.226.139.38
194.226.139.38

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49209 -> 194.226.139.38:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49207 -> 194.226.139.38:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49208 -> 194.226.139.38:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49209
194.226.139.38:443 		C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network 6e:0c:84:88:6e:86:c3:40:00:28:15:f9:94:af:66:3c:96:f8:e4:f8
TLSv1
192.168.56.101:49207
194.226.139.38:443 		C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network 6e:0c:84:88:6e:86:c3:40:00:28:15:f9:94:af:66:3c:96:f8:e4:f8
TLSv1
192.168.56.101:49208
194.226.139.38:443 		C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network C=UA, ST=Default, L=Default, O=Brainy, CN=webhost2.msk.network 6e:0c:84:88:6e:86:c3:40:00:28:15:f9:94:af:66:3c:96:f8:e4:f8

Snort Alerts

No Snort Alerts