popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 1 UDP 8 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
79.134.225.103 Active Moloch
Name Response Post-Analysis Lookup
postal-26.ioomoo.xyz
A 79.134.225.103
79.134.225.103

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49171 -> 79.134.225.103:6443 906200098 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.102:49171
79.134.225.103:6443 		CN=remotecert CN=remotecert bf:c7:8d:1e:b6:63:1b:f1:75:50:47:4f:f4:35:1b:96:20:7e:98:f3

Snort Alerts

No Snort Alerts