popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 4 DNS 2 TCP 1 UDP 7 HTTP 0 ICMP 24 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
185.157.160.198 Active Moloch
202.165.107.50 Active Moloch
216.58.200.68 Active Moloch

No traffic

ICMP traffic

Source Destination ICMP Type Data
192.168.56.103 202.165.107.50 8 abcdefghijklmnopqrstuvwabcdefghi
202.165.107.50 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 202.165.107.50 8 abcdefghijklmnopqrstuvwabcdefghi
202.165.107.50 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 202.165.107.50 8 abcdefghijklmnopqrstuvwabcdefghi
202.165.107.50 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 202.165.107.50 8 abcdefghijklmnopqrstuvwabcdefghi
202.165.107.50 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 204.79.197.200 8 abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 204.79.197.200 8 abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 204.79.197.200 8 abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 204.79.197.200 8 abcdefghijklmnopqrstuvwabcdefghi
204.79.197.200 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 216.58.200.68 8 abcdefghijklmnopqrstuvwabcdefghi
216.58.200.68 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 216.58.200.68 8 abcdefghijklmnopqrstuvwabcdefghi
216.58.200.68 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 216.58.200.68 8 abcdefghijklmnopqrstuvwabcdefghi
216.58.200.68 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi
192.168.56.103 216.58.200.68 8 abcdefghijklmnopqrstuvwabcdefghi
216.58.200.68 192.168.56.103 0 abcdefghijklmnopqrstuvwabcdefghi

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49168 -> 185.157.160.198:1973 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49168
185.157.160.198:1973 		CN=Aggg5644 CN=Aggg5644 60:9f:56:d0:68:fd:c8:8a:a5:4b:bb:55:9f:2a:d9:ad:ed:dc:71:cf

Snort Alerts

No Snort Alerts