popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 25 DNS 0 TCP 33 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
103.75.201.2 Active Moloch
103.75.201.4 Active Moloch
110.232.117.186 Active Moloch
146.59.226.45 Active Moloch
158.69.222.101 Active Moloch
162.214.118.104 Active Moloch
164.68.99.3 Active Moloch
173.212.193.249 Active Moloch
176.56.128.118 Active Moloch
177.87.70.10 Active Moloch
185.157.82.211 Active Moloch
185.4.135.27 Active Moloch
185.8.212.130 Active Moloch
186.250.48.117 Active Moloch
192.99.251.50 Active Moloch
195.154.133.20 Active Moloch
196.218.30.83 Active Moloch
207.38.84.195 Active Moloch
209.126.98.206 Active Moloch
217.182.143.248 Active Moloch
31.24.158.56 Active Moloch
45.118.135.203 Active Moloch
46.55.222.11 Active Moloch
5.9.116.246 Active Moloch
51.91.7.5 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 185.4.135.27:8080 -> 192.168.56.103:49170 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 103.75.201.4:443 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.103:49193 -> 103.75.201.4:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49207 -> 46.55.222.11:443 2404317 ET CNC Feodo Tracker Reported CnC Server group 18 A Network Trojan was detected
TCP 192.168.56.103:49183 -> 103.75.201.2:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49215 -> 207.38.84.195:8080 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 103.75.201.2:443 -> 192.168.56.103:49184 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 207.38.84.195:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49187 -> 177.87.70.10:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 177.87.70.10:8080 -> 192.168.56.103:49189 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 103.75.201.4:443 -> 192.168.56.103:49194 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 186.250.48.117:7080 2404309 ET CNC Feodo Tracker Reported CnC Server group 10 A Network Trojan was detected
TCP 186.250.48.117:7080 -> 192.168.56.103:49201 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49182 -> 103.75.201.2:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49192 -> 103.75.201.4:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49200 -> 186.250.48.117:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49211 -> 176.56.128.118:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 176.56.128.118:443 -> 192.168.56.103:49212 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 217.182.143.248:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 217.182.143.248:8080 -> 192.168.56.103:49166 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.99.251.50:443 -> 192.168.56.103:49174 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 146.59.226.45:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49214 -> 207.38.84.195:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49169 -> 185.4.135.27:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49172 -> 192.99.251.50:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49173 -> 192.99.251.50:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49176 -> 146.59.226.45:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49199 -> 186.250.48.117:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49210 -> 176.56.128.118:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 207.38.84.195:8080 -> 192.168.56.103:49216 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 217.182.143.248:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49168 -> 185.4.135.27:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 146.59.226.45:443 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 177.87.70.10:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49204 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 46.55.222.11:443 -> 192.168.56.103:49206 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts