popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 8 DNS 0 TCP 15 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
103.133.214.242 Active Moloch
103.8.26.17 Active Moloch
104.248.225.227 Active Moloch
116.124.128.206 Active Moloch
134.122.119.23 Active Moloch
178.62.112.199 Active Moloch
188.225.32.231 Active Moloch
195.154.146.35 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49172 -> 134.122.119.23:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49173 -> 134.122.119.23:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 134.122.119.23:8080 -> 192.168.56.101:49174 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49177 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 104.248.225.227:8080 -> 192.168.56.101:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49181 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 188.225.32.231:4143 -> 192.168.56.101:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 178.62.112.199:8080 2404307 ET CNC Feodo Tracker Reported CnC Server group 8 A Network Trojan was detected
TCP 192.168.56.101:49185 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49186 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 178.62.112.199:8080 -> 192.168.56.101:49187 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49189 -> 116.124.128.206:8080 2404302 ET CNC Feodo Tracker Reported CnC Server group 3 A Network Trojan was detected
TCP 192.168.56.101:49189 -> 116.124.128.206:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 116.124.128.206:8080 -> 192.168.56.101:49191 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 116.124.128.206:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts