popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 15 DNS 0 TCP 12 UDP 4 HTTP 0 ICMP 3 IRC 0 Suricata Snort
IP Address Status Action
104.248.225.227 Active Moloch
110.235.83.107 Active Moloch
134.122.119.23 Active Moloch
160.16.143.191 Active Moloch
165.22.73.229 Active Moloch
190.90.233.66 Active Moloch
195.77.239.39 Active Moloch
196.44.98.190 Active Moloch
202.28.34.99 Active Moloch
202.29.239.162 Active Moloch
210.57.209.142 Active Moloch
37.44.244.177 Active Moloch
62.171.178.147 Active Moloch
87.106.97.83 Active Moloch
88.217.172.165 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

Source Destination ICMP Type Data
37.44.244.177 192.168.56.103 3
37.44.244.177 192.168.56.103 3
37.44.244.177 192.168.56.103 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49175 -> 165.22.73.229:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49176 -> 165.22.73.229:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 165.22.73.229:8080 -> 192.168.56.103:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 160.16.143.191:7080 -> 192.168.56.103:49181 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 134.122.119.23:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49196 -> 202.29.239.162:443 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 192.168.56.103:49196 -> 202.29.239.162:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49180 -> 160.16.143.191:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 134.122.119.23:8080 -> 192.168.56.103:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 202.29.239.162:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49179 -> 160.16.143.191:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 202.29.239.162:443 -> 192.168.56.103:49197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 134.122.119.23:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts