popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 25 DNS 0 TCP 31 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
103.126.216.86 Active Moloch
103.224.241.74 Active Moloch
103.41.204.169 Active Moloch
103.71.99.57 Active Moloch
103.85.95.4 Active Moloch
104.248.225.227 Active Moloch
128.199.217.206 Active Moloch
139.196.72.155 Active Moloch
139.59.80.108 Active Moloch
165.232.185.110 Active Moloch
174.138.33.49 Active Moloch
175.126.176.79 Active Moloch
178.238.225.252 Active Moloch
178.62.112.199 Active Moloch
188.165.79.151 Active Moloch
188.225.32.231 Active Moloch
190.145.8.4 Active Moloch
196.44.98.190 Active Moloch
198.199.70.22 Active Moloch
202.134.4.210 Active Moloch
5.253.30.17 Active Moloch
54.37.106.167 Active Moloch
54.37.228.122 Active Moloch
62.171.178.147 Active Moloch
87.106.97.83 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49388 -> 188.165.79.151:443 2404310 ET CNC Feodo Tracker Reported CnC Server group 11 A Network Trojan was detected
TCP 192.168.56.101:49387 -> 188.165.79.151:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49388 -> 188.165.79.151:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 188.165.79.151:443 -> 192.168.56.101:49389 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49392 -> 196.44.98.190:8080 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 192.168.56.101:49392 -> 196.44.98.190:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 196.44.98.190:8080 -> 192.168.56.101:49394 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49396 -> 5.253.30.17:7080 2404320 ET CNC Feodo Tracker Reported CnC Server group 21 A Network Trojan was detected
TCP 192.168.56.101:49396 -> 5.253.30.17:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49397 -> 5.253.30.17:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49409 -> 104.248.225.227:8080 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.101:49409 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49408 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49383 -> 174.138.33.49:7080 2404308 ET CNC Feodo Tracker Reported CnC Server group 9 A Network Trojan was detected
TCP 192.168.56.101:49412 -> 54.37.106.167:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 104.248.225.227:8080 -> 192.168.56.101:49410 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49393 -> 196.44.98.190:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49416 -> 198.199.70.22:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49433 -> 178.62.112.199:8080 2404309 ET CNC Feodo Tracker Reported CnC Server group 10 A Network Trojan was detected
TCP 5.253.30.17:7080 -> 192.168.56.101:49398 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 178.62.112.199:8080 -> 192.168.56.101:49433 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 198.199.70.22:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 54.37.106.167:8080 -> 192.168.56.101:49414 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 103.224.241.74:8080 2404300 ET CNC Feodo Tracker Reported CnC Server group 1 A Network Trojan was detected
TCP 192.168.56.101:49455 -> 139.196.72.155:8080 2404303 ET CNC Feodo Tracker Reported CnC Server group 4 A Network Trojan was detected
TCP 192.168.56.101:49430 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49425 -> 103.224.241.74:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49455 -> 139.196.72.155:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 188.225.32.231:4143 -> 192.168.56.101:49464 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49431 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49456 -> 139.196.72.155:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49413 -> 54.37.106.167:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49460 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 139.196.72.155:8080 -> 192.168.56.101:49457 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 198.199.70.22:8080 -> 192.168.56.101:49418 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49427 -> 103.224.241.74:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49470 -> 103.126.216.86:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.224.241.74:8080 -> 192.168.56.101:49428 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts