popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 26 DNS 0 TCP 33 UDP 4 HTTP 0 ICMP 3 IRC 0 Suricata Snort
IP Address Status Action
103.126.216.86 Active Moloch
103.224.241.74 Active Moloch
103.41.204.169 Active Moloch
103.71.99.57 Active Moloch
103.85.95.4 Active Moloch
104.248.225.227 Active Moloch
128.199.217.206 Active Moloch
139.196.72.155 Active Moloch
139.59.80.108 Active Moloch
165.232.185.110 Active Moloch
174.138.33.49 Active Moloch
175.126.176.79 Active Moloch
178.238.225.252 Active Moloch
178.62.112.199 Active Moloch
188.165.79.151 Active Moloch
188.225.32.231 Active Moloch
190.145.8.4 Active Moloch
196.44.98.190 Active Moloch
198.199.70.22 Active Moloch
202.134.4.210 Active Moloch
37.44.244.177 Active Moloch
5.253.30.17 Active Moloch
54.37.106.167 Active Moloch
54.37.228.122 Active Moloch
62.171.178.147 Active Moloch
87.106.97.83 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

Source Destination ICMP Type Data
37.44.244.177 192.168.56.101 3
37.44.244.177 192.168.56.101 3
37.44.244.177 192.168.56.101 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49385 -> 188.165.79.151:443 2404310 ET CNC Feodo Tracker Reported CnC Server group 11 A Network Trojan was detected
TCP 192.168.56.101:49389 -> 196.44.98.190:8080 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 192.168.56.101:49402 -> 104.248.225.227:8080 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.101:49402 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49385 -> 188.165.79.151:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49394 -> 5.253.30.17:7080 2404320 ET CNC Feodo Tracker Reported CnC Server group 21 A Network Trojan was detected
TCP 188.165.79.151:443 -> 192.168.56.101:49387 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 104.248.225.227:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49394 -> 5.253.30.17:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49390 -> 196.44.98.190:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49383 -> 174.138.33.49:7080 2404308 ET CNC Feodo Tracker Reported CnC Server group 9 A Network Trojan was detected
TCP 192.168.56.101:49420 -> 103.224.241.74:8080 2404300 ET CNC Feodo Tracker Reported CnC Server group 1 A Network Trojan was detected
TCP 104.248.225.227:8080 -> 192.168.56.101:49404 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 198.199.70.22:8080 -> 192.168.56.101:49413 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49389 -> 196.44.98.190:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.224.241.74:8080 -> 192.168.56.101:49420 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49386 -> 188.165.79.151:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49412 -> 198.199.70.22:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49393 -> 5.253.30.17:7080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49432 -> 139.196.72.155:8080 2404303 ET CNC Feodo Tracker Reported CnC Server group 4 A Network Trojan was detected
TCP 192.168.56.101:49418 -> 103.224.241.74:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 196.44.98.190:8080 -> 192.168.56.101:49391 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49419 -> 103.224.241.74:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49432 -> 139.196.72.155:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49408 -> 54.37.106.167:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 5.253.30.17:7080 -> 192.168.56.101:49395 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 54.37.106.167:8080 -> 192.168.56.101:49409 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49407 -> 54.37.106.167:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49436 -> 188.225.32.231:4143 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49411 -> 198.199.70.22:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49422 -> 178.62.112.199:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49431 -> 139.196.72.155:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 188.225.32.231:4143 -> 192.168.56.101:49437 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49440 -> 103.126.216.86:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49441 -> 103.126.216.86:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49424 -> 178.62.112.199:8080 2404309 ET CNC Feodo Tracker Reported CnC Server group 10 A Network Trojan was detected
TCP 178.62.112.199:8080 -> 192.168.56.101:49424 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 139.196.72.155:8080 -> 192.168.56.101:49433 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 103.126.216.86:443 -> 192.168.56.101:49442 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts