popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 8 DNS 0 TCP 9 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.168.155.143 Active Moloch
144.202.108.116 Active Moloch
149.56.131.28 Active Moloch
164.90.222.65 Active Moloch
172.105.226.75 Active Moloch
196.218.30.83 Active Moloch
207.148.79.14 Active Moloch
213.239.212.5 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49395 -> 213.239.212.5:443 2404314 ET CNC Feodo Tracker Reported CnC Server group 15 A Network Trojan was detected
TCP 192.168.56.101:49393 -> 104.168.155.143:8080 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.101:49395 -> 213.239.212.5:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49398 -> 172.105.226.75:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49405 -> 149.56.131.28:8080 2404306 ET CNC Feodo Tracker Reported CnC Server group 7 A Network Trojan was detected
TCP 172.105.226.75:8080 -> 192.168.56.101:49400 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49402 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49403 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 149.56.131.28:8080 -> 192.168.56.101:49404 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 164.90.222.65:443 2404307 ET CNC Feodo Tracker Reported CnC Server group 8 A Network Trojan was detected
TCP 192.168.56.101:49392 -> 144.202.108.116:8080 2404304 ET CNC Feodo Tracker Reported CnC Server group 5 A Network Trojan was detected
TCP 192.168.56.101:49394 -> 213.239.212.5:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 213.239.212.5:443 -> 192.168.56.101:49396 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49399 -> 172.105.226.75:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts