popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 4 UDP 4 HTTP(S) 1 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
69.64.94.128 Active Moloch
74.201.28.92 Active Moloch
Name Response Post-Analysis Lookup
www.xenarmor.com
CNAME xenarmor.com
A 69.64.94.128
69.64.94.128
GET 431 http://www.xenarmor.com/xen-check-portable-license.php?key=øÞÞ~‚nr%5DE%1C²%12a¸Bô%0D%17X0%1E&email=SDÌã鋃Qa4i%19èQ˜†ûþóuÀc;êf:Í5$×rAV&productid=5701
REQUEST
RESPONSE
BODY 

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.103:49168 ->
                74.201.28.92:3569
            
            906200095
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
            undefined
        

        
        

            
                TCP
                192.168.56.103:49169 ->
                74.201.28.92:3569
            
            906200095
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
            undefined
        

        
        

            
                TCP
                192.168.56.103:49175 ->
                69.64.94.128:80
            
            2030616
            ET POLICY XenArmor Password Recovery License Check
            Potential Corporate Privacy Violation
        

        
        

            
                TCP
                192.168.56.103:49201 ->
                74.201.28.92:3569
            
            906200095
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
            undefined
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLS 1.2 

                192.168.56.103:49168 

                74.201.28.92:3569
            		
            CN=B2tp
            CN=B2tp
            a9:51:15:4c:b3:e1:b0:c2:63:da:2f:13:57:33:e2:1f:69:4a:59:80
        

        
        

            
                TLS 1.2 

                192.168.56.103:49169 

                74.201.28.92:3569
            		
            CN=B2tp
            CN=B2tp
            a9:51:15:4c:b3:e1:b0:c2:63:da:2f:13:57:33:e2:1f:69:4a:59:80
        

        
        

            
                TLS 1.2 

                192.168.56.103:49201 

                74.201.28.92:3569
            		
            CN=B2tp
            CN=B2tp
            a9:51:15:4c:b3:e1:b0:c2:63:da:2f:13:57:33:e2:1f:69:4a:59:80
        

        
    





                            
Snort Alerts


    
No Snort Alerts