popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 4 DNS 3 TCP 2 UDP 7 HTTP(S) 2 ICMP 12 IRC 0 Suricata Snort
IP Address Status Action
108.16.60.193 Active Moloch
162.159.137.232 Active Moloch
164.124.101.2 Active Moloch
208.95.112.1 Active Moloch
POST 100 https://discord.com/api/webhooks/1056590206893051904/2ybdaA7zXHVKpVJNM5j-1a4lW_FhpBXMYcNGIJpTvJx-GQGX3887N8vX1I_ea-w62qoK
REQUEST
RESPONSE
BODY 

            

        


    



        
        
            

    
        GET
        
        200
        http://ip-api.com/csv/?fields=status,query
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic




    

        Source
        Destination
        ICMP Type
        Data
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    
    

        108.16.60.193
        192.168.56.103
        3
        
    

    




                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                UDP
                192.168.56.103:50800 ->
                164.124.101.2:53
            
            2035465
            ET INFO Observed Discord Domain in DNS Lookup (discord .com)
            Misc activity
        

        
        

            
                TCP
                192.168.56.103:49163 ->
                162.159.137.232:443
            
            2035463
            ET INFO Observed Discord Domain (discord .com in TLS SNI)
            Misc activity
        

        
        

            
                TCP
                192.168.56.103:49163 ->
                162.159.137.232:443
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.103:49162 ->
                208.95.112.1:80
            
            2022082
            ET POLICY External IP Lookup ip-api.com
            Device Retrieving External IP Address Detected
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLS 1.2 

                192.168.56.103:49163 

                162.159.137.232:443
            		
            C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
            C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
            a3:ea:27:1a:3d:e8:8c:05:5e:1c:c8:1d:59:0e:d2:f2:a1:76:4d:2e
        

        
    





                            
Snort Alerts


    
No Snort Alerts