popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 4 DNS 0 TCP 8 UDP 4 HTTP(S) 5 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
14.227.106.38 Active Moloch
165.143.163.99 Active Moloch
176.113.115.21 Active Moloch
176.113.115.25 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.
GET 200 https://176.113.115.21/V/sdkk5ywn1w/+iBH32vcXr87CL+YROcC3SO1z8sYve4b76amRKql5QDggj0I2AbinPxGpJbUpQllBVERtRx9KxUVyC8nK1a/109MZIB7ehXnhRA3u3fF/IMK5Pu2eHFKgJD6GNFhhJ8ea3akdd9FiO9eshpO8O7kUDRwSFsJBldB2jRI6xHsPmDHX7HIWLDBV7oSpPsNqfwQg==
REQUEST
RESPONSE
BODY 

            

        


    



        
        
            

    
        GET
        
        200
        http://176.113.115.25/bot/regex
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://176.113.115.25/bot/online?guid=TEST22-PC\\test22&key=f91c75a2c5026af6018d7440b3cc6388f9e5424369f44512d073daee9d5318de
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://176.113.115.25/bot/regex
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        200
        http://176.113.115.25/bot/online?guid=TEST22-PC\\test22&key=f91c75a2c5026af6018d7440b3cc6388f9e5424369f44512d073daee9d5318de
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.103:49170 ->
                176.113.115.25:80
            
            2039776
            ET MALWARE Laplas Clipper - SetOnline CnC Checkin
            A Network Trojan was detected
        

        
        

            
                TCP
                192.168.56.103:49199 ->
                176.113.115.25:80
            
            2039776
            ET MALWARE Laplas Clipper - SetOnline CnC Checkin
            A Network Trojan was detected
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLSv1 

                192.168.56.103:49162 

                176.113.115.21:443
            		
            CN=Fii Lvjfoqbbjhe/OU=Tjhv/ST=fkm/O=Kvhys/C=PP/L=Lt Jssugiiwmpduhq
            CN=Fii Lvjfoqbbjhe/OU=Tjhv/ST=fkm/O=Kvhys/C=PP/L=Lt Jssugiiwmpduhq
            87:92:71:13:3a:02:ae:b8:97:8a:f0:72:78:06:b8:98:df:f4:58:91
        

        
    





                            
Snort Alerts


    
No Snort Alerts