popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 7 DNS 2 TCP 5 UDP 5 HTTP(S) 4 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.20.67.143 Active Moloch
164.124.101.2 Active Moloch
178.32.215.165 Active Moloch
185.159.130.81 Active Moloch
208.95.112.1 Active Moloch
46.173.218.172 Active Moloch
84.252.73.140 Active Moloch
GET 200 https://pastebin.com/raw/aCZb2pjR
REQUEST
RESPONSE
BODY 

            

        


    



        
        
            

    
        GET
        
        200
        http://ip-api.com/json/?fields=query,status,countryCode,city,timezone
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        GET
        
        301
        http://pastebin.com/raw/aCZb2pjR
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
            

    
        PUT
        
        200
        http://185.159.130.81/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.101:49168 ->
                208.95.112.1:80
            
            2022082
            ET POLICY External IP Lookup ip-api.com
            Device Retrieving External IP Address Detected
        

        
        

            
                TCP
                192.168.56.101:49247 ->
                104.20.67.143:443
            
            906200054
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLSv1 

                192.168.56.101:49247 

                104.20.67.143:443
            		
            C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2
            C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
            79:b7:9c:ec:8a:be:ea:82:0d:16:04:fb:46:5f:89:6b:78:b9:43:fd
        

        
    





                            
Snort Alerts


    
No Snort Alerts