NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

NetWork | ZeroBOX

IP Address	Status	Action
163.172.13.165	Active	Moloch
164.124.101.2	Active	Moloch
171.25.193.9	Active	Moloch
193.11.164.243	Active	Moloch
81.7.10.93	Active	Moloch
89.147.109.179	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 193.11.164.243:9001 -> 192.168.56.101:49183	2522343	ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 344	Misc Attack
TCP 192.168.56.101:49183 -> 193.11.164.243:9001	2028377	ET JA3 Hash - Possible Malware - Malspam	Unknown Traffic
TCP 89.147.109.179:443 -> 192.168.56.101:49200	2522795	ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 796	Misc Attack
TCP 193.11.164.243:9001 -> 192.168.56.101:49183	2018789	ET POLICY TLS possible TOR SSL traffic	Misc activity
TCP 192.168.56.101:49200 -> 89.147.109.179:443	2028377	ET JA3 Hash - Possible Malware - Malspam	Unknown Traffic
TCP 171.25.193.9:80 -> 192.168.56.101:49184	2522270	ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 271	Misc Attack
TCP 192.168.56.101:49184 -> 171.25.193.9:80	2028377	ET JA3 Hash - Possible Malware - Malspam	Unknown Traffic
TCP 171.25.193.9:80 -> 192.168.56.101:49184	2018789	ET POLICY TLS possible TOR SSL traffic	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.101:49183 193.11.164.243:9001	CN=www.4wd6i4yj2bf.com	CN=www.un744uplalol4b6y2.net	5c:6e:3b:08:5f:a9:ee:51:db:11:bf:b3:1e:a7:35:86:65:a8:d6:d4
TLS 1.2 192.168.56.101:49200 89.147.109.179:443	CN=www.gglks3sz.com	CN=www.jd7d2yfbp5v.net	05:87:c0:34:cb:76:9e:89:a3:0e:18:ec:b9:8d:19:57:90:5f:18:9e
TLS 1.2 192.168.56.101:49184 171.25.193.9:80	CN=www.hdvpy7r4rywlcaqdia4k.com	CN=www.vt7d6yxmxd4wr2zppe.net	07:3d:9a:29:9e:68:46:c6:c8:e6:49:b1:61:d5:e1:4c:30:05:5a:c0

Snort Alerts

No Snort Alerts