popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 1 UDP 4 HTTP(S) 2 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
5.255.255.70 Active Moloch
Name Response Post-Analysis Lookup
yandex.ru
A 5.255.255.77
A 77.88.55.88
A 77.88.55.60
A 5.255.255.70
5.255.255.70
GET 302 https://yandex.ru/
REQUEST
RESPONSE
BODY 

            

        


    



        
            

    
        GET
        
        200
        https://yandex.ru/showcaptcha?cc=1&mt=5D1DFE957BC55C0C13A0F3496A5246409470CAE10665908D60E4A11127CE0D362A7C960D448E46C99B7ABEBB4D8E3860EE257CBD8B65FF3183BBFE46F37D6B73A9571A37E1FAD1D6DCAE864C73D4B795A3EA5DD1D1DC3CCC8B21&retpath=aHR0cHM6Ly95YW5kZXgucnUvPw%2C%2C_0b3d93996162204192850f35a89c2b92&t=2/1687939219/d0911666741300a32b2774f8ed789ccd&u=e231e10d-f7415e09-81557e5c-3735fe90&s=63ae957878b231fa7f96e2acf1716d16
        
    
    


        

            

                
 REQUEST

                

                    
                    
                

            

            

                
 RESPONSE

                

                    
                    
                

            

        


        

            

                 BODY
                
            

            

                

            

        


    



        
        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.103:49162 ->
                5.255.255.70:443
            
            906200054
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLSv1 

                192.168.56.103:49162 

                5.255.255.70:443
            		
            C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018
            C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai
            7a:e6:ff:bb:19:79:e4:52:b5:47:97:69:f8:78:1c:38:bd:e6:2f:c2
        

        
    





                            
Snort Alerts


    
No Snort Alerts