popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 2 UDP 7 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
77.88.21.158 Active Moloch
208.91.199.223 Active Moloch
Name Response Post-Analysis Lookup
smtp.yandex.com
CNAME smtp.yandex.ru
A 77.88.21.158
77.88.21.158

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 77.88.21.158:587 -> 192.168.56.101:49168 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 77.88.21.158:587 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.101:49168
77.88.21.158:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=smtp.yandex.ru 87:dc:34:1b:42:ab:57:ae:ae:43:72:8e:91:2d:4d:a1:47:10:3f:aa

Snort Alerts

No Snort Alerts