popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 4 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
108.181.20.35 Active Moloch
164.124.101.2 Active Moloch
Name Response Post-Analysis Lookup
files.catbox.moe
A 108.181.20.35
108.181.20.35

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49163 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49163 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49164 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49165 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49163 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49165 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49166 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49163 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts