popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 2 TCP 2 UDP 6 HTTP(S) 1 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
162.159.135.233 Active Moloch
164.124.101.2 Active Moloch
173.231.16.77 Active Moloch
POST 100 https://discordapp.com/api/webhooks/1163583965509197905/ZzAXRCqQ-ibE4oUwqs0NHv2AGzFsUnKD01ZpDXfNz05uyDGnR6CuWR8nGyVChCCCECqd
REQUEST
RESPONSE
BODY 

            

        


    



        
        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                UDP
                192.168.56.101:59002 ->
                8.8.8.8:53
            
            2047702
            ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
            Misc activity
        

        
        

            
                UDP
                192.168.56.101:54148 ->
                8.8.8.8:53
            
            2035466
            ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
            Misc activity
        

        
        

            
                UDP
                192.168.56.101:59002 ->
                164.124.101.2:53
            
            2047702
            ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
            Misc activity
        

        
        

            
                TCP
                173.231.16.77:443 ->
                192.168.56.101:49165
            
            2029340
            ET INFO TLS Handshake Failure
            Potentially Bad Traffic
        

        
        

            
                TCP
                192.168.56.101:49165 ->
                173.231.16.77:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
        

            
                TCP
                192.168.56.101:49165 ->
                173.231.16.77:443
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.101:49165 ->
                173.231.16.77:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
        

            
                TCP
                192.168.56.101:49166 ->
                162.159.135.233:443
            
            2035464
            ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
            Misc activity
        

        
        

            
                TCP
                192.168.56.101:49166 ->
                162.159.135.233:443
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.101:49165 ->
                173.231.16.77:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
    




Suricata TLS


    

        

            Flow
            Issuer
            Subject
            Fingerprint
        

        
        

            
                TLS 1.2 

                192.168.56.101:49166 

                162.159.135.233:443
            		
            C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
            C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
            6e:02:1b:20:66:69:87:fb:2c:cb:b1:55:96:c9:78:3a:9c:81:1d:f4
        

        
    





                            
Snort Alerts


    
No Snort Alerts