popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 1 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
142.251.8.108 Active Moloch
164.124.101.2 Active Moloch
Name Response Post-Analysis Lookup
smtp.gmail.com
A 142.251.8.108
64.233.188.108

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 142.251.8.108:587 -> 192.168.56.103:49166 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49166 -> 142.251.8.108:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49166
142.251.8.108:587 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=smtp.gmail.com 5b:45:37:1e:52:7e:3c:86:d1:d6:68:34:a3:03:1c:11:aa:87:0e:aa

Snort Alerts

No Snort Alerts