popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 2 UDP 4 HTTP 2 ICMP 0 IRC 1 Suricata Snort
IP Address Status Action
121.190.90.250 Active Moloch
164.124.101.2 Active Moloch
18.163.230.191 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

Command Params Type
MODE RandomX mode: auto, fast, light client

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49180 -> 121.190.90.250:8081 2027266 ET INFO Dotted Quad Host RAR Request Potentially Bad Traffic
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 18.163.230.191:6666 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2000418 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2000418 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2000418 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2000418 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation
TCP 121.190.90.250:8081 -> 192.168.56.103:49180 2000418 ET POLICY Executable and linking format (ELF) file download Potential Corporate Privacy Violation
TCP 192.168.56.103:49191 -> 18.163.230.191:6666 2024792 ET POLICY Cryptocurrency Miner Checkin Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts