popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 2 UDP 5 HTTP(S) 1 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.237.62.211 Active Moloch
164.124.101.2 Active Moloch
192.3.176.145 Active Moloch
GET 200 http://192.3.176.145/310/conhost.exe
REQUEST
RESPONSE
BODY 

            

        


    



        
	




                            
ICMP traffic



No ICMP traffic performed.



                            
IRC traffic



No IRC requests performed.



                            
Suricata Alerts


    

        

            Flow
            SID
            Signature
            Category
        

        
        

            
                TCP
                192.168.56.101:49162 ->
                192.3.176.145:80
            
            2016141
            ET INFO Executable Download from dotted-quad Host
            Potentially Bad Traffic
        

        
        

            
                TCP
                192.3.176.145:80 ->
                192.168.56.101:49162
            
            2022050
            ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
            A Network Trojan was detected
        

        
        

            
                UDP
                192.168.56.101:59002 ->
                164.124.101.2:53
            
            2047702
            ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
            Misc activity
        

        
        

            
                UDP
                192.168.56.101:59002 ->
                8.8.8.8:53
            
            2047702
            ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
            Misc activity
        

        
        

            
                TCP
                104.237.62.211:443 ->
                192.168.56.101:49168
            
            2029340
            ET INFO TLS Handshake Failure
            Potentially Bad Traffic
        

        
        

            
                TCP
                192.168.56.101:49168 ->
                104.237.62.211:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
        

            
                TCP
                192.168.56.101:49168 ->
                104.237.62.211:443
            
            906200022
            SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
            undefined
        

        
        

            
                TCP
                192.168.56.101:49168 ->
                104.237.62.211:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
        

            
                TCP
                192.3.176.145:80 ->
                192.168.56.101:49162
            
            2018959
            ET POLICY PE EXE or DLL Windows file download HTTP
            Potential Corporate Privacy Violation
        

        
        

            
                TCP
                192.3.176.145:80 ->
                192.168.56.101:49162
            
            2022051
            ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
            A Network Trojan was detected
        

        
        

            
                TCP
                192.3.176.145:80 ->
                192.168.56.101:49162
            
            2021076
            ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
            Potentially Bad Traffic
        

        
        

            
                TCP
                192.168.56.101:49168 ->
                104.237.62.211:443
            
            2047703
            ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
            Misc activity
        

        
    




Suricata TLS


    
No Suricata TLS




                            
Snort Alerts


    
No Snort Alerts