popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 17 UDP 6 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
217.69.139.160 Active Moloch
94.100.180.160 Active Moloch
Name Response Post-Analysis Lookup
smtp.mail.ru
A 94.100.180.160
A 217.69.139.160
94.100.180.160

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 94.100.180.160:587 -> 192.168.56.103:49179 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 94.100.180.160:587 -> 192.168.56.103:49177 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49203 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 94.100.180.160:587 -> 192.168.56.103:49183 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49179 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49177 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49203 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49183 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.103:49185 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 94.100.180.160:587 -> 192.168.56.103:49191 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 94.100.180.160:587 -> 192.168.56.103:49187 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49191 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49187 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.103:49189 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49207 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49197 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49189 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49207 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49197 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.103:49193 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.69.139.160:587 -> 192.168.56.103:49195 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49201 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49201 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.103:49174 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49174 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.103:49181 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49181 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.69.139.160:587 -> 192.168.56.103:49199 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.69.139.160:587 -> 192.168.56.103:49205 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49205 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49179
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49177
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49203
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49183
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49185
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49191
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49187
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49189
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49207
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49197
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49193
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49195
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49201
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49174
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49181
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49199
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49205
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e

Snort Alerts

No Snort Alerts