popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 5 UDP 5 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
217.69.139.160 Active Moloch
Name Response Post-Analysis Lookup
smtp.mail.ru
A 94.100.180.160
A 217.69.139.160
94.100.180.160

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 217.69.139.160:587 -> 192.168.56.103:49175 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49180 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49182 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 217.69.139.160:587 -> 192.168.56.103:49178 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49175 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49182 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49180 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49178 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 217.69.139.160:587 -> 192.168.56.103:49184 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49184 -> 217.69.139.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49175
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49180
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49178
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49182
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.103:49184
217.69.139.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e

Snort Alerts

No Snort Alerts