popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 3 UDP 8 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
94.100.180.160 Active Moloch
Name Response Post-Analysis Lookup
smtp.mail.ru
A 94.100.180.160
A 217.69.139.160
217.69.139.160

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 94.100.180.160:587 -> 192.168.56.101:49177 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.101:49179 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 94.100.180.160:587 -> 192.168.56.101:49181 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 94.100.180.160:587 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49177
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.101:49179
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e
TLSv1
192.168.56.101:49181
94.100.180.160:587 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e

Snort Alerts

No Snort Alerts