popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 5 DNS 5 TCP 5 UDP 11 HTTP 0 ICMP 1 IRC 0 Suricata Snort
IP Address Status Action
146.70.54.98 Active Moloch
151.101.196.209 Active Moloch
164.124.101.2 Active Moloch
185.199.110.133 Active Moloch
20.200.245.247 Active Moloch

No traffic

ICMP traffic

Source Destination ICMP Type Data
192.168.56.103 164.124.101.2 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:62576 -> 164.124.101.2:53 2042824 ET INFO DYNAMIC_DNS Query to a *.line .pm Domain Potentially Bad Traffic
UDP 192.168.56.103:62576 -> 8.8.8.8:53 2042824 ET INFO DYNAMIC_DNS Query to a *.line .pm Domain Potentially Bad Traffic
UDP 192.168.56.103:56613 -> 8.8.8.8:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.103:49163
20.200.245.247:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA CN=github.com e7:03:5b:cc:1c:18:77:1f:79:2f:90:86:6b:6c:1d:f8:df:aa:bd:c0
TLS 1.2
192.168.56.103:49167
185.199.110.133:443 		C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io 97:d8:c5:70:0f:12:24:6c:88:bc:fa:06:7e:8c:a7:4d:a8:62:67:28
TLS 1.2
192.168.56.103:49165
151.101.196.209:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4 CN=repo1.maven.org e3:6c:c5:6f:f7:76:7f:47:da:4d:26:4b:ef:ed:8b:23:b0:78:01:f8
TLS 1.2
192.168.56.103:49166
151.101.196.209:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4 CN=repo1.maven.org e3:6c:c5:6f:f7:76:7f:47:da:4d:26:4b:ef:ed:8b:23:b0:78:01:f8
TLS 1.2
192.168.56.103:49164
151.101.196.209:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q4 CN=repo1.maven.org e3:6c:c5:6f:f7:76:7f:47:da:4d:26:4b:ef:ed:8b:23:b0:78:01:f8

Snort Alerts

No Snort Alerts