NetWork | ZeroBOX

Network Analysis

IP Address Status Action
136.243.104.235 Active Moloch
136.243.18.118 Active Moloch
164.124.101.2 Active Moloch
188.42.129.148 Active Moloch
23.41.113.9 Active Moloch
POST 200 http://rl.ammyy.com/
REQUEST
RESPONSE
GET 301 http://www.ammyy.com/files/v8/aans64y2.gz
REQUEST
RESPONSE
GET 200 http://x1.i.lencr.org/
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49165 -> 188.42.129.148:80 2025149 ET POLICY IP Check (rl. ammyy. com) Potential Corporate Privacy Violation

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49169
136.243.18.118:443
C=US, O=Let's Encrypt, CN=R11 CN=ammyy.com d8:77:cf:85:fd:30:35:98:82:2f:43:3d:b0:d5:a1:57:3b:30:5e:04

Snort Alerts

No Snort Alerts