popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 29 DNS 0 TCP 32 UDP 4 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
103.75.201.2 Active Moloch
103.8.26.102 Active Moloch
103.8.26.103 Active Moloch
104.245.52.73 Active Moloch
104.251.214.46 Active Moloch
107.182.225.142 Active Moloch
110.232.117.186 Active Moloch
138.185.72.26 Active Moloch
158.69.222.101 Active Moloch
176.104.106.96 Active Moloch
178.79.147.66 Active Moloch
185.184.25.237 Active Moloch
195.154.133.20 Active Moloch
203.114.109.124 Active Moloch
207.38.84.195 Active Moloch
210.57.217.132 Active Moloch
212.237.17.99 Active Moloch
212.237.5.209 Active Moloch
212.237.56.116 Active Moloch
216.158.226.206 Active Moloch
41.76.108.46 Active Moloch
45.118.115.99 Active Moloch
45.118.135.203 Active Moloch
45.142.114.231 Active Moloch
46.55.222.11 Active Moloch
50.116.54.215 Active Moloch
51.68.175.8 Active Moloch
58.227.42.236 Active Moloch
81.0.236.90 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49168 -> 41.76.108.46:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49164 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49172 -> 103.8.26.103:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49180 -> 103.8.26.102:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49169 -> 41.76.108.46:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.8.26.102:8080 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49218 -> 41.76.108.46:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49193 -> 207.38.84.195:8080 2404312 ET CNC Feodo Tracker Reported CnC Server group 13 A Network Trojan was detected
TCP 192.168.56.103:49176 -> 185.184.25.237:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 41.76.108.46:8080 -> 192.168.56.103:49170 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 41.76.108.46:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49181 -> 103.8.26.102:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49223 -> 103.8.26.103:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49186 -> 178.79.147.66:8080 2404307 ET CNC Feodo Tracker Reported CnC Server group 8 A Network Trojan was detected
TCP 192.168.56.103:49206 -> 51.68.175.8:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 41.76.108.46:8080 -> 192.168.56.103:49220 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 103.8.26.103:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.8.26.103:8080 -> 192.168.56.103:49224 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 210.57.217.132:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 103.8.26.103:8080 -> 192.168.56.103:49174 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 51.68.175.8:8080 -> 192.168.56.103:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 46.55.222.11:443 -> 192.168.56.103:49215 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 46.55.222.11:443 -> 192.168.56.103:49165 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 185.184.25.237:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49213 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49167 -> 104.245.52.73:8080 2404301 ET CNC Feodo Tracker Reported CnC Server group 2 A Network Trojan was detected
TCP 192.168.56.103:49203 -> 50.116.54.215:443 2404317 ET CNC Feodo Tracker Reported CnC Server group 18 A Network Trojan was detected
TCP 192.168.56.103:49214 -> 46.55.222.11:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 185.184.25.237:8080 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 51.68.175.8:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49222 -> 103.8.26.103:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49210 -> 210.57.217.132:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 210.57.217.132:8080 -> 192.168.56.103:49211 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 185.184.25.237:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.103:49227 -> 185.184.25.237:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts