popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 13 DNS 0 TCP 12 UDP 4 HTTP 0 ICMP 6 IRC 0 Suricata Snort
IP Address Status Action
107.182.225.142 Active Moloch
149.56.131.28 Active Moloch
150.95.66.124 Active Moloch
158.69.222.101 Active Moloch
159.65.88.10 Active Moloch
172.104.251.154 Active Moloch
185.157.82.211 Active Moloch
196.218.30.83 Active Moloch
212.24.98.99 Active Moloch
45.176.232.124 Active Moloch
58.227.42.236 Active Moloch
63.142.250.212 Active Moloch
91.207.28.33 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

Source Destination ICMP Type Data
159.65.88.10 192.168.56.101 3
159.65.88.10 192.168.56.101 3
159.65.88.10 192.168.56.101 3
91.189.249.139 192.168.56.101 3
91.189.249.139 192.168.56.101 3
91.189.249.139 192.168.56.101 3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49175 -> 150.95.66.124:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49176 -> 150.95.66.124:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49183 -> 149.56.131.28:8080 2404305 ET CNC Feodo Tracker Reported CnC Server group 6 A Network Trojan was detected
TCP 192.168.56.101:49183 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 149.56.131.28:8080 -> 192.168.56.101:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 158.69.222.101:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49194 -> 58.227.42.236:80 2404318 ET CNC Feodo Tracker Reported CnC Server group 19 A Network Trojan was detected
TCP 158.69.222.101:443 -> 192.168.56.101:49190 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49194 -> 58.227.42.236:80 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 58.227.42.236:80 -> 192.168.56.101:49195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49193 -> 58.227.42.236:80 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 150.95.66.124:8080 -> 192.168.56.101:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49184 -> 149.56.131.28:8080 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49189 -> 158.69.222.101:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts