popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 1 DNS 0 TCP 1 UDP 3 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
154.58.204.191 Active Moloch
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49165 -> 154.58.204.191:56001 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 154.58.204.191:56001 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 154.58.204.191:56001 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 154.58.204.191:56001 -> 192.168.56.101:49165 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 154.58.204.191:56001 -> 192.168.56.101:49165 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 154.58.204.191:56001 -> 192.168.56.101:49165 2035595 ET MALWARE Generic AsyncRAT/zgRAT Style SSL Cert Domain Observed Used for C2 Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49165
154.58.204.191:56001 		CN=Hfoqppvo CN=Hfoqppvo 21:78:ba:55:44:74:2f:b6:df:5e:ca:2b:c8:5e:52:be:4d:90:f0:65

Snort Alerts

No Snort Alerts