NetWork | ZeroBOX

IP Address	Status	Action
142.250.204.105	Active	Moloch
142.250.66.141	Active	Moloch
142.250.66.35	Active	Moloch
164.124.101.2	Active	Moloch
172.217.161.131	Active	Moloch
172.217.163.234	Active	Moloch
172.217.163.238	Active	Moloch
172.217.24.68	Active	Moloch
172.217.31.233	Active	Moloch
207.241.228.148	Active	Moloch

Name	Response	Post-Analysis Lookup
www.google-analytics.com	A 172.217.163.238 CNAME www-google-analytics.l.google.com	172.217.161.78
accounts.google.com	A 142.250.66.141	216.58.220.141
fonts.gstatic.com	A 172.217.161.131 CNAME gstaticadssl.l.google.com	172.217.175.227
www.google.com	A 172.217.24.68	172.217.161.68
archive.org	A 207.241.224.2	207.241.224.2
ia801408.us.archive.org	A 207.241.228.148	207.241.228.148
fonts.googleapis.com	A 172.217.163.234	172.217.25.106
www.blogger.com	A 142.250.204.105 CNAME blogger.l.google.com	172.217.31.137
resources.blogblog.com	A 172.217.31.233 CNAME blogger.l.google.com	172.217.31.137
www.gstatic.com	A 142.250.66.35	172.217.174.99

TCP Requests

UDP Requests

GET 200 https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css

GET 0 https://www.blogger.com/static/v1/jsbin/1277698886-ieretrofit.js

GET 200 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=9202096335134795169&zx=b73d5666-d098-4854-a4dd-8e948356adfd

GET 0 https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js

GET 200 https://www.blogger.com/static/v1/widgets/1564291244-widgets.js

GET 200 https://resources.blogblog.com/img/icon18_edit_allbkg.gif

GET 200 https://resources.blogblog.com/img/icon18_wrench_allbkg.png

GET 0 https://www.blogger.com/blogin.g?blogspotURL=https://yahameinhunbusorkoinai.blogspot.com/p/divine11111.html&type=blog

GET 302 https://www.blogger.com/comment-iframe.g?blogID=9202096335134795169&pageID=7898695459195786984&blogspotRpcToken=6920501

GET 0 https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

GET 200 https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

GET 200 https://www.blogger.com/img/share_buttons_20_3.png

GET 302 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D9202096335134795169%26pageID%3D7898695459195786984%26blogspotRpcToken%3D6920501%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D9202096335134795169%26pageID%3D7898695459195786984%26blogspotRpcToken%3D6920501%26bpli%3D1&passive=true&go=true

GET 302 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://yahameinhunbusorkoinai.blogspot.com/p/divine11111.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://yahameinhunbusorkoinai.blogspot.com/p/divine11111.html%26type%3Dblog%26bpli%3D1&passive=true&go=true

GET 200 https://www.blogger.com/comment-iframe.g?blogID=9202096335134795169&pageID=7898695459195786984&blogspotRpcToken=6920501&bpli=1

GET 200 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fyahameinhunbusorkoinai.blogspot.com%2Fp%2Fdivine11111.html&type=blog&bpli=1

GET 200 https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

GET 0 https://www.blogger.com/static/v1/jsbin/3544430843-cmt__en_gb.js

GET 200 https://resources.blogblog.com/img/blank.gif

GET 200 https://www.google.com/js/bg/EfeN22x02mrXR2DvFCZCzjwoiB7Lz_xW9gt2gw51u7c.js

GET 200 https://www.google.com/css/maia.css

GET 200 https://www.blogger.com/static/v1/v-css/281434096-static_pages.css

GET 200 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js

GET 200 https://fonts.googleapis.com/css?family=Open+Sans:300

GET 200 https://www.google-analytics.com/analytics.js

GET 301 https://ia801408.us.archive.org/25/items/defender_202103/defender.txt

GET 200 https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff

GET 0 https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=EfeN22x02mrXR2DvFCZCzjwoiB7Lz_xW9gt2gw51u7c

GET 200 https://www.blogger.com/img/blogger-logotype-color-black-1x.png

GET 0 https://resources.blogblog.com/img/anon36.png

GET 200 https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700

GET 0 https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff

GET 200 https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49203 -> 142.250.204.105:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 142.250.66.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 172.217.163.234:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 142.250.204.105:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 142.250.204.105:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 142.250.66.35:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 172.217.24.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 172.217.31.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 172.217.31.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 207.241.228.148:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 142.250.204.105:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 172.217.31.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 142.250.66.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 142.250.66.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 172.217.24.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 142.250.66.35:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 172.217.163.234:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 172.217.163.238:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 172.217.163.238:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 142.250.66.35:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 142.250.66.35:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49203 142.250.204.105:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	cd:e9:14:68:0a:ac:07:cd:40:f5:7b:ce:17:3c:51:77:02:35:24:96
TLSv1 192.168.56.101:49218 172.217.163.234:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com	c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22
TLSv1 192.168.56.101:49210 142.250.204.105:443	None	None	None
TLSv1 192.168.56.101:49213 142.250.66.141:443	None	None	None
TLSv1 192.168.56.101:49202 142.250.204.105:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	cd:e9:14:68:0a:ac:07:cd:40:f5:7b:ce:17:3c:51:77:02:35:24:96
TLSv1 192.168.56.101:49238 142.250.66.35:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	36:ae:4f:16:79:a7:78:df:85:88:67:19:ae:c4:52:de:e4:11:9d:0a
TLSv1 192.168.56.101:49216 172.217.24.68:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	f0:48:7a:59:65:34:33:f8:a1:92:c6:c4:fb:9a:cc:c5:ad:0c:b3:e2
TLSv1 192.168.56.101:49206 172.217.31.233:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.101:49207 172.217.31.233:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.101:49227 207.241.228.148:443	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.us.archive.org	9c:3c:d6:6d:65:69:f2:95:8c:99:48:e3:e0:7f:14:38:36:4c:ba:d0
TLSv1 192.168.56.101:49208 172.217.31.233:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	6d:15:a5:86:b1:43:d2:08:12:2b:dd:b8:2b:a2:75:1c:17:14:4f:37
TLSv1 192.168.56.101:49211 142.250.66.141:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com	98:df:6a:f4:57:e5:03:e8:93:b6:cd:64:64:80:1c:e1:62:2b:e6:3d
TLSv1 192.168.56.101:49205 142.250.204.105:443	None	None	None
TLSv1 192.168.56.101:49212 142.250.66.141:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com	98:df:6a:f4:57:e5:03:e8:93:b6:cd:64:64:80:1c:e1:62:2b:e6:3d
TLSv1 192.168.56.101:49215 172.217.24.68:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	f0:48:7a:59:65:34:33:f8:a1:92:c6:c4:fb:9a:cc:c5:ad:0c:b3:e2
TLSv1 192.168.56.101:49241 142.250.66.35:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	36:ae:4f:16:79:a7:78:df:85:88:67:19:ae:c4:52:de:e4:11:9d:0a
TLSv1 192.168.56.101:49219 172.217.163.234:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com	c2:b5:f0:1b:46:55:3f:d3:65:b2:1d:5c:cc:56:a7:41:ac:9c:7a:22
TLSv1 192.168.56.101:49220 172.217.163.238:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da
TLSv1 192.168.56.101:49221 172.217.163.238:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da
TLSv1 192.168.56.101:49230 172.217.161.131:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	4e:d0:50:7d:a9:83:46:39:e3:46:b9:b5:04:27:23:4e:45:0d:da:f8
TLSv1 192.168.56.101:49229 172.217.161.131:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	4e:d0:50:7d:a9:83:46:39:e3:46:b9:b5:04:27:23:4e:45:0d:da:f8
TLSv1 192.168.56.101:49239 142.250.66.35:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	36:ae:4f:16:79:a7:78:df:85:88:67:19:ae:c4:52:de:e4:11:9d:0a
TLSv1 192.168.56.101:49240 142.250.66.35:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	36:ae:4f:16:79:a7:78:df:85:88:67:19:ae:c4:52:de:e4:11:9d:0a

Snort Alerts

No Snort Alerts