popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 11 UDP 8 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
172.96.186.134 Active Moloch
Name Response Post-Analysis Lookup
nyc002.hawkhost.com
A 172.96.186.134
172.96.186.134

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49821 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49821 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49821 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49813 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49811 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49813 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49811 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49813 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49811 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.96.186.134:443 -> 192.168.56.102:49821 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49821 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49813 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49811 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49813 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49811 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49826 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49826 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49824 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49820 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49826 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49824 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49820 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49824 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49820 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.96.186.134:443 -> 192.168.56.102:49826 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49826 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49824 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49820 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49824 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49820 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49830 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49829 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49830 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49829 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49830 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49829 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.96.186.134:443 -> 192.168.56.102:49829 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49830 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49829 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49830 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49810 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49810 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49810 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.96.186.134:443 -> 192.168.56.102:49810 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49810 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49814 -> 172.96.186.134:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.102:49814 -> 172.96.186.134:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.102:49814 -> 172.96.186.134:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 172.96.186.134:443 -> 192.168.56.102:49814 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 172.96.186.134:443 -> 192.168.56.102:49814 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts