NetWork | ZeroBOX

IP Address	Status	Action
107.190.140.178	Active	Moloch
164.124.101.2	Active	Moloch
177.72.160.55	Active	Moloch
186.233.148.33	Active	Moloch
188.225.225.70	Active	Moloch
192.185.123.100	Active	Moloch
192.185.217.211	Active	Moloch
192.185.36.231	Active	Moloch
192.196.158.90	Active	Moloch
74.220.219.123	Active	Moloch
95.217.60.220	Active	Moloch

Name	Response	Post-Analysis Lookup
agentsv2.ivm.mv	A 192.185.36.231	192.185.36.231
ciatran.com.co	A 107.190.140.178	107.190.140.178
notificacao.acessoeduk.com.br	A 186.233.148.33	186.233.148.33
aims1.ezicodes.com	A 188.225.225.70	188.225.225.70
clodoaldofernandes.com.br	A 177.72.160.55	177.72.160.55
canteraspalomino.com	A 192.185.123.100	192.185.123.100
mail-call.us	A 74.220.219.123	74.220.219.123
proterra.med.br	A 192.185.217.211	192.185.217.211
fate.sa	A 192.196.158.90	192.196.158.90
www.ktateeb.vision-building.com	A 95.217.60.220	95.217.60.220

TCP Requests

UDP Requests

GET 200 https://www.ktateeb.vision-building.com/public/graph/uploads/200x300/content_images/CByVubhIO51.php

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 107.190.140.178:443 -> 192.168.56.101:49207	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49210 -> 177.72.160.55:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 74.220.219.123:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 107.190.140.178:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 177.72.160.55:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 177.72.160.55:443 -> 192.168.56.101:49211	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 74.220.219.123:443 -> 192.168.56.101:49215	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.185.217.211:443 -> 192.168.56.101:49221	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.185.123.100:443 -> 192.168.56.101:49229	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 192.185.217.211:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 192.185.217.211:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.185.36.231:443 -> 192.168.56.101:49225	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 192.185.36.231:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 186.233.148.33:443 -> 192.168.56.101:49233	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 192.185.36.231:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 95.217.60.220:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 186.233.148.33:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 192.185.123.100:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.196.158.90:443 -> 192.168.56.101:49237	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49232 -> 186.233.148.33:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 192.196.158.90:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 107.190.140.178:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 74.220.219.123:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 192.185.123.100:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 192.196.158.90:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 188.225.225.70:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 188.225.225.70:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 188.225.225.70:443 -> 192.168.56.101:49241	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49204 95.217.60.220:443	C=US, O=Let's Encrypt, CN=R3	CN=*.vision-building.com	09:de:ea:e1:cb:07:99:99:e2:9f:a7:a6:66:23:ee:4a:b6:f4:17:48

Snort Alerts

No Snort Alerts