NetWork | ZeroBOX

IP Address	Status	Action
117.18.232.200	Active	Moloch
142.250.204.65	Active	Moloch
142.250.204.73	Active	Moloch
142.250.66.132	Active	Moloch
142.250.66.141	Active	Moloch
164.124.101.2	Active	Moloch
172.217.161.131	Active	Moloch
172.217.174.201	Active	Moloch
172.217.25.14	Active	Moloch
172.217.31.225	Active	Moloch
216.58.200.73	Active	Moloch

Name	Response	Post-Analysis Lookup
accounts.google.com	A 142.250.66.141	172.217.31.141
smyun0272.blogspot.com	A 172.217.31.225 CNAME blogspot.l.googleusercontent.com	172.217.174.97
www.blogblog.com	A 142.250.204.73 CNAME blogger.l.google.com	172.217.25.105
www.google.com	A 142.250.66.132	142.250.196.132
themes.googleusercontent.com	CNAME googlehosted.l.googleusercontent.com A 142.250.204.65	216.58.197.193
www.blogger.com	A 172.217.174.201 CNAME blogger.l.google.com	172.217.25.105
resources.blogblog.com	A 216.58.200.73 CNAME blogger.l.google.com	172.217.25.105
www.gstatic.com	A 172.217.161.131	172.217.25.99

TCP Requests

UDP Requests

GET 200 https://smyun0272.blogspot.com/2021/06/dootakim.html

GET 200 https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

GET 200 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1123379356337220779&zx=f4a55f5c-7d5f-4b40-a696-2966a6b96cc7

GET 0 https://www.blogger.com/static/v1/jsbin/1114208092-comment_from_post_iframe.js

GET 200 https://www.blogger.com/static/v1/widgets/3098431828-widgets.js

GET 200 https://resources.blogblog.com/blogblog/data/res/3088200718-indie_compiled.js

GET 200 https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600

GET 0 https://www.blogger.com/comment-iframe.g?blogID=1123379356337220779&postID=4374038993998500594&skin=contempo&blogspotRpcToken=4078526

GET 302 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D1123379356337220779%26postID%3D4374038993998500594%26skin%3Dcontempo%26blogspotRpcToken%3D4078526%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D1123379356337220779%26postID%3D4374038993998500594%26skin%3Dcontempo%26blogspotRpcToken%3D4078526%26bpli%3D1&passive=true&go=true

GET 200 https://www.blogger.com/comment-iframe.g?blogID=1123379356337220779&postID=4374038993998500594&skin=contempo&blogspotRpcToken=4078526&bpli=1

GET 0 https://www.blogger.com/img/blogger_logo_round_35.png

GET 0 https://smyun0272.blogspot.com/responsive/sprite_v1_6.css.svg

GET 0 https://www.blogger.com/static/v1/jsbin/1938999652-cmt__ko.js

GET 200 https://resources.blogblog.com/img/blank.gif

GET 200 https://www.blogblog.com/indie/mspin_black_large.svg

GET 200 https://www.google.com/js/bg/KXZ4XaGXoMSmLwd6kqoCTLNJyJzwIGNCSAOuAZeGnUo.js

GET 200 https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&bgint=KXZ4XaGXoMSmLwd6kqoCTLNJyJzwIGNCSAOuAZeGnUo

GET 200 https://www.blogger.com/img/responsive/sprite_comment_v1.css.svg

GET 200 https://resources.blogblog.com/img/anon36.png

GET 200 https://smyun0272.blogspot.com/favicon.ico

GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49810 -> 172.217.31.225:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49813 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49816 -> 172.217.174.201:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49814 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49815 -> 172.217.174.201:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49819 -> 142.250.204.65:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49824 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49811 -> 172.217.31.225:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49818 -> 216.58.200.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.102:49835	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49827 -> 142.250.66.132:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49826 -> 142.250.66.132:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49817 -> 216.58.200.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49820 -> 142.250.204.65:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49825 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49833 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49834 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49822 -> 142.250.66.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49821 -> 142.250.66.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49813 172.217.161.131:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	54:06:19:45:ff:99:47:3c:1d:59:41:96:a7:e7:ac:d0:e0:ee:10:8a
TLSv1 192.168.56.102:49810 172.217.31.225:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=misc-sni.blogspot.com	17:60:99:ed:96:47:f6:cd:4e:a4:a4:a5:ba:9c:b0:3e:ee:9e:27:a9
TLSv1 192.168.56.102:49816 172.217.174.201:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49814 172.217.161.131:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	54:06:19:45:ff:99:47:3c:1d:59:41:96:a7:e7:ac:d0:e0:ee:10:8a
TLSv1 192.168.56.102:49815 172.217.174.201:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49824 142.250.204.73:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49819 142.250.204.65:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googleusercontent.com	2d:01:a3:1b:75:98:0c:76:66:2d:a2:0c:bf:90:db:d6:b1:c4:34:91
TLSv1 192.168.56.102:49811 172.217.31.225:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=misc-sni.blogspot.com	17:60:99:ed:96:47:f6:cd:4e:a4:a4:a5:ba:9c:b0:3e:ee:9e:27:a9
TLSv1 192.168.56.102:49818 216.58.200.73:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49827 142.250.66.132:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	29:85:2f:22:ac:4f:fd:8e:9d:c0:9c:7e:b9:5a:6b:04:f1:3b:30:76
TLSv1 192.168.56.102:49826 142.250.66.132:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com	29:85:2f:22:ac:4f:fd:8e:9d:c0:9c:7e:b9:5a:6b:04:f1:3b:30:76
TLSv1 192.168.56.102:49817 216.58.200.73:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49820 142.250.204.65:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.googleusercontent.com	2d:01:a3:1b:75:98:0c:76:66:2d:a2:0c:bf:90:db:d6:b1:c4:34:91
TLSv1 192.168.56.102:49825 142.250.204.73:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.blogger.com	26:1f:9b:19:e6:66:74:fb:20:2f:d7:68:a2:c6:ac:ae:a8:ae:20:3e
TLSv1 192.168.56.102:49822 142.250.66.141:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com	4f:01:ce:23:b6:63:46:ae:39:42:25:26:55:2d:29:a3:86:06:49:76
TLSv1 192.168.56.102:49821 142.250.66.141:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=accounts.google.com	4f:01:ce:23:b6:63:46:ae:39:42:25:26:55:2d:29:a3:86:06:49:76

Snort Alerts

No Snort Alerts