NetWork | ZeroBOX

Network Analysis

IP Address Status Action
162.159.135.232 Active Moloch
164.124.101.2 Active Moloch
208.95.112.1 Active Moloch
23.128.64.141 Active Moloch
GET 200 https://ip4.seeip.org/
REQUEST
RESPONSE
POST 100 https://discord.com/api/webhooks/882954273980284939/Oo5CKwHMkILgJiucQhx_aJyEIHFxNaStS_Rgc-0H9Qm-hz7qs9oDqPvJxh_FmBs3dflH
REQUEST
RESPONSE
POST 100 https://discord.com/api/webhooks/882954273980284939/Oo5CKwHMkILgJiucQhx_aJyEIHFxNaStS_Rgc-0H9Qm-hz7qs9oDqPvJxh_FmBs3dflH
REQUEST
RESPONSE
GET 200 http://ip-api.com//json/175.208.134.150
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49206 -> 23.128.64.141:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49207 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.101:49208 -> 162.159.135.232:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49206
23.128.64.141:443
C=US, O=Let's Encrypt, CN=R3 CN=ip.seeip.org f1:99:11:a9:d0:61:44:69:46:48:9e:ac:37:a9:e7:3a:29:3d:13:97
TLSv1
192.168.56.101:49208
162.159.135.232:443
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com af:ff:1b:9d:0f:f5:f2:ad:ef:c8:c3:f5:45:0f:7f:e8:20:a0:79:0a

Snort Alerts

No Snort Alerts