NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
195.201.225.248	Active	Moloch
216.58.197.238	Active	Moloch
45.142.215.237	Active	Moloch

Name	Response	Post-Analysis Lookup
telete.in	A 195.201.225.248	195.201.225.248
google.com	A 216.58.197.238	172.217.175.78

TCP Requests
- 192.168.56.102:49179 195.201.225.248:443
  telete.in
- 192.168.56.102:49190 45.142.215.237:80

UDP Requests

GET 200 https://telete.in/brikitiki

POST 200 http://45.142.215.237/

GET 200 http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/38f584651402b87b6e658beea19bc3711efb647c

GET 200 http://45.142.215.237//l/f/nxZPunsBPvGyIjkLqZcB/e1f57414f8caba2ca5e4d8fa52512fb00d1a14f8

POST 0 http://45.142.215.237/

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi
192.168.56.102	216.58.197.238	8	abcdefghijklmnopqrstuvwabcdefghi
216.58.197.238	192.168.56.102	0	abcdefghijklmnopqrstuvwabcdefghi

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49179 -> 195.201.225.248:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.142.215.237:80 -> 192.168.56.102:49190	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.142.215.237:80 -> 192.168.56.102:49190	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 45.142.215.237:80 -> 192.168.56.102:49190	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49179 195.201.225.248:443	C=US, O=Let's Encrypt, CN=R3	CN=telecut.in	be:a6:3d:e8:93:c3:13:0b:5f:1d:3a:f7:63:57:4c:39:0e:96:df:5e

Snort Alerts

No Snort Alerts