NetWork | ZeroBOX

IP Address	Status	Action
117.18.232.200	Active	Moloch
142.250.204.41	Active	Moloch
142.250.204.73	Active	Moloch
142.250.207.67	Active	Moloch
142.250.66.42	Active	Moloch
164.124.101.2	Active	Moloch
172.217.161.131	Active	Moloch
172.217.26.14	Active	Moloch
172.217.26.141	Active	Moloch
172.217.31.164	Active	Moloch

Name	Response	Post-Analysis Lookup
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 172.217.26.14	216.58.197.238
accounts.google.com	A 172.217.26.141	216.58.197.205
fonts.gstatic.com	A 142.250.207.67 CNAME gstaticadssl.l.google.com	172.217.31.163
www.google.com	A 172.217.31.164	172.217.25.68
fonts.googleapis.com	A 142.250.66.42	172.217.175.234
www.blogger.com	A 142.250.204.73 CNAME blogger.l.google.com	172.217.31.169
resources.blogblog.com	A 142.250.204.41 CNAME blogger.l.google.com	172.217.31.169
www.gstatic.com	A 172.217.161.131	172.217.25.67

TCP Requests

UDP Requests

GET 200 https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css

GET 0 https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js

GET 200 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8965474558532949541&zx=107c350b-6f1f-40e8-91e5-f0d478aaccdb

GET 200 https://www.blogger.com/static/v1/widgets/672507172-widgets.js

GET 302 https://www.blogger.com/blogin.g?blogspotURL=https://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html&type=blog

GET 200 https://resources.blogblog.com/img/icon18_edit_allbkg.gif

GET 200 https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

GET 200 https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

GET 0 https://www.blogger.com/static/v1/jsbin/1621653182-comment_from_post_iframe.js

GET 302 https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165

GET 302 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html%26type%3Dblog%26bpli%3D1&passive=true&go=true

GET 0 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fchalgyahainknaiajsubkuch.blogspot.com%2Fp%2Fcharles.html&type=blog&bpli=1

GET 0 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&passive=true&go=true

GET 200 https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165&bpli=1

GET 200 https://www.blogger.com/static/v1/v-css/281434096-static_pages.css

GET 0 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js

GET 200 https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css

GET 200 https://resources.blogblog.com/img/blank.gif

GET 200 https://www.google.com/css/maia.css

GET 200 https://www.blogger.com/static/v1/jsbin/2520659415-cmt__en_gb.js

GET 200 https://www.google.com/js/bg/X2aRQ1GJwV-aYJrCompTpOZQ5iK38WjpPJbnCrlYm6o.js

GET 200 https://www.google-analytics.com/analytics.js

GET 200 https://fonts.googleapis.com/css?family=Open+Sans:300

GET 200 https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN_r8OUuhv.woff

GET 200 https://www.blogger.com/img/blogger-logotype-color-black-1x.png

GET 0 https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=X2aRQ1GJwV-aYJrCompTpOZQ5iK38WjpPJbnCrlYm6o

GET 0 https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700

GET 0 https://resources.blogblog.com/img/anon36.png

GET 200 https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff

GET 200 https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff

GET 200 https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg

GET 0 https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165

GET 302 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&passive=true&go=true

GET 200 https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165&bpli=1

GET 200 https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=X2aRQ1GJwV-aYJrCompTpOZQ5iK38WjpPJbnCrlYm6o

GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49207 -> 142.250.204.41:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 142.250.204.41:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 172.217.26.14:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 172.217.26.14:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 172.217.26.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 172.217.31.164:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 172.217.31.164:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 142.250.66.42:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 142.250.207.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 142.250.204.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 172.217.26.141:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 172.217.31.164:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 142.250.66.42:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 172.217.161.131:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 142.250.207.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49230	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49206 142.250.204.41:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	13:8e:0a:a4:4a:bf:ff:e7:47:93:b8:3d:e4:cd:e8:cf:25:9c:95:c0
TLSv1 192.168.56.101:49208 142.250.204.73:443	None	None	None
TLSv1 192.168.56.101:49218 172.217.26.14:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	5e:c5:9f:83:6c:53:fa:7b:2c:de:fd:e2:79:ff:b2:61:24:ea:d4:8d
TLSv1 192.168.56.101:49219 172.217.26.14:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	5e:c5:9f:83:6c:53:fa:7b:2c:de:fd:e2:79:ff:b2:61:24:ea:d4:8d
TLSv1 192.168.56.101:49203 142.250.204.73:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	13:8e:0a:a4:4a:bf:ff:e7:47:93:b8:3d:e4:cd:e8:cf:25:9c:95:c0
TLSv1 192.168.56.101:49210 172.217.26.141:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=accounts.google.com	63:2a:4c:73:4c:38:83:3a:7f:04:88:72:6d:31:ed:c7:b9:66:df:cc
TLSv1 192.168.56.101:49216 172.217.31.164:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=www.google.com	50:9d:4c:90:97:dd:23:de:78:ad:a2:09:25:c9:6b:30:0c:13:f1:94
TLSv1 192.168.56.101:49217 172.217.31.164:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=www.google.com	50:9d:4c:90:97:dd:23:de:78:ad:a2:09:25:c9:6b:30:0c:13:f1:94
TLSv1 192.168.56.101:49204 142.250.204.73:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	13:8e:0a:a4:4a:bf:ff:e7:47:93:b8:3d:e4:cd:e8:cf:25:9c:95:c0
TLSv1 192.168.56.101:49212 142.250.66.42:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com	5e:2f:09:e4:4f:0a:27:50:e2:58:69:89:18:04:2d:ae:2a:08:a9:4b
TLSv1 192.168.56.101:49221 142.250.207.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	0e:e6:67:f4:71:f6:cb:1b:b8:71:28:6a:a7:89:0e:c7:25:80:da:0e
TLSv1 192.168.56.101:49207 142.250.204.41:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	13:8e:0a:a4:4a:bf:ff:e7:47:93:b8:3d:e4:cd:e8:cf:25:9c:95:c0
TLSv1 192.168.56.101:49214 142.250.204.73:443	None	None	None
TLSv1 192.168.56.101:49209 172.217.26.141:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=accounts.google.com	63:2a:4c:73:4c:38:83:3a:7f:04:88:72:6d:31:ed:c7:b9:66:df:cc
TLSv1 192.168.56.101:49215 172.217.31.164:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=www.google.com	50:9d:4c:90:97:dd:23:de:78:ad:a2:09:25:c9:6b:30:0c:13:f1:94
TLSv1 192.168.56.101:49213 142.250.66.42:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com	5e:2f:09:e4:4f:0a:27:50:e2:58:69:89:18:04:2d:ae:2a:08:a9:4b
TLSv1 192.168.56.101:49223 172.217.161.131:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	e3:33:e1:bc:bb:54:14:6d:38:0c:08:59:1b:18:41:5a:fb:b5:75:de
TLSv1 192.168.56.101:49224 172.217.161.131:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	e3:33:e1:bc:bb:54:14:6d:38:0c:08:59:1b:18:41:5a:fb:b5:75:de
TLSv1 192.168.56.101:49222 142.250.207.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	0e:e6:67:f4:71:f6:cb:1b:b8:71:28:6a:a7:89:0e:c7:25:80:da:0e

Snort Alerts

No Snort Alerts