NetWork | ZeroBOX

Network Analysis

IP Address Status Action
164.124.101.2 Active Moloch
51.79.99.124 Active Moloch
52.217.99.219 Active Moloch
GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49200 -> 51.79.99.124:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.101:49200
51.79.99.124:443
C=US, O=Let's Encrypt, CN=R3 CN=textbin.net f0:a5:e9:5b:72:af:ec:cb:17:1b:86:6d:9f:19:9a:3a:8b:12:df:91

Snort Alerts

No Snort Alerts