NetWork | ZeroBOX

IP Address	Status	Action
117.18.232.200	Active	Moloch
142.250.199.77	Active	Moloch
142.250.204.67	Active	Moloch
142.250.204.78	Active	Moloch
142.250.207.67	Active	Moloch
142.250.207.73	Active	Moloch
142.250.66.100	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.10	Active	Moloch
172.217.31.233	Active	Moloch

Name	Response	Post-Analysis Lookup
www.google-analytics.com	A 142.250.204.78 CNAME www-google-analytics.l.google.com	142.250.199.110
accounts.google.com	A 142.250.199.77	172.217.25.77
fonts.gstatic.com	A 142.250.204.67 CNAME gstaticadssl.l.google.com	172.217.161.67
www.google.com	A 142.250.66.100	172.217.175.68
fonts.googleapis.com	A 172.217.25.10	216.58.220.106
www.blogger.com	A 142.250.207.73 CNAME blogger.l.google.com	172.217.161.41
resources.blogblog.com	A 172.217.31.233 CNAME blogger.l.google.com	172.217.161.41
www.gstatic.com	A 142.250.207.67	172.217.161.35

TCP Requests

UDP Requests

GET 200 https://www.blogger.com/static/v1/widgets/1667664774-css_bundle_v2.css

GET 200 https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js

GET 200 https://www.blogger.com/dyn-css/authorization.css?targetBlogID=6774392999284712153&zx=2032a8f7-613d-4053-bd21-47de012d84af

GET 200 https://www.blogger.com/static/v1/widgets/807375071-widgets.js

GET 302 https://www.blogger.com/blogin.g?blogspotURL=https://ajsidjasidwxoxwkwjddududjf.blogspot.com/p/11.html&type=blog

GET 200 https://resources.blogblog.com/img/icon18_edit_allbkg.gif

GET 302 https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ajsidjasidwxoxwkwjddududjf.blogspot.com/p/11.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://ajsidjasidwxoxwkwjddududjf.blogspot.com/p/11.html%26type%3Dblog%26bpli%3D1&go=true

GET 200 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fajsidjasidwxoxwkwjddududjf.blogspot.com%2Fp%2F11.html&type=blog&bpli=1

GET 200 https://www.blogger.com/static/v1/v-css/281434096-static_pages.css

GET 200 https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js

GET 200 https://fonts.googleapis.com/css?family=Open+Sans:300

GET 200 https://www.google.com/css/maia.css

GET 200 https://www.google-analytics.com/analytics.js

GET 0 https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png

GET 0 https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png

GET 200 https://fonts.gstatic.com/s/opensans/v26/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVQ.woff

GET 200 https://www.blogger.com/img/blogger-logotype-color-black-1x.png

GET 200 https://www.blogger.com/img/share_buttons_20_3.png

GET 0 https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700

GET 0 https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxM.woff

GET 200 https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc-.woff

GET 200 https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg

GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49206 -> 172.217.31.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 142.250.199.77:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 142.250.204.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 142.250.199.77:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 142.250.66.100:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 142.250.207.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 142.250.207.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 142.250.204.78:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49231	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 117.18.232.200:443 -> 192.168.56.101:49232	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49212 -> 142.250.66.100:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 172.217.25.10:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 142.250.207.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 142.250.204.78:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 142.250.204.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 142.250.207.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 172.217.31.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 142.250.207.73:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 172.217.25.10:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49206 172.217.31.233:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	76:d9:ed:9a:97:01:f9:eb:d2:fb:79:86:c4:64:4f:02:1a:32:16:3b
TLSv1 192.168.56.101:49208 142.250.199.77:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=accounts.google.com	93:a7:6a:4d:d9:a2:77:32:f5:f7:30:8d:11:b8:34:12:df:c8:99:dc
TLSv1 192.168.56.101:49220 142.250.204.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	23:92:2f:c1:07:f1:5f:c3:2e:a0:86:05:c8:72:04:34:1a:7a:d5:da
TLSv1 192.168.56.101:49209 142.250.199.77:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=accounts.google.com	93:a7:6a:4d:d9:a2:77:32:f5:f7:30:8d:11:b8:34:12:df:c8:99:dc
TLSv1 192.168.56.101:49211 142.250.66.100:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=www.google.com	81:d3:b1:30:44:e4:01:e1:77:92:f3:6a:43:36:6a:ad:ee:99:4f:36
TLSv1 192.168.56.101:49204 142.250.207.73:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	76:d9:ed:9a:97:01:f9:eb:d2:fb:79:86:c4:64:4f:02:1a:32:16:3b
TLSv1 192.168.56.101:49203 142.250.207.73:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	76:d9:ed:9a:97:01:f9:eb:d2:fb:79:86:c4:64:4f:02:1a:32:16:3b
TLSv1 192.168.56.101:49215 142.250.204.78:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	80:3c:82:b4:37:5b:08:af:80:c3:bb:87:87:38:71:f5:88:ac:e2:3e
TLSv1 192.168.56.101:49212 142.250.66.100:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=www.google.com	81:d3:b1:30:44:e4:01:e1:77:92:f3:6a:43:36:6a:ad:ee:99:4f:36
TLSv1 192.168.56.101:49214 172.217.25.10:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=upload.video.google.com	24:ff:81:76:91:b0:43:fa:10:ae:52:fb:55:a8:ce:ae:35:7f:87:3e
TLSv1 192.168.56.101:49223 142.250.207.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	23:92:2f:c1:07:f1:5f:c3:2e:a0:86:05:c8:72:04:34:1a:7a:d5:da
TLSv1 192.168.56.101:49216 142.250.204.78:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	80:3c:82:b4:37:5b:08:af:80:c3:bb:87:87:38:71:f5:88:ac:e2:3e
TLSv1 192.168.56.101:49221 142.250.204.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	23:92:2f:c1:07:f1:5f:c3:2e:a0:86:05:c8:72:04:34:1a:7a:d5:da
TLSv1 192.168.56.101:49224 142.250.207.67:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	23:92:2f:c1:07:f1:5f:c3:2e:a0:86:05:c8:72:04:34:1a:7a:d5:da
TLSv1 192.168.56.101:49207 172.217.31.233:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.blogger.com	76:d9:ed:9a:97:01:f9:eb:d2:fb:79:86:c4:64:4f:02:1a:32:16:3b
TLSv1 192.168.56.101:49217 172.217.25.10:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=upload.video.google.com	24:ff:81:76:91:b0:43:fa:10:ae:52:fb:55:a8:ce:ae:35:7f:87:3e
TLSv1 192.168.56.101:49213 142.250.207.73:443	None	None	None

Snort Alerts

No Snort Alerts