NetWork | ZeroBOX

IP Address	Status	Action
104.21.85.99	Active	Moloch
162.0.210.44	Active	Moloch
162.159.130.233	Active	Moloch
162.255.117.78	Active	Moloch
164.124.101.2	Active	Moloch
172.67.136.94	Active	Moloch
172.67.185.110	Active	Moloch
172.67.204.112	Active	Moloch
182.162.106.42	Active	Moloch
194.163.158.120	Active	Moloch
194.87.185.127	Active	Moloch
199.192.17.247	Active	Moloch
208.95.112.1	Active	Moloch
212.192.241.15	Active	Moloch
23.76.153.107	Active	Moloch
34.117.59.81	Active	Moloch
45.133.1.107	Active	Moloch
45.136.113.13	Active	Moloch
45.136.151.102	Active	Moloch
45.142.182.152	Active	Moloch
52.219.158.38	Active	Moloch
88.99.66.31	Active	Moloch

Name	Response	Post-Analysis Lookup
requestimedout.com	A 162.255.117.78	162.255.117.78
iplogger.org	A 88.99.66.31	88.99.66.31
dataonestorage.com	A 45.142.182.152	45.142.182.152
apps.identrust.com	A 23.76.153.211 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 23.76.153.107 A 182.162.106.42 A 182.162.106.26	23.216.159.9
f.gogamef.com	A 172.67.136.94 A 104.21.72.228	104.21.72.228
www.hzradiant.com	A 194.163.158.120	194.163.158.120
ipinfo.io	A 34.117.59.81	34.117.59.81
eguntong.com	A 194.87.185.127	194.87.185.127
connectini.net	A 162.0.210.44	162.0.210.44
el5en1977834657.s3.ap-south-1.amazonaws.com	A 52.219.158.38 CNAME s3-r-w.ap-south-1.amazonaws.com	52.219.66.51
t.gogamec.com	A 104.21.85.99 A 172.67.204.112	172.67.204.112
ip-api.com	A 208.95.112.1	208.95.112.1
staticimg.youtuuee.com	A 45.136.151.102	45.136.151.102
fouratlinks.com	A 199.192.17.247	199.192.17.247
imgs.googlwaa.com	A 45.136.113.13	45.136.113.13
d.gogamed.com	A 172.67.185.110 A 104.21.59.236	104.21.59.236
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.129.233 A 162.159.130.233 A 162.159.133.233	162.159.134.233
iplis.ru	A 88.99.66.31	88.99.66.31

TCP Requests

UDP Requests

GET 200 https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp

GET 200 https://ipinfo.io/widget

GET 200 https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp

GET 302 https://d.gogamed.com/userhome/22/any.exe

GET 200 https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe

POST 100 https://connectini.net/Series/SuperNitouDisc.php

GET 200 https://connectini.net/S2S/Disc/Disc.php?ezok=folderlyla1&tesla=7

GET 200 http://45.133.1.107/server.txt

GET 200 http://212.192.241.15/base/api/statistics.php

POST 200 http://212.192.241.15/base/api/getData.php

HEAD 200 http://45.133.1.107/download/NiceProcessX64.bmp

GET 200 http://45.133.1.107/download/NiceProcessX64.bmp

POST 200 http://212.192.241.15/base/api/getData.php

HEAD 301 http://dataonestorage.com/search_hyperfs_209.exe

HEAD 200 http://imgs.googlwaa.com/lqosko/p18j/cust9.exe

HEAD 200 http://eguntong.com/pub33.exe

HEAD 302 http://www.hzradiant.com/askhelp42/askinstall42.exe

GET 200 http://imgs.googlwaa.com/lqosko/p18j/cust9.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://eguntong.com/pub33.exe

HEAD 200 http://www.hzradiant.com/askinstall42.exe

GET 302 http://www.hzradiant.com/askhelp42/askinstall42.exe

GET 200 http://www.hzradiant.com/askinstall42.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 301 http://dataonestorage.com/search_hyperfs_209.exe

GET 200 http://ip-api.com/json/

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://staticimg.youtuuee.com/api/fbtime

POST 200 http://staticimg.youtuuee.com/api/?sid=600653&key=bfe10d3bf124f043738c20f287bfc0c2

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

HEAD 200 http://fouratlinks.com/installpartners/ShareFolder.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://fouratlinks.com/installpartners/ShareFolder.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

POST 200 http://212.192.241.15/base/api/getData.php

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://fouratlinks.com/stockmerchandise/zillaCPM/r4XZt5MYHpEdcdmzqr2D.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://fouratlinks.com/stockmerchandise/serious_punch_upd/HttpTwcyK3R6gQj7t7EY.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://fouratlinks.com/stockmerchandise/total_out_hand/v8hBqWuKscbjZRqNatPw.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

GET 200 http://fouratlinks.com/Widgets/FolderShare.exe

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

POST 100 http://requestimedout.com/xenocrates/zoroaster

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49164 -> 162.159.130.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49164 -> 162.159.130.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.130.233:80 -> 192.168.56.103:49166	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 162.159.130.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 162.159.130.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49165 -> 162.159.130.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 34.117.59.81:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49170 -> 34.117.59.81:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 34.117.59.81:443 -> 192.168.56.103:49170	2025330	ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49179 -> 162.159.130.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49162 -> 212.192.241.15:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.103:49184 -> 172.67.185.110:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49184 -> 172.67.185.110:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49187 -> 172.67.185.110:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49162 -> 212.192.241.15:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.103:49174 -> 162.159.130.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.130.233:80 -> 192.168.56.103:49174	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49178 -> 162.159.130.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49178 -> 162.159.130.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.133.1.107:80 -> 192.168.56.103:49171	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.133.1.107:80 -> 192.168.56.103:49171	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 172.67.185.110:80 -> 192.168.56.103:49185	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 194.87.185.127:80 -> 192.168.56.103:49193	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49195 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49190 -> 172.67.136.94:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49192 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49183 -> 162.159.130.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 172.67.185.110:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 172.67.185.110:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49173 -> 212.192.241.15:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 45.136.113.13:80 -> 192.168.56.103:49177	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49198 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.142.182.152:443 -> 192.168.56.103:49197	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49210 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49204 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49212 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49237 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49213 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49214 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 52.219.158.38:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49235 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49238 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49250 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49259 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49281 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49222 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49240 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 199.192.17.247:80 -> 192.168.56.103:49279	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49246 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 52.219.158.38:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49257 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49260 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49275 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49283 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 162.0.210.44:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49296 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 212.192.241.15:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.103:49292 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49303 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 52.219.158.38:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 199.192.17.247:80 -> 192.168.56.103:49298	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 199.192.17.247:80 -> 192.168.56.103:49298	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49317 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.142.182.152:443 -> 192.168.56.103:49207	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49316 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49228 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49242 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49273 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49300 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 199.192.17.247:80 -> 192.168.56.103:49307	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 199.192.17.247:80 -> 192.168.56.103:49307	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 199.192.17.247:80 -> 192.168.56.103:49307	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 199.192.17.247:80 -> 192.168.56.103:49307	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49168 162.159.130.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.103:49170 34.117.59.81:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1D4	CN=ipinfo.io	f0:42:a0:3b:5b:a8:0e:51:f4:13:25:f7:fc:7c:dc:35:63:19:75:63
TLSv1 192.168.56.103:49187 172.67.185.110:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	b0:c4:b1:fe:56:fd:ec:99:f4:dc:0f:3f:36:63:53:f7:6c:3a:26:7b
TLSv1 192.168.56.103:49190 172.67.136.94:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamef.com	5c:36:e8:6e:6d:65:76:95:76:a5:7d:b3:47:fe:54:fe:f3:71:15:1b
TLSv1 192.168.56.103:49183 162.159.130.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.103:49198 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49210 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49205 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49220 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49216 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49221 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49218 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49225 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49212 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49244 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49224 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49247 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49230 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49251 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49237 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49254 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49258 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49213 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49262 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49223 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49214 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49229 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49267 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49234 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49252 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49268 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49235 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49261 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49236 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49274 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49238 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49250 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49259 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49263 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49281 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49219 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49222 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49226 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49239 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49231 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49240 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49241 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49232 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49245 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49246 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49233 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49257 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49260 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49269 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49275 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49283 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49286 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49287 162.0.210.44:443	C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com	C=CH, L=Schaffhausen, O=Plesk, CN=Plesk/emailAddress=info@plesk.com	68:49:fa:d2:40:0d:bd:3f:c0:6e:bf:50:6f:a8:1c:a3:3e:f4:40:cf
TLSv1 192.168.56.103:49291 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49296 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49285 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49297 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49248 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49289 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49292 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49253 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49293 88.99.66.31:443	C=US, O=Let's Encrypt, CN=R3	CN=iplogger.com	92:14:16:9c:56:a1:f2:6a:b9:1d:e1:8d:4c:5f:a4:57:a7:9c:a0:6b
TLSv1 192.168.56.103:49302 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49303 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49255 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49308 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49299 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49305 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49264 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49309 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49265 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49272 52.219.158.38:443	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.s3.ap-south-1.amazonaws.com	c6:36:df:af:09:de:c1:11:cd:93:7d:ef:05:10:32:ae:12:cd:7d:b8
TLSv1 192.168.56.103:49280 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49304 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49312 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49314 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49317 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49211 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49316 88.99.66.31:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.iplogger.org	55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1 192.168.56.103:49215 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49217 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49284 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49228 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49242 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49243 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49256 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49266 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49270 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49273 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49300 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49288 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49301 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49295 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.103:49311 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1

Snort Alerts

No Snort Alerts