NetWork | ZeroBOX

Network Analysis

IP Address Status Action
121.254.136.57 Active Moloch
142.250.204.68 Active Moloch
164.124.101.2 Active Moloch
198.251.88.130 Active Moloch
GET 200 http://www.google.com/
REQUEST
RESPONSE
GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49168 -> 198.251.88.130:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49164 -> 142.250.204.68:80 2036303 ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check A Network Trojan was detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.101:49168
198.251.88.130:443
C=US, O=Let's Encrypt, CN=R3 CN=rentry.co 59:bb:b9:be:2b:22:60:a5:a0:3a:54:7b:18:79:ab:d7:d5:a5:ec:cc

Snort Alerts

No Snort Alerts