NetWork | ZeroBOX

IP Address	Status	Action
117.18.232.200	Active	Moloch
148.251.234.93	Active	Moloch
162.0.229.248	Active	Moloch
164.124.101.2	Active	Moloch
195.179.239.150	Active	Moloch

Name	Response	Post-Analysis Lookup
iplogger.com	A 148.251.234.93	148.251.234.93
globalmanysoft.com	A 195.179.239.150	195.179.239.150
makemymatch.site	A 162.0.229.248	162.0.229.248

TCP Requests

UDP Requests

GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49170 -> 162.0.229.248:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 162.0.229.248:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49184 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49177 -> 162.0.229.248:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.0.229.248:443 -> 192.168.56.103:49180	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.0.229.248:443 -> 192.168.56.103:49172	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 195.179.239.150:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 195.179.239.150:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49202 -> 195.179.239.150:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 195.179.239.150:443 -> 192.168.56.103:49198	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49193	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49198	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49193	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49202	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49202	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49197 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49201 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49171 -> 162.0.229.248:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 195.179.239.150:443 -> 192.168.56.103:49201	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49201	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49183 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 195.179.239.150:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 195.179.239.150:443 -> 192.168.56.103:49194	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49194	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49210 -> 195.179.239.150:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.103:49210 -> 195.179.239.150:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.103:49210 -> 195.179.239.150:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 195.179.239.150:443 -> 192.168.56.103:49210	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 195.179.239.150:443 -> 192.168.56.103:49210	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts