popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 2 DNS 1 TCP 44 UDP 6 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.18.6.142 Active Moloch
164.124.101.2 Active Moloch
Name Response Post-Analysis Lookup
wwf.org
A 104.18.7.142
A 104.18.6.142
104.18.7.142

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49165 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49168 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49162 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49171 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49179 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49175 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49183 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49188 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49189 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49191 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49194 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49201 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49166 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49169 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49202 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49176 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49182 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49173 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49193 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49163 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49181 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49187 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49198 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49196 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49199 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49203 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.18.6.142:443 -> 192.168.56.103:49205 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 104.18.6.142:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.18.6.142:443 -> 192.168.56.103:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts