NetWork | ZeroBOX

Network Analysis

IP Address Status Action
104.193.111.101 Active Moloch
104.193.111.117 Active Moloch
164.124.101.2 Active Moloch
172.217.27.46 Active Moloch
23.32.56.72 Active Moloch
GET 200 https://www.google-analytics.com/collect?v=1&tid=UA-380480-23&cid=%7B8A15A8BB-1D80-42A0-9E54-76E6BF4346F8%7D&t=event&ec=Session&ea=Start&an=ImBatch&av=7.6.0&ul=en-GB&sr=1024x768&sc=start&z=88081
REQUEST
RESPONSE
GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49168 -> 172.217.27.46:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49169 -> 104.193.111.101:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49168
172.217.27.46:443
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.google-analytics.com e6:f7:82:c1:10:ac:08:76:a1:97:70:b7:56:b7:ef:92:30:ba:1e:12
TLSv1
192.168.56.103:49169
104.193.111.101:443
C=US, O=Let's Encrypt, CN=R3 CN=highmotionsoftware.com 6f:a9:b3:c7:07:47:2c:5d:29:21:bd:d5:d6:29:38:66:0c:08:a5:43

Snort Alerts

No Snort Alerts