popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 46 UDP 5 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.194.8.120 Active Moloch
164.124.101.2 Active Moloch
172.96.160.210 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 172.96.160.210:443 -> 192.168.56.103:49163 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49181 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49161 -> 172.96.160.210:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49171 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49170 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49177 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49173 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49185 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49164 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49180 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49175 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49186 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49187 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49179 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49169 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49192 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49204 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49190 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49184 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49172 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49206 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49194 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49188 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49198 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49165 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49196 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49200 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49167 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49201 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49199 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49174 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49202 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49176 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49207 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49208 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts