popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 1 TCP 46 UDP 5 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
104.194.8.120 Active Moloch
104.194.8.143 Active Moloch
164.124.101.2 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 104.194.8.143:443 -> 192.168.56.103:49163 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49166 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49172 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49173 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49181 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49187 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49191 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49176 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49198 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49203 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49199 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49175 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49180 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49183 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49186 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49189 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49193 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49208 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49201 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49204 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49205 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 104.194.8.143:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49168 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49171 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 104.194.8.120:443 -> 192.168.56.103:49179 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49196 -> 104.194.8.120:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 104.194.8.120:443 -> 192.168.56.103:49209 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts