popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 5 DNS 3 TCP 22 UDP 6 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
148.251.234.93 Active Moloch
163.172.154.142 Active Moloch
164.124.101.2 Active Moloch
172.67.34.170 Active Moloch
51.15.65.182 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 148.251.234.93:443 -> 192.168.56.103:49187 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2047719 ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.103:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49184 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49187 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49185 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49182 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49182 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49184 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49184 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49187 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49186 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49183 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49186 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49183 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49183 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49188 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49194 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49177 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49194 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49194 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49188 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49188 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49195 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49195 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49199 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49199 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49178 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49178 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49181 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49181 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49191 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49191 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49196 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49196 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49198 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49198 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2033268 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) Potential Corporate Privacy Violation
TCP 148.251.234.93:443 -> 192.168.56.103:49197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49197 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 172.67.34.170:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49193 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49193 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49220 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49220 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49189
51.15.65.182:14433 		None None None
TLS 1.3
192.168.56.103:49190
172.67.34.170:443 		None None None
TLS 1.3
192.168.56.103:49192
163.172.154.142:14433 		None None None

Snort Alerts

No Snort Alerts