NetWork | ZeroBOX

IP Address	Status	Action
103.112.69.92	Active	Moloch
103.6.198.176	Active	Moloch
104.21.46.148	Active	Moloch
104.21.6.168	Active	Moloch
104.21.76.140	Active	Moloch
110.173.135.226	Active	Moloch
113.20.24.100	Active	Moloch
124.150.141.167	Active	Moloch
13.248.169.48	Active	Moloch
13.56.33.8	Active	Moloch
133.125.38.187	Active	Moloch
145.239.5.159	Active	Moloch
15.197.142.173	Active	Moloch
153.126.211.112	Active	Moloch
154.201.225.123	Active	Moloch
156.251.140.23	Active	Moloch
157.7.107.38	Active	Moloch
157.7.107.49	Active	Moloch
160.80.6.36	Active	Moloch
164.132.175.106	Active	Moloch
164.92.82.47	Active	Moloch
173.205.126.33	Active	Moloch
177.73.143.59	Active	Moloch
178.249.70.75	Active	Moloch
185.230.63.107	Active	Moloch
185.230.63.186	Active	Moloch
185.33.216.22	Active	Moloch
192.124.249.12	Active	Moloch
192.124.249.13	Active	Moloch
192.124.249.15	Active	Moloch
192.124.249.9	Active	Moloch
149.154.167.220	Active	Moloch
164.124.101.2	Active	Moloch
194.143.194.23	Active	Moloch
195.128.140.29	Active	Moloch
195.201.246.38	Active	Moloch
198.185.159.144	Active	Moloch
198.49.23.145	Active	Moloch
199.34.228.78	Active	Moloch
202.59.4.2	Active	Moloch
202.94.166.30	Active	Moloch
205.149.134.32	Active	Moloch
207.211.30.242	Active	Moloch
208.100.26.245	Active	Moloch
211.1.226.67	Active	Moloch
216.239.34.21	Active	Moloch
216.46.129.162	Active	Moloch
27.0.174.59	Active	Moloch
3.33.130.190	Active	Moloch
3.33.243.145	Active	Moloch
3.64.163.50	Active	Moloch
31.15.12.103	Active	Moloch
34.224.10.110	Active	Moloch
35.214.171.193	Active	Moloch
35.231.13.148	Active	Moloch
46.242.238.60	Active	Moloch
49.12.155.123	Active	Moloch
5.134.4.115	Active	Moloch
52.194.155.172	Active	Moloch
52.20.84.62	Active	Moloch
54.69.120.26	Active	Moloch
61.200.81.21	Active	Moloch
62.122.170.171	Active	Moloch
65.52.128.33	Active	Moloch
75.2.70.75	Active	Moloch
76.223.27.102	Active	Moloch
76.223.35.103	Active	Moloch
76.223.54.146	Active	Moloch
76.74.184.61	Active	Moloch
77.72.4.226	Active	Moloch
79.96.161.192	Active	Moloch
79.96.32.254	Active	Moloch
83.223.113.46	Active	Moloch
85.128.55.51	Active	Moloch
86.105.245.69	Active	Moloch
89.161.136.188	Active	Moloch
89.161.163.246	Active	Moloch
91.201.52.102	Active	Moloch
91.220.211.163	Active	Moloch
92.42.191.40	Active	Moloch
93.188.2.51	Active	Moloch
93.189.66.202	Active	Moloch
95.174.22.233	Active	Moloch

Name	Response	Post-Analysis Lookup
actmin.com
clysma.com
api.telegram.org	A 149.154.167.220	149.154.167.220

TCP Requests

UDP Requests

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2033966	ET HUNTING Telegram API Domain in DNS Lookup	Misc activity
TCP 149.154.167.220:443 -> 192.168.56.103:49170	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity
TCP 192.168.56.103:49170 -> 149.154.167.220:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity
TCP 192.168.56.103:49170 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts