NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.245.208.4	Active	Moloch
65.60.36.22	Active	Moloch

Name	Response	Post-Analysis Lookup
www.synergyinnovationgroup.com	A 65.60.36.22 CNAME synergyinnovationgroup.com	65.60.36.22

TCP Requests

UDP Requests

GET 200 http://172.245.208.4/2546/wlanext.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49171 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49170 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49182 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49180	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49220	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49208	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 172.245.208.4:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49196	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49228	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 172.245.208.4:80 -> 192.168.56.101:49162	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 65.60.36.22:443 -> 192.168.56.101:49212	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49226 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49204	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49238 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49268	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49222 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49216	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 172.245.208.4:80 -> 192.168.56.101:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 65.60.36.22:443 -> 192.168.56.101:49240	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 172.245.208.4:80 -> 192.168.56.101:49162	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 172.245.208.4:80 -> 192.168.56.101:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49283 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49232	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49286 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49244	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49246 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49296	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49254 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49276	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49299 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49256	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49258 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49288	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49260	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49280	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49264	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49290 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49300	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49303 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49172	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49198 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49200	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49202 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49224	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49236	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49242 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49248	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 65.60.36.22:443 -> 192.168.56.101:49252	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49270 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49272	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49274 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49292	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49295 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49176	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49187 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49188	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49284	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49287 -> 65.60.36.22:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 65.60.36.22:443 -> 192.168.56.101:49304	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts