popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 2 TCP 46 UDP 5 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
148.251.114.233 Active Moloch
164.124.101.2 Active Moloch
184.171.244.231 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49170 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49165 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49165 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49173 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49173 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49165 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49165 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49194 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49173 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49173 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49168 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49169 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49169 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49169 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49189 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49164 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49169 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49189 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49164 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49169 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49164 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49177 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49177 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49164 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49164 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49196 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49196 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49196 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49193 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49193 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49180 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49180 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49180 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49192 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49208 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49180 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49180 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49201 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49201 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49192 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49192 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49208 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49208 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49195 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49188 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49188 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49203 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49198 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49205 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49209 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49205 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49209 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49205 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49209 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49210 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49171 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49172 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49172 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49172 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49172 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49176 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49176 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49176 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49181 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49181 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49184 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49184 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49184 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49185 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49185 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49197 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49197 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49204 -> 148.251.114.233:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 148.251.114.233:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 148.251.114.233:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.114.233:443 -> 192.168.56.101:49204 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 148.251.114.233:443 -> 192.168.56.101:49204 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49206 -> 184.171.244.231:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts