Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
smtp.mail.ru | 217.69.139.160 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:53007 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 94.100.180.160:587 -> 192.168.56.101:49177 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
TCP 192.168.56.101:49177 -> 94.100.180.160:587 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 94.100.180.160:587 -> 192.168.56.101:49179 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
TCP 192.168.56.101:49179 -> 94.100.180.160:587 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 94.100.180.160:587 -> 192.168.56.101:49181 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
TCP 192.168.56.101:49181 -> 94.100.180.160:587 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49177 94.100.180.160:587 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru | f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e |
TLSv1 192.168.56.101:49179 94.100.180.160:587 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru | f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e |
TLSv1 192.168.56.101:49181 94.100.180.160:587 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.mail.ru | f5:86:61:b5:b2:6c:9a:dd:9a:ba:a0:24:59:4d:7b:99:e6:72:ea:7e |
Snort Alerts
No Snort Alerts