NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
178.237.33.50	Active	Moloch
192.253.251.227	Active	Moloch
34.166.62.190	Active	Moloch
93.113.54.56	Active	Moloch

Name	Response	Post-Analysis Lookup
iwarsut775laudrye2.duckdns.org	A 192.253.251.227	192.253.251.227
geoplugin.net	A 178.237.33.50	178.237.33.50
asociatiatraditiimaria.ro	A 93.113.54.56	93.113.54.56
new.quranushaiqer.org.sa	A 34.166.62.190	34.166.62.190

TCP Requests

UDP Requests

GET 200 http://geoplugin.net/json.gp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2042936	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain	Potentially Bad Traffic
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
TCP 192.168.56.101:49188 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49193	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49193	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49188	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49188	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49178	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49178	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49179	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49179	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49198 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49192 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49196 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49197 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49221	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49221	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49197	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49197	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49196	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49192	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49196	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49192	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49199 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49200	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49227 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49200	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49161 -> 192.253.251.227:57484	2032776	ET MALWARE Remcos 3.x Unencrypted Checkin	Malware Command and Control Activity Detected
TCP 93.113.54.56:443 -> 192.168.56.101:49209	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49209	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49201	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49201	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49210	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49210	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49232	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49232	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49204	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49218 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49204	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49222 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49225 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49214 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49225 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49225	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49225	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49214	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49214	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49215	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49215	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49217 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49224 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49224	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49224	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49226 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.253.251.227:57484 -> 192.168.56.101:49161	2032777	ET MALWARE Remcos 3.x Unencrypted Server Response	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49229 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49229	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49229	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49205	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49205	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49220 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49220 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49220	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49220	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49223 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49228 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49228	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49228	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49189 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49189	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49189	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 93.113.54.56:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 93.113.54.56:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49233 -> 93.113.54.56:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 93.113.54.56:443 -> 192.168.56.101:49233	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 93.113.54.56:443 -> 192.168.56.101:49233	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49240 -> 34.166.62.190:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts