NetWork | ZeroBOX

Network Analysis

IP Address Status Action
117.18.232.200 Active Moloch
142.250.71.200 Active Moloch
142.250.76.14 Active Moloch
142.251.130.14 Active Moloch
164.124.101.2 Active Moloch
172.217.24.99 Active Moloch
93.127.196.158 Active Moloch
GET 302 https://docs.google.com/document/d/1F5RULhkoBF-7vdHlyYfHj3e_zEDMCP6lEzhIzBxJ77M/edit
REQUEST
RESPONSE
GET 200 https://support.google.com/drive/answer/6283888
REQUEST
RESPONSE
GET 200 https://www.google-analytics.com/analytics.js
REQUEST
RESPONSE
GET 200 https://www.googletagmanager.com/gtag/js?id=G-H30R9PNQFN
REQUEST
RESPONSE
GET 200 https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
REQUEST
RESPONSE
GET 200 https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
REQUEST
RESPONSE
GET 200 https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff
REQUEST
RESPONSE
GET 200 https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
REQUEST
RESPONSE
GET 200 https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
REQUEST
RESPONSE
GET 200 https://support.google.com/favicon.ico
REQUEST
RESPONSE
GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49183 -> 142.250.76.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49175 -> 142.250.76.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49174 -> 142.250.76.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49191 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49181 -> 142.251.130.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 93.127.196.158:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49192 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49176 -> 93.127.196.158:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49184 -> 142.250.76.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49182 -> 142.251.130.14:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 142.250.71.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49186 -> 142.250.71.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49190 -> 172.217.24.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49183
142.250.76.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google-analytics.com 27:bf:6e:8e:d6:51:1c:c5:b2:cf:e2:e9:0f:87:d0:f3:33:23:e7:37
TLSv1
192.168.56.101:49175
142.250.76.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google.com a9:52:08:e0:fc:37:b4:6b:5f:cf:c5:ab:c4:10:c7:d6:00:4d:dc:69
TLSv1
192.168.56.101:49174
142.250.76.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google.com a9:52:08:e0:fc:37:b4:6b:5f:cf:c5:ab:c4:10:c7:d6:00:4d:dc:69
TLSv1
192.168.56.101:49188
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14
TLSv1
192.168.56.101:49191
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14
TLSv1
192.168.56.101:49181
142.251.130.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google.com a9:52:08:e0:fc:37:b4:6b:5f:cf:c5:ab:c4:10:c7:d6:00:4d:dc:69
TLSv1
192.168.56.101:49192
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14
TLSv1
192.168.56.101:49184
142.250.76.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google-analytics.com 27:bf:6e:8e:d6:51:1c:c5:b2:cf:e2:e9:0f:87:d0:f3:33:23:e7:37
TLSv1
192.168.56.101:49182
142.251.130.14:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google.com a9:52:08:e0:fc:37:b4:6b:5f:cf:c5:ab:c4:10:c7:d6:00:4d:dc:69
TLSv1
192.168.56.101:49187
142.250.71.200:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google-analytics.com 27:bf:6e:8e:d6:51:1c:c5:b2:cf:e2:e9:0f:87:d0:f3:33:23:e7:37
TLSv1
192.168.56.101:49193
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14
TLSv1
192.168.56.101:49186
142.250.71.200:443
C=US, O=Google Trust Services, CN=WR2 CN=*.google-analytics.com 27:bf:6e:8e:d6:51:1c:c5:b2:cf:e2:e9:0f:87:d0:f3:33:23:e7:37
TLSv1
192.168.56.101:49189
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14
TLSv1
192.168.56.101:49190
172.217.24.99:443
C=US, O=Google Trust Services, CN=WR2 CN=*.gstatic.com f2:15:54:4e:f3:58:7f:5a:14:9d:f2:45:37:0e:b1:a6:48:c6:2b:14

Snort Alerts

No Snort Alerts