popup
NetWork | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Network Analysis

Download pcap
Hosts 3 DNS 2 TCP 41 UDP 6 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action
164.124.101.2 Active Moloch
185.230.210.248 Active Moloch
89.42.218.8 Active Moloch

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49194 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49194 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49194 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49171 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49170 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49170 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49170 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49171 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49171 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49170 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49170 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49167 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49167 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49167 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49181 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49182 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49182 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49197 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49198 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49191 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49200 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49191 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49195 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49191 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49195 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49195 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49193 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49202 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49201 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49173 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49201 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49174 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49205 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49174 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49174 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49205 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49205 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49208 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49208 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49179 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49179 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49208 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49208 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49183 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49209 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49183 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49183 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49209 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49209 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49184 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49168 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49168 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49186 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49186 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49168 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49186 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49190 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49175 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49190 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49175 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49190 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49175 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49190 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49192 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49177 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49203 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49206 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49178 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49178 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49178 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49180 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49187 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49187 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49187 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 89.42.218.8:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 89.42.218.8:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49204 -> 89.42.218.8:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 89.42.218.8:443 -> 192.168.56.101:49204 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 89.42.218.8:443 -> 192.168.56.101:49204 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.101:49207 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49210 -> 185.230.210.248:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts