Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| bornforthis.ml | 104.21.17.57 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:57661 239.255.255.250:3702
-
GET
200
https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html HTTP/1.1
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
Host: bornforthis.ml
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 14 Apr 2021 01:07:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dbd837a32e20226e93f5c78ef82cc84fc1618362450; expires=Fri, 14-May-21 01:07:30 GMT; path=/; domain=.bornforthis.ml; HttpOnly; SameSite=Lax; Secure
last-modified: Sun, 11 Apr 2021 23:55:41 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
cf-request-id: 096f845b840000aeebe6951000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Mkl27kUN39rAvIjZ2uNAWZRrcGLWh1a9kL27O%2Fuxx12IUhETZ%2BBlPJnKmtrLdl%2B69C%2B5TTL4stWEb5OlX3e%2B2QkFs%2BbZ7rnxC5qEzUXQiQ%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63f909a59eecaeeb-KIX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
301
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html
REQUEST
RESPONSE
BODY
GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html HTTP/1.1
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41
Host: bornforthis.ml
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Wed, 14 Apr 2021 01:07:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 14 Apr 2021 02:07:30 GMT
Location: https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-13AD0F88B76E2403189110A8CCEDF6CA.html
cf-request-id: 096f845ad800000a74c43d5000000001
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hakkMATiTypxn8Gj4IHjUvyuogbrM3AlLFqD80K%2BGFhTAwZnaelkBGeYqGKI%2FTWYKg6ZY4ChaPIGsLn9B8Wd%2B7Yr%2B%2BLAnB%2FPXTSYx%2F7FUQ%3D%3D"}],"max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 63f909a48c960a74-KIX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:57660 -> 164.124.101.2:53 | 2025106 | ET INFO DNS Query for Suspicious .ml Domain | Potentially Bad Traffic |
| TCP 192.168.56.102:49806 -> 172.67.222.176:443 | 2025110 | ET INFO Suspicious Domain (*.ml) in TLS SNI | Potentially Bad Traffic |
| TCP 192.168.56.102:49806 -> 172.67.222.176:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49806 172.67.222.176:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 0b:88:e6:00:8c:78:08:99:49:d0:cc:4b:99:d4:40:e3:c0:ba:62:5c |
Snort Alerts
No Snort Alerts