Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.yoursite.com | 104.21.14.15 | |
| yoursite.com | 172.67.133.191 |
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
301
https://www.yoursite.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.yoursite.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Apr 2021 00:29:03 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d6f449f3a0d90a188fd2a014c66ad56581618878543; expires=Thu, 20-May-21 00:29:03 GMT; path=/; domain=.yoursite.com; HttpOnly; SameSite=Lax
Location: https://yoursite.com/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
CF-Cache-Status: DYNAMIC
cf-request-id: 098e474d140000eb29d9a50000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0IgC9ttidICrP7mYx1xWsHB7IXKFpHplcZoacwQhIFA2FnLTz%2BD2uSbyeoVH6cFO5jUepNFrEuvKtAllT0YEyrlW64v1yyyzbhG0SZ3veMLx"}]}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 642a418e8df0eb29-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
https://yoursite.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: yoursite.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 20 Apr 2021 00:29:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d3d7fa4ca180d190f0d0473c5827059541618878544; expires=Thu, 20-May-21 00:29:04 GMT; path=/; domain=.yoursite.com; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
Last-Modified: Mon, 19 Apr 2021 15:10:52 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
CF-Cache-Status: DYNAMIC
cf-request-id: 098e4751f4000042de8a8bf000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iLUCGkkm5teNG9SfNxKGUb%2BkZH%2F5vFcGYQu9AJwxg7JdPM3EgISb99gMyiEkuqCkOxcC1N9nVp83q5EWAQlUnFbI6LAheBBIYMXcIg8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 642a41965dd142de-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49199 -> 172.67.133.191:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49202 -> 172.67.133.191:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49199 172.67.133.191:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 97:38:3d:17:60:cf:37:5f:32:f8:a8:d4:38:b0:95:2f:df:2d:6a:93 |
|
TLSv1 192.168.56.101:49202 172.67.133.191:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 97:38:3d:17:60:cf:37:5f:32:f8:a8:d4:38:b0:95:2f:df:2d:6a:93 |
Snort Alerts
No Snort Alerts