Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
dp.tb.ask.com | 34.107.128.118 | |
anx.mindspark.com | 34.102.222.207 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:61460 239.255.255.250:3702
-
GET
404
https://dp.tb.ask.com/installerParams.jhtml?coId=af75d672c26d4cc59fc74465083f473c
REQUEST
RESPONSE
BODY
GET /installerParams.jhtml?coId=af75d672c26d4cc59fc74465083f473c HTTP/1.1
User-Agent: Mindspark MIP (Windows NT 6.1; Win64; MSIE 9.0; Build 7601; SP 1)
Host: dp.tb.ask.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.17.6
Date: Wed, 28 Apr 2021 02:08:40 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Set-Cookie: anx="xracl=&xriad=&xdp=&nv=1&lv=1619575720885&fv=1619575720885&ob=-&xrct=&oc=-&od=none&xgc=&sn=prod-dlp2-core-us-west1-zhqf&ok=-&om=-&xrkw=&xrco=&xrca=&op=-&xrcc=&xsee=&os=-&xiu=&xtc=&g=-&xlang=&xrsp=&xh=&xeid=&xi=&xbot=&xrp=&xp=&xrs=&xtt=&xpp=&xtbg=&xrt=&xs=&xt=&xu=&xcid="; Version=1; Path=/; Domain=.tb.ask.com; Max-Age=7776000; Expires=Tue, 27-Jul-2021 02:08:40 GMT
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Language: en-US
Via: 1.1 google
Alt-Svc: clear
GET
204
http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=af75d672c26d4cc59fc74465083f473c&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2022722323&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry=
REQUEST
RESPONSE
BODY
GET /anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-16&errorType=nsisError&errorDetails=af75d672c26d4cc59fc74465083f473c&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2022722323&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= HTTP/1.1
User-Agent: Mindspark MIP (Windows NT 6.1; Win64; MSIE 9.0; Build 7601; SP 1)
Host: anx.mindspark.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 204 No Content
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=0
Cache-Control: no-cache
Date: Wed, 28 Apr 2021 02:08:40 GMT
Via: 1.1 google
GET
204
http://anx.mindspark.com/anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-11&errorType=nsisError&errorDetails=File+Not+Found+%28404%29&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2075128396&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry=
REQUEST
RESPONSE
BODY
GET /anx.gif?anxa=CAPDownloadProcess&anxe=Error&errorCode=-11&errorType=nsisError&errorDetails=File+Not+Found+%28404%29&platform=vicinio&anxv=2.7.1.3000&anxd=2018-10-23&coid=af75d672c26d4cc59fc74465083f473c&refPartner=^BXV^mni000^S29402&refSub=&anxl=en-US&anxr=2075128396&refCobrand=BXV&refCampaign=mni000&refTrack=S29402&refCountry= HTTP/1.1
User-Agent: Mindspark MIP (Windows NT 6.1; Win64; MSIE 9.0; Build 7601; SP 1)
Host: anx.mindspark.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 204 No Content
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=0
Cache-Control: no-cache
Date: Wed, 28 Apr 2021 02:08:41 GMT
Via: 1.1 google
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49809 -> 34.107.128.118:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49809 34.107.128.118:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=dp.tb.ask.com | 44:f8:0d:13:ec:93:20:8d:aa:87:47:8b:43:be:99:08:b7:64:ef:7b |
Snort Alerts
No Snort Alerts