Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| injuryless.com | 193.178.169.243 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:57661 239.255.255.250:3702
-
POST
200
https://injuryless.com/?id=test22-PC_94DE278C3274
REQUEST
RESPONSE
BODY
POST /?id=test22-PC_94DE278C3274 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Host: injuryless.com
Content-Length: 2555
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Jun 2021 04:37:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.28
Set-Cookie: PHPSESSID=3b3a7e2fc4774c00bde8c485ff9b3de7; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
GET
200
https://injuryless.com/?id=test22-PC_94DE278C3274
REQUEST
RESPONSE
BODY
GET /?id=test22-PC_94DE278C3274 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Host: injuryless.com
Content-Length: 1
Cookie: PHPSESSID=3b3a7e2fc4774c00bde8c485ff9b3de7
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Jun 2021 04:37:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.28
GET
200
https://injuryless.com/?id=test22-PC_94DE278C3274
REQUEST
RESPONSE
BODY
GET /?id=test22-PC_94DE278C3274 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Host: injuryless.com
Content-Length: 1
Cookie: PHPSESSID=3b3a7e2fc4774c00bde8c485ff9b3de7
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Jun 2021 04:37:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.28
GET
200
https://injuryless.com/?id=test22-PC_94DE278C3274
REQUEST
RESPONSE
BODY
GET /?id=test22-PC_94DE278C3274 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Host: injuryless.com
Content-Length: 1
Cookie: PHPSESSID=3b3a7e2fc4774c00bde8c485ff9b3de7
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Jun 2021 04:38:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.28
GET
200
https://injuryless.com/?id=test22-PC_94DE278C3274
REQUEST
RESPONSE
BODY
GET /?id=test22-PC_94DE278C3274 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
Host: injuryless.com
Content-Length: 1
Cookie: PHPSESSID=3b3a7e2fc4774c00bde8c485ff9b3de7
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Jun 2021 04:38:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.3.28
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49805 -> 193.178.169.243:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49805 193.178.169.243:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=injuryless.com | 14:b8:52:b9:ac:92:22:d5:8e:3d:d2:3f:a1:cf:d0:8e:d6:63:e3:44 |
Snort Alerts
No Snort Alerts