Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| i.imgur.com | 151.101.52.193 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
192.168.56.101:62329 239.255.255.250:3702
-
192.168.56.101:62331 239.255.255.250:3702
-
192.168.56.101:62333 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
HEAD
200
https://i.imgur.com/qOLD3Td.png
REQUEST
RESPONSE
BODY
HEAD /qOLD3Td.png HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: i.imgur.com
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 767151
Last-Modified: Tue, 08 Sep 2020 14:29:05 GMT
ETag: "82e6e5b2ea74d00d29c9193720d0ea21"
x-amz-storage-class: STANDARD_IA
Content-Type: image/png
cache-control: public, max-age=31536000
Accept-Ranges: bytes
Date: Tue, 15 Jun 2021 12:25:39 GMT
Age: 444872
X-Served-By: cache-bwi5177-BWI, cache-sjc10067-SJC
X-Cache: HIT, MISS
X-Cache-Hits: 1, 0
X-Timer: S1623759939.091124,VS0,VE84
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
X-Content-Type-Options: nosniff
GET
200
https://i.imgur.com/qOLD3Td.png
REQUEST
RESPONSE
BODY
GET /qOLD3Td.png HTTP/1.1
Host: i.imgur.com
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 767151
Last-Modified: Tue, 08 Sep 2020 14:29:05 GMT
ETag: "82e6e5b2ea74d00d29c9193720d0ea21"
x-amz-storage-class: STANDARD_IA
Content-Type: image/png
cache-control: public, max-age=31536000
Accept-Ranges: bytes
Date: Tue, 15 Jun 2021 12:25:49 GMT
Age: 444882
X-Served-By: cache-bwi5177-BWI, cache-sjc10037-SJC
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1623759949.178449,VS0,VE1
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
X-Content-Type-Options: nosniff
GET
200
http://193.23.244.244/tor/status-vote/current/consensus
REQUEST
RESPONSE
BODY
GET /tor/status-vote/current/consensus HTTP/1.0
Host: 193.23.244.244
HTTP/1.0 200 OK
Date: Tue, 15 Jun 2021 12:26:12 GMT
Content-Type: text/plain
X-Your-Address-Is: 175.208.134.150
Content-Encoding: identity
Expires: Tue, 15 Jun 2021 13:00:00 GMT
Vary: X-Or-Diff-From-Consensus
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 193.23.244.244:80 -> 192.168.56.101:49206 | 2522324 | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 325 | Misc Attack |
| TCP 192.168.56.101:49202 -> 151.101.40.193:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49203 -> 151.101.40.193:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49206 -> 193.23.244.244:80 | 2028914 | ET POLICY TOR Consensus Data Requested | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49206 -> 193.23.244.244:80 | 2221033 | SURICATA HTTP Request abnormal Content-Encoding header | Generic Protocol Command Decode |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49202 151.101.40.193:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Francisco, O=Imgur, Inc., CN=*.imgur.com | f4:34:6e:0c:34:5f:9f:d4:b5:ef:1c:cf:a5:e9:c1:67:1b:65:2a:a7 |
|
TLSv1 192.168.56.101:49203 151.101.40.193:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Francisco, O=Imgur, Inc., CN=*.imgur.com | f4:34:6e:0c:34:5f:9f:d4:b5:ef:1c:cf:a5:e9:c1:67:1b:65:2a:a7 |
Snort Alerts
No Snort Alerts