Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| perfectionscommunication.com | 132.148.131.53 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
https://perfectionscommunication.com/wp-content/languages/firefox.lnk
REQUEST
RESPONSE
BODY
GET /wp-content/languages/firefox.lnk HTTP/1.1
Host: perfectionscommunication.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 21 Jun 2021 12:00:56 GMT
Server: Apache
Last-Modified: Fri, 18 Jun 2021 13:11:20 GMT
Accept-Ranges: bytes
Content-Length: 1379
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-ms-shortcut
GET
200
https://perfectionscommunication.com/wp-content/languages/Microsoft.jpg
REQUEST
RESPONSE
BODY
GET /wp-content/languages/Microsoft.jpg HTTP/1.1
Host: perfectionscommunication.com
HTTP/1.1 200 OK
Date: Mon, 21 Jun 2021 12:00:56 GMT
Server: Apache
Last-Modified: Fri, 18 Jun 2021 12:23:22 GMT
Accept-Ranges: bytes
Content-Length: 288
Content-Type: image/jpeg
GET
200
https://perfectionscommunication.com/wp-content/languages/bHA6E6GTarMBgLEd.jpg
REQUEST
RESPONSE
BODY
GET /wp-content/languages/bHA6E6GTarMBgLEd.jpg HTTP/1.1
Host: perfectionscommunication.com
HTTP/1.1 200 OK
Date: Mon, 21 Jun 2021 12:00:56 GMT
Server: Apache
Last-Modified: Fri, 18 Jun 2021 11:55:05 GMT
Accept-Ranges: bytes
Content-Length: 1030186
Content-Type: image/jpeg
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49810 -> 132.148.131.53:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49810 132.148.131.53:443 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=perfectionscommunication.com | 55:b2:03:dc:65:55:3b:04:f5:22:b8:ee:52:96:8c:95:6f:41:4a:d9 |
Snort Alerts
No Snort Alerts