Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| app.ibantrocas.com | 80.78.22.159 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:61482 239.255.255.250:3702
-
192.168.56.101:61484 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://app.ibantrocas.com/counter/
REQUEST
RESPONSE
BODY
GET /counter/ HTTP/1.1
User-Agent: AutoIt
Host: app.ibantrocas.com
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:41:03 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49198 -> 80.78.22.159:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49198 80.78.22.159:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=app.ibantrocas.com | 8c:6a:2a:5d:ae:a8:ec:6f:98:da:02:8b:b2:74:b7:cd:8d:65:68:28 |
Snort Alerts
No Snort Alerts