Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.google.com | 172.217.31.164 |
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 13 Aug 2021 00:59:56 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-08-13-00; expires=Sun, 12-Sep-2021 00:59:56 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=221=t17jnpiQC-J7ex-ljEWtTQVDVt6d8vrdeGgC3-pvXT4EJsy3I3YH4kmlMM0YSriMeSebFlH0e61EjTBx-ZF9ABlQLrSCixkwWlNuOn09989ZTouiJiT96xZ3jhyW_3LIfZKS4FLBCTfxVsMsXhlfpcXtUQ2O4u1jOeg5-i94xD4; expires=Sat, 12-Feb-2022 00:59:56 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=2223693BD870621A081679A9D9E36359; domain=.bing.com; expires=Wed, 07-Sep-2022 00:59:57 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=2223693BD870621A081679A9D9E36359; expires=Wed, 07-Sep-2022 00:59:57 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=35B015646FED60C83C2605F66E7E6170; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Wed, 07-Sep-2022 00:59:57 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 13-Aug-2023 00:59:57 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=C1A004C3245842EEA5B98735B5285435&dmnchg=1; domain=.bing.com; expires=Sun, 13-Aug-2023 00:59:57 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210813; domain=.bing.com; expires=Sun, 13-Aug-2023 00:59:57 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Sun, 13-Aug-2023 00:59:57 GMT; path=/
Set-Cookie: _SS=SID=35B015646FED60C83C2605F66E7E6170; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Thu, 12-Aug-2021 00:59:57 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wOC0xM1QwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Sun, 13-Aug-2023 00:59:57 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 35F03ACAC3254620A32F968A4C95C809 Ref B: SLAEDGE1010 Ref C: 2021-08-13T00:59:56Z
Date: Fri, 13 Aug 2021 00:59:56 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49163 -> 172.217.161.132:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49165 -> 13.107.21.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49163 172.217.161.132:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | f8:ac:5b:8f:1a:ee:5d:6b:5e:bc:fc:68:93:41:16:36:29:f6:62:36 |
|
TLSv1 192.168.56.102:49165 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47 |
Snort Alerts
No Snort Alerts