Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.google.com | 172.217.161.36 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 23 Sep 2021 08:14:44 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-09-23-08; expires=Sat, 23-Oct-2021 08:14:44 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=DxdrcXm9kIKtAz7bRtDZUGSCY5SxTFTA9C3xyQaOWL08-Fzz7I_aIOPT124KEQG0CTGNkca6MutB9HKGa2mK8BEcWEZPvYWWk8wp6T7Mj-dQWjURg6scDuETzF4lMsxuXz1hfZgs1ct0WIpg6EkBw1Z0sbw9dIxX5NhvklbcjkI; expires=Fri, 25-Mar-2022 08:14:44 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=37CDA92138E76ECA282DB99A39746F4E; domain=.bing.com; expires=Tue, 18-Oct-2022 08:14:44 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=37CDA92138E76ECA282DB99A39746F4E; expires=Tue, 18-Oct-2022 08:14:44 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=067171FE4C736E36245961454DE06FC5; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Tue, 18-Oct-2022 08:14:44 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sat, 23-Sep-2023 08:14:44 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=B87D32C48F034E47A25CF5FEE7423F45&dmnchg=1; domain=.bing.com; expires=Sat, 23-Sep-2023 08:14:44 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210923; domain=.bing.com; expires=Sat, 23-Sep-2023 08:14:44 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Sat, 23-Sep-2023 08:14:44 GMT; path=/
Set-Cookie: _SS=SID=067171FE4C736E36245961454DE06FC5; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Wed, 22-Sep-2021 08:14:44 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wOS0yM1QwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Sat, 23-Sep-2023 08:14:44 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 8ED1CE61F42B4D82A0D5F9116FFA8E8C Ref B: SLAEDGE1006 Ref C: 2021-09-23T08:14:44Z
Date: Thu, 23 Sep 2021 08:14:43 GMT
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 23 Sep 2021 08:15:03 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-09-23-08; expires=Sat, 23-Oct-2021 08:15:03 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=ee6kO7-yKHMadWeuC5Ok5_xV5zqiB3mAMxk_npb1A8-yOzvLzwgwElGjH3KnFrO6Rit1QyBx1admN3UW5tLnn-39Ib7xdHUuoIq5Yi2l6eB7wSOoSv4QU-_DA_j6_a5JPM8crrP1zE6cOExPzvh1V40QSd3oDFGPgEoOQwKjhrI; expires=Fri, 25-Mar-2022 08:15:03 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
200
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=2DBAD19506A86AAC1250C12E07E36BFE; domain=.bing.com; expires=Tue, 18-Oct-2022 08:15:03 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=2DBAD19506A86AAC1250C12E07E36BFE; expires=Tue, 18-Oct-2022 08:15:03 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=2A2A0A41D79F63DC02E61AFAD6D462BC; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Tue, 18-Oct-2022 08:15:03 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sat, 23-Sep-2023 08:15:03 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=0D9E8B0DA50E4006908EF33F077C0A4E&dmnchg=1; domain=.bing.com; expires=Sat, 23-Sep-2023 08:15:03 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20210923; domain=.bing.com; expires=Sat, 23-Sep-2023 08:15:03 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Sat, 23-Sep-2023 08:15:03 GMT; path=/
Set-Cookie: _SS=SID=2A2A0A41D79F63DC02E61AFAD6D462BC; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Wed, 22-Sep-2021 08:15:03 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0wOS0yM1QwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Sat, 23-Sep-2023 08:15:03 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: B780E841A11844AA95E83D3CAD94DF7A Ref B: SLAEDGE0308 Ref C: 2021-09-23T08:15:03Z
Date: Thu, 23 Sep 2021 08:15:03 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49207 -> 142.250.66.68:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49200 -> 142.250.204.36:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49208 -> 13.107.21.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49216 -> 185.140.53.52:4488 | 2025019 | ET MALWARE Possible NanoCore C2 60B | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49202 -> 13.107.21.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49207 142.250.66.68:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 55:ef:2b:de:05:29:dc:40:bd:01:d4:2e:b6:8e:2c:25:38:43:6d:72 |
|
TLSv1 192.168.56.101:49200 142.250.204.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 55:ef:2b:de:05:29:dc:40:bd:01:d4:2e:b6:8e:2c:25:38:43:6d:72 |
|
TLSv1 192.168.56.101:49208 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47 |
|
TLSv1 192.168.56.101:49202 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47 |
Snort Alerts
No Snort Alerts