Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ControllerFinallineballinglove33.webredirect.org | 79.134.225.70 | |
| www.google.com | 172.217.175.68 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 19 Oct 2021 00:23:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-10-19-00; expires=Thu, 18-Nov-2021 00:23:13 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=GirY5Tt8HMmGurS6hRc1mMm_Lwx0uvaldQTdgoSaENHNqjNPhN5_OMEIlAWMawv_9XRCExhV7OGpBi_jn_859dpsVuNF2U3mn3toNGfGfAtbjiAVWyaDwCZAZuVqGTdtwM6Rh-quvzBLTIuTVTz_NpPf7Poj85T_aCunCppR1i0; expires=Wed, 20-Apr-2022 00:23:13 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
0
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: SUID=M; domain=.bing.com; expires=Wed, 20-Oct-2021 00:23:13 GMT; path=/
Set-Cookie: MUID=3E0E14FC8582646007EC0429842065AB; domain=.bing.com; expires=Sun, 13-Nov-2022 00:23:13 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=3E0E14FC8582646007EC0429842065AB; expires=Sun, 13-Nov-2022 00:23:13 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=1385D36E29746D82136BC3BB28D66C5E; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 13-Nov-2022 00:23:13 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:13 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=F6A47BEAA2D6474D959CDE6B4D45D0E8&dmnchg=1; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:13 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20211019; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:13 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:13 GMT; path=/
Set-Cookie: _SS=SID=1385D36E29746D82136BC3BB28D66C5E; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 18-Oct-2021 00:23:13 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0xMC0xOVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:13 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: C361B05AEF354EABAB238BEAB81A8187 Ref B: SLAEDGE0712 Ref C: 2021-10-19T00:23:13Z
Date: Tue, 19 Oct 2021 00:23:12 GMT
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 19 Oct 2021 00:23:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-10-19-00; expires=Thu, 18-Nov-2021 00:23:32 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=iYXh-MKU8P1r8FEhskAGd4VFUjQAuDdH0K62zfkIrJO_e0WOC0HXgFy-A7KxT7WW5V1oObYZb_DZFMbO5gFnI5bj_og3Fwz7h8_d29RSl0HrjleNNZGCYHhnb91HgyhAHi9WLmHjkZbh8EkZMDGRbmvEd19QzgKdJ756yVBwwVw; expires=Wed, 20-Apr-2022 00:23:32 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
0
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: SUID=M; domain=.bing.com; expires=Wed, 20-Oct-2021 00:23:32 GMT; path=/
Set-Cookie: MUID=02544D6BB8D56ED61A605DBEB99E6F8B; domain=.bing.com; expires=Sun, 13-Nov-2022 00:23:32 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=02544D6BB8D56ED61A605DBEB99E6F8B; expires=Sun, 13-Nov-2022 00:23:32 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=25AC9C1D202A652920CC8CC8216164D0; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 13-Nov-2022 00:23:32 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:32 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=5CDCF0E7C0704251B3E61B1108EFF072&dmnchg=1; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:32 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20211019; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:32 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:32 GMT; path=/
Set-Cookie: _SS=SID=25AC9C1D202A652920CC8CC8216164D0; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 18-Oct-2021 00:23:32 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0xMC0xOVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjF9; domain=.bing.com; expires=Thu, 19-Oct-2023 00:23:32 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: F7121350041C4C069DF447A6D2EE3DA5 Ref B: SLAEDGE0321 Ref C: 2021-10-19T00:23:32Z
Date: Tue, 19 Oct 2021 00:23:32 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49201 -> 13.107.21.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49198 -> 142.250.66.132:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49206 -> 142.250.204.132:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49207 -> 13.107.21.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49210 -> 79.134.225.70:7719 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49201 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | af:e3:17:ed:18:4a:d9:1c:24:8a:89:d5:ac:11:b3:27:96:02:37:c8 |
|
TLSv1 192.168.56.101:49198 142.250.66.132:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 81:d3:b1:30:44:e4:01:e1:77:92:f3:6a:43:36:6a:ad:ee:99:4f:36 |
|
TLSv1 192.168.56.101:49206 142.250.204.132:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 81:d3:b1:30:44:e4:01:e1:77:92:f3:6a:43:36:6a:ad:ee:99:4f:36 |
|
TLSv1 192.168.56.101:49207 13.107.21.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | af:e3:17:ed:18:4a:d9:1c:24:8a:89:d5:ac:11:b3:27:96:02:37:c8 |
|
TLSv1 192.168.56.101:49210 79.134.225.70:7719 |
CN=AsyncRAT | CN=AsyncRAT | fd:3a:76:f4:19:1c:47:8f:7d:e0:14:91:b4:31:4f:bd:98:b2:e8:ce |
Snort Alerts
No Snort Alerts