Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.google.com | 172.217.31.132 |
- UDP Requests
-
-
192.168.56.103:51935 164.124.101.2:53
-
192.168.56.103:60117 164.124.101.2:53
-
192.168.56.103:60880 164.124.101.2:53
-
192.168.56.103:63183 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:63186 239.255.255.250:1900
-
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2021 23:08:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-11-09-23; expires=Thu, 09-Dec-2021 23:08:15 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=SMaqSjxOLY9A_JCQTt8r5rlNT2wJCv55y4GJ4rNkANhGZq5IQz-TcjSRCHMaiEr80yUPb-QggHfNr0I52rvLt6c6ofKZxt3Ndgp6GSAofF8cAjyp80B4fbSm-qCM29_sndJrn7WzvF8ruiTOq8pyL5faoZ3ph0DvrwjUHyuC19g; expires=Wed, 11-May-2022 23:08:15 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
0
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: SUID=M; domain=.bing.com; expires=Wed, 10-Nov-2021 23:08:15 GMT; path=/
Set-Cookie: MUID=198F07D6F3C465E4395D173CF28F645A; domain=.bing.com; expires=Sun, 04-Dec-2022 23:08:15 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=198F07D6F3C465E4395D173CF28F645A; expires=Sun, 04-Dec-2022 23:08:15 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=01194FBAC96D6E4C23B25F50C8266F6B; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 04-Dec-2022 23:08:15 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 09-Nov-2023 23:08:15 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=F16B033E125A4E7FBDD89B4DD1FCC4E6&dmnchg=1; domain=.bing.com; expires=Thu, 09-Nov-2023 23:08:15 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20211109; domain=.bing.com; expires=Thu, 09-Nov-2023 23:08:15 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 09-Nov-2023 23:08:15 GMT; path=/
Set-Cookie: _SS=SID=01194FBAC96D6E4C23B25F50C8266F6B; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 08-Nov-2021 23:08:15 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0xMS0wOVQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; domain=.bing.com; expires=Thu, 09-Nov-2023 23:08:15 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: 55CCE1BD0E6B414AA3A5B5EA3C9F9226 Ref B: SLAEDGE0311 Ref C: 2021-11-09T23:08:15Z
Date: Tue, 09 Nov 2021 23:08:15 GMT
GET
200
https://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2021 23:09:00 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-11-09-23; expires=Thu, 09-Dec-2021 23:09:00 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=OzYVxTz9545jgLS6r7KpXuA1kRs9epOAXQ3Hr6kvtR7wZwed7q-GgdsBtyitmNoh57T4UiulGvgXezdqpiQ1B_Ob8VARioIhEK-N1y1xDKcwn8WuJS5wRUPiRQHIj4cSZfwCoEXhJwbUqlyV2uWIo1bd19eP8_JzUwoiv59gdy4; expires=Wed, 11-May-2022 23:09:00 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
0
https://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: SUID=M; domain=.bing.com; expires=Wed, 10-Nov-2021 23:09:00 GMT; path=/
Set-Cookie: MUID=2E6CDC30677C6C820C0ACCDA66376DC4; domain=.bing.com; expires=Sun, 04-Dec-2022 23:09:00 GMT; path=/; secure; SameSite=None
Set-Cookie: MUIDB=2E6CDC30677C6C820C0ACCDA66376DC4; expires=Sun, 04-Dec-2022 23:09:00 GMT; path=/
Set-Cookie: _EDGE_S=F=1&SID=2217CE82D4C265E51C9CDE68D589649C; domain=.bing.com; path=/
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 04-Dec-2022 23:09:00 GMT; path=/
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 09-Nov-2023 23:09:00 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=072AD44A3F2C4DC5AAC39B802EB1A3D3&dmnchg=1; domain=.bing.com; expires=Thu, 09-Nov-2023 23:09:00 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20211109; domain=.bing.com; expires=Thu, 09-Nov-2023 23:09:00 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko; domain=.bing.com; expires=Thu, 09-Nov-2023 23:09:00 GMT; path=/
Set-Cookie: _SS=SID=2217CE82D4C265E51C9CDE68D589649C; domain=.bing.com; path=/
Set-Cookie: ULC=; domain=.bing.com; expires=Mon, 08-Nov-2021 23:09:00 GMT; path=/
Set-Cookie: _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0xMS0wOVQwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; domain=.bing.com; expires=Thu, 09-Nov-2023 23:09:00 GMT; path=/
X-SNR-Routing: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Cache: CONFIG_NOCACHE
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: D1EE4D679B524D2B82C2D980F2F8061B Ref B: SLAEDGE0413 Ref C: 2021-11-09T23:09:00Z
Date: Tue, 09 Nov 2021 23:09:00 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49161 -> 172.217.24.68:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49168 -> 204.79.197.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49163 -> 204.79.197.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49167 -> 172.217.24.68:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49161 172.217.24.68:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 5e:4b:8f:b5:bf:60:fd:ba:f1:72:07:9b:d3:3a:35:d8:d0:3b:75:57 |
|
TLSv1 192.168.56.103:49168 204.79.197.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | af:e3:17:ed:18:4a:d9:1c:24:8a:89:d5:ac:11:b3:27:96:02:37:c8 |
|
TLSv1 192.168.56.103:49163 204.79.197.200:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=www.bing.com | af:e3:17:ed:18:4a:d9:1c:24:8a:89:d5:ac:11:b3:27:96:02:37:c8 |
|
TLSv1 192.168.56.103:49167 172.217.24.68:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 5e:4b:8f:b5:bf:60:fd:ba:f1:72:07:9b:d3:3a:35:d8:d0:3b:75:57 |
Snort Alerts
No Snort Alerts