Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| wagwalker.test-app.link | 54.230.61.55 |
- TCP Requests
-
-
192.168.56.101:49173 117.18.232.200:80
-
192.168.56.101:49175 117.18.232.200:443
-
192.168.56.101:49176 117.18.232.200:443
-
192.168.56.101:49177 117.18.232.200:443
-
192.168.56.101:49164 54.230.61.32:80wagwalker.test-app.link
-
192.168.56.101:49166 54.230.61.32:443wagwalker.test-app.link
-
192.168.56.101:49167 54.230.61.32:443wagwalker.test-app.link
-
192.168.56.101:49168 54.230.61.32:443wagwalker.test-app.link
-
GET
307
http://wagwalker.test-app.link/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: wagwalker.test-app.link
Connection: Keep-Alive
HTTP/1.1 307 Temporary Redirect
Transfer-Encoding: chunked
Connection: keep-alive
Server: openresty
Date: Wed, 07 Dec 2022 20:32:03 GMT
Set-Cookie: _s=Am5jtrQIO7tBoba0QY11tfLx%2FMoyGVHNT5zaAfBNXf41LCR1%2F6ZSRlbaxDJfww%2BM; Max-Age=31536000; Domain=.test-app.link; Path=/; Expires=Thu, 07 Dec 2023 20:32:03 GMT; Secure
Location: https://wagwalker.test-app.link/
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Miss from cloudfront
Via: 1.1 dba5364cf4977e7449c51d0675ab93da.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C3
X-Amz-Cf-Id: emDzArbnlEhvSBetvPITFn3jmn5upLDC2azOcfln4yllP2t5Y22D6A==
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 6327
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Wed, 07 Dec 2022 20:33:02 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (osa/2B2E)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a0e8d587-c01e-0051-696c-0af3f7000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 54.230.61.32:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49166 -> 54.230.61.32:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 54.230.61.32:443 -> 192.168.56.101:49168 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.101:49168 -> 54.230.61.32:443 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.101:49176 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49175 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 117.18.232.200:443 -> 192.168.56.101:49177 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts