Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.google.com | 172.217.25.164 |
GET
200
https://www.google.com/search?q=t+mobile+login&source=hp&ei=jWInZICdLYLQkPIPlrCG8AQ&oq=tmobile+lo&gs_lcp=ChFtb2JpbGUtZ3dzLXdpei1ocBABGAAyBwgAEIAEEAoyCAgAEIAEEMkDMggIABCKBRCSAzILCAAQgAQQsQMQgwEyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgsIKRCABBCxAxCDAToCCCk6DggAEI8BEOoCEIwDEOUCOg4ILhCPARDqAhCMAxDlAjoICAAQgAQQsQM6DgguEIAEELEDEIMBENQCOgsILhCABBDHARCvAToNCC4QgAQQxwEQ0QMQCjoKCAAQgAQQyQMQCjoKCAAQgAQQkgMQCjoQCC4QgAQQsQMQxwEQ0QMQClDWDFiRZ2CLb2gAcAB4AIAB5AGIAa4NkgEFMC44LjKYAQCgAQGwARQ&sclient=mobile-gws-wiz-hp
REQUEST
RESPONSE
BODY
GET /search?q=t+mobile+login&source=hp&ei=jWInZICdLYLQkPIPlrCG8AQ&oq=tmobile+lo&gs_lcp=ChFtb2JpbGUtZ3dzLXdpei1ocBABGAAyBwgAEIAEEAoyCAgAEIAEEMkDMggIABCKBRCSAzILCAAQgAQQsQMQgwEyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgsIKRCABBCxAxCDAToCCCk6DggAEI8BEOoCEIwDEOUCOg4ILhCPARDqAhCMAxDlAjoICAAQgAQQsQM6DgguEIAEELEDEIMBENQCOgsILhCABBDHARCvAToNCC4QgAQQxwEQ0QMQCjoKCAAQgAQQyQMQCjoKCAAQgAQQkgMQCjoQCC4QgAQQsQMQxwEQ0QMQClDWDFiRZ2CLb2gAcAB4AIAB5AGIAa4NkgEFMC44LjKYAQCgAQGwARQ&sclient=mobile-gws-wiz-hp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sat, 01 Apr 2023 01:17:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-72rzar6MBC_jT0sW5KjIrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Encoding: gzip
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-01-01; expires=Mon, 01-May-2023 01:17:55 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZeyJcQmjWkrgYNX2xss4Q-NdvYKV4q6sAly1z0ay_aVUiQC9IQw2Q; expires=Thu, 28-Sep-2023 01:17:55 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=YLb-IBI5w94ZVQxyP7jdzO_V5aD7JTdlKatJT0EZZGS8XFtfS1JygJnecnIN3xqv696HI-P-nANR1UjIrKSLPVqw6FkvfkRKD9qDgAFLmOe_hY3wXXE22TYfbazYkEwlx3FWjv25K-0IcNmB36U2Yngd-FrP_A9a1LGl9zysvMU; expires=Sun, 01-Oct-2023 01:17:55 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET
0
https://www.google.com/images/branding/searchlogo/1x/googlelogo_desk_heirloom_color_150x55dp.gif
REQUEST
RESPONSE
BODY
GET /images/branding/searchlogo/1x/googlelogo_desk_heirloom_color_150x55dp.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.google.com/search?q=t+mobile+login&source=hp&ei=jWInZICdLYLQkPIPlrCG8AQ&oq=tmobile+lo&gs_lcp=ChFtb2JpbGUtZ3dzLXdpei1ocBABGAAyBwgAEIAEEAoyCAgAEIAEEMkDMggIABCKBRCSAzILCAAQgAQQsQMQgwEyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgsIKRCABBCxAxCDAToCCCk6DggAEI8BEOoCEIwDEOUCOg4ILhCPARDqAhCMAxDlAjoICAAQgAQQsQM6DgguEIAEELEDEIMBENQCOgsILhCABBDHARCvAToNCC4QgAQQxwEQ0QMQCjoKCAAQgAQQyQMQCjoKCAAQgAQQkgMQCjoQCC4QgAQQsQMQxwEQ0QMQClDWDFiRZ2CLb2gAcAB4AIAB5AGIAa4NkgEFMC44LjKYAQCgAQGwARQ&sclient=mobile-gws-wiz-hp
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: www.google.com
If-Modified-Since: Tue, 22 Oct 2019 18:30:00 GMT
Connection: Keep-Alive
Cookie: 1P_JAR=2023-04-01-01; NID=511=YLb-IBI5w94ZVQxyP7jdzO_V5aD7JTdlKatJT0EZZGS8XFtfS1JygJnecnIN3xqv696HI-P-nANR1UjIrKSLPVqw6FkvfkRKD9qDgAFLmOe_hY3wXXE22TYfbazYkEwlx3FWjv25K-0IcNmB36U2Yngd-FrP_A9a1LGl9zysvMU; AEC=AUEFqZeyJcQmjWkrgYNX2xss4Q-NdvYKV4q6sAly1z0ay_aVUiQC9IQw2Q
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 12755
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Sat, 01 Apr 2023 01:18:54 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9dd09428-f01e-00b7-6f1a-64e207000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49164 -> 172.217.27.36:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49171 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49165 -> 172.217.27.36:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49172 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 117.18.232.200:443 -> 192.168.56.101:49173 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49164 172.217.27.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | d3:51:df:2c:c5:59:90:61:21:b2:f2:a0:d7:43:4e:06:00:25:af:c9 |
|
TLSv1 192.168.56.101:49165 172.217.27.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | d3:51:df:2c:c5:59:90:61:21:b2:f2:a0:d7:43:4e:06:00:25:af:c9 |
Snort Alerts
No Snort Alerts