Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| best-calc.ru | 176.9.121.140 | |
| www.google-analytics.com | 142.250.207.110 | |
| hamstersoft-app-install.s3.eu-west-2.amazonaws.com | 52.95.142.38 |
GET
200
http://best-calc.ru/api/1/update/?
REQUEST
RESPONSE
BODY
GET /api/1/update/? HTTP/1.1
host: best-calc.ru
accept: application/json
Connection: close
HTTP/1.1 200 OK
Server: nginx/1.13.9
Date: Thu, 27 Apr 2023 00:54:22 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 226
Connection: close
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49161 -> 3.5.244.142:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49161 3.5.244.142:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.eu-west-2.amazonaws.com | 01:4c:50:3e:74:45:88:c6:01:3c:ec:37:59:e3:3c:3f:c1:bc:32:83 |
|
TLS 1.2 192.168.56.103:49176 172.217.27.14:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google-analytics.com | 07:22:19:79:30:9e:4c:35:4e:21:bd:55:7d:44:2f:a9:71:9e:4c:aa |
Snort Alerts
No Snort Alerts