Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| iplogger.com | 148.251.234.93 | |
| 14mmf.za.com | 104.21.54.36 |
GET
0
https://14mmf.za.com/analytics.php?pub=a02&guid=017bd04f-b3bf-45b6-8167-9e8f41ff87bf&sign=178004f0465ebfb5
REQUEST
RESPONSE
BODY
GET /analytics.php?pub=a02&guid=017bd04f-b3bf-45b6-8167-9e8f41ff87bf&sign=178004f0465ebfb5 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
Host: 14mmf.za.com
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49163 -> 148.251.234.93:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 148.251.234.93:443 -> 192.168.56.101:49164 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.101:49161 -> 104.21.54.36:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49161 104.21.54.36:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=14mmf.za.com | aa:41:3d:d8:cf:f6:f8:cf:3e:b5:c5:dd:03:65:99:87:f3:4f:f5:36 |
Snort Alerts
No Snort Alerts