Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| independent.vittoriocas137.workers.dev | 104.21.12.165 |
GET
200
https://independent.vittoriocas137.workers.dev/hWHU
REQUEST
RESPONSE
BODY
GET /hWHU HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
Host: independent.vittoriocas137.workers.dev
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2023 09:38:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIoT3xuqIQd8ZXw4j%2FVcPQw7HK5C5hRVXTGSi8gsBCx2ajOdas0%2FfRaXb1bSsNhrw2StMI7C3GJ0f5y192xe63vb37u%2BCiaoPe74pG5g8mUqSOi1VbLxaGxPM9PDoJn15NGLQVmo1nne99Z%2FYu5XIEd9LE5Qfezr1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ea2783d6a6a1a15-KIX
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49163 -> 104.21.12.165:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49163 104.21.12.165:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=vittoriocas137.workers.dev | 82:7a:33:57:99:a2:c0:cf:3f:2c:bc:b3:26:c3:4b:ce:ce:da:77:b8 |
Snort Alerts
No Snort Alerts