Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| api2.hcaptcha.com | 104.16.169.131 |
GET
404
https://api2.hcaptcha.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: api2.hcaptcha.com
HTTP/1.1 404 Not Found
Date: Mon, 04 Sep 2023 18:16:56 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 14
Connection: keep-alive
Set-Cookie: INGRESSCOOKIE=1693851417.083.25.804749|096a0de77d54b543dbeb8225f7f9d6bd; Path=/; HttpOnly
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Set-Cookie: __cflb=02DiuHLwzyAZNoSCVjmGkF3QS9o56H5TWWx5shQhwULTW; SameSite=None; Secure; path=/; expires=Tue, 05-Sep-23 17:16:56 GMT; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 801839f64c37edc1-ICN
alt-svc: h3=":443"; ma=86400
GET
301
http://api2.hcaptcha.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: api2.hcaptcha.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Sep 2023 18:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 04 Sep 2023 19:16:55 GMT
Location: https://api2.hcaptcha.com/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 801839f48ee6934a-ICN
alt-svc: h3=":443"; ma=86400
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 4304
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Mon, 04 Sep 2023 18:17:55 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 7aa085ac-301e-00aa-3452-df3bed000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49173 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49172 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49166 -> 104.16.168.131:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 117.18.232.200:443 -> 192.168.56.101:49174 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49166 104.16.168.131:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 0a:fa:4f:1c:80:d4:c6:2d:96:9a:f1:fc:01:7e:22:72:64:29:52:c7 |
Snort Alerts
No Snort Alerts