Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| o4505838714748928.ingest.sentry.io | 34.120.195.249 | |
| cacerts.digicert.com |
CNAME
fp2e7a.wpc.phicdn.net
|
152.195.38.76 |
| api.db-ip.com | 104.26.5.15 |
GET
200
https://api.db-ip.com/v2/free/self
REQUEST
RESPONSE
BODY
GET /v2/free/self HTTP/1.1
accept: */*
host: api.db-ip.com
HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 00:34:22 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-control: max-age=1800
X-IPLB-Request-ID: AC4631C5:788C_93878F2E:0050_650E328E_24090599:2467B
X-IPLB-Instance: 30783
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 23 Sep 2023 00:15:56 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gGOSl2JGg09HOrIkvgCj%2BfO98XfzJ32CVRFz7V0JPUVawen4oDDrrS4UQBdGLM%2Fz0pnjr%2FL2wF5fwFWOXbStk2Sa09TrHWQKXe%2BriQ5T077Vv7ICM8GgEmSueba1n4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 80aeb39abd0a0a42-KIX
alt-svc: h3=":443"; ma=86400
GET
200
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
REQUEST
RESPONSE
BODY
GET /DigiCertGlobalRootG2.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 79805
cache-control: max-age=172800, public
Content-Type: application/pkix-cert
Date: Sat, 23 Sep 2023 00:34:22 GMT
Etag: "5a286417-392"
expires: Mon, 25 Sep 2023 00:34:22 GMT
last-modified: Wed, 06 Dec 2017 21:41:43 GMT
Server: ECAcc (tkc/BECE)
X-Cache: HIT
Content-Length: 914
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49164 -> 104.26.4.15:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49162 -> 34.120.195.249:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49169 -> 174.138.6.99:8880 | 2039097 | ET HUNTING PNG in HTTP POST (Outbound) | A Network Trojan was detected |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49164 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 14:d1:82:6d:f5:6d:75:19:f1:c8:06:f3:b0:28:0a:2e:a8:63:c5:8b |
|
TLS 1.2 192.168.56.103:49162 34.120.195.249:443 |
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=Sentry, CN=ingest.sentry.io | e6:02:79:bf:9c:ef:53:c1:5d:ba:58:f5:2b:59:51:19:ee:9d:70:91 |
Snort Alerts
No Snort Alerts