Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| passport.weibo.com |
CNAME
login.sina.com.cn
|
36.51.224.27 |
| weibo.com | 36.51.224.114 |
GET
302
https://weibo.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Host: weibo.com
HTTP/1.1 302 Found
Server: wServer
Date: Tue, 03 Oct 2023 22:40:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 355
Connection: keep-alive
Vary: Origin
set-cookie: XSRF-TOKEN=GUorVIm9IyZJy4Xsy5cBUh8l; path=/; secure
X-Login-visitor: true
Location: https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2F&domain=weibo.com&_rand=1696372813674&sudaref=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-download-options: noopen
x-readtime: 0
PROC_NODE: mapi-weibopro-node-bypass-67c884f9cc-4hmjj
PROC_NODE: mapi-weibopro-node-bypass-67c884f9cc-4hmjj
SSL_NODE: ssl-003.mweibo.hk.intra.weibo.cn
LB: 36.51.224.53
X-Wag-Info: bWFwaV9m
GET
200
https://passport.weibo.com/visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2F&domain=weibo.com&_rand=1696372813674&sudaref=
REQUEST
RESPONSE
BODY
GET /visitor/visitor?entry=miniblog&a=enter&url=https%3A%2F%2Fweibo.com%2F&domain=weibo.com&_rand=1696372813674&sudaref= HTTP/1.1
Connection: Keep-Alive
Host: passport.weibo.com
Cookie: XSRF-TOKEN=GUorVIm9IyZJy4Xsy5cBUh8l
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Oct 2023 22:40:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Pragma: no-cache
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Via-SSL: ssl.32.sinag1.hyds.lb.sinanode.com
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49161 -> 36.51.224.53:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49162 -> 36.51.224.27:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49161 36.51.224.53:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1 | C=CN, ST=Beijing, O=Sina.com Technology(China)Co.,ltd, CN=weibo.cn | 79:ba:c8:0e:94:43:4a:82:24:d9:a7:d4:07:56:67:c1:6b:ed:51:bb |
|
TLSv1 192.168.56.103:49162 36.51.224.27:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1 | C=CN, ST=Beijing, O=Sina.com Technology(China)Co.,ltd, CN=sina.com | d8:ca:c3:ab:c9:0b:74:8c:48:4d:64:e8:35:c3:6c:95:f2:de:cb:fa |
Snort Alerts
No Snort Alerts