Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| i.imgur.com | 146.75.92.193 | |
| i.ibb.co | 172.96.160.210 | |
| ctrip.com | 114.80.56.121 |
GET
200
https://i.imgur.com/pRZqSZX.png
REQUEST
RESPONSE
BODY
GET /pRZqSZX.png HTTP/1.1
Connection: Keep-Alive
Host: i.imgur.com
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 10144297
Content-Type: image/png
Last-Modified: Thu, 05 Oct 2023 18:43:49 GMT
ETag: "9def5ea3d3ef35dd2043619cc6dacc5f"
x-amz-server-side-encryption: AES256
X-Amz-Cf-Pop: IAD12-P2
X-Amz-Cf-Id: i6-wk7go19TYbgv6px5W3qyqlMmx4HUaSI4hNzI0HmKvUFdO43Df6w==
cache-control: public, max-age=31536000
Accept-Ranges: bytes
Age: 45132
Date: Thu, 19 Oct 2023 22:29:46 GMT
X-Served-By: cache-iad-kjyo7100132-IAD, cache-bur-kbur8200082-BUR
X-Cache: Miss from cloudfront, HIT, MISS
X-Cache-Hits: 9, 0
X-Timer: S1697754587.728279,VS0,VE195
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0
X-Content-Type-Options: nosniff
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49163 -> 104.194.8.143:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49162 -> 114.80.56.121:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49166 -> 146.75.92.193:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 104.194.8.143:443 -> 192.168.56.101:49165 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49162 114.80.56.121:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=CN, ST=Shanghai, L=Shanghai, O=Shanghai Ctrip Commerce Co., Ltd., CN=*.ctrip.com | 53:d0:92:1f:b9:1e:9f:7d:20:52:f2:94:de:2a:c2:44:45:3c:c2:62 |
|
TLSv1 192.168.56.101:49166 146.75.92.193:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.imgur.com | d6:4d:45:03:6d:38:f8:fd:ea:af:e5:92:b3:4d:85:a5:6b:af:5c:ec |
Snort Alerts
No Snort Alerts