Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
www.instagram.com |
CNAME
geo-p42.instagram.com
|
157.240.215.174 |
instagram.com | 157.240.215.174 |
- TCP Requests
-
-
192.168.56.103:49185 117.18.232.200:80
-
192.168.56.103:49171 157.240.215.174:443instagram.com
-
192.168.56.103:49172 157.240.215.174:443instagram.com
-
192.168.56.103:49173 157.240.215.174:443instagram.com
-
192.168.56.103:49174 157.240.215.174:443instagram.com
-
192.168.56.103:49175 157.240.215.174:443instagram.com
-
192.168.56.103:49176 157.240.215.174:443instagram.com
-
192.168.56.103:49177 157.240.215.174:443instagram.com
-
GET
301
https://instagram.com/accounts/login
REQUEST
RESPONSE
BODY
GET /accounts/login HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: instagram.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Location: https://instagram.com/accounts/login/
Strict-Transport-Security: max-age=15552000
Content-Type: text/html; charset="utf-8"
X-FB-Debug: hJUTq5wBG3+/7XeFOxpDREinpuaWNk3JmYr4gZrgnkGoXkVDuFxpymQpSJM1Ot9lBm9X4Zr8GbGQw8WyDdbMag==
Date: Thu, 11 Jan 2024 22:55:48 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
GET
301
https://instagram.com/accounts/login/
REQUEST
RESPONSE
BODY
GET /accounts/login/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: instagram.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Location: https://www.instagram.com/accounts/login/
Strict-Transport-Security: max-age=15552000
Content-Type: text/html; charset="utf-8"
X-FB-Debug: OQ+btFyECRlUjEVG5bJ3H3a86Bw+H67/z4jNgGJkt0uUwHOlS1oAqRo4AJsGeHkb2b/Lcb34ifUqBE7+TcRoXw==
Date: Thu, 11 Jan 2024 22:55:48 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 0
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT
If-None-Match: 0x8D871FC7BDF491D
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 20615
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Thu, 11 Jan 2024 22:56:47 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2cb0f26f-501e-0054-0ab1-440788000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49173 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49174 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49171 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49172 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49175 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 157.240.215.174:443 -> 192.168.56.103:49176 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.103:49177 -> 157.240.215.174:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49171 157.240.215.174:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | 72:b2:0f:9c:52:65:1e:b6:4f:4c:68:7f:14:65:92:4f:57:75:fb:9d |
TLSv1 192.168.56.103:49172 157.240.215.174:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | 72:b2:0f:9c:52:65:1e:b6:4f:4c:68:7f:14:65:92:4f:57:75:fb:9d |
Snort Alerts
No Snort Alerts