Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| l.instagram.com | 157.240.11.52 | |
| business.instagram.com | 157.240.11.52 |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:50803 239.255.255.250:1900
-
GET
200
https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg|virtaava
REQUEST
RESPONSE
BODY
GET /?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg|virtaava HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: l.instagram.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
refresh: 1;URL=https://business.instagram.com/micro_site/url/?event_type=click
x-robots-tag: noindex, nofollow
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.instagram.com/error/ig_web_error_reports/?device_level=unknown", permissions_policy="https://www.instagram.com/error/ig_web_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/"}],"group":"permissions_policy"}
content-security-policy-report-only: default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self';font-src *.facebook.com data: *.fbcdn.net *.instagram.com https://fonts.gstatic.com;img-src *.oculuscdn.com *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self';font-src *.facebook.com data: *.fbcdn.net *.instagram.com https://fonts.gstatic.com;img-src *.oculuscdn.com *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-Frame-Options: DENY
x-ua-compatible: IE=edge
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
x-stack: www
Content-Type: text/html; charset="utf-8"
X-FB-Debug: jXV60yQZZocYUhkrxhreDXZvnwZCLbNhGPNPnvSteTXfdYbtHBnK0DXqV0KqUKljZGBCVddZBbsp5kBjxEvEqw==
Date: Mon, 24 Jun 2024 20:26:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
GET
404
https://business.instagram.com/micro_site/url/?event_type=click
REQUEST
RESPONSE
BODY
GET /micro_site/url/?event_type=click HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg|virtaava
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: business.instagram.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
origin-agent-cluster: ?1
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
x-stack: www
Content-Type: text/html; charset="utf-8"
X-FB-Debug: omXHeBVAFoo8Xf3w1gmf7+1PWCF+q7AY1N/It7M8qLGTS9LiYxc/LNU6iWGb2Pe1LnD8UQf5nZBpSXtpoTC2Rg==
Date: Mon, 24 Jun 2024 20:26:12 GMT
Proxy-Status: http_request_error; e_fb_configversion="AcI9hr8qpLRk9Sx6ol6nsKc8xqE3wKjNFeJEqbiTZauwvfX8I4CO24rVb5pgjg"; e_fb_vipport="AcJ8JrnUZdlOemc_sf6klftfOYcGqBOa0z-c-Sg03pJU9NXNBeRZrXuK10ak"; e_upip="AcLXPi8u7K0F1CHbcjDDVbnVNJj7ySyxEl3nNi8b2jFsg74VKQ6IrUDDMV2SAyE62v-fVYkY2kKqWsi0j8kpNhSeHGF74Btf"; e_fb_requestsequencenumber="AcL4QLMP0fo7JOpVV3QLWJXan6kksf_k84MEahHBEI4LqodS0xC5CfypijP3"; e_fb_responsebytes="AcLCJ18lnzrrGzVoNuUQobNV99cOUVlZrMEAOH0Qi3n69xtboZKOzG9vRw"; e_fb_hostheader="AcLhKSvqUbL-QYfRbarK2ivuftipE1_55X34lD1JBvtKluBstV2LF8M5ohI_LaDf4gm5UnX2TPGMn6eyCudwng"; e_fb_vipaddr="AcLSzbc-kFmExg4Qa_asRZd64pGOFTTKTbngb5guDsIFyVrus8Xl9SOA9zcBIiL659MiZ5CoJQL0zCmnKeQC3eHXQcB0ZStOXQ"; e_fb_requesthandler="AcLn0wfZ080w0jI4kXiOkHo8ulswjHUiNsG89qT45YjF3Fqe6dJnlGvRZYH-iGbuPM4Qcgo6Z7s"; e_fb_requesttime="AcINiZnrJCLVxJnLJDMnjGiM6PXxL39vjvn0kEaRRn7uwZJHsoj29vxKCmM6i27ipelFf8HJVQ"; e_fb_builduser="AcIKZI77z-4fqTAsrPMSqqCE7WxLCjWaE47AV9xUPqPnNoLLK2-Ja7HDXNAclUC2Y3g"; e_fb_httpversion="AcLAJBY9tfA0G0d2KpJ-v_xzC6svm8ZUKpNmWX-XzpRqCsWXiEY2M6esXgoS"; e_fb_binaryversion="AcIsFvpE5crO2IonkXTiDI8SXZ04x2lnLSSnA6veGIlFqflqYHgt40u5MQmbNwKED3hHTk0XwpCs2eYVeRXe-lIlEssCl8EgWP0"; e_proxy="AcLVkFasnLweXwIWXmxK0AZNRVXIRmVp-Xpv0OfIUKQBvOvx8pO61xY9kPEI2Z9poQzuvI4YOxlq-L-H1l9u", http_request_error; e_fb_configversion="AcKTSTDi8fy8eBlSJyEhL1Z8_-7k95izc-xxXbTVAEHPdktYeWnKHqnwkoAGmw"; e_fb_vipport="AcIdzDZHmd0r67ALzmLLWQBPxH16PquJchUbSPfOyLZA2eCe4hXK7vlcLaWG"; e_upip="AcIBy-sVHFn-BMoyjBTUy37vBQDXcGPxFCTugqShUnBTunaOYyJ7D9kmiPzu18tuugbPwg6h1WF9KUSu6bPGBlPCPbewAbTYRg"; e_fb_requestsequencenumber="AcKiZB6Qoy8GZGMbYgpAQpI4vBC11yDeziKDpRRdBsxedQ9beIyQK3fHXw"; e_fb_responsebytes="AcKFfRzgnoDSF7qoZZwU7QOJAkZCzC3k7HjhErYHppBe27ZN9uFiMJ3gpA"; e_fb_hostheader="AcLRcSBFHYAXDpEO9CqMHJ44U2W-60qlfv2JCRGKiUqedNGL8_nmbXKe6be3RKpkdHeOYhB7Mc4hxjJ06Mb2Eg"; e_fb_vipaddr="AcIMHVVp_GCqkDpJHlLfnZq7AzdaO19ZtQ6SdBmiUj-I7UyYrxFxx0b7HfiutNIbSRyMIJM2pG8"; e_fb_requesthandler="AcLmkxBmYWfkKWNI4E88EFOqjYeeqAOce5E3i7o_if0rXGccmfPqQSlG13p4U79czlNrYA22bx_Ve1aRz4k"; e_fb_requesttime="AcKjHyEe0kSlHO8xsJm7lsdZfwkYpuwP_d-dU04pPG1rhpJ76J3xytL7kzVKFLGtkTpzbqwIpw"; e_fb_builduser="AcK9oyegM19zjh4lBXBKL8SxJq2bVwvbn3Rjss6EeCoGqn7rT1HCKiUxzgtsly291Fk"; e_fb_httpversion="AcJZK-vf_ZkqPC63bNluD15W_iebyGiHzPuuQYe4rE1ZfC-aksD0HBfot9pj"; e_fb_binaryversion="AcKyLvZoGnc6aFWFt0cOtB656MRCJ7aiKQZdy8VMKwUt0Ed4PXL3W2ixZJrI38Ey7R1kfIBTVFZViJ0QGLlS7DdP_hbxcTwVito"; e_proxy="AcJpfDfywUuFCx2nSs1kfB7lkGehh5U9Ow7cvTUJnyFemvwjOs84mjRAAAlRyWpxkF3GwQk9LBn5uWs"
Connection: keep-alive
Content-Length: 0
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT
If-None-Match: 0x8D871FC7BDF491D
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 10864
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Mon, 24 Jun 2024 20:27:11 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ccea4b82-801e-004a-605b-c6cb8f000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49168 -> 157.240.215.63:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49167 -> 157.240.215.63:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49165 -> 157.240.215.63:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49164 -> 157.240.215.63:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49168 157.240.215.63:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | ba:b0:f5:12:1a:8e:c7:3b:fb:dc:b7:53:e3:ae:a6:18:52:a1:c7:9d |
|
TLSv1 192.168.56.103:49167 157.240.215.63:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | ba:b0:f5:12:1a:8e:c7:3b:fb:dc:b7:53:e3:ae:a6:18:52:a1:c7:9d |
|
TLSv1 192.168.56.103:49165 157.240.215.63:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | ba:b0:f5:12:1a:8e:c7:3b:fb:dc:b7:53:e3:ae:a6:18:52:a1:c7:9d |
|
TLSv1 192.168.56.103:49164 157.240.215.63:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.instagram.com | ba:b0:f5:12:1a:8e:c7:3b:fb:dc:b7:53:e3:ae:a6:18:52:a1:c7:9d |
Snort Alerts
No Snort Alerts