Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
ipbase.com | 104.21.85.189 | |
freegeoip.app | 172.67.160.84 |
GET
301
https://freegeoip.app/xml/
REQUEST
RESPONSE
BODY
GET /xml/ HTTP/1.1
Host: freegeoip.app
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Mon, 08 Jul 2024 00:52:02 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 08 Jul 2024 01:52:02 GMT
Location: https://ipbase.com/xml/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUrVtlVxrz9tmTZE2Aw68fPuO2MzueGVQDgCY%2BJK3L6BRM7kVE1r%2FPBEI06m4Zwym4VoG6ChaAR686oTVj%2B%2Fquv8v5boAtVJgDePuEyMA9ekZMwdkDTYxz6inFpwJ4iW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89fc16dabbba52a7-LAX
alt-svc: h3=":443"; ma=86400
GET
404
https://ipbase.com/xml/
REQUEST
RESPONSE
BODY
GET /xml/ HTTP/1.1
Host: ipbase.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Mon, 08 Jul 2024 00:52:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Age: 95191
Cache-Control: public,max-age=0,must-revalidate
Cache-Status: "Netlify Edge"; hit
Vary: Accept-Encoding
X-Nf-Request-Id: 01J27X71S94W0YFZHXCR5QZFSC
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ahyLro%2BxWoH0MX1E6EKp7mwRb3JJw%2BDrIjZcFqSwGBY0wYFo6ymxhwXSwqpqo9NQ79QBL3JIIxiWplIwrS9tPf2yh3d49njC5vMPOJmQgu0rNm0GLZc8c6p8ue5G"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89fc16de8e352b9e-LAX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49163 -> 104.21.73.97:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
UDP 192.168.56.103:64894 -> 164.124.101.2:53 | 2036560 | ET INFO External IP Lookup Domain Domain in DNS Lookup (ipbase .com) | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 172.67.209.71:443 | 2036561 | ET INFO Observed External IP Lookup Domain (ipbase .com in TLS SNI) | Potentially Bad Traffic |
TCP 192.168.56.103:49164 -> 172.67.209.71:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49163 104.21.73.97:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=freegeoip.app | c0:39:22:a5:ab:70:fc:41:fb:5a:a7:05:42:53:6a:f9:23:be:8b:89 |
TLSv1 192.168.56.103:49164 172.67.209.71:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=ipbase.com | fc:09:7a:de:bd:0b:8f:40:75:31:bd:ac:0d:dc:c8:86:94:db:7d:cf |
Snort Alerts
No Snort Alerts