Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| wlnrar.shop | 172.67.177.42 |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.102:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:64897 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
POST
200
https://wlnrar.shop/json.php
REQUEST
RESPONSE
BODY
POST /json.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
User-Agent: WinHTTP Example/1.0
Content-Length: 2
Host: wlnrar.shop
HTTP/1.1 200 OK
Date: Fri, 13 Sep 2024 00:25:36 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/8.0.30
strict-transport-security: max-age=31536000;
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4gjS04CT6JEOSk3YVqykvJhqLxUo%2FW4H7DllnU7pz%2FdzQ%2BFaigsxC59O4HHQTuUa2FeFWxpUKo9k%2B2SMK7gCtuX67JtMv2jauyfmXBCTE%2F9MzFhPd4lpdbgvTIOlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8c2400425e4e150c-LAX
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 104.21.80.99:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49166 104.21.80.99:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=wlnrar.shop | c3:1e:19:20:23:a4:65:b7:fb:17:e6:2e:ea:ed:ba:88:88:97:78:7e |
Snort Alerts
No Snort Alerts