Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| telete.in | 195.201.225.248 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
https://telete.in/hcatknife
REQUEST
RESPONSE
BODY
GET /hcatknife HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Host: telete.in
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 09 Mar 2021 06:22:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=6cdbcbbcccde809c82_10052921612094537728; expires=Wed, 10 Mar 2021 06:22:06 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=35768000
GET
200
https://telete.in/hcatknife
REQUEST
RESPONSE
BODY
GET /hcatknife HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Host: telete.in
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 09 Mar 2021 06:22:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=4d13e05fcd602c0d04_1874897516124448586; expires=Wed, 10 Mar 2021 06:22:12 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=35768000
GET
200
https://telete.in/hcatknife
REQUEST
RESPONSE
BODY
GET /hcatknife HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Host: telete.in
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 09 Mar 2021 06:22:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=7566ffdfc48237c888_12610770897996953100; expires=Wed, 10 Mar 2021 06:22:17 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=35768000
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49814 -> 195.201.225.248:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49814 195.201.225.248:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=telecut.in | 14:8d:58:21:b9:91:38:b0:2c:1f:8b:a9:83:d2:f9:89:84:11:99:e2 |
Snort Alerts
No Snort Alerts