Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 8dyv.alemention.ru | 81.177.140.11 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:57661 239.255.255.250:3702
-
GET
200
https://8dyv.alemention.ru/SystemNetMailMailHeaderInfoD
REQUEST
RESPONSE
BODY
GET /SystemNetMailMailHeaderInfoD HTTP/1.1
Host: 8dyv.alemention.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 10:17:11 GMT
Content-Type: text/html
Content-Length: 310731
Connection: keep-alive
Server: Jino.ru/mod_pizza
Last-Modified: Fri, 19 Mar 2021 21:26:01 GMT
ETag: "a4c12f4-4bdcb-5bdea5ce3039b"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49807 -> 81.177.140.11:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49807 81.177.140.11:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.8dyv.alemention.ru | c3:4b:3d:b4:84:ee:53:13:ed:8b:f0:63:50:91:bc:53:fa:3c:5a:a8 |
Snort Alerts
No Snort Alerts