Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| feaser2347.club | ||
| aws.amazon.com | 13.225.123.73 |
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://aws.amazon.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Host: aws.amazon.com
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: Server
Date: Thu, 25 Mar 2021 00:21:51 GMT
x-amz-rid: W087PK1B50M9HG8MY9JS
Set-Cookie: aws-priv=eyJ2IjoxLCJldSI6MCwic3QiOjB9; Version=1; Comment="Anonymous cookie for privacy regulations"; Domain=.aws.amazon.com; Max-Age=31536000; Expires=Fri, 25-Mar-2022 00:21:51 GMT; Path=/
Set-Cookie: aws-csds-token=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MTY2MzUzMTEsInZpc2l0b3ItaWQiOiJjMmJjMzM2MS0yM2U4LTAwNDItMmRkYS0zMjdkMTgyNzdhMDQiLCJpcCI6IjE3NS4yMDguMTM0LjE1MCJ9.sYjp_0qGa88kfzJ-R1AU2NrN65OEUGgLFxuoUHjxg-I; Version=1; Comment="Anonymous metrics validation token"; Domain=.amazon.com; Max-Age=900; Expires=Thu, 25-Mar-2021 00:36:51 GMT; Path=/
Set-Cookie: aws_lang=en; Domain=.amazon.com; Path=/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
x-amz-id-1: W087PK1B50M9HG8MY9JS
Last-Modified: Wed, 24 Mar 2021 18:38:26 GMT
Vary: accept-encoding,Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
X-Cache: Miss from cloudfront
Via: 1.1 a69fc2b4103cbb94951b080431e68ca0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C2
X-Amz-Cf-Id: omfn8bfmPEqboUzovQf6zsRDk8DC_gDSzS-NiNa5EsjHtGqVtpNeHg==
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49199 -> 13.225.123.73:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49199 13.225.123.73:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=aws.amazon.com | f7:53:97:5e:76:1e:fb:f6:70:72:02:95:d5:9f:2f:05:52:79:5d:ae |
Snort Alerts
No Snort Alerts