Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| raw.githubusercontent.com | 185.199.109.133 | |
| abolhb.com | 176.97.210.4 |
GET
200
https://raw.githubusercontent.com/76bh/img/main/Imagenep.png
REQUEST
RESPONSE
BODY
GET /76bh/img/main/Imagenep.png HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 31476
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: image/png
ETag: "0aee22d8b1a8775302266ace0e8334efbe5be1447d6735d7fc3415ee954bc813"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: BF97:2AB9A6:1A85B8:5E1D01:6805B961
Accept-Ranges: bytes
Date: Mon, 21 Apr 2025 03:20:02 GMT
Via: 1.1 varnish
X-Served-By: cache-icn1450032-ICN
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1745205602.667110,VS0,VE444
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ad183a3361acee8512860571ea16773ea0cf6815
Expires: Mon, 21 Apr 2025 03:25:02 GMT
Source-Age: 0
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49166 -> 185.199.110.133:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49166 185.199.110.133:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.github.io | 8c:ff:59:e5:8e:c4:fa:76:fe:af:2d:c5:c0:d4:13:6a:77:2d:f9:91 |
Snort Alerts
No Snort Alerts