Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| oss-yg-cztt.yun.qianxin.com | 58.216.34.67 | |
| hm.baidu.com |
CNAME
hm.e.shifen.com
|
14.215.183.79 |
- TCP Requests
-
-
192.168.56.101:49165 111.45.3.198:443hm.baidu.com
-
192.168.56.101:49166 111.45.3.198:443hm.baidu.com
-
192.168.56.101:49172 52.239.160.33:443
-
192.168.56.101:49173 52.239.160.33:443
-
192.168.56.101:49168 58.216.34.67:443oss-yg-cztt.yun.qianxin.com
-
192.168.56.101:49169 58.216.34.67:443oss-yg-cztt.yun.qianxin.com
-
GET
200
https://hm.baidu.com/hm.js?62ba181f96e836dd47ca37d8c72dfc33
REQUEST
RESPONSE
BODY
GET /hm.js?62ba181f96e836dd47ca37d8c72dfc33 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 0
Date: Fri, 02 May 2025 15:58:52 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8
GET
200
https://oss-yg-cztt.yun.qianxin.com/ti-portal-upload-s3/logo-zh.png
REQUEST
RESPONSE
BODY
GET /ti-portal-upload-s3/logo-zh.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: oss-yg-cztt.yun.qianxin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 15810
Connection: keep-alive
Date: Fri, 02 May 2025 15:58:53 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 30 Apr 2025 03:53:36 GMT
x-rgw-object-type: Normal
ETag: "27afafd55cfebdbd1e650ba887101e11"
x-amz-request-id: tx000003ecb44f0ab0a045f-006814ebbd-11f1d34-default
Server: APISIX/2.15.0
Expires: 10800s
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49173 52.239.160.33:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net | b2:4f:3d:bf:b7:4e:09:4d:12:54:6c:82:6e:50:6d:72:8f:49:b1:1a |
|
TLSv1 192.168.56.101:49166 111.45.3.198:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | ef:0f:be:13:02:e2:c4:d4:89:ba:8f:ba:88:ef:6f:95:dc:cf:7b:e0 |
|
TLSv1 192.168.56.101:49165 111.45.3.198:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | ef:0f:be:13:02:e2:c4:d4:89:ba:8f:ba:88:ef:6f:95:dc:cf:7b:e0 |
|
TLSv1 192.168.56.101:49168 58.216.34.67:443 |
C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G3 | CN=*.yun.qianxin.com | cf:ba:ec:87:ea:d1:d6:8a:d6:6c:67:b6:c9:d6:d5:8d:ed:a4:39:cb |
|
TLSv1 192.168.56.101:49169 58.216.34.67:443 |
C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G3 | CN=*.yun.qianxin.com | cf:ba:ec:87:ea:d1:d6:8a:d6:6c:67:b6:c9:d6:d5:8d:ed:a4:39:cb |
|
TLSv1 192.168.56.101:49172 52.239.160.33:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net | b2:4f:3d:bf:b7:4e:09:4d:12:54:6c:82:6e:50:6d:72:8f:49:b1:1a |
Snort Alerts
No Snort Alerts