Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cdn.discordapp.com | 162.159.134.233 | |
| ip-api.com | 208.95.112.1 | |
| yz.videomarket.eu | 185.157.161.205 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:54056
-
GET
200
https://cdn.discordapp.com/attachments/844641656991907850/846437254331367444/ClassLibrary1.dll
REQUEST
RESPONSE
BODY
GET /attachments/844641656991907850/846437254331367444/ClassLibrary1.dll HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 01 Jun 2021 00:25:49 GMT
Content-Type: application/x-msdos-program
Content-Length: 62976
Connection: keep-alive
CF-Ray: 65844e94d8c93537-ICN
Accept-Ranges: bytes
Age: 494533
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=ClassLibrary1.dll
ETag: "be12adb79c30513a8a6eee55be2cae12"
Expires: Wed, 01 Jun 2022 00:25:49 GMT
Last-Modified: Mon, 24 May 2021 17:19:27 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a668f710a000035372f3a1000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1621876767509491
x-goog-hash: crc32c=O6rIow==
x-goog-hash: md5=vhKtt5wwUTqKbu5VviyuEg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62976
X-GUploader-UploadID: ABg5-UzOLK7BbmmoDxo6F0Lw3TKc_kzS5BWGe8hV40a1zg0kEWtkI1ydm5OZRB8-rOvzZYfQ7Qnw-4G8mtqkqQ2FGisHtduUzQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U1KbBdhUMZ5g%2Fgke2bNkydDWa%2FY%2Bxp9FL9OTJL2sKmdhoXgUo%2BzRD9RCfD8KVfMPJWr%2Fqj3Gb1JiYgClSiUrWNzEIlT6Dt%2FZ2nJd15unFX%2FE%2F0DED9xiQMB%2BRZfu4xw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/844641656991907850/846437254331367444/ClassLibrary1.dll
REQUEST
RESPONSE
BODY
GET /attachments/844641656991907850/846437254331367444/ClassLibrary1.dll HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Tue, 01 Jun 2021 00:25:52 GMT
Content-Type: application/x-msdos-program
Content-Length: 62976
Connection: keep-alive
CF-Ray: 65844ea41ab661cb-ICN
Accept-Ranges: bytes
Age: 494536
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=ClassLibrary1.dll
ETag: "be12adb79c30513a8a6eee55be2cae12"
Expires: Wed, 01 Jun 2022 00:25:52 GMT
Last-Modified: Mon, 24 May 2021 17:19:27 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a668f7a92000061cbb503b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1621876767509491
x-goog-hash: crc32c=O6rIow==
x-goog-hash: md5=vhKtt5wwUTqKbu5VviyuEg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62976
X-GUploader-UploadID: ABg5-UzOLK7BbmmoDxo6F0Lw3TKc_kzS5BWGe8hV40a1zg0kEWtkI1ydm5OZRB8-rOvzZYfQ7Qnw-4G8mtqkqQ2FGisHtduUzQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2JBSOV0ojtAbSbfRXDOopOatbBKLlipUZVDbASqvFf6HTEeSrN0g2iwJ43YMX0eHHs8Yw9d8ismoGwxorNJvfTQDO2DA0zDkh3HbgoG5eD9r35j3d0G44kwHtsfPBCA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
0
https://cdn.discordapp.com/attachments/844641656991907850/846437254331367444/ClassLibrary1.dll
REQUEST
RESPONSE
BODY
GET /attachments/844641656991907850/846437254331367444/ClassLibrary1.dll HTTP/1.1
Host: cdn.discordapp.com
GET
200
https://cdn.discordapp.com/attachments/844641656991907850/846437254331367444/ClassLibrary1.dll
REQUEST
RESPONSE
BODY
GET /attachments/844641656991907850/846437254331367444/ClassLibrary1.dll HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Tue, 01 Jun 2021 00:25:52 GMT
Content-Type: application/x-msdos-program
Content-Length: 62976
Connection: keep-alive
CF-Ray: 65844ea43ad561cb-ICN
Accept-Ranges: bytes
Age: 494536
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=ClassLibrary1.dll
ETag: "be12adb79c30513a8a6eee55be2cae12"
Expires: Wed, 01 Jun 2022 00:25:52 GMT
Last-Modified: Mon, 24 May 2021 17:19:27 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a668f7aa6000061cbaea1c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1621876767509491
x-goog-hash: crc32c=O6rIow==
x-goog-hash: md5=vhKtt5wwUTqKbu5VviyuEg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62976
X-GUploader-UploadID: ABg5-UzOLK7BbmmoDxo6F0Lw3TKc_kzS5BWGe8hV40a1zg0kEWtkI1ydm5OZRB8-rOvzZYfQ7Qnw-4G8mtqkqQ2FGisHtduUzQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=THZHl2U3SO0tABbJkU5ESAhn2iR9mQaC9wDexLX7g72mU9LQ1Q04QxaQXR2PbU7JQN1ae0Vzjw3tHly0czq1NYvvPMid7a6roaa1F4DXpP%2Fx6MzUAg9q3nt%2B9c21%2BA4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 01 Jun 2021 00:27:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 275
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49206 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49198 -> 162.159.129.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49201 -> 162.159.129.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49198 162.159.129.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da |
|
TLSv1 192.168.56.101:49201 162.159.129.233:443 |
None | None | None |
Snort Alerts
No Snort Alerts