Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 35d42729-3b2d-44cd-88c7-59a76492301c.usrfiles.com | 34.102.176.152 |
GET
200
https://35d42729-3b2d-44cd-88c7-59a76492301c.usrfiles.com/ugd/35d427_aba34aefaf6944578eaddcbf518b0d51.txt
REQUEST
RESPONSE
BODY
GET /ugd/35d427_aba34aefaf6944578eaddcbf518b0d51.txt HTTP/1.1
Host: 35d42729-3b2d-44cd-88c7-59a76492301c.usrfiles.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: openresty/1.17.8.2
Date: Sun, 15 Aug 2021 23:10:05 GMT
Content-Type: text/plain
Content-Length: 45738
X-GUploader-UploadID: ADPycdvz6B_vE6dmCynJ0D6wvhlbhaGyHYH6bhkUTHQVbh1A1WFfPtug9-7ttnjkFZf-o4GAfNlNqkNAAo6TP9cLeTmjwYNM7A
Expires: Mon, 16 Aug 2021 00:10:05 GMT
Last-Modified: Tue, 20 Jul 2021 00:56:41 GMT
ETag: "8a7bb730e58fc9ad693066e8a889a7ce"
x-goog-generation: 1626742601566740
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 45738
x-goog-hash: crc32c=axhhBA==
x-goog-hash: md5=inu3MOWPya1pMGboqImnzg==
x-goog-storage-class: STANDARD
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Timing-Allow-Origin: *
X-Seen-By: gcp.us-central-1.media-router-6f96f966d6-l92f7
X-Robots-Tag: noindex, nofollow
Via: 1.1 google
Cache-Control: public, max-age=15552000, immutable
Age: 209812
Alt-Svc: clear
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49170 -> 34.102.176.152:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49170 34.102.176.152:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.usrfiles.com | b1:d6:01:5d:9c:44:fb:53:29:0d:c0:3a:ad:fe:bd:77:23:96:8f:44 |
Snort Alerts
No Snort Alerts