Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ocsp.digicert.com |
CNAME
cs9.wac.phicdn.net
|
117.18.237.29 |
| cdn.discordapp.com | 162.159.134.233 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64034 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
https://cdn.discordapp.com/attachments/878569652987502634/878573089506607124/mmserv32.exe
REQUEST
RESPONSE
BODY
GET /attachments/878569652987502634/878573089506607124/mmserv32.exe HTTP/1.1
Host: cdn.discordapp.com
Accept: */*
HTTP/1.1 200 OK
Date: Wed, 25 Aug 2021 00:12:04 GMT
Content-Type: application/x-msdos-program
Content-Length: 28672
Connection: keep-alive
CF-Ray: 68409b51acae61c5-ICN
Accept-Ranges: bytes
Age: 304002
Cache-Control: public, max-age=31536000
Content-Disposition: attachment;%20filename=mmserv32.exe
ETag: "e0ef479792b1fbbea0b7504a910e186d"
Expires: Thu, 25 Aug 2022 00:12:04 GMT
Last-Modified: Sat, 21 Aug 2021 09:35:47 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1629538547672334
x-goog-hash: crc32c=YMorEA==
x-goog-hash: md5=4O9Hl5Kx+76gt1BKkQ4YbQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 28672
X-GUploader-UploadID: ADPycds2c06-Ou4aBA8L9WyaL-COc1eIMteJWj5H5a_o5ZkZWDRx-gKbhNQnT-o2ugE8lwydzuVZq9L4InGS4mF2WbQWWLPpfw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUVjr4D1UJwjryFbX7ZMpkQMQ1nPWUlfxTs3uJU68x4fp%2BuECn1ORvjn7TQyY9cJNJTC9K69UrTX1%2BXfnGUXW5d2Fq87M6r6uB0t846Bu%2Bzh9Tw4h1OmQewFt74Gm5gsF21AWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2429
Cache-Control: max-age=162683
Content-Type: application/ocsp-response
Date: Wed, 25 Aug 2021 00:12:04 GMT
Etag: "612559d2-5e3"
Expires: Thu, 26 Aug 2021 21:23:27 GMT
Last-Modified: Tue, 24 Aug 2021 20:42:58 GMT
Server: ECS (tkb/732C)
X-Cache: HIT
Content-Length: 1507
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49170 162.159.129.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 54:e1:a7:9d:cc:c8:60:86:f1:a5:da:74:0e:5a:ab:45:df:37:8a:78 |
Snort Alerts
No Snort Alerts