Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| store2.gofile.io | 31.14.69.10 |
GET
200
https://store2.gofile.io/download/658884da-8dd7-4781-9455-8aaf61fcb244/Atftigkvqscpv.dll
REQUEST
RESPONSE
BODY
GET /download/658884da-8dd7-4781-9455-8aaf61fcb244/Atftigkvqscpv.dll HTTP/1.1
Host: store2.gofile.io
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Disposition: attachment; filename="Atftigkvqscpv.dll"
Content-Length: 487454
Content-Type: application/octet-stream
Date: Wed, 22 Sep 2021 00:58:35 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
X-Xss-Protection: 1; mode=block
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49167 -> 31.14.69.10:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49167 31.14.69.10:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.gofile.io | 4c:cc:6b:32:8f:55:d8:cc:fa:f4:4d:ae:80:a1:dd:b7:e3:e2:84:ae |
Snort Alerts
No Snort Alerts