Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| onedrive.live.com |
CNAME
l-0004.l-msedge.net
CNAME
web.fe.1drv.com
|
13.107.43.13 |
GET
301
http://onedrive.live.com/download?cid=4FE79169F14FE906&resid=4FE79169F14FE906%21197&authkey=AJx2lN6RUxuMay0
REQUEST
RESPONSE
BODY
GET /download?cid=4FE79169F14FE906&resid=4FE79169F14FE906%21197&authkey=AJx2lN6RUxuMay0 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: onedrive.live.com
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 233
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://onedrive.live.com/download?cid=4FE79169F14FE906&resid=4FE79169F14FE906%21197&authkey=AJx2lN6RUxuMay0
Set-Cookie: xid=fece99c9-458e-4379-8a8f-352dc29011d7&&RD0004FFA72CC3&185; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Thu, 25-May-2023 04:31:32 GMT; path=/
X-Content-Type-Options: nosniff
X-MSNServer: RD0004FFA72CC3
X-ODWebServer: canadaeast0-odwebpl
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: D6873BAB9BF24A9A83BCE8FD04A1D499 Ref B: SLAEDGE2015 Ref C: 2023-05-25T06:11:32Z
Date: Thu, 25 May 2023 06:11:32 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49164 -> 13.107.42.13:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49164 13.107.42.13:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=onedrive.com | 4e:11:98:32:9d:ab:e8:3b:be:4e:e9:05:86:88:8d:67:16:9b:c0:9b |
Snort Alerts
No Snort Alerts