Network Analysis
- TCP Requests
-
-
192.168.56.102:49164 101.227.134.27:80apps.game.qq.com
-
192.168.56.102:49172 101.227.134.27:80apps.game.qq.com
-
192.168.56.102:49176 101.227.134.27:80apps.game.qq.com
-
192.168.56.102:49166 106.14.120.14:809xcb.oeklms.com
-
192.168.56.102:49177 106.14.120.14:809xcb.oeklms.com
-
192.168.56.102:49171 118.212.235.111:80c9g6lqgo.sched.sma.tdnsstic1.cn
-
192.168.56.102:49174 118.212.235.111:80c9g6lqgo.sched.sma.tdnsstic1.cn
-
192.168.56.102:49165 119.63.197.139:443sp0.baidu.com
-
192.168.56.102:49178 119.63.197.139:443sp0.baidu.com
-
192.168.56.102:49173 139.196.190.229:80rip.oeklms.com
-
192.168.56.102:49161 175.43.23.80:80c9g6lqgo.sched.sma.tdnsstic1.cn
-
192.168.56.102:49162 175.43.23.80:80c9g6lqgo.sched.sma.tdnsstic1.cn
-
- UDP Requests
-
-
192.168.56.102:58522 114.114.114.114:53
-
192.168.56.102:50014 164.124.101.2:53
-
192.168.56.102:50447 164.124.101.2:53
-
192.168.56.102:51405 164.124.101.2:53
-
192.168.56.102:51598 164.124.101.2:53
-
192.168.56.102:51903 164.124.101.2:53
-
192.168.56.102:53778 164.124.101.2:53
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:57988 164.124.101.2:53
-
192.168.56.102:58521 164.124.101.2:53
-
192.168.56.102:59651 164.124.101.2:53
-
192.168.56.102:60523 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:65226 164.124.101.2:53
-
192.168.56.102:65368 164.124.101.2:53
-
192.168.56.102:65227 182.92.12.11:123time.pool.aliyun.com
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:59654 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
8.8.8.8:53 192.168.56.102:50447
-
8.8.8.8:53 192.168.56.102:51406
-
8.8.8.8:53 192.168.56.102:56631
-
8.8.8.8:53 192.168.56.102:62847
-
GET
200
http://cdn.cuilet.com/API/General/client_log_user
REQUEST
RESPONSE
BODY
GET /API/General/client_log_user HTTP/1.1
Accept-Encoding: gzip
User-Agent: CHM_MSDN
Host: cdn.cuilet.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 12 Nov 2023 01:13:54 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=client_log_user
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 951114
Content-Length: 1296
Accept-Ranges: bytes
X-NWS-LOG-UUID: 9064032031181448837
Connection: keep-alive
X-Cache-Lookup: Cache Hit
GET
200
http://cdn.cuilet.com/api/filegoto1/81b1e3e4c7ac0cfc
REQUEST
RESPONSE
BODY
GET /api/filegoto1/81b1e3e4c7ac0cfc HTTP/1.1
Accept-Encoding: gzip
Connection: Close
User-Agent: CHM_MSDN
Host: cdn.cuilet.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 20 Nov 2023 10:28:31 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=goto.zip
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 257226
Content-Length: 2890856
Accept-Ranges: bytes
X-NWS-LOG-UUID: 1188434013740255330
Connection: close
X-Cache-Lookup: Cache Hit
GET
200
http://apps.game.qq.com/comm-htdocs/ip/get_ip.php
REQUEST
RESPONSE
BODY
GET /comm-htdocs/ip/get_ip.php HTTP/1.1
User-Agent: HttpSend
Host: apps.game.qq.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Nov 2023 09:57:39 GMT
Content-Type: text/html
Content-Length: 32
Connection: keep-alive
Server: swoole-http-server
GET
200
http://cdn.cuilet.com/API/General/lsrpu
REQUEST
RESPONSE
BODY
GET /API/General/lsrpu HTTP/1.1
Accept-Encoding: gzip
User-Agent: CHM_MSDN
Host: cdn.cuilet.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 02:26:39 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=lsrpu
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 1840843
Content-Length: 48
Accept-Ranges: bytes
X-NWS-LOG-UUID: 14484710916390823560
Connection: keep-alive
X-Cache-Lookup: Cache Hit
POST
404
http://9xcb.oeklms.com/api/r/mcm
REQUEST
RESPONSE
BODY
POST /api/r/mcm HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: HttpSend
Host: 9xcb.oeklms.com
Content-Length: 533
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 23 Nov 2023 09:57:40 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
GET
200
http://ddjf8dkd.wifi95.com/api/userconfig/uc_2bd4378e4519b0a0f73b3cd533996173.json
REQUEST
RESPONSE
BODY
GET /api/userconfig/uc_2bd4378e4519b0a0f73b3cd533996173.json HTTP/1.1
Host: ddjf8dkd.wifi95.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 18 Nov 2023 02:19:18 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=uc_2bd4378e4519b0a0f73b3cd533996173.json
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 455530
Content-Length: 5584
Accept-Ranges: bytes
X-NWS-LOG-UUID: 11269350461445620898
Connection: keep-alive
X-Cache-Lookup: Cache Hit
GET
200
http://ddjf8dkd.wifi95.com/API/General/arearst
REQUEST
RESPONSE
BODY
GET /API/General/arearst HTTP/1.1
Host: ddjf8dkd.wifi95.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 06:46:15 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=arearst
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 878892
Content-Length: 1776
Accept-Ranges: bytes
X-NWS-LOG-UUID: 2618947289861853965
Connection: keep-alive
X-Cache-Lookup: Cache Hit
GET
200
http://apps.game.qq.com/comm-htdocs/ip/get_ip.php
REQUEST
RESPONSE
BODY
GET /comm-htdocs/ip/get_ip.php HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0)
Host: apps.game.qq.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Nov 2023 09:57:51 GMT
Content-Type: text/html
Content-Length: 52
Connection: keep-alive
Server: swoole-http-server
Content-Encoding: gzip
GET
200
http://rip.oeklms.com/api/r/ip
REQUEST
RESPONSE
BODY
GET /api/r/ip HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: sjd32DSKJF9Ssf
Host: rip.oeklms.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Nov 2023 09:57:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 56
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
GET
200
http://ddjf8dkd.wifi95.com/API/General/lsrpu
REQUEST
RESPONSE
BODY
GET /API/General/lsrpu HTTP/1.1
Host: ddjf8dkd.wifi95.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 02:26:41 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=lsrpu
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 1841439
Content-Length: 48
Accept-Ranges: bytes
X-NWS-LOG-UUID: 14653739951564907108
Connection: keep-alive
X-Cache-Lookup: Cache Hit
GET
200
http://ddjf8dkd.wifi95.com/API/General/thenewseven
REQUEST
RESPONSE
BODY
GET /API/General/thenewseven HTTP/1.1
Accept-Encoding: gzip
Connection: Close
User-Agent: CHM_MSDN
Host: ddjf8dkd.wifi95.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Oct 2023 16:34:20 GMT
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=thenewseven
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: Lego Server
Cache-Control: max-age=10
Age: 2136429
Content-Length: 5232
Accept-Ranges: bytes
X-NWS-LOG-UUID: 8392422829116781601
Connection: close
X-Cache-Lookup: Cache Hit
GET
200
http://apps.game.qq.com/comm-htdocs/ip/get_ip.php
REQUEST
RESPONSE
BODY
GET /comm-htdocs/ip/get_ip.php HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0)
Host: apps.game.qq.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Nov 2023 09:57:52 GMT
Content-Type: text/html
Content-Length: 52
Connection: keep-alive
Server: swoole-http-server
Content-Encoding: gzip
POST
404
http://9xcb.oeklms.com/api/r/mcm
REQUEST
RESPONSE
BODY
POST /api/r/mcm HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 9xcb.oeklms.com
Content-Length: 485
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 23 Nov 2023 09:57:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
POST
404
http://9xcb.oeklms.com/api/r/mcm
REQUEST
RESPONSE
BODY
POST /api/r/mcm HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 9xcb.oeklms.com
Content-Length: 485
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 23 Nov 2023 09:57:52 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
POST
404
http://9xcb.oeklms.com/api/r/mcm
REQUEST
RESPONSE
BODY
POST /api/r/mcm HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: HttpSend
Host: 9xcb.oeklms.com
Content-Length: 533
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Thu, 23 Nov 2023 09:57:57 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49165 -> 119.63.197.139:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.102:49178 -> 119.63.197.139:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49165 119.63.197.139:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af |
TLSv1 192.168.56.102:49178 119.63.197.139:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af |
Snort Alerts
No Snort Alerts