Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| matozip1.b-cdn.net | 143.244.49.177 | |
| mato3f.b-cdn.net | 143.244.50.91 |
GET
200
https://mato3f.b-cdn.net/town-fil
REQUEST
RESPONSE
BODY
GET /town-fil HTTP/1.1
Accept: */*
Accept-Language: ko-KR
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: mato3f.b-cdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:33:03 GMT
Content-Type: application/octet-stream
Content-Length: 102374
Connection: keep-alive
Server: BunnyCDN-JP1-1148
CDN-PullZone: 2356696
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Tue, 16 Jul 2024 10:52:46 GMT
CDN-StorageServer: LA-357
CDN-FileServer: 465
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/21/2024 12:46:03
CDN-EdgeStorageId: 1066
CDN-Status: 200
CDN-RequestId: 28b26a63066bd78825642126a0e36b61
CDN-Cache: HIT
Accept-Ranges: bytes
GET
200
https://matozip1.b-cdn.net/K1.zip
REQUEST
RESPONSE
BODY
GET /K1.zip HTTP/1.1
Host: matozip1.b-cdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:33:06 GMT
Content-Type: application/zip
Content-Length: 2885218
Connection: keep-alive
Server: BunnyCDN-JP1-1097
CDN-PullZone: 2330878
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Mon, 22 Jul 2024 06:14:46 GMT
CDN-StorageServer: LA-389
CDN-FileServer: 465
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/23/2024 05:30:24
CDN-EdgeStorageId: 1188
CDN-Status: 200
CDN-RequestId: 3b19546fa62ae6291a111172b7bad07c
CDN-Cache: HIT
Accept-Ranges: bytes
GET
200
https://matozip1.b-cdn.net/K2.zip
REQUEST
RESPONSE
BODY
GET /K2.zip HTTP/1.1
Host: matozip1.b-cdn.net
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:33:14 GMT
Content-Type: application/zip
Content-Length: 532376
Connection: keep-alive
Server: BunnyCDN-JP1-1097
CDN-PullZone: 2330878
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Mon, 22 Jul 2024 06:14:38 GMT
CDN-StorageServer: LA-355
CDN-FileServer: 748
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/23/2024 05:30:33
CDN-EdgeStorageId: 1185
CDN-Status: 200
CDN-RequestId: 9bfec7be8cfab57c2b627f83f2a0f5c3
CDN-Cache: HIT
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 169.150.225.41:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49166 -> 109.61.83.243:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49169 169.150.225.41:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.b-cdn.net | fc:d9:3e:09:69:f5:9d:8a:aa:45:73:03:05:f1:8d:e4:5b:80:10:e4 |
|
TLSv1 192.168.56.101:49166 109.61.83.243:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.b-cdn.net | fc:d9:3e:09:69:f5:9d:8a:aa:45:73:03:05:f1:8d:e4:5b:80:10:e4 |
Snort Alerts
No Snort Alerts