Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mato3pdf.b-cdn.net | 169.150.249.168 | |
| matozip1.b-cdn.net | 169.150.249.168 |
GET
200
https://mato3pdf.b-cdn.net/pdf
REQUEST
RESPONSE
BODY
GET /pdf HTTP/1.1
Accept: */*
Accept-Language: ko-KR
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: mato3pdf.b-cdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:37:35 GMT
Content-Type: application/octet-stream
Content-Length: 102796
Connection: keep-alive
Server: BunnyCDN-JP1-1195
CDN-PullZone: 2356830
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Tue, 16 Jul 2024 11:35:48 GMT
CDN-StorageServer: LA-295
CDN-FileServer: 828
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/23/2024 05:37:35
CDN-EdgeStorageId: 1188
CDN-Status: 200
CDN-RequestId: 0ed70903801c7e31ec5bf3eb7f354b42
CDN-Cache: MISS
Accept-Ranges: bytes
GET
200
https://matozip1.b-cdn.net/K1.zip
REQUEST
RESPONSE
BODY
GET /K1.zip HTTP/1.1
Host: matozip1.b-cdn.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:37:38 GMT
Content-Type: application/zip
Content-Length: 2885218
Connection: keep-alive
Server: BunnyCDN-JP1-1172
CDN-PullZone: 2330878
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Mon, 22 Jul 2024 06:14:46 GMT
CDN-StorageServer: LA-389
CDN-FileServer: 465
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/23/2024 05:30:24
CDN-EdgeStorageId: 1188
CDN-Status: 200
CDN-RequestId: a8a2411a99fd62fb5613d149f9c0ef6e
CDN-Cache: HIT
Accept-Ranges: bytes
GET
200
https://matozip1.b-cdn.net/K2.zip
REQUEST
RESPONSE
BODY
GET /K2.zip HTTP/1.1
Host: matozip1.b-cdn.net
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2024 05:37:47 GMT
Content-Type: application/zip
Content-Length: 532376
Connection: keep-alive
Server: BunnyCDN-JP1-1172
CDN-PullZone: 2330878
CDN-Uid: b7aa2822-4cf2-435a-b8b8-d2bd7540826c
CDN-RequestCountryCode: KR
Cache-Control: public, max-age=2592000
Last-Modified: Mon, 22 Jul 2024 06:14:38 GMT
CDN-StorageServer: LA-355
CDN-FileServer: 748
CDN-ProxyVer: 1.04
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 206
CDN-CachedAt: 07/23/2024 05:30:33
CDN-EdgeStorageId: 1185
CDN-Status: 200
CDN-RequestId: 4e29332a62cad486ccc6ea430e103dcc
CDN-Cache: HIT
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49166 -> 109.61.83.99:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49169 -> 109.61.83.245:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49166 109.61.83.99:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.b-cdn.net | fc:d9:3e:09:69:f5:9d:8a:aa:45:73:03:05:f1:8d:e4:5b:80:10:e4 |
|
TLSv1 192.168.56.101:49169 109.61.83.245:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.b-cdn.net | fc:d9:3e:09:69:f5:9d:8a:aa:45:73:03:05:f1:8d:e4:5b:80:10:e4 |
Snort Alerts
No Snort Alerts