Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| iili.io | 104.21.235.69 | |
| gcdnb.pbrd.co | 104.21.68.220 |
GET
404
https://gcdnb.pbrd.co/images/6oHgYLgr6bK3.png?o=1
REQUEST
RESPONSE
BODY
GET /images/6oHgYLgr6bK3.png?o=1 HTTP/1.1
Connection: Keep-Alive
Host: gcdnb.pbrd.co
HTTP/1.1 404 Not Found
Date: Mon, 12 Aug 2024 00:14:08 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 127
Connection: keep-alive
X-GUploader-UploadID: AHxI1nPCDgBcaen_SK_cxG-QjtSn6NZffpeNjR7VJKbId0aJcs_XnQTPOPb4uh8GdiE1gTOleDtHYJnomw
Expires: Mon, 12 Aug 2024 00:14:08 GMT
Cache-Control: private, max-age=0
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0iMp0Z8WCH0vYfca%2BsmMJEW97KMcdBRrk1rqFpLFOI3apgJwpq%2B3CELQ4kUnydZ%2BDzHLe1dWhRSpTmyJFI7UfSbAcoSAF5R6WcOycF7j3FJ9WEd%2F0MoDQ%2BXRoy5qzg7F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b1c437508765361-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://iili.io/JNYCwle.png
REQUEST
RESPONSE
BODY
GET /JNYCwle.png HTTP/1.1
Connection: Keep-Alive
Host: iili.io
HTTP/1.1 200 OK
Date: Mon, 12 Aug 2024 00:14:09 GMT
Content-Type: image/png
Content-Length: 6071091
Connection: keep-alive
Last-Modified: Wed, 03 Apr 2024 20:08:32 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: public, max-age=315360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcsQiZVhkP%2FIPEYXq5cyOpxDX4RK9Mjo7GtbL3eVQQVfPWzsKiLagpyCbm0uNhgX3cVeHQJJM5klBvTA0c6QCOiBoSU7yElDpgCDcxW4HFOoWSwTTbkmpkMI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b1c43771df4f6ee-NRT
alt-svc: h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 91.92.240.41:7575 -> 192.168.56.103:49162 | 2400012 | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 | Misc Attack |
| TCP 192.168.56.103:49162 -> 172.67.198.249:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49164 -> 104.21.235.70:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49162 172.67.198.249:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pbrd.co | 79:68:77:d6:5f:0e:f5:de:95:32:8b:ac:71:a4:7b:6d:21:61:a8:3f |
|
TLSv1 192.168.56.103:49164 104.21.235.70:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=iili.io | 8f:d4:58:59:55:6a:03:e7:74:8c:f7:04:b1:7d:6a:76:4a:67:63:27 |
Snort Alerts
No Snort Alerts