Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
win.ust.cx | 154.91.34.235 | |
www.ipip.net | 172.67.22.102 | |
luoyefeihua.site | ||
en.ipip.net | 104.22.30.153 | |
downapp.baidu.com | 60.190.116.35 |
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:64897 239.255.255.250:1900
-
GET
302
https://www.ipip.net/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.ipip.net
HTTP/1.1 302 Found
Date: Sun, 22 Sep 2024 08:49:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://en.ipip.net
Cache-Control: no-cache
set-cookie: LOVEAPP_SESSID=33fc5849ec4164c75a57c4471253f37b6f3da0b0; path=/; domain=.ipip.net
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8c710ab2fd6b29df-FUK
GET
200
https://en.ipip.net/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: en.ipip.net
HTTP/1.1 200 OK
Date: Sun, 22 Sep 2024 08:49:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
set-cookie: LOVEAPP_SESSID=4bac0144701f14284fe8dfa3dd38ec53a8ca65b6; path=/; domain=.ipip.net
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8c710abe9b9229e0-FUK
GET
403
http://downapp.baidu.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: downapp.baidu.com
HTTP/1.1 403 Forbidden
Server: JSP3/2.0.14
Date: Sun, 22 Sep 2024 08:49:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 101
Connection: keep-alive
X-Bce-Flow-Control-Type: -1
X-Bce-Is-Transition: false
x-bce-debug-id: YmBX5In6K1OtHCTOn2tSOO2VXE44p1rjcWv7ynWbiwBpcFMwB2BbHE/R8oosxOst/Zv8CnRQ09ZuouMUGRygHw==
x-bce-flow-control-type: -1
x-bce-is-transition: false
x-bce-request-id: adb85b88-c8d7-4b36-8788-f4bb1a2c2995
Ohc-Cache-HIT: wz2ct56 [1], wzix56 [1]
Ohc-File-Size: 101
X-Error-Info: Origin
X-Cache-Status: MISS
Access-Control-Allow-Origin: null
Access-Control-Allow-Methods: GET
GET
200
http://downapp.baidu.com/appsearch/AndroidPhone/1.0.65.172/1/1012271b/20171027150542/appsearch_AndroidPhone_1-0-65-172_1012271b.apk?responseContentDisposition=attachment%3Bfilename%3D%22appsearch_AndroidPhone_v8.0.3%281.0.65.172%29_1012271b.apk%22&responseContentType=application%2Fvnd.android.package-archive&request_id=1516457256_8032127161&type=dynamic
REQUEST
RESPONSE
BODY
GET /appsearch/AndroidPhone/1.0.65.172/1/1012271b/20171027150542/appsearch_AndroidPhone_1-0-65-172_1012271b.apk?responseContentDisposition=attachment%3Bfilename%3D%22appsearch_AndroidPhone_v8.0.3%281.0.65.172%29_1012271b.apk%22&responseContentType=application%2Fvnd.android.package-archive&request_id=1516457256_8032127161&type=dynamic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: downapp.baidu.com
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sun, 22 Sep 2024 08:49:24 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 7010214
Connection: keep-alive
Expires: Tue, 24 Sep 2024 11:46:25 GMT
Last-Modified: Fri, 27 Oct 2017 07:05:42 GMT
ETag: "603f463f671d277e0ccb0f4be8b9e3ae"
Age: 75338
Accept-Ranges: bytes
Content-Disposition: attachment;filename="appsearch_AndroidPhone_v8.0.3(1.0.65.172)_1012271b.apk"
Content-MD5: YD9GP2cdJ34Myw9L6Lnjrg==
x-bce-content-crc32: 2244176732
x-bce-debug-id: W4oKe5K4rL18hQun9HTH3VLT8CZUg99UtfwrFirNHikoSQh1O5FNlYLB3OJWze8eSYX8CeHYIjGIVaQJPUZSlw==
x-bce-request-id: 8167b65a-63e5-40d8-8919-67c1f38f70b0
x-bce-storage-class: STANDARD
Ohc-Global-Saved-Time: Sat, 21 Sep 2024 11:46:25 GMT
Ohc-Cache-HIT: wz2ct56 [2], xiangyix130 [4]
Ohc-File-Size: 7010214
X-Cache-Status: HIT
Access-Control-Allow-Origin: null
Access-Control-Allow-Methods: GET
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49164 -> 104.22.30.153:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49165 -> 104.22.31.153:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49164 104.22.30.153:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=www.ipip.net | 5e:e0:4c:ad:06:35:8e:83:c1:b4:04:49:a7:cf:48:a8:e1:aa:f5:38 |
TLSv1 192.168.56.103:49165 104.22.31.153:443 |
C=US, O=Google Trust Services, CN=WR1 | CN=en.ipip.net | 40:22:3a:4f:77:4e:be:5b:e5:5a:f3:1e:14:9a:12:eb:20:ed:f3:68 |
Snort Alerts
No Snort Alerts