Network Analysis
- TCP Requests
-
-
192.168.56.102:49815 104.21.1.88:443fotamene.com
-
192.168.56.102:49811 104.21.16.228:443server10.sndvoices.com
-
192.168.56.102:49812 104.21.16.228:443server10.sndvoices.com
-
192.168.56.102:49814 13.84.56.16:443vsblobprodscussu5shard58.blob.core.windows.net
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49816 172.67.161.225:443spolaect.info
-
192.168.56.102:49817 172.67.207.106:443lalemada.info
-
192.168.56.102:49810 20.150.39.196:443vsblobprodscussu5shard10.blob.core.windows.net
-
192.168.56.102:49808 204.79.197.219:443msdl.microsoft.com
-
192.168.56.102:49809 204.79.197.219:443msdl.microsoft.com
-
192.168.56.102:49813 204.79.197.219:443msdl.microsoft.com
-
- UDP Requests
-
-
192.168.56.102:50538 164.124.101.2:53
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54221 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:62039 164.124.101.2:53
-
192.168.56.102:62461 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
8.8.8.8:53 192.168.56.102:50839
-
GET
404
https://msdl.microsoft.com/download/symbols/index2.txt
REQUEST
RESPONSE
BODY
GET /download/symbols/index2.txt HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Content-Type: application/problem+json; charset=utf-8
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: BCDC4FA845FE4FEA85D63529F6781D30 Ref B: SLAEDGE0613 Ref C: 2021-04-20T06:47:19Z
Date: Tue, 20 Apr 2021 06:47:19 GMT
GET
302
https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb
REQUEST
RESPONSE
BODY
GET /download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Location: https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: 7494BC14C91444898AEBD665A8C42D0B Ref B: SLAEDGE1118 Ref C: 2021-04-20T06:47:19Z
Date: Tue, 20 Apr 2021 06:47:18 GMT
Content-Length: 0
GET
200
https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
REQUEST
RESPONSE
BODY
GET /b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Connection: Keep-Alive
Cache-Control: no-cache
Host: vsblobprodscussu5shard10.blob.core.windows.net
HTTP/1.1 200 OK
Content-Length: 8768512
Content-Type: application/octet-stream
Content-Language: x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
Last-Modified: Thu, 01 Jun 2017 08:40:23 GMT
Accept-Ranges: bytes
ETag: "0x8D4A8C9D85A2B17"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a0baa687-301e-0017-71b1-351ff6000000
x-ms-version: 2019-07-07
x-ms-creation-time: Thu, 04 May 2017 19:30:13 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Origin: *
Date: Tue, 20 Apr 2021 06:47:19 GMT
GET
302
https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb
REQUEST
RESPONSE
BODY
GET /download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Location: https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: BB94DA4320DE4BB4A3400979403F19EB Ref B: SLAEDGE1118 Ref C: 2021-04-20T06:47:26Z
Date: Tue, 20 Apr 2021 06:47:25 GMT
Content-Length: 0
GET
200
https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
REQUEST
RESPONSE
BODY
GET /b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=7AbuFcy6rVsv90SWbhZYjX%2F1l2smGDcgr940AwiIF4k%3D&spr=https&se=2021-04-21T07%3A12%3A02Z&rscl=x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Connection: Keep-Alive
Cache-Control: no-cache
Host: vsblobprodscussu5shard10.blob.core.windows.net
HTTP/1.1 200 OK
Content-Length: 8768512
Content-Type: application/octet-stream
Content-Language: x-e2eid-d85b51fb-5af2448b-86391750-db8470b1-session-1ebff91c-856e4d36-a4b4e0af-5a74b6de
Last-Modified: Thu, 01 Jun 2017 08:40:23 GMT
Accept-Ranges: bytes
ETag: "0x8D4A8C9D85A2B17"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a0bab2b9-301e-0017-4ab1-351ff6000000
x-ms-version: 2019-07-07
x-ms-creation-time: Thu, 04 May 2017 19:30:13 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Origin: *
Date: Tue, 20 Apr 2021 06:47:26 GMT
GET
404
https://msdl.microsoft.com/download/symbols/index2.txt
REQUEST
RESPONSE
BODY
GET /download/symbols/index2.txt HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Content-Type: application/problem+json; charset=utf-8
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: 56FB1ADBBC9E49D7A62E6D4FB761F9D3 Ref B: SLAEDGE1118 Ref C: 2021-04-20T06:47:32Z
Date: Tue, 20 Apr 2021 06:47:32 GMT
GET
302
https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
REQUEST
RESPONSE
BODY
GET /download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Location: https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: E1DAF2DF64124B4CA8E582ABCF21617A Ref B: SLAEDGE1006 Ref C: 2021-04-20T06:47:33Z
Date: Tue, 20 Apr 2021 06:47:32 GMT
Content-Length: 0
GET
200
https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
REQUEST
RESPONSE
BODY
GET /b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Connection: Keep-Alive
Cache-Control: no-cache
Host: vsblobprodscussu5shard58.blob.core.windows.net
HTTP/1.1 200 OK
Content-Length: 404480
Content-Type: application/octet-stream
Content-Language: x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
Content-MD5: XaOoge+ZHoAQ3u15nxparw==
Last-Modified: Thu, 15 Jun 2017 19:58:38 GMT
Accept-Ranges: bytes
ETag: "0x8D4B428EA2D0250"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1fee2052-901e-009b-4eb1-351b60000000
x-ms-version: 2019-07-07
x-ms-creation-time: Thu, 04 May 2017 19:05:36 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Origin: *
Date: Tue, 20 Apr 2021 06:47:32 GMT
GET
302
https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
REQUEST
RESPONSE
BODY
GET /download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Host: msdl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Location: https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
X-Cache: TCP_MISS
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: 05B31A5739AF4CF7ABDD2BD879C21E9B Ref B: SLAEDGE1006 Ref C: 2021-04-20T06:47:34Z
Date: Tue, 20 Apr 2021 06:47:34 GMT
Content-Length: 0
GET
200
https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
REQUEST
RESPONSE
BODY
GET /b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=9UUozfiE%2FOpxeeckU6eKE51prLyA7vjOQSQhv8%2F4Goc%3D&spr=https&se=2021-04-21T07%3A35%3A45Z&rscl=x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc HTTP/1.1
Accept-Encoding: gzip
User-Agent: Microsoft-Symbol-Server/10.0.10586.567
Connection: Keep-Alive
Cache-Control: no-cache
Host: vsblobprodscussu5shard58.blob.core.windows.net
HTTP/1.1 200 OK
Content-Length: 404480
Content-Type: application/octet-stream
Content-Language: x-e2eid-1750f897-21ec47fd-858b9192-280e65c5-session-4d66908c-74d44857-ac54d7ee-2d4cedfc
Content-MD5: XaOoge+ZHoAQ3u15nxparw==
Last-Modified: Thu, 15 Jun 2017 19:58:38 GMT
Accept-Ranges: bytes
ETag: "0x8D4B428EA2D0250"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1fee2448-901e-009b-27b1-351b60000000
x-ms-version: 2019-07-07
x-ms-creation-time: Thu, 04 May 2017 19:05:36 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Origin: *
Date: Tue, 20 Apr 2021 06:47:34 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49808 204.79.197.219:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=msdl.microsoft.com | 59:ef:31:b0:03:89:82:c9:2b:90:9a:8c:60:24:70:85:f6:45:ed:9a |
|
TLSv1 192.168.56.102:49809 204.79.197.219:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=msdl.microsoft.com | 59:ef:31:b0:03:89:82:c9:2b:90:9a:8c:60:24:70:85:f6:45:ed:9a |
|
TLS 1.3 192.168.56.102:49811 104.21.16.228:443 |
None | None | None |
|
TLS 1.3 192.168.56.102:49812 104.21.16.228:443 |
None | None | None |
|
TLSv1 192.168.56.102:49810 20.150.39.196:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | CN=*.blob.core.windows.net | d0:4c:33:5f:cd:ac:48:a4:00:ff:d5:6a:1c:fc:1c:61:d5:84:05:4d |
|
TLSv1 192.168.56.102:49813 204.79.197.219:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=msdl.microsoft.com | 59:ef:31:b0:03:89:82:c9:2b:90:9a:8c:60:24:70:85:f6:45:ed:9a |
|
TLSv1 192.168.56.102:49814 13.84.56.16:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | CN=*.blob.core.windows.net | 70:c1:14:b5:95:35:c0:4b:01:19:5c:47:78:be:e0:40:bc:d4:62:09 |
|
TLS 1.3 192.168.56.102:49816 172.67.161.225:443 |
None | None | None |
|
TLS 1.3 192.168.56.102:49815 104.21.1.88:443 |
None | None | None |
|
TLS 1.3 192.168.56.102:49817 172.67.207.106:443 |
None | None | None |
Snort Alerts
No Snort Alerts