Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
GET
200
https://103.54.41.193/tot90/TEST22-PC_W617601.F773CB1B97BB6C3311087FB95D3B54AB/5/kps/
REQUEST
RESPONSE
BODY
GET /tot90/TEST22-PC_W617601.F773CB1B97BB6C3311087FB95D3B54AB/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 103.54.41.193
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 30 Apr 2021 00:40:24 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
154.79.246.193 | 192.168.56.102 | 3 | |
154.79.246.193 | 192.168.56.102 | 3 | |
154.79.246.193 | 192.168.56.102 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49812 -> 103.54.41.193:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
TCP 103.54.41.193:443 -> 192.168.56.102:49812 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49812 103.54.41.193:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | bb:48:e9:a1:55:37:8d:d3:de:c1:26:8f:7a:43:8c:19:5e:bb:da:25 |
Snort Alerts
No Snort Alerts