Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| utorrent-servers.xyz | 172.67.167.212 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
192.168.56.101:62329 239.255.255.250:3702
-
192.168.56.101:62331 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://utorrent-servers.xyz/ABCD1234.exe
REQUEST
RESPONSE
BODY
GET /ABCD1234.exe HTTP/1.1
Host: utorrent-servers.xyz
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 03 Jun 2021 12:09:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
cf-request-id: 0a7360c70f0000053481b04000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pSELyPNJsFLzRCDiOCZS6Bvp4SQj6sPpm3gh1FqYGir6sQJmMqQm2l1AydkyEV4L0wszCDSwke1WSgXUOtgvz%2FizglKwBMowucObcM1yRgabouZI8K83BepsTie6xHkck0M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6598d0b81b960534-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49200 -> 172.67.167.212:80 | 2022896 | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | A Network Trojan was detected |
| TCP 192.168.56.101:49200 -> 172.67.167.212:80 | 2031088 | ET HUNTING Request to .XYZ Domain with Minimal Headers | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts