Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| google.com | 172.217.24.142 | |
| limesfile.com | 198.54.126.101 |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:59370 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://limesfile.com/Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/69mrt4d6h323uwdsk9gzwdsq7mdzhn9.exe
REQUEST
RESPONSE
BODY
GET /Ea42LhC7KVL6GEpzgxwW/C_Net_8Rpjkd5GEqRYJq87/69mrt4d6h323uwdsk9gzwdsq7mdzhn9.exe HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Other
Host: limesfile.com
Connection: Keep-Alive
HTTP/1.1 200 OK
content-type: application/x-msdownload
last-modified: Mon, 31 May 2021 19:53:52 GMT
accept-ranges: bytes
content-length: 143360
date: Fri, 04 Jun 2021 02:30:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 142.250.204.78 | 8 | \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
| 142.250.204.78 | 192.168.56.101 | 0 | \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 198.54.126.101:80 -> 192.168.56.101:49200 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts