Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 138.34.28.219 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 217.115.240.248 | Active | Moloch |
| 38.110.100.104 | Active | Moloch |
| 38.110.103.113 | Active | Moloch |
| 38.110.103.124 | Active | Moloch |
| 38.110.103.136 | Active | Moloch |
| 38.110.103.18 | Active | Moloch |
| 45.36.99.184 | Active | Moloch |
| 60.51.47.65 | Active | Moloch |
| 68.69.26.182 | Active | Moloch |
| 80.15.2.105 | Active | Moloch |
| 82.159.149.52 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
-
-
192.168.56.101:49220 138.34.28.219:443
-
192.168.56.101:49218 217.115.240.248:443
-
192.168.56.101:49217 38.110.100.104:443
-
192.168.56.101:49203 38.110.103.113:443
-
192.168.56.101:49213 38.110.103.124:443
-
192.168.56.101:49219 38.110.103.124:443
-
192.168.56.101:49212 38.110.103.136:443
-
192.168.56.101:49204 38.110.103.18:443
-
192.168.56.101:49215 38.110.103.18:443
-
192.168.56.101:49216 45.36.99.184:443
-
192.168.56.101:49214 60.51.47.65:443
-
192.168.56.101:49205 80.15.2.105:443
-
192.168.56.101:49206 80.15.2.105:443
-
192.168.56.101:49207 80.15.2.105:443
-
192.168.56.101:49208 80.15.2.105:443
-
192.168.56.101:49209 80.15.2.105:443
-
192.168.56.101:49210 80.15.2.105:443
-
192.168.56.101:49211 82.159.149.52:443
-
- UDP Requests
-
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
404
https://38.110.103.113/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.113
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Wed, 24 Jun 2020 18:30:53 GMT
Server: lighttpd/1.4.39
GET
404
https://38.110.103.18/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.18
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 13 Jul 2021 00:28:04 GMT
Server: lighttpd/1.4.39
GET
200
https://82.159.149.52/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 82.159.149.52
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 13 Jul 2021 00:29:14 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
404
https://38.110.103.136/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.136
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 30 Jun 2020 05:21:31 GMT
Server: lighttpd/1.4.39
GET
404
https://38.110.103.124/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.124
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 30 Jun 2020 05:21:22 GMT
Server: lighttpd/1.4.39
GET
200
https://60.51.47.65/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 60.51.47.65
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 13 Jul 2021 00:29:20 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
404
https://38.110.103.18/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.18
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 13 Jul 2021 00:29:22 GMT
Server: lighttpd/1.4.39
GET
200
https://45.36.99.184/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 45.36.99.184
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 13 Jul 2021 00:29:24 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://38.110.100.104/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.100.104
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 13 Jul 2021 00:29:27 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
404
https://217.115.240.248/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 217.115.240.248
HTTP/1.1 404 Not Found
Server: Xavante 2.2.0 embeded
Content-Type: text/html
Date: Tue, 21 Nov 2017 00:42:29 GMT
Connection: Keep-Alive
Content-Length: 284
GET
404
https://38.110.103.124/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.124
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 30 Jun 2020 05:21:35 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
HTTP/1.1 302 Found
Set-Cookie: AIROS_F492BFD61C49=dea7395d32b04116dc2c966baac634ce; Path=/; Version=1
Location: /cookiechecker?uri=/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
Content-Length: 0
Date: Tue, 13 Jul 2021 00:29:32 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/cookiechecker?uri=/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/
REQUEST
RESPONSE
BODY
GET /cookiechecker?uri=/rob106/TEST22-PC_W617601.B45AB76DC73F5BDB36CEB3F597952EB3/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=dea7395d32b04116dc2c966baac634ce
HTTP/1.1 302 Found
Location: /index.html
Content-Length: 0
Date: Tue, 13 Jul 2021 00:29:33 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/index.html
REQUEST
RESPONSE
BODY
GET /index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=dea7395d32b04116dc2c966baac634ce
HTTP/1.1 302 Found
Location: /login.cgi?uri=/index.html
Content-Length: 0
Date: Tue, 13 Jul 2021 00:29:33 GMT
Server: lighttpd/1.4.39
GET
200
https://138.34.28.219/login.cgi?uri=/index.html
REQUEST
RESPONSE
BODY
GET /login.cgi?uri=/index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=dea7395d32b04116dc2c966baac634ce
HTTP/1.1 200 OK
Set-Cookie: ui_language=en_US; Path=/; Expires=Tuesday, 1-Jan-38 00:00:00 GMT; HttpOnly
Content-Type: text/html
Transfer-Encoding: chunked
Date: Tue, 13 Jul 2021 00:29:33 GMT
Server: lighttpd/1.4.39
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts