Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 103.105.254.17 | Active | Moloch |
| 138.34.28.219 | Active | Moloch |
| 154.58.23.192 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 185.56.76.28 | Active | Moloch |
| 185.56.76.94 | Active | Moloch |
| 204.138.26.60 | Active | Moloch |
| 38.110.103.124 | Active | Moloch |
| 74.85.157.139 | Active | Moloch |
| 80.15.2.105 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
-
-
192.168.56.101:49205 103.105.254.17:443
-
192.168.56.101:49212 138.34.28.219:443
-
192.168.56.101:49215 185.56.76.28:443
-
192.168.56.101:49210 185.56.76.94:443
-
192.168.56.101:49206 204.138.26.60:443
-
192.168.56.101:49211 38.110.103.124:443
-
192.168.56.101:49203 80.15.2.105:443
-
192.168.56.101:49204 80.15.2.105:443
-
192.168.56.101:49213 80.15.2.105:443
-
192.168.56.101:49214 80.15.2.105:443
-
- UDP Requests
-
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62327 239.255.255.250:1900
-
192.168.56.101:62329 239.255.255.250:3702
-
192.168.56.101:62331 239.255.255.250:3702
-
192.168.56.101:62333 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://103.105.254.17/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 103.105.254.17
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 14 Jul 2021 00:03:40 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
404
https://204.138.26.60/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 204.138.26.60
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 12 Jul 2020 00:49:44 GMT
Server: lighttpd/1.4.39
GET
200
https://103.105.254.17/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 103.105.254.17
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 14 Jul 2021 00:03:44 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
302
https://185.56.76.94/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.94
HTTP/1.1 302 Found
Set-Cookie: AIROS_44D9E7DE31D2=5ffe9567c37cecd4b59f3af91e791608; Path=/; Version=1
Location: /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
Content-Length: 0
Date: Fri, 17 Jul 2020 11:47:52 GMT
Server: lighttpd/1.4.39
GET
302
https://185.56.76.94/cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.94
Cookie: AIROS_44D9E7DE31D2=5ffe9567c37cecd4b59f3af91e791608
HTTP/1.1 302 Found
Location: /index.html
Content-Length: 0
Date: Fri, 17 Jul 2020 11:47:52 GMT
Server: lighttpd/1.4.39
GET
302
https://185.56.76.94/index.html
REQUEST
RESPONSE
BODY
GET /index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.94
Cookie: AIROS_44D9E7DE31D2=5ffe9567c37cecd4b59f3af91e791608
HTTP/1.1 302 Found
Location: /login.cgi?uri=/index.html
Content-Length: 0
Date: Fri, 17 Jul 2020 11:47:53 GMT
Server: lighttpd/1.4.39
GET
200
https://185.56.76.94/login.cgi?uri=/index.html
REQUEST
RESPONSE
BODY
GET /login.cgi?uri=/index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.94
Cookie: AIROS_44D9E7DE31D2=5ffe9567c37cecd4b59f3af91e791608
HTTP/1.1 200 OK
Set-Cookie: ui_language=en_US; Path=/; Expires=Tuesday, 1-Jan-38 00:00:00 GMT; HttpOnly
Content-Type: text/html
Transfer-Encoding: chunked
Date: Fri, 17 Jul 2020 11:47:54 GMT
Server: lighttpd/1.4.39
GET
404
https://38.110.103.124/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 38.110.103.124
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Wed, 01 Jul 2020 04:56:19 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
HTTP/1.1 302 Found
Set-Cookie: AIROS_F492BFD61C49=401abac1114931fe2ec0f95a1bc3f62f; Path=/; Version=1
Location: /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
Content-Length: 0
Date: Wed, 14 Jul 2021 00:04:18 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=401abac1114931fe2ec0f95a1bc3f62f
HTTP/1.1 302 Found
Location: /index.html
Content-Length: 0
Date: Wed, 14 Jul 2021 00:04:18 GMT
Server: lighttpd/1.4.39
GET
302
https://138.34.28.219/index.html
REQUEST
RESPONSE
BODY
GET /index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=401abac1114931fe2ec0f95a1bc3f62f
HTTP/1.1 302 Found
Location: /login.cgi?uri=/index.html
Content-Length: 0
Date: Wed, 14 Jul 2021 00:04:20 GMT
Server: lighttpd/1.4.39
GET
200
https://138.34.28.219/login.cgi?uri=/index.html
REQUEST
RESPONSE
BODY
GET /login.cgi?uri=/index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 138.34.28.219
Cookie: AIROS_F492BFD61C49=401abac1114931fe2ec0f95a1bc3f62f
HTTP/1.1 200 OK
Set-Cookie: ui_language=en_US; Path=/; Expires=Tuesday, 1-Jan-38 00:00:00 GMT; HttpOnly
Content-Type: text/html
Transfer-Encoding: chunked
Date: Wed, 14 Jul 2021 00:04:20 GMT
Server: lighttpd/1.4.39
GET
302
https://185.56.76.28/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.28
HTTP/1.1 302 Found
Set-Cookie: AIROS_0418D660A958=f205e8db3b02d3abddccd1f0bac28bd0; Path=/; Version=1
Location: /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
Content-Length: 0
Date: Fri, 17 Jul 2020 11:48:27 GMT
Server: lighttpd/1.4.39
GET
302
https://185.56.76.28/cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/
REQUEST
RESPONSE
BODY
GET /cookiechecker?uri=/rob107/TEST22-PC_W617601.573191CBB5CB3D577FB706313757BB3C/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.28
Cookie: AIROS_0418D660A958=f205e8db3b02d3abddccd1f0bac28bd0
HTTP/1.1 302 Found
Location: /index.html
Content-Length: 0
Date: Fri, 17 Jul 2020 11:48:28 GMT
Server: lighttpd/1.4.39
GET
302
https://185.56.76.28/index.html
REQUEST
RESPONSE
BODY
GET /index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.28
Cookie: AIROS_0418D660A958=f205e8db3b02d3abddccd1f0bac28bd0
HTTP/1.1 302 Found
Location: /login.cgi?uri=/index.html
Content-Length: 0
Date: Fri, 17 Jul 2020 11:48:28 GMT
Server: lighttpd/1.4.39
GET
200
https://185.56.76.28/login.cgi?uri=/index.html
REQUEST
RESPONSE
BODY
GET /login.cgi?uri=/index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.74.0
Host: 185.56.76.28
Cookie: AIROS_0418D660A958=f205e8db3b02d3abddccd1f0bac28bd0
HTTP/1.1 200 OK
Set-Cookie: ui_language=en_US; Path=/; Expires=Tuesday, 1-Jan-38 00:00:00 GMT; HttpOnly
Content-Type: text/html
Transfer-Encoding: chunked
Date: Fri, 17 Jul 2020 11:48:28 GMT
Server: lighttpd/1.4.39
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts