Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| manvim.co | 46.173.214.209 |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:61479
-
GET
404
http://manvim.co/ae1/AE1.php
REQUEST
RESPONSE
BODY
GET /ae1/AE1.php HTTP/1.0
Host: manvim.co
Accept: */*
Accept-Encoding: identity, *;q=0
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP/1.1 404 Not Found
Date: Fri, 13 Aug 2021 00:43:39 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49205 -> 46.173.214.209:80 | 2014234 | ET MALWARE Fareit/Pony Downloader Checkin 3 | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49205 -> 46.173.214.209:80 | 2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49205 -> 46.173.214.209:80 | 2014562 | ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98 | A Network Trojan was detected |
| TCP 192.168.56.101:49205 -> 46.173.214.209:80 | 2016870 | ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts