Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ne.komaiasowu.ru | 81.177.141.85 |
- UDP Requests
-
-
192.168.56.102:52062 164.124.101.2:53
-
192.168.56.102:52336 164.124.101.2:53
-
192.168.56.102:64995 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:49164 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
http://ne.komaiasowu.ru/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: ne.komaiasowu.ru
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 15 Oct 2021 01:04:35 GMT
Content-Type: application/json; charset=utf8
Content-Length: 77
Connection: keep-alive
Server: Jino.ru/mod_pizza
GET
404
http://65.21.105.85/barell.exe
REQUEST
RESPONSE
BODY
GET /barell.exe HTTP/1.1
Host: 65.21.105.85
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Date: Fri, 15 Oct 2021 01:04:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 274
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 81.177.141.85 | 192.168.56.102 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49169 -> 65.21.105.85:80 | 2016141 | ET INFO Executable Download from dotted-quad Host | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts