Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- UDP Requests
-
-
192.168.56.103:51935 164.124.101.2:53
-
192.168.56.103:60117 164.124.101.2:53
-
192.168.56.103:60880 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:60883 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
200
http://185.254.240.239/Vv/1/RuntimeBroker_64.zip
REQUEST
RESPONSE
BODY
GET /Vv/1/RuntimeBroker_64.zip HTTP/1.1
Host: 185.254.240.239
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-zip-compressed
Last-Modified: Sun, 17 Oct 2021 11:36:08 GMT
Accept-Ranges: bytes
ETag: "044422d4bc3d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:47 GMT
Content-Length: 22016
GET
200
http://185.254.240.239/Vv/1/RuntimeBrokerBin_64.zip
REQUEST
RESPONSE
BODY
GET /Vv/1/RuntimeBrokerBin_64.zip HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-zip-compressed
Last-Modified: Thu, 17 Jun 2021 19:06:32 GMT
Accept-Ranges: bytes
ETag: "0ec6be2ab63d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:48 GMT
Content-Length: 26624
GET
200
http://185.254.240.239/Vv/1/WinPcap_4_1_3.exe
REQUEST
RESPONSE
BODY
GET /Vv/1/WinPcap_4_1_3.exe HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Wed, 14 Apr 2021 14:28:10 GMT
Accept-Ranges: bytes
ETag: "0f9d0643a31d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:48 GMT
Content-Length: 915128
GET
200
http://185.254.240.239/Vv/1/vcredist_2010_x64.exe
REQUEST
RESPONSE
BODY
GET /Vv/1/vcredist_2010_x64.exe HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Thu, 17 Jun 2021 16:13:56 GMT
Accept-Ranges: bytes
ETag: "0bac3c59363d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:49 GMT
Content-Length: 5673816
GET
200
http://185.254.240.239/Vv/1/vcredist_2013_x64.exe
REQUEST
RESPONSE
BODY
GET /Vv/1/vcredist_2013_x64.exe HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Sat, 29 May 2021 10:20:22 GMT
Accept-Ranges: bytes
ETag: "49cecb3b7454d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:53 GMT
Content-Length: 7195976
GET
200
http://185.254.240.239/Vv/1/PcapDotNet.Base_64.dll
REQUEST
RESPONSE
BODY
GET /Vv/1/PcapDotNet.Base_64.dll HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Last-Modified: Fri, 04 Jun 2010 14:01:46 GMT
Accept-Ranges: bytes
ETag: "081f777ee3cb1:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:57 GMT
Content-Length: 12800
GET
200
http://185.254.240.239/Vv/1/PcapDotNet.Core_64.dll
REQUEST
RESPONSE
BODY
GET /Vv/1/PcapDotNet.Core_64.dll HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Last-Modified: Fri, 04 Jun 2010 14:02:30 GMT
Accept-Ranges: bytes
ETag: "05f3192ee3cb1:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:57 GMT
Content-Length: 72704
GET
200
http://185.254.240.239/Vv/1/PcapDotNet.Core.Extensions_64.dll
REQUEST
RESPONSE
BODY
GET /Vv/1/PcapDotNet.Core.Extensions_64.dll HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Last-Modified: Fri, 04 Jun 2010 14:02:36 GMT
Accept-Ranges: bytes
ETag: "0e6c495ee3cb1:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:58 GMT
Content-Length: 11264
GET
200
http://185.254.240.239/Vv/1/PcapDotNet.Packets_64.dll
REQUEST
RESPONSE
BODY
GET /Vv/1/PcapDotNet.Packets_64.dll HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Last-Modified: Fri, 04 Jun 2010 14:01:52 GMT
Accept-Ranges: bytes
ETag: "088b7bee3cb1:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:58 GMT
Content-Length: 157184
GET
200
http://185.254.240.239/Vv/1/PcapDotNet.Analysis_64.dll
REQUEST
RESPONSE
BODY
GET /Vv/1/PcapDotNet.Analysis_64.dll HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
Last-Modified: Fri, 04 Jun 2010 12:48:52 GMT
Accept-Ranges: bytes
ETag: "012dc48e43cb1:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:00:58 GMT
Content-Length: 94720
GET
200
http://185.254.240.239/Vv/resource.json
REQUEST
RESPONSE
BODY
GET /Vv/resource.json HTTP/1.1
Host: 185.254.240.239
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sun, 23 May 2021 08:59:22 GMT
Accept-Ranges: bytes
ETag: "0511fecb14fd71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:01:25 GMT
Content-Length: 81
GET
200
http://185.254.240.239/Vv/1/process.json
REQUEST
RESPONSE
BODY
GET /Vv/1/process.json HTTP/1.1
Host: 185.254.240.239
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sun, 13 Jun 2021 15:32:11 GMT
Accept-Ranges: bytes
ETag: "737c1a476960d71:0"
Server: Microsoft-IIS/10.0
Date: Tue, 02 Nov 2021 02:01:25 GMT
Content-Length: 118
GET
200
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 05 Jun 2020 05:01:05 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 767
Content-Type: application/pkix-crl
Content-MD5: aHL66CiNs0IH2efuNQFX9A==
Last-Modified: Fri, 07 May 2021 05:00:53 GMT
ETag: 0x8D91115179E37D7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d51afd36-b01e-004e-4ae2-c88295000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 02 Nov 2021 02:01:29 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 15 May 2020 05:01:08 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 564
Content-Type: application/octet-stream
Content-MD5: 4HF4kBpOqsKBa7I47DqA2w==
Last-Modified: Tue, 11 Aug 2020 21:46:56 GMT
ETag: 0x8D83E4011579DF4
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dcf9c394-901e-003f-31b0-aff0ac000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 02 Nov 2021 02:01:29 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 17 May 2020 05:00:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 519
Content-Type: application/octet-stream
Content-MD5: 6Vr5sDUT1ynSj9iQz/Tr6Q==
Last-Modified: Tue, 30 Mar 2021 15:18:44 GMT
ETag: 0x8D8F38F1BA23B59
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7d27f5f1-101e-00e2-2de3-c8a302000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 02 Nov 2021 02:01:30 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts