Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| indug.com | 47.254.184.183 | |
| download.microsoft.com |
CNAME
main.dl.ms.akadns.net
|
104.109.240.114 |
| www.microsoft.com | 23.201.37.168 | |
| download.visualstudio.microsoft.com |
CNAME
cs10.wpc.v0cdn.net
CNAME
4316b.wpc.azureedge.net
|
192.229.232.200 |
- TCP Requests
-
-
192.168.56.103:49187 104.75.21.121:80
-
192.168.56.103:49184 121.254.136.16:80
-
192.168.56.103:49193 192.229.232.200:443download.visualstudio.microsoft.com
-
192.168.56.103:49188 23.201.36.112:443download.microsoft.com
-
192.168.56.103:49194 23.201.37.168:80www.microsoft.com
-
192.168.56.103:49170 47.254.184.183:80indug.com
-
192.168.56.103:49172 47.254.184.183:80indug.com
-
- UDP Requests
-
-
192.168.56.103:51935 164.124.101.2:53
-
192.168.56.103:51958 164.124.101.2:53
-
192.168.56.103:60117 164.124.101.2:53
-
192.168.56.103:60880 164.124.101.2:53
-
192.168.56.103:63183 164.124.101.2:53
-
192.168.56.103:63462 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:51938 239.255.255.250:1900
-
HEAD
200
https://download.microsoft.com/download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe
REQUEST
RESPONSE
BODY
HEAD /download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: download.microsoft.com
HTTP/1.1 200 OK
Content-Length: 48017296
Content-Type: application/octet-stream
Content-MD5: rdCR6o7aFTD7gUXW7iRKZA==
Last-Modified: Tue, 16 Oct 2018 10:45:44 GMT
Accept-Ranges: bytes
ETag: "0x8D6335486451D09"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-access-tier: Hot
x-ms-access-tier-inferred: true
Date: Thu, 04 Nov 2021 06:10:12 GMT
Connection: keep-alive
HEAD
200
https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi
REQUEST
RESPONSE
BODY
HEAD /download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 140669
Cache-Control: public, max-age=259200
Content-Disposition: attachment; filename=netfx_full_x64.msi
Content-Type: application/octet-stream
Date: Thu, 04 Nov 2021 06:10:21 GMT
Etag: "d41918785236d71:0"
Last-Modified: Wed, 21 Apr 2021 02:03:06 GMT
Server: ECAcc (tkb/73CB)
X-Cache: HIT
X-Gateway-List: Loop-Detected
X-Powered-By: ASP.NET
Content-Length: 1753088
GET
0
https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi
REQUEST
RESPONSE
BODY
GET /download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:03:06 GMT
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
HEAD
0
https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp
REQUEST
RESPONSE
BODY
HEAD /download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
GET
0
https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp
REQUEST
RESPONSE
BODY
GET /download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:06:19 GMT
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
HEAD
0
https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab
REQUEST
RESPONSE
BODY
HEAD /download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
GET
0
https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab
REQUEST
RESPONSE
BODY
GET /download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 May 2017 20:51:44 GMT
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
HEAD
0
https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi
REQUEST
RESPONSE
BODY
HEAD /download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
GET
0
https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi
REQUEST
RESPONSE
BODY
GET /download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:38:59 GMT
User-Agent: Microsoft BITS/7.5
Host: download.visualstudio.microsoft.com
HEAD
200
http://indug.com/68.exe
REQUEST
RESPONSE
BODY
HEAD /68.exe HTTP/1.1
Accept: */*
User-Agent: InnoDownloadPlugin/1.5
Host: indug.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 04 Nov 2021 06:09:49 GMT
Server: Apache/2.4.25 (Debian)
Content-Disposition: attachment; filename=68.exe
Connection: close
Content-Type: application/octet-stream
GET
200
http://indug.com/68.exe
REQUEST
RESPONSE
BODY
GET /68.exe HTTP/1.1
Accept: */*
User-Agent: InnoDownloadPlugin/1.5
Host: indug.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 04 Nov 2021 06:09:51 GMT
Server: Apache/2.4.25 (Debian)
Content-Disposition: attachment; filename=68.exe
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
GET
200
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 05 Jun 2020 05:01:05 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 767
Content-Type: application/pkix-crl
Content-MD5: aHL66CiNs0IH2efuNQFX9A==
Last-Modified: Fri, 07 May 2021 05:00:53 GMT
ETag: 0x8D91115179E37D7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d51afd36-b01e-004e-4ae2-c88295000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:01 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 15 May 2020 05:01:08 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 564
Content-Type: application/octet-stream
Content-MD5: 4HF4kBpOqsKBa7I47DqA2w==
Last-Modified: Tue, 11 Aug 2020 21:46:56 GMT
ETag: 0x8D83E4011579DF4
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dcf9c394-901e-003f-31b0-aff0ac000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:01 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 17 May 2020 05:00:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 519
Content-Type: application/octet-stream
Content-MD5: 6Vr5sDUT1ynSj9iQz/Tr6Q==
Last-Modified: Tue, 30 Mar 2021 15:18:44 GMT
ETag: 0x8D8F38F1BA23B59
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7d27f5f1-101e-00e2-2de3-c8a302000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:01 GMT
Connection: keep-alive
HEAD
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz
REQUEST
RESPONSE
BODY
HEAD /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://download.microsoft.com/download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Expires: Thu, 04 Nov 2021 06:10:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:12 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz
REQUEST
RESPONSE
BODY
GET /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 Oct 2018 10:45:44 GMT
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.microsoft.com/download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:12 GMT
Connection: keep-alive
HEAD
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi
REQUEST
RESPONSE
BODY
HEAD /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Expires: Thu, 04 Nov 2021 06:10:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:20 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi
REQUEST
RESPONSE
BODY
GET /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:03:06 GMT
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:21 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 1141
Content-Type: application/octet-stream
Content-MD5: prLaPtMBpD6MYP3KHlaeqw==
Last-Modified: Wed, 13 Oct 2021 05:00:25 GMT
ETag: 0x8D98E065EADE8D9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d51b0cfb-b01e-004e-02e2-c88295000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:21 GMT
Connection: keep-alive
GET
200
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
REQUEST
RESPONSE
BODY
GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com
HTTP/1.1 200 OK
Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: bgK1dH/OmSRPovimfHZb2Q==
Last-Modified: Sat, 02 Oct 2021 05:00:27 GMT
ETag: 0x8D985618D1B969A
x-ms-request-id: d055e630-001e-0090-4c4f-b7d23c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:21 GMT
Connection: keep-alive
TLS_version: UNKNOWN
X-RTag: RT
GET
200
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicRooCerAut_2010-06-23.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 824
Content-Type: application/octet-stream
Content-MD5: X8UAjvDNPmShlgg+/uAhbw==
Last-Modified: Sat, 04 Sep 2021 05:01:57 GMT
ETag: 0x8D96F611F28FE8B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 21edfbca-401e-00d3-0458-a1f8d5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:21 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicTimStaPCA_2010-07-01.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 555
Content-Type: application/octet-stream
Content-MD5: BjyspbjHS0ONYTUw/uzJbg==
Last-Modified: Tue, 24 Aug 2021 05:01:36 GMT
ETag: 0x8D966BC3FDE3C30
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: aecc4dfb-501e-00c7-51b0-983bb1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 04 Nov 2021 06:10:21 GMT
Connection: keep-alive
HEAD
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp
REQUEST
RESPONSE
BODY
HEAD /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Expires: Thu, 04 Nov 2021 06:10:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:22 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp
REQUEST
RESPONSE
BODY
GET /fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:06:19 GMT
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:22 GMT
Connection: keep-alive
HEAD
302
http://go.microsoft.com/fwlink/?LinkId=862008
REQUEST
RESPONSE
BODY
HEAD /fwlink/?LinkId=862008 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Expires: Thu, 04 Nov 2021 06:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:25 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=862008
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=862008 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 09 May 2017 20:51:44 GMT
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab
Server: Kestrel
Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:25 GMT
Connection: keep-alive
HEAD
302
http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409
REQUEST
RESPONSE
BODY
HEAD /fwlink/?LinkId=249120&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi
Server: Kestrel
Request-Context: appId=cid-v1:26ef1154-5995-4d24-ad78-ef0b04f11587
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:25 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=249120&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 21 Apr 2021 02:38:59 GMT
User-Agent: Microsoft BITS/7.5
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Location: https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi
Server: Kestrel
Request-Context: appId=cid-v1:26ef1154-5995-4d24-ad78-ef0b04f11587
X-Response-Cache-Status: True
Content-Length: 0
Expires: Thu, 04 Nov 2021 06:10:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Nov 2021 06:10:25 GMT
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| CONNECT | %s:%i HTTP/1.1 | client |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49172 -> 47.254.184.183:80 | 2022482 | ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 | A Network Trojan was detected |
| TCP 47.254.184.183:80 -> 192.168.56.103:49172 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 47.254.184.183:80 -> 192.168.56.103:49172 | 2021954 | ET MALWARE JS/Nemucod.M.gen downloading EXE payload | A Network Trojan was detected |
| TCP 47.254.184.183:80 -> 192.168.56.103:49172 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
| TCP 192.168.56.103:49188 -> 23.201.36.112:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49193 -> 192.229.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49188 23.201.36.112:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=download.microsoft.com | 07:84:e3:73:a7:c0:23:a1:94:3b:48:8f:06:a3:1f:12:78:4a:73:99 |
|
TLSv1 192.168.56.103:49193 192.229.232.200:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=*.vo.msecnd.net | 43:64:16:4b:73:33:82:e8:0f:a9:73:e6:cc:d5:11:b5:ee:fe:e3:4b |
Snort Alerts
No Snort Alerts