Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cedarfalls.hopto.org | 147.189.171.5 |
GET
200
http://cedarfalls.hopto.org/VpnHBe.txt
REQUEST
RESPONSE
BODY
GET /VpnHBe.txt HTTP/1.1
Host: cedarfalls.hopto.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 13 Nov 2021 04:15:51 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
Last-Modified: Thu, 11 Nov 2021 22:52:53 GMT
ETag: "6c1a5-5d08b33e27e92"
Accept-Ranges: bytes
Content-Length: 442789
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
GET
200
http://cedarfalls.hopto.org/redeem2.txt
REQUEST
RESPONSE
BODY
GET /redeem2.txt HTTP/1.1
Host: cedarfalls.hopto.org
HTTP/1.1 200 OK
Date: Sat, 13 Nov 2021 04:15:52 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.3.31
Last-Modified: Fri, 29 Oct 2021 16:21:13 GMT
ETag: "1c74f-5cf80373c4f47"
Accept-Ranges: bytes
Content-Length: 116559
Content-Type: text/plain
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:55871 -> 164.124.101.2:53 | 2028681 | ET POLICY DNS Query to DynDNS Domain *.hopto .org | Potentially Bad Traffic |
| TCP 192.168.56.101:49161 -> 147.189.171.5:80 | 2018216 | ET INFO HTTP Connection To DDNS Domain Hopto.org | Potentially Bad Traffic |
| TCP 192.168.56.101:49161 -> 147.189.171.5:80 | 2018216 | ET INFO HTTP Connection To DDNS Domain Hopto.org | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts