Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 4 DNS 0 TCP 2 UDP 4 HTTP(S) 5 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
162.159.137.85	Active	Moloch
185.163.204.212	Active	Moloch
185.163.204.22	Active	Moloch
193.122.6.168	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49163 185.163.204.212:80
- 192.168.56.103:49162 185.163.204.22:80

UDP Requests

GET 200 http://185.163.204.22/sandysysmanch1

REQUEST

GET /sandysysmanch1 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: 185.163.204.22

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Wed, 19 Jan 2022 02:43:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: stel_ssid=a8b24674bb2c7dd4f9_8769574505948418671; expires=Thu, 20 Jan 2022 02:43:50 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store Strict-Transport-Security: max-age=35768000 Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Wed, 19 Jan 2022 02:43:51 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/73eee44e44919848c055e1526d06276c45f92e2e

REQUEST

GET //l/f/iG04cH4BZ2GIX1a3Foik/73eee44e44919848c055e1526d06276c45f92e2e HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Wed, 19 Jan 2022 02:43:51 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:58 GMT ETag: "61d8c846-dfcff" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/3f73650a26f7f66bc40c1ae9d176ca9cbf7fee6b

REQUEST

GET //l/f/iG04cH4BZ2GIX1a3Foik/3f73650a26f7f66bc40c1ae9d176ca9cbf7fee6b HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Wed, 19 Jan 2022 02:43:57 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Fri, 07 Jan 2022 23:09:57 GMT ETag: "61d8c845-2b281b" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.163.204.212/

REQUEST

POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV Content-Length: 1313 Host: 185.163.204.212

RESPONSE

HTTP/1.1 200 OK Server: nginx Date: Wed, 19 Jan 2022 02:44:02 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: *

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts