Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 31 DNS 8 TCP 36 UDP 16 HTTP(S) 9 ICMP 1 IRC 0 Suricata Snort

IP Address	Status	Action
103.8.26.102	Active	Moloch
103.8.26.103	Active	Moloch
104.168.155.129	Active	Moloch
112.196.72.188	Active	Moloch
117.18.232.200	Active	Moloch
121.254.136.27	Active	Moloch
131.100.24.231	Active	Moloch
146.164.84.216	Active	Moloch
148.66.159.242	Active	Moloch
150.95.8.112	Active	Moloch
164.124.101.2	Active	Moloch
178.63.25.185	Active	Moloch
178.79.147.66	Active	Moloch
185.7.214.7	Active	Moloch
192.254.71.210	Active	Moloch
203.114.109.124	Active	Moloch
207.38.84.195	Active	Moloch
209.59.138.75	Active	Moloch
210.3.48.214	Active	Moloch
212.237.17.99	Active	Moloch
217.182.143.207	Active	Moloch
45.118.115.99	Active	Moloch
45.142.114.231	Active	Moloch
45.176.232.124	Active	Moloch
46.55.222.11	Active	Moloch
51.38.71.0	Active	Moloch
51.68.175.8	Active	Moloch
54.254.177.153	Active	Moloch
58.227.42.236	Active	Moloch
79.172.212.216	Active	Moloch
95.111.224.35	Active	Moloch

Name	Response	Post-Analysis Lookup
ippur.ufrj.br	A 146.164.84.216	146.164.84.216
apps.identrust.com	A 121.254.136.27 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 121.254.136.57	23.43.165.66
atplengineering.com	A 148.66.159.242	148.66.159.242
soomaal.softuvo.xyz	A 112.196.72.188	112.196.72.188
www2.s12.xrea.com	A 150.95.8.112	150.95.8.112
scoute.ai	A 54.254.177.153	54.254.177.153
wordpress.pixeleyenow.com	A 210.3.48.214	210.3.48.214
sarvaero.com	A 95.111.224.35	95.111.224.35

TCP Requests

UDP Requests

GET 200 http://185.7.214.7/ve/ve.png

REQUEST

GET /ve/ve.png HTTP/1.1 Host: 185.7.214.7 Connection: Keep-Alive

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 19 Jan 2022 02:33:32 GMT Content-Type: image/png Content-Length: 972 Last-Modified: Tue, 18 Jan 2022 14:05:40 GMT Connection: keep-alive ETag: "61e6c934-3cc" Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

REQUEST

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

RESPONSE

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 19 Jan 2022 03:33:42 GMT Date: Wed, 19 Jan 2022 02:33:42 GMT Connection: keep-alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 302 http://ippur.ufrj.br/assets/W8jp7/

REQUEST

GET /assets/W8jp7/ HTTP/1.1 Host: ippur.ufrj.br Connection: Keep-Alive

RESPONSE

HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 19 Jan 2022 02:33:44 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive Location: https://ippur.ufrj.br/assets/W8jp7/

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

REQUEST

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

RESPONSE

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 19 Jan 2022 03:33:47 GMT Date: Wed, 19 Jan 2022 02:33:47 GMT Connection: keep-alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://apps.identrust.com/roots/dstrootcax3.p7c

REQUEST

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

RESPONSE

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Fri, 29 Oct 2021 21:49:30 GMT ETag: "37d-5cf84cd446e80" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Wed, 19 Jan 2022 03:33:48 GMT Date: Wed, 19 Jan 2022 02:33:48 GMT Connection: keep-alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://sarvaero.com/assets/BRrGH0HSkc/

REQUEST

GET /assets/BRrGH0HSkc/ HTTP/1.1 Host: sarvaero.com Connection: Keep-Alive

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 19 Jan 2022 02:33:49 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://sarvaero.com/wp-json/>; rel="https://api.w.org/" Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://atplengineering.com/wp-admin/mDk/

REQUEST

GET /wp-admin/mDk/ HTTP/1.1 Host: atplengineering.com Connection: Keep-Alive

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 19 Jan 2022 02:33:50 GMT Server: Apache X-Powered-By: PHP/7.4.26 Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <http://atplengineering.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Keep-Alive: timeout=5 Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://www2.s12.xrea.com/-/gkUMZLMfkddmFdMlJ/

REQUEST

GET /-/gkUMZLMfkddmFdMlJ/ HTTP/1.1 Host: www2.s12.xrea.com Connection: Keep-Alive

RESPONSE

HTTP/1.1 200 OK Date: Wed, 19 Jan 2022 02:33:52 GMT Server: Apache Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Wed, 19 Jan 2022 02:33:52 GMT Content-Disposition: attachment; filename="OjpasYr2.dll" Content-Transfer-Encoding: binary Set-Cookie: 61e778906cc32=1642559632; expires=Wed, 19-Jan-2022 02:34:52 GMT; Max-Age=60; path=/ Last-Modified: Wed, 19 Jan 2022 02:33:52 GMT Content-Length: 407552 Vary: User-Agent Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

REQUEST

GET /IE9CompatViewList.xml HTTP/1.1 Accept: */* UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Host: ie9cvlist.ie.microsoft.com If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT If-None-Match: 0x8D871FC7BDF491D Connection: Keep-Alive

RESPONSE

HTTP/1.1 200 OK Content-Encoding: gzip Age: 9719 Cache-Control: max-age=21600 Content-MD5: p9g4jsuZO6TaLMVAI9ujVg== Content-Type: text/xml Date: Wed, 19 Jan 2022 02:34:00 GMT Etag: 0x8D9521D2D2DF1EC Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT Server: ECAcc (tka/897A) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7ddfe4cc-c01e-00b4-06c6-0ce100000000 x-ms-version: 2009-09-19 Content-Length: 13702

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts