Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 103.75.201.2 | Active | Moloch |
| 103.8.26.102 | Active | Moloch |
| 103.8.26.103 | Active | Moloch |
| 104.168.155.129 | Active | Moloch |
| 104.251.214.46 | Active | Moloch |
| 128.199.157.63 | Active | Moloch |
| 131.100.24.231 | Active | Moloch |
| 158.69.222.101 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 178.63.25.185 | Active | Moloch |
| 178.79.147.66 | Active | Moloch |
| 185.46.123.38 | Active | Moloch |
| 185.7.214.7 | Active | Moloch |
| 192.254.71.210 | Active | Moloch |
| 203.114.109.124 | Active | Moloch |
| 207.38.84.195 | Active | Moloch |
| 209.59.138.75 | Active | Moloch |
| 212.237.17.99 | Active | Moloch |
| 217.182.143.207 | Active | Moloch |
| 45.118.115.99 | Active | Moloch |
| 45.118.135.203 | Active | Moloch |
| 45.142.114.231 | Active | Moloch |
| 45.176.232.124 | Active | Moloch |
| 46.55.222.11 | Active | Moloch |
| 51.38.71.0 | Active | Moloch |
| 51.68.175.8 | Active | Moloch |
| 58.227.42.236 | Active | Moloch |
| 79.172.212.216 | Active | Moloch |
| 81.0.236.90 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| peterpolz.to-create.eu | 185.46.123.38 | |
| fr7.anbo5288.cc | 128.199.157.63 |
- TCP Requests
-
-
192.168.56.103:49208 103.8.26.102:8080
-
192.168.56.103:49209 103.8.26.102:8080
-
192.168.56.103:49210 103.8.26.102:8080
-
192.168.56.103:49188 103.8.26.103:8080
-
192.168.56.103:49189 103.8.26.103:8080
-
192.168.56.103:49190 103.8.26.103:8080
-
192.168.56.103:49199 104.168.155.129:8080
-
192.168.56.103:49200 104.168.155.129:8080
-
192.168.56.103:49201 104.168.155.129:8080
-
192.168.56.103:49172 128.199.157.63:80fr7.anbo5288.cc
-
192.168.56.103:49180 131.100.24.231:80
-
192.168.56.103:49181 131.100.24.231:80
-
192.168.56.103:49182 131.100.24.231:80
-
192.168.56.103:49170 185.46.123.38:80peterpolz.to-create.eu
-
192.168.56.103:49165 185.7.214.7:80
-
192.168.56.103:49169 185.7.214.7:80
-
192.168.56.103:49184 209.59.138.75:7080
-
192.168.56.103:49185 209.59.138.75:7080
-
192.168.56.103:49186 209.59.138.75:7080
-
192.168.56.103:49204 46.55.222.11:443
-
192.168.56.103:49205 46.55.222.11:443
-
192.168.56.103:49206 46.55.222.11:443
-
192.168.56.103:49192 51.38.71.0:443
-
192.168.56.103:49193 51.38.71.0:443
-
192.168.56.103:49194 51.38.71.0:443
-
192.168.56.103:49215 51.68.175.8:8080
-
192.168.56.103:49216 51.68.175.8:8080
-
192.168.56.103:49217 51.68.175.8:8080
-
GET
200
http://185.7.214.7/fer/fer.html
REQUEST
RESPONSE
BODY
GET /fer/fer.html HTTP/1.1
Accept: */*
Accept-Language: ko-KR
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 185.7.214.7
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 20 Jan 2022 00:28:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
GET
200
http://185.7.214.7/fer/fer.png
REQUEST
RESPONSE
BODY
GET /fer/fer.png HTTP/1.1
Host: 185.7.214.7
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 20 Jan 2022 00:28:28 GMT
Content-Type: image/png
Content-Length: 1029
Last-Modified: Wed, 19 Jan 2022 09:27:00 GMT
Connection: keep-alive
ETag: "61e7d964-405"
Accept-Ranges: bytes
GET
403
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
REQUEST
RESPONSE
BODY
GET /cgi-bin/toRO9wV0IQu6/ HTTP/1.1
Host: peterpolz.to-create.eu
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Thu, 20 Jan 2022 00:28:29 GMT
Server: Apache
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
GET
200
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
REQUEST
RESPONSE
BODY
GET /-/Q7qLFrKJSlabny0snc/ HTTP/1.1
Host: fr7.anbo5288.cc
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 20 Jan 2022 00:28:29 GMT
Server: Apache/2.4.41 (Ubuntu)
Set-Cookie: 61e8acad6802f=1642638509; expires=Thu, 20-Jan-2022 00:29:29 GMT; Max-Age=60; path=/
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Thu, 20 Jan 2022 00:28:29 GMT
Expires: Thu, 20 Jan 2022 00:28:29 GMT
Content-Disposition: attachment; filename="1Z8uvoGCfjttUw8.dll"
Content-Transfer-Encoding: binary
Content-Length: 606208
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 81.0.236.90 | 192.168.56.103 | 3 | |
| 81.0.236.90 | 192.168.56.103 | 3 | |
| 81.0.236.90 | 192.168.56.103 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts