Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| soapbeginshops.com | 34.118.86.4 |
GET
200
http://soapbeginshops.com/ItsMe.zip
REQUEST
RESPONSE
BODY
GET /ItsMe.zip HTTP/1.1
User-Agent: OnionWClient / 1.0
Host: soapbeginshops.com
Connection: Keep-Alive
HTTP/1.1 200 OK
date: Sun, 22 May 2022 11:30:00 GMT
server: Apache/2.4.6 (CentOS) PHP/7.4.29
last-modified: Sat, 21 May 2022 21:38:56 GMT
etag: "551-5df8c6f1adc00"
accept-ranges: bytes
content-length: 1361
content-type: application/zip
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 34.118.86.4:80 -> 192.168.56.103:49161 | 2035026 | ET HUNTING SUSPICIOUS .LNK File Inside of Zip | Unknown Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts