Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 210.34.80.129 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
GET
200
http://210.34.80.129/wbwj/fjafusoft/setup_zffz.txt
REQUEST
RESPONSE
BODY
GET /wbwj/fjafusoft/setup_zffz.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: AutoIt3Script
Host: 210.34.80.129
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 16 Jul 2020 08:13:05 GMT
Accept-Ranges: bytes
ETag: "5d3d85ee485bd61:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Date: Thu, 15 Dec 2022 08:43:54 GMT
Content-Length: 954
GET
200
http://210.34.80.129/wbwj/fjafusoft/mobel_zffz/Setup_Mobel.txt
REQUEST
RESPONSE
BODY
GET /wbwj/fjafusoft/mobel_zffz/Setup_Mobel.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: AutoIt3Script
Host: 210.34.80.129
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 02 Aug 2022 11:50:39 GMT
Accept-Ranges: bytes
ETag: "f97ad11566a6d81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Date: Thu, 15 Dec 2022 08:43:54 GMT
Content-Length: 25476
GET
200
http://210.34.80.129/wbwj/fjafusoft/mobel_zffz/zypgmb_zffz.txt
REQUEST
RESPONSE
BODY
GET /wbwj/fjafusoft/mobel_zffz/zypgmb_zffz.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: AutoIt3Script
Host: 210.34.80.129
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 30 Dec 2021 02:30:53 GMT
Accept-Ranges: bytes
ETag: "a8d464425fdd71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Date: Thu, 15 Dec 2022 08:43:56 GMT
Content-Length: 109611
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49165 -> 210.34.80.129:80 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
| TCP 192.168.56.103:49165 -> 210.34.80.129:80 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
| TCP 192.168.56.103:49165 -> 210.34.80.129:80 | 2008350 | ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts