Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com | 85.184.161.145 | |
| ping.nolimitdronez.com | 85.184.161.145 |
- TCP Requests
-
-
192.168.56.103:49161 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49163 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49173 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49175 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49176 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49177 85.184.161.145:80ping.nolimitdronez.com
-
192.168.56.103:49182 85.184.161.145:80ping.nolimitdronez.com
-
GET
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/appupdate.json
REQUEST
RESPONSE
BODY
GET /appupdate.json HTTP/1.1
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sat, 21 Jan 2023 19:05:02 GMT
Accept-Ranges: bytes
ETag: "3568044cb2dd91:0"
Server: Microsoft-IIS/10.0
Date: Sun, 22 Jan 2023 06:19:30 GMT
Content-Length: 458
GET
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/downloads/nldapp.exe
REQUEST
RESPONSE
BODY
GET /downloads/nldapp.exe HTTP/1.1
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/*;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Language: *
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Sat, 21 Jan 2023 16:03:44 GMT
Accept-Ranges: bytes
ETag: "c788d6efb12dd91:0"
Server: Microsoft-IIS/10.0
Date: Sun, 22 Jan 2023 06:19:31 GMT
Content-Length: 5758976
GET
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/appupdate.json
REQUEST
RESPONSE
BODY
GET /appupdate.json HTTP/1.1
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sat, 21 Jan 2023 19:05:02 GMT
Accept-Ranges: bytes
ETag: "3568044cb2dd91:0"
Server: Microsoft-IIS/10.0
Date: Sun, 22 Jan 2023 06:19:40 GMT
Content-Length: 458
GET
200
http://ping.nolimitdronez.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: ping.nolimitdronez.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 22 Nov 2022 05:59:32 GMT
Accept-Ranges: bytes
ETag: "7f90839737fed81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sun, 22 Jan 2023 06:19:41 GMT
Content-Length: 1
POST
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/
REQUEST
RESPONSE
BODY
POST / HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
FileStreamMD5: 85C5C26B5B8E1D3D5E630D66DE8FF762
Date: Sun, 22 Jan 2023 06:19:42 GMT
Connection: keep-alive
Content-Length: 1055
GET
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/scrolltxt.txt
REQUEST
RESPONSE
BODY
GET /scrolltxt.txt HTTP/1.1
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 16 Nov 2021 09:30:35 GMT
Accept-Ranges: bytes
ETag: "d242ea9bccdad71:0"
Server: Microsoft-IIS/10.0
Date: Sun, 22 Jan 2023 06:19:42 GMT
Content-Length: 563
POST
200
http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/
REQUEST
RESPONSE
BODY
POST / HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
Host: abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Sun, 22 Jan 2023 06:19:44 GMT
Connection: keep-alive
Content-Length: 18476
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| MODE | Z\x00\x00\xff\xff\xff\xff\x04\x00\x00\x00CLNT\x00\x00\x00\x00\xff\xff\xff\xff \x00\x00\x00Indy 10.6.2.0\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00CLNT \x00\x00\x00\xff\xff\xff\xff\x04\x00\x00\x00UTF8\x00\x00\x00\x00\xff\xff\xff\xff\x0c\x00\x00\x00OPTS UTF8 ON\x00\x00\x00\x00\xff\xff\xff\xff\x0f\x00\x00\x00OPTS UTF-8 NLST\x00U\x8b\xecj\x00SV\x8b\xd83\xc0Uh_$R\x00d\xff0d\x89 \x8bE\x08\x8b@\xfcf\x8b\xb0\xdc\x00\x00\x00f\x83\xfe\x15u\x15\x8b\xc3\x8bU\x08\x8bR\xfc\x8b\x92\xc4\x00\x00\x00\xe8\x03!\xee\xff\xeb.\x8bE\x08\x8b@\xfc\xff\xb0\xc4\x00\x00\x00ht$R\x00\x8dU\xfc\x8bE\x08\x0f\xb7\xc6\xe8vn\xee\xff\xffu\xfc\x8b\xc3\xba\x03\x00\x00\x00\xe8\xff#\xee\xff3\xc0ZYYd\x89\x10hf$R\x00\x8dE\xfc\xe8j \xee\xff\xc3\xe9\xe4\x18\xee\xff\xeb\xf0^[Y]\xc3\x00\xff\xff\xff\xff\x01\x00\x00\x00:\x00\x00\x00U\x8b\xec\xb9%\x00\x00\x00j\x00j\x00Iu\xf9QSV\x89E\xfc3\xc0Uh\xe74R\x00d\xff0d\x89 \x8bE\xfc\x8a\x80\x0e\x01\x00\x00\x8b\xd0\x80\xc2\xfe\x80\xea\x02\x0f\x83\xfb\x00\x00\x00\x8bE\xfc\xc6\x809\x01\x00\x00\x00\x8bE\xfc\x8a\x98O\x01\x00\x00\x84\xdbut\xbe\x04\x00\x00\x00\x8b\x1dL\x98Z\x00j\x00\x8dE\xf4\x8b\x0b\xba\xfc4R\x00\xe8\xef"\xee\xff\x8bU\xf4\x83\xc9\xff\x8bE\xfc\xe8\x153\xf8\xff\x8b\xc8f\x81\xf9\xea\x00t\x07f\x81\xf9N\x01u\x17\x8bE\xfc\x8b\x10\xff\x92\xb0\x00\x00\x00\x8bE\xfc\xc6\x809\x01\x00\x00\x01\xeb}\x0f\xb7\xc1\xb9\xf4\x01\x00\x003\xd2\xf7\xf1\x83\xf8\x01t | client |
| CONNECT | DEVICE TO USB PORT\x00\x00\xff\xff\xff\xff\x02\x00\x00\x00-1\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm220\x00\x00\x00\xff\xff\xff\xff\x06\x00\x00\x00wm100a\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm240\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm245\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm246\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm331\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm330\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm620\x00\x00\x00\xff\xff\xff\xff\x05\x00\x00\x00wm332\x00\x00\x00\xff\xff\xff\xff\x07\x00\x00\x00devices\x00U\x8b\xecS\x8b\xd8\x8b\x154\xc8Z\x00\x8b\x83H\x03\x00\x00\xe8y\x16\xf0\xff\xb2\x01\x8b\x83 \x03\x00\x00\x8b\x08\xffQd[]\xc3\x90U\x8b\xecj\x00S\x8b\xd83\xc0Uh\x99jU\x00d\xff0d\x89 3\xd2\x8b\x83\xf8\x02\x00\x00\xe8\x9d\x02\xee\xff\x8dE\xfc\xe8\xe9J\x00\x00\x83}\xfc\x00t\x0e\x8bU\xfc\x8b\x83 \x03\x00\x00\xe8e\xdc\xfe\xff3\xc0ZYYd\x89\x10h\xa0jU\x00\x8dE\xfc\xe80\xda\xea\xff\xc3\xe9\xaa\xd2\xea\xff\xeb\xf0[Y]\xc3U\x8b\xecQ\x89E\xfc\x8bE\xfc\xe8\xc5\xde\xea\xff3\xc0Uh]kU\x00d\xff0d\x89 \xa1\x18\xc8Z\x00\x8b\x80X\x04\x00\x00\x8b\x80P\x02\x00\x003\xd2\xe8\xc3\x14\xf0\xff\xa1\x18\xc8Z\x00\x8b\x80X\x04\x00\x00\x8b\x80@\x02\x00\x00\xb2\x01\xe8\xab\x14\xf0\xff\xa1\x18\xc8Z\x00\x8b\x80X\x04\x00\x00\x8b\x80@\x02\x00\x00\xbapkU\x00\xe8\xa0\x15\xf0\xff\xa1\x18\xc8Z\x00\x8b\x80X\x04\x00\x00\x8b\x80@\x02\x00\x00\x05\x80\x00\x00\x00\x8bM\xfc\xba\x84kU\x00\xe8\xa5\xdc\xea\xff\xa1\x18\xc8Z\x00\x8b\x80X\x04\x00\x00\x8b\x80@\x02\x00\x00\xb2\x01\xe8\x85\x16\xf0\xff3\xc0ZYYd\x89\x10hdkU\x00\x8dE\xfc\xe8l\xd9\xea\xff\xc3\xe9\xe6\xd1\xea\xff\xeb\xf0Y]\xc3\x00\xff\xff\xff\xff \x00\x00\x00ACTIVATED\x00\x00\x00\xff\xff\xff\xff\x11\x00\x00\x00Subsription key: \x00\x00\x00\xff\xff\xff\xff\x10\x00\x00\x00InitModValuesLst\x00\x00\x00\x00U\x8b\xec3\xc9QQQQSVW3\xc0Uh#mU\x00d\xff0d\x89 3\xc0Uh\xablU\x00d\xff0d\x89 \x8dE\xf8P\xa1\x18\xc8Z\x00\x8b\x88D\x04\x00\x00\xa1\x18\xc8Z\x00\x8b\x90<\x04\x00\x00\xa1\x18\xc8Z\x00\x8b\x80$\x05\x00\x00\xe8\x9eO\x00\x00\xa1\x18\xc8Z\x00\x8b\x80(\x03\x00\x00\xba<mU\x00\xe8\x91\x14\xf0\xff\xa1P\x9cZ\x00\x8b\x00\xe8\xa10\xf2\xff\x8dU\xfc\xa1\x18\xc8Z\x00\x8b\x80\xf8\x04\x00\x00\xe8\xeeW\x00\x00\xa1P\x9cZ\x00\x8b\x00\xe8\x820\xf2\xff\x8bU\xfc\xa1\xdc\xb8G\x00\xe8It\xf2\xff\x8b\x15\x18\xc8Z\x00\x89\x82\xb4\x04\x00\x00\xa1\x18\xc8Z\x00\x8b\x80t\x05\x00\x00\x8b\x80\x1c\x01\x00\x00\x8bP\x18\xa1\x18\xc8Z\x00\x8b\x80\\x04\x00\x00\x8b\x800\x02\x00\x00\xe8#\x14\xf0\xff\xa1\x18\xc8Z\x00\x8b\x80\\x04\x00\x00\x8b\x800\x02\x00\x00\xb2\x01\xe8\xfb\x12\xf0\xff3\xc0ZYYd\x89\x10\xebP\xe9\x10\xcf\xea\xff\x01\x00\x00\x00\xc8~@\x00\xbclU\x00\x89\xc3\x8dE\xf4\x8bS\x04\xe8W\xe0\xea\xff\x8bE\xf4P\x8dE\xf0\x8b\x15\xd4\x90Z\x00\xe8E\xe0\xea\xff\x8bM\xf0\xa1\x18\xc8Z\x00\x8b\x80\xf8\x04\x00\x00\x83\xca\xff\xe8\xc3q\x00\x00\xe8v\xd1\xea\xff\xe8\xc5\xd1\xea\xff3\xc0ZYYd\x89\x10h*mU\x00\x8dE\xf0\xba\x02\x00\x00\x00\xe8\xd7\xde\xea\xff\x8dE\xf8\xba\x02\x00\x00\x00\xe8\xca\xd7\xea\xff\xc3\xe9 \xd0\xea\xff\xeb\xde\x8b\xc3_^[\x8b\xe5]\xc3\x00\xff\xff\xff\xff\x12\x00\x00\x00GETTING SPEED MODS\x00\x00U\x8b\xec\xb9&\x00\x00\x00j\x00j\x00Iu\xf9SVW3\xc0Uh)vU\x00d\xff0d\x89 \xa1X\x97Z\x003\xd2\x89\x10\xa1\x18\xc8Z\x00\x8b\x98\xb4\x04\x00\x00\x85\xdb\x0f\x84\xa2\x06\x00\x00\x8b\xc3\x8b\x10\xffR\x10\x83\xe8\x01q\x05\xe8W\xc7\xea\xff\x85\xc0\x0f\x8c\x9e\x06\x00\x00@\x89E\xcc\xc7E\xf8\x00\x00\x00\x00\xa1\x18\xc8Z\x00\x8b\x80\xb4\x04\x00\x00\x8bU\xf8\x8b\x08\xffQ\x08P\x8dE\xac\xbaDvU\x00\xe8\x9b\xeb\xeb\xff\x8dU\xacX\x8b\x08\xffQ\x14\x8dU\xbc\x8b\x08\xff\x11\x8dU\xbc\x8dE\xdc\xe8\xb4\xda\xeb\xff\xa1\x18\xc8Z\x00\x8b\x80\xb4\x04\x00\x00\x8bU\xf8\x8b\x08\xffQ\x08P\x8dE\x8c\xba\vU\x00 | client |
| CONNECT | DEVICE TO USB PORT\x00\x00U\x8b\xec\xa1\x88\x9aZ\x00\x8b\x00\x8b\x10\xff\x92\xec\x00\x00\x00]\xc3U\x8b\xec\xa1\xd8\x98Z\x00\x8b\x00\xe8\x89\xcb\xff\xff]\xc3\x8d@\x00U\x8b\xec\xa1\x88\x9aZ\x00\x8b\x00\xe8u\xcb\xff\xff]\xc3\x8d@\x00U\x8b\xec\xa1 \x9cZ\x00\x8b\x00\xe8a\xcb\xff\xff]\xc3\x8d@\x00U\x8b\xecS\x8b\xd8\xe8\x1d\xff\xed\xff\x8b\x93,\x05\x00\x00\xe8\xb2\xfb\xed\xff[]\xc3\x8d@\x00U\x8b\xecj\x00S\x8b\xd83\xc0Uh\xf8~U\x00d\xff0d\x89 \x8dE\xfc\x8b 4\xc8Z\x00\xba\x0c\x7fU\x00\xe8\x13\xc9\xea\xffj\x05j\x00j\x00\x8bE\xfc\xe8\xb9\xca\xea\xffPh\x18\x7fU\x00\x8b\xc3\xe8\xc0i\xf0\xffP\xe8\xc6\xad\xed\xff3\xc0ZYYd\x89\x10h\xff~U\x00\x8dE\xfc\xe8\xd1\xc5\xea\xff\xc3\xe9K\xbe\xea\xff\xeb\xf0[Y]\xc3\x00\xff\xff\xff\xff\x08\x00\x00\x00https://\x00\x00\x00\x00open\x00\x00\x00\x00U\x8b\xec\xa1\xa4\x9dZ\x00 | client |
| CONNECT | DEVICE TO USB PORT\x00\x00U\x8b\xec\x83\xc4\xf0SVW3\xd2\x89U\xf8\x89E\xfc3\xc0Uh\xd7]W\x00d\xff0d\x89 3\xd2Uh\xb7]W\x00d\xff2d\x89"\xa1<\x96Z\x00\x8b\x00\x8b\x80t\x05\x00\x00\xe85\xee\xfe\xff\xa1<\x96Z\x00\x8b\x00\x058\x04\x00\x00\xe8\x04\xe9\xe8\xff\xa1P\x9cZ\x00\x8b\x00\xe8\x88\xf3\xea\xff\x83\xe8\x01q\x05\xe8\x1a\xd9\xe8\xff\x85\xc0\x0f\x8c\x9e\x00\x00\x00@\x89E\xf0\xc7E\xf4\x00\x00\x00\x003\xc0Uhj\W\x00d\xff0d\x89 \xa1P\x9cZ\x00\x8b\x00\x8bU\xf4\xe8"\xf3\xea\xff\x8b\x15$\xf5F\x00\xe8+\xdb\xe8\xff\x84\xc0tG\xa1P\x9cZ\x00\x8b\x00\x8bU\xf4\xe8\x04\xf3\xea\xff\x8b@\x08\xba\xf0]W\x00\xe8\x9f\xec\xe8\xfft)\xa1P\x9cZ\x00\x8b\x00\x8bU\xf4\xe8\xe6\xf2\xea\xff\x80xW\x00t\x14\xa1P\x9cZ\x00\x8b\x00\x8bU\xf4\xe8\xd1\xf2\xea\xff\xe8\xd4 | client |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 85.184.161.145:80 -> 192.168.56.103:49163 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts