Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| kerasiastudios.gr | 62.1.216.128 |
- TCP Requests
-
-
192.168.56.103:49172 117.18.232.200:443
-
192.168.56.103:49173 117.18.232.200:443
-
192.168.56.103:49174 117.18.232.200:443
-
192.168.56.103:49175 117.18.232.200:443
-
192.168.56.103:49176 117.18.232.200:443
-
192.168.56.103:49177 117.18.232.200:443
-
192.168.56.103:49180 117.18.232.200:80
-
192.168.56.103:49158 121.254.136.26:80
-
192.168.56.103:49167 62.1.216.128:80kerasiastudios.gr
-
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.102:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
200
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 22 Mar 2020 05:00:29 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 767
Content-Type: application/pkix-crl
Content-MD5: aHL66CiNs0IH2efuNQFX9A==
Last-Modified: Fri, 07 May 2021 05:00:53 GMT
ETag: 0x8D91115179E37D7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 22673eb6-601e-003d-798b-3231ab000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 04 Mar 2023 19:23:19 GMT
Connection: keep-alive
GET
403
http://kerasiastudios.gr/warex2.1.exe
REQUEST
RESPONSE
BODY
GET /warex2.1.exe HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: kerasiastudios.gr
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 04 Mar 2023 19:42:51 GMT
Content-Length: 1233
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT
If-None-Match: 0x8D871FC7BDF491D
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 14163
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Sat, 04 Mar 2023 19:41:55 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3320ae43-c01e-003c-6eb0-4e59d9000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 117.18.232.200:443 -> 192.168.56.103:49176 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
| TCP 192.168.56.103:49173 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49174 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49175 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49172 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 117.18.232.200:443 -> 192.168.56.103:49177 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts