Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT
If-None-Match: 0x8D871FC7BDF491D
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 14259
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Sat, 04 Mar 2023 19:43:31 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3320ae43-c01e-003c-6eb0-4e59d9000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 173.208.126.13 | 192.168.56.103 | 3 | |
| 173.208.126.13 | 192.168.56.103 | 3 | |
| 173.208.126.13 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 | |
| 173.208.126.17 | 192.168.56.103 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49165 -> 108.62.118.124:443 | 2404301 | ET CNC Feodo Tracker Reported CnC Server group 2 | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts