Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 101.99.3.20 | Active | Moloch |
| 104.168.155.143 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 164.90.222.65 | Active | Moloch |
| 167.172.199.165 | Active | Moloch |
| 182.162.143.56 | Active | Moloch |
| 187.63.160.88 | Active | Moloch |
| 203.26.41.132 | Active | Moloch |
| 66.228.32.31 | Active | Moloch |
| 91.121.146.47 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| mtp.evotek.vn | 101.99.3.20 | |
| midcoastsupplies.com.au | 203.26.41.132 |
- TCP Requests
-
-
192.168.56.102:49167 101.99.3.20:80mtp.evotek.vn
-
192.168.56.102:49209 167.172.199.165:8080
-
192.168.56.102:49210 167.172.199.165:8080
-
192.168.56.102:49205 182.162.143.56:443
-
192.168.56.102:49206 182.162.143.56:443
-
192.168.56.102:49207 187.63.160.88:80
-
192.168.56.102:49208 187.63.160.88:80
-
192.168.56.102:49164 203.26.41.132:443midcoastsupplies.com.au
-
192.168.56.102:49166 203.26.41.132:443midcoastsupplies.com.au
-
192.168.56.102:49203 66.228.32.31:7080
-
192.168.56.102:49204 66.228.32.31:7080
-
192.168.56.102:49201 91.121.146.47:8080
-
192.168.56.102:49202 91.121.146.47:8080
-
- UDP Requests
-
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:62849 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
http://mtp.evotek.vn/wp-content/L/?134427
REQUEST
RESPONSE
BODY
GET /wp-content/L/?134427 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: mtp.evotek.vn
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Mar 2023 04:44:57 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.32
Set-Cookie: 64096449ca334=1678337097; expires=Thu, 09-Mar-2023 04:45:57 GMT; Max-Age=60; path=/
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Thu, 09 Mar 2023 04:44:57 GMT
Expires: Thu, 09 Mar 2023 04:44:57 GMT
Content-Disposition: attachment; filename="byNJ7uqXpRBX.zip"
Content-Transfer-Encoding: binary
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts