Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 3 DNS 1 TCP 3 UDP 4 HTTP(S) 5 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
164.124.101.2	Active	Moloch
5.8.11.93	Active	Moloch
5.8.8.100	Active	Moloch

Name	Response	Post-Analysis Lookup
vossworld.ru	A 5.8.11.93	5.8.11.93

TCP Requests

UDP Requests

HEAD 200 http://5.8.8.100/signal/Traverser.dwp

REQUEST

HEAD /signal/Traverser.dwp HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: 5.8.8.100

RESPONSE

HTTP/1.1 200 OK Date: Thu, 16 Mar 2023 01:55:05 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 09 Mar 2023 19:18:40 GMT ETag: "424fc-5f67c83226400" Accept-Ranges: bytes Content-Length: 271612 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://5.8.8.100/signal/Traverser.dwp

REQUEST

GET /signal/Traverser.dwp HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Mar 2023 19:18:40 GMT User-Agent: Microsoft BITS/7.5 Host: 5.8.8.100

RESPONSE

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

HEAD 200 http://5.8.8.100/signal/Traverser.dwp

REQUEST

HEAD /signal/Traverser.dwp HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: 5.8.8.100

RESPONSE

HTTP/1.1 200 OK Date: Thu, 16 Mar 2023 01:55:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 09 Mar 2023 19:18:40 GMT ETag: "424fc-5f67c83226400" Accept-Ranges: bytes Content-Length: 271612 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://5.8.8.100/signal/Traverser.dwp

REQUEST

GET /signal/Traverser.dwp HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Mar 2023 19:18:40 GMT User-Agent: Microsoft BITS/7.5 Host: 5.8.8.100

RESPONSE

HTTP/1.1 200 OK Date: Thu, 16 Mar 2023 01:55:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 09 Mar 2023 19:18:40 GMT ETag: "424fc-5f67c83226400" Accept-Ranges: bytes Content-Length: 271612 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://5.8.8.100/signal/TpRIfutRxWlhn224.dwp

REQUEST

GET /signal/TpRIfutRxWlhn224.dwp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: 5.8.8.100 Cache-Control: no-cache

RESPONSE

HTTP/1.1 200 OK Date: Thu, 16 Mar 2023 01:55:31 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 09 Mar 2023 19:17:26 GMT ETag: "76e40-5f67c7eb93d80" Accept-Ranges: bytes Content-Length: 486976

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts