Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| files.catbox.moe | 107.160.74.134 | |
| urlcallinghta6.blogspot.com | 142.250.76.129 |
- TCP Requests
-
-
192.168.56.101:49168 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49169 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49170 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49174 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49175 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49176 107.160.74.134:443files.catbox.moe
-
192.168.56.101:49163 142.250.207.65:443urlcallinghta6.blogspot.com
-
192.168.56.101:49164 142.250.207.65:443urlcallinghta6.blogspot.com
-
192.168.56.101:49165 142.250.207.65:443urlcallinghta6.blogspot.com
-
192.168.56.101:49166 142.250.207.65:443urlcallinghta6.blogspot.com
-
192.168.56.101:49172 142.250.207.65:443urlcallinghta6.blogspot.com
-
192.168.56.101:49173 142.250.207.65:443urlcallinghta6.blogspot.com
-
OPTIONS
405
https://urlcallinghta6.blogspot.com/
REQUEST
RESPONSE
BODY
OPTIONS / HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: urlcallinghta6.blogspot.com
Content-Length: 0
Connection: Keep-Alive
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Mar 2023 04:12:27 GMT
Expires: Thu, 23 Mar 2023 04:12:27 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
OPTIONS
405
https://urlcallinghta6.blogspot.com/
REQUEST
RESPONSE
BODY
OPTIONS / HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: urlcallinghta6.blogspot.com
Content-Length: 0
Connection: Keep-Alive
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Mar 2023 04:12:27 GMT
Expires: Thu, 23 Mar 2023 04:12:27 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
302
https://urlcallinghta6.blogspot.com/atom.xml
REQUEST
RESPONSE
BODY
GET /atom.xml HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E; MSOffice 12)
Accept-Encoding: gzip, deflate
Host: urlcallinghta6.blogspot.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"8432bdb70eab786064fc92d7cd2373289b87a61a07bc65accc72f18834386706"
Date: Thu, 23 Mar 2023 04:12:28 GMT
Content-Type: text/html; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 23 Mar 2023 04:12:29 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Location: https://files.catbox.moe/sndoli.hta
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
OPTIONS
0
https://urlcallinghta6.blogspot.com/
REQUEST
RESPONSE
BODY
OPTIONS / HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: urlcallinghta6.blogspot.com
Content-Length: 0
Connection: Keep-Alive
OPTIONS
405
https://urlcallinghta6.blogspot.com/
REQUEST
RESPONSE
BODY
OPTIONS / HTTP/1.1
User-Agent: Microsoft Office Protocol Discovery
Host: urlcallinghta6.blogspot.com
Content-Length: 0
Connection: Keep-Alive
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Mar 2023 04:12:31 GMT
Expires: Thu, 23 Mar 2023 04:12:31 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
302
https://urlcallinghta6.blogspot.com/atom.xml
REQUEST
RESPONSE
BODY
GET /atom.xml HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E; MSOffice 12)
Accept-Encoding: gzip, deflate
Host: urlcallinghta6.blogspot.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"8432bdb70eab786064fc92d7cd2373289b87a61a07bc65accc72f18834386706"
Date: Thu, 23 Mar 2023 04:12:32 GMT
Content-Type: text/html; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 23 Mar 2023 04:12:33 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Location: https://files.catbox.moe/sndoli.hta
Content-Length: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49163 142.250.207.65:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.googleusercontent.com | b8:87:cf:d2:6d:98:e2:2e:5b:44:7a:3f:3e:38:c3:f0:33:eb:ce:ec |
|
TLSv1 192.168.56.101:49165 142.250.207.65:443 |
None | None | None |
|
TLSv1 192.168.56.101:49166 142.250.207.65:443 |
None | None | None |
|
TLSv1 192.168.56.101:49172 142.250.207.65:443 |
None | None | None |
|
TLSv1 192.168.56.101:49173 142.250.207.65:443 |
None | None | None |
|
TLSv1 192.168.56.101:49164 142.250.207.65:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=misc-sni.blogspot.com | e1:6e:2e:f1:e8:5e:50:35:06:ff:b0:c5:0b:a8:d8:8e:d7:46:a3:3b |
Snort Alerts
No Snort Alerts