Category | Machine | Started | Completed |
---|---|---|---|
URL | s1_win7_x6401 | April 19, 2023, 5:10 p.m. | April 19, 2023, 5:13 p.m. |
URL | https://pentest.privacyengine.io/ |
---|
-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" https://pentest.privacyengine.io/
2616-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2616 CREDAT:145409
2700
-
Name | Response | Post-Analysis Lookup |
---|---|---|
www.gstatic.com | 142.250.206.195 | |
pentest.privacyengine.io | 104.45.22.187 | |
www.google.com | 142.250.206.228 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49172 142.251.220.4:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | c3:7c:54:cd:86:09:a4:3e:2c:6d:ec:7c:fa:65:7b:3e:64:cb:10:e0 |
TLSv1 192.168.56.101:49168 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49165 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49169 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49170 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49164 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49175 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49167 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49178 142.250.204.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | 34:5a:0a:3b:4f:02:f9:c6:c9:d7:3f:ca:9d:17:0d:40:27:05:05:0a |
TLSv1 192.168.56.101:49171 142.251.220.4:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | c3:7c:54:cd:86:09:a4:3e:2c:6d:ec:7c:fa:65:7b:3e:64:cb:10:e0 |
TLSv1 192.168.56.101:49174 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
TLSv1 192.168.56.101:49179 142.250.204.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | 34:5a:0a:3b:4f:02:f9:c6:c9:d7:3f:ca:9d:17:0d:40:27:05:05:0a |
TLSv1 192.168.56.101:49176 104.45.22.187:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.privacyengine.io | 69:f2:7b:59:6f:1d:61:3a:5c:ff:3a:ab:41:68:1c:f0:fc:b9:7d:f2 |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://pentest.privacyengine.io/ |
request | GET https://pentest.privacyengine.io/assets/new/plugins/bootstrap/css/bootstrap.css |
request | GET https://pentest.privacyengine.io/assets/css/google-api-fonts.css |
request | GET https://www.google.com/recaptcha/api.js?hl=en |
request | GET https://pentest.privacyengine.io/assets/css/components-rounded.css |
request | GET https://pentest.privacyengine.io/assets/plugins/font-awesome/css/font-awesome.css |
request | GET https://pentest.privacyengine.io/assets/new/css/layout-outer-custom.css?v=1 |
request | GET https://pentest.privacyengine.io/assets/plugins/bootstrap-switch/css/bootstrap-switch.min.css |
request | GET https://pentest.privacyengine.io/assets/new/css/layout-outer.css?v=1 |
request | GET https://pentest.privacyengine.io/assets/plugins/toastr-master/toastr.css |
request | GET https://pentest.privacyengine.io/assets/css/themes/dark.css |
request | GET https://pentest.privacyengine.io/assets/fonts/inter/inter.css |
request | GET https://pentest.privacyengine.io/assets/plugins/jquery-migrate.min.js |
request | GET https://pentest.privacyengine.io/assets/plugins/jquery.blockui.min.js |
request | GET https://pentest.privacyengine.io/assets/plugins/jquery.min.js |
request | GET https://pentest.privacyengine.io/assets/scripts/jquery.toaster.custom.js |
request | GET https://pentest.privacyengine.io/assets/plugins/jquery.validate/jquery.validate.min.1.13.0.js |
request | GET https://pentest.privacyengine.io/assets/new/plugins/summernote.min.js?v=1 |
request | GET https://pentest.privacyengine.io/assets/scripts/layout-outer-custom.js?v=1 |
request | GET https://pentest.privacyengine.io/assets/img/logo.png?v=1 |
request | GET https://pentest.privacyengine.io/assets/new/images/20px/times-circle-modal.svg |
request | GET https://pentest.privacyengine.io/assets/plugins/autosize.min.js |
request | GET https://pentest.privacyengine.io/assets/plugins/bootstrap/js/bootstrap.min.js |
request | GET https://pentest.privacyengine.io/assets/new/plugins/summernote.min.js |
request | GET https://pentest.privacyengine.io/assets/new/js/main.js |
request | GET https://pentest.privacyengine.io/assets/fonts/inter/Inter-Regular.woff?v=3.15 |
request | GET https://pentest.privacyengine.io/assets/img/remove-icon-small.png |
request | GET https://pentest.privacyengine.io/favicon.ico |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\bootstrap.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\main[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\summernote.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\api[2].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery-migrate.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.blockui.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\autosize.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\jquery.validate.min.1.13.0[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\layout-outer-custom[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery.min[3].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\summernote.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\recaptcha__en[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\jquery.toaster.custom[1].js |
url | https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg |
url | https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png |
url | http://uk.ask.com/favicon.ico |
url | https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff |
url | http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/477.png |
url | http://www.cnet.com/favicon.ico |
url | https://castbox.shopping.naver.com/js/lazyload.js |
url | https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg |
url | http://search.hanafos.com/favicon.ico |
url | https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png |
url | http://search.livedoor.com/favicon.ico |
url | https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc |
url | https://s.pstatic.net/shopping.phinf/20211025_16/fb4391ad-80a4-4058-a54e-c294a35d0275.jpg?type=f214_292 |
url | http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif |
url | http://www.amazon.co.jp/ |
url | http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
url | http://yellowpages.superpages.com/ |
url | https://www.naver.com |
url | https://s.pstatic.net/shopping.phinf/20211028_9/adf7905c-28ea-4ddf-93b2-aa96dad57752.jpg |
url | https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg |
url | https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22 |
url | https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211029_1095%2Fupload_163546934024588ZQX.jpg%22 |
url | https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png |
url | http://search.sify.com/ |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png |
url | http://search.msn.com/results.aspx?q= |
url | https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292 |
url | https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314 |
url | https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg |
url | https://fonts.googleapis.com/css?family=Open |
url | http://isrg.trustid.ocsp.identrust.com0 |
url | http://si.wikipedia.org/w/api.php?action=opensearch |
url | http://www.signatur.rtr.at/de/directory/cps.html0 |
url | http://search.ebay.fr/ |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png |
url | https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot? |
url | http://www.certplus.com/CRL/class3TS.crl0 |
url | https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg |
url | http://it.wikipedia.org/favicon.ico |
url | http://uk.ask.com/ |
url | https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211027_1095%2Fupload_1635293110459bqWPi.jpg%22 |
url | https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png |
url | http://blogimgs.naver.com/blog20/blog/layout_photo/viewer2/btn_right.gif |
url | http://www.google.cz/ |
url | http://search.ebay.co.uk/ |
url | https://nid.naver.com/login/ext/deviceConfirm.nhn?svctype=1 |
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Hijack network configuration | rule | Hijack_Network | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Hijack network configuration | rule | Hijack_Network | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio |
cmdline | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2616 CREDAT:145409 |
host | 117.18.232.200 |