Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| vj5566.duckdns.org | 142.202.242.176 | |
| pastebin.com | 104.20.68.143 | |
| ip-api.com | 208.95.112.1 | |
| wshsoft.company | 194.59.164.67 |
- TCP Requests
-
-
192.168.56.103:49167 104.20.67.143:80pastebin.com
-
192.168.56.103:49168 104.20.67.143:443pastebin.com
-
192.168.56.103:49164 104.20.68.143:80pastebin.com
-
192.168.56.103:49165 104.20.68.143:443pastebin.com
-
192.168.56.103:49172 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49175 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49176 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49178 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49185 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49188 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49189 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49194 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49196 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49211 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49909 142.202.242.176:6677vj5566.duckdns.org
-
192.168.56.103:49179 194.59.164.67:80wshsoft.company
-
192.168.56.103:49170 208.95.112.1:80ip-api.com
-
192.168.56.103:49173 208.95.112.1:80ip-api.com
-
192.168.56.103:49184 208.95.112.1:80ip-api.com
-
192.168.56.103:49210 208.95.112.1:80ip-api.com
-
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:53676 239.255.255.250:1900
-
GET
200
https://pastebin.com/raw/WVFt9GbZ
REQUEST
RESPONSE
BODY
GET /raw/WVFt9GbZ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: pastebin.com
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:32 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 14 May 2023 02:06:11 GMT
Server: cloudflare
CF-RAY: 7c71d064afe17e9f-LAX
GET
200
https://pastebin.com/raw/WVFt9GbZ
REQUEST
RESPONSE
BODY
GET /raw/WVFt9GbZ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: pastebin.com
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:34 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 14 May 2023 02:14:19 GMT
Server: cloudflare
CF-RAY: 7c71d06ebd5a1025-LAX
GET
301
http://pastebin.com/raw/WVFt9GbZ
REQUEST
RESPONSE
BODY
GET /raw/WVFt9GbZ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: pastebin.com
HTTP/1.1 301 Moved Permanently
Date: Sun, 14 May 2023 08:36:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 14 May 2023 09:36:31 GMT
Location: https://pastebin.com/raw/WVFt9GbZ
Server: cloudflare
CF-RAY: 7c71d0601b09323e-LAX
GET
301
http://pastebin.com/raw/WVFt9GbZ
REQUEST
RESPONSE
BODY
GET /raw/WVFt9GbZ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: pastebin.com
HTTP/1.1 301 Moved Permanently
Date: Sun, 14 May 2023 08:36:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 14 May 2023 09:36:33 GMT
Location: https://pastebin.com/raw/WVFt9GbZ
Server: cloudflare
CF-RAY: 7c71d06aadec7e99-LAX
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:36:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 51
X-Rl: 43
GET
200
http://wshsoft.company/python27.zip
REQUEST
RESPONSE
BODY
GET /python27.zip HTTP/1.1
Accept: */*
Accept-Language: ko
Cache-Control: max-age=0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: wshsoft.company
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: application/zip
last-modified: Thu, 07 May 2020 21:04:01 GMT
etag: "c5ed8e-5eb477c1-e0196dc1ce759f11;;;"
accept-ranges: bytes
content-length: 12971406
date: Sun, 14 May 2023 08:36:45 GMT
server: LiteSpeed
platform: hostinger
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:06 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 48
X-Rl: 43
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:23 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 42
X-Rl: 43
GET
200
http://ip-api.com/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept-Encoding: gzip, deflate
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 14 May 2023 08:38:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 272
Access-Control-Allow-Origin: *
X-Ttl: 42
X-Rl: 43
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| ERROR | = 1 | client |
| ERROR | = 22 | client |
| ERROR | = 100 | client |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49168 104.20.67.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 79:b7:9c:ec:8a:be:ea:82:0d:16:04:fb:46:5f:89:6b:78:b9:43:fd |
|
TLSv1 192.168.56.103:49165 104.20.68.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 79:b7:9c:ec:8a:be:ea:82:0d:16:04:fb:46:5f:89:6b:78:b9:43:fd |
Snort Alerts
No Snort Alerts