Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 4 DNS 3 TCP 13 UDP 7 HTTP(S) 10 ICMP 1 IRC 0 Suricata Snort

IP Address	Status	Action
103.8.25.128	Active	Moloch
148.251.234.93	Active	Moloch
164.124.101.2	Active	Moloch
5.101.152.100	Active	Moloch

Name	Response	Post-Analysis Lookup
iplogger.com	A 148.251.234.93	148.251.234.93
mynsd2u.com	A 103.8.25.128	103.8.25.128
tokoi45.beget.tech	A 5.101.152.100	5.101.152.100

TCP Requests

UDP Requests

GET 200 http://tokoi45.beget.tech/server.txt

REQUEST

GET /server.txt HTTP/1.0 Host: tokoi45.beget.tech *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Wed, 21 Jun 2023 07:04:28 GMT Content-Type: text/plain Content-Length: 11 Last-Modified: Tue, 20 Jun 2023 16:38:58 GMT Connection: close ETag: "6491d622-b" Expires: Wed, 28 Jun 2023 07:04:28 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://tokoi45.beget.tech/server1.txt

REQUEST

GET /server1.txt HTTP/1.0 Host: tokoi45.beget.tech *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Wed, 21 Jun 2023 07:04:29 GMT Content-Type: text/plain Content-Length: 0 Last-Modified: Mon, 12 Jun 2023 05:54:23 GMT Connection: close ETag: "6486b30f-0" Expires: Wed, 28 Jun 2023 07:04:29 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://tokoi45.beget.tech/server2.txt

REQUEST

GET /server2.txt HTTP/1.0 Host: tokoi45.beget.tech *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Wed, 21 Jun 2023 07:04:29 GMT Content-Type: text/plain Content-Length: 0 Last-Modified: Mon, 29 May 2023 17:28:07 GMT Connection: close ETag: "6474e0a7-0" Expires: Wed, 28 Jun 2023 07:04:29 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_1.exe

REQUEST

GET /1/data64_1.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:30 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_2.exe

REQUEST

GET /1/data64_2.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:32 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_3.exe

REQUEST

GET /1/data64_3.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:33 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_4.exe

REQUEST

GET /1/data64_4.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:34 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_5.exe

REQUEST

GET /1/data64_5.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:35 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 404 http://mynsd2u.com/1/data64_6.exe

REQUEST

GET /1/data64_6.exe HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 404 Not Found Date: Wed, 21 Jun 2023 07:04:36 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://mynsd2u.com/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://mynsd2u.com/webArg1.txt

REQUEST

GET /webArg1.txt HTTP/1.0 Host: mynsd2u.com *Accept: */* *Connection: close User-Agent: Firefox-6.0

RESPONSE

HTTP/1.1 200 OK Date: Wed, 21 Jun 2023 07:04:38 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 20 Jun 2023 11:25:56 GMT Accept-Ranges: bytes Content-Length: 27 Vary: Accept-Encoding Content-Type: text/plain

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.103	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49177 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49178 -> 148.251.234.93:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49179	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts