Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 172.86.98.101 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
http://172.86.98.101/xs12pro/Akdvsmkkbhu.pdf
REQUEST
RESPONSE
BODY
GET /xs12pro/Akdvsmkkbhu.pdf HTTP/1.1
Host: 172.86.98.101
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 04:16:37 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 08 Oct 2023 10:38:41 GMT
ETag: "79610-6073213ba4e40"
Accept-Ranges: bytes
Content-Length: 497168
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/pdf
GET
200
http://172.86.98.101/xs12pro/Htjxmgd.pdf
REQUEST
RESPONSE
BODY
GET /xs12pro/Htjxmgd.pdf HTTP/1.1
Host: 172.86.98.101
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2023 04:17:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Sun, 08 Oct 2023 10:40:51 GMT
ETag: "100210-607321b79f2c0"
Accept-Ranges: bytes
Content-Length: 1049104
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/pdf
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49164 -> 172.86.98.101:80 | 2027265 | ET INFO Dotted Quad Host PDF Request | Potentially Bad Traffic |
| TCP 192.168.56.101:49167 -> 172.86.98.101:80 | 2027265 | ET INFO Dotted Quad Host PDF Request | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts