Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 3 DNS 2 TCP 30 UDP 8 HTTP(S) 4 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
162.33.179.65	Active	Moloch
164.124.101.2	Active	Moloch
54.236.82.84	Active	Moloch

Name	Response	Post-Analysis Lookup
piret-wismann.com	A 162.33.179.65	162.33.179.65
www.ssl.com	A 54.236.82.84 A 54.174.96.153	54.236.82.84

TCP Requests

UDP Requests

GET 200 http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt

REQUEST

GET /repository/SSLcom-RootCA-EV-RSA-4096-R2.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: www.ssl.com

RESPONSE

HTTP/1.1 200 OK Date: Tue, 10 Oct 2023 01:07:08 GMT Content-Type: application/pkix-cert Content-Length: 1519 Connection: keep-alive Server: nginx x-amz-id-2: YdwpBrPQv/3s/2FtiQNaf4+6I0mpHsFwqmBf+Yde6VseOkMNIz1xRX6e/BtDKHZRH3XyMgCRA5g= x-amz-request-id: 22FGTBXZD78Y5KSB Cache-Control: max-age=31556952, public Last-Modified: Mon, 12 Jun 2023 19:56:14 GMT ETag: "e11e31581aae545302f6176a117b4d95" X-Proxy-Cache: HIT

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt

REQUEST

GET /repository/SSLcomRootCertificationAuthorityRSA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: www.ssl.com

RESPONSE

HTTP/1.1 200 OK Date: Tue, 10 Oct 2023 01:07:08 GMT Content-Type: application/pkix-cert Content-Length: 1505 Connection: keep-alive Server: nginx x-amz-id-2: MHbg0BMacRPffM3y10CLyRFivWOxd9ugH0zcgRpbwpP9+QaMhRVT9htBKISVpFQkgG173sTb0t4= x-amz-request-id: XKJMNDF2555YN6SJ Cache-Control: max-age=31556952, public Last-Modified: Mon, 12 Jun 2023 19:57:31 GMT ETag: "866912c070f1ecacacc2d5bca55ba129" X-Proxy-Cache: HIT

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://piret-wismann.com:8080/

REQUEST

POST / HTTP/1.0 Host: piret-wismann.com:8080 Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; Synapse) Content-Type: Application/octet-stream Content-Length: 140

RESPONSE

HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=ISO-8859-1 Content-Length: 4 Date: Tue, 10 Oct 2023 01:07:23 GMT

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

POST 200 http://piret-wismann.com:8080/

REQUEST

POST / HTTP/1.0 Host: piret-wismann.com:8080 Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; Synapse) Content-Type: Application/octet-stream Content-Length: 456

RESPONSE

HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=ISO-8859-1 Content-Length: 2 Date: Tue, 10 Oct 2023 01:07:23 GMT

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49166 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 192.168.56.101:49170 -> 162.33.179.65:2351	2013028	ET POLICY curl User-Agent Outbound	Attempted Information Leak
TCP 162.33.179.65:2351 -> 192.168.56.101:49166	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 162.33.179.65:2351 -> 192.168.56.101:49166	2014520	ET INFO EXE - Served Attached HTTP	Misc activity

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts