Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www2.lunapic.com | 72.9.146.243 |
GET
200
http://91.207.183.9:8000/main.bat
REQUEST
RESPONSE
BODY
GET /main.bat HTTP/1.1
Host: 91.207.183.9:8000
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 154
Last-Modified: Fri, 13 Oct 2023 13:17:27 GMT
Content-Type: text/plain
Date: Tue, 17 Oct 2023 01:50:15 GMT
ETag: "5720f861963a7d5332b9171ecdc663c0-1697203047-154"
Accept-Ranges: bytes
Server: WsgiDAV/4.2.0 Cheroot/9.0.0 Python 3.11.1
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49169 -> 72.9.146.243:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49170 -> 72.9.146.243:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 91.207.183.9:8000 -> 192.168.56.101:49171 | 2026989 | ET HUNTING PowerShell Hidden Window Command Common In Powershell Stagers M1 | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts