Setup.7z| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Oct. 20, 2023, 6:01 p.m. | Oct. 20, 2023, 6:04 p.m. |
| IP Address | Status | Action |
|---|---|---|
| 104.194.128.170 | Active | Moloch |
| 107.167.110.211 | Active | Moloch |
| 104.18.146.235 | Active | Moloch |
| 104.21.35.235 | Active | Moloch |
| 104.20.67.143 | Active | Moloch |
| 104.20.68.143 | Active | Moloch |
| 104.21.21.189 | Active | Moloch |
| 104.21.32.208 | Active | Moloch |
| 104.21.34.37 | Active | Moloch |
| 104.21.6.10 | Active | Moloch |
| 104.21.65.24 | Active | Moloch |
| 104.21.78.56 | Active | Moloch |
| 104.21.90.82 | Active | Moloch |
| 104.244.42.1 | Active | Moloch |
| 104.26.5.15 | Active | Moloch |
| 104.26.8.59 | Active | Moloch |
| 104.76.78.101 | Active | Moloch |
| 121.254.136.9 | Active | Moloch |
| 142.251.2.127 | Active | Moloch |
| 146.59.70.14 | Active | Moloch |
| 148.251.234.83 | Active | Moloch |
| 148.251.234.93 | Active | Moloch |
| 149.154.167.99 | Active | Moloch |
| 162.159.135.233 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 171.22.28.236 | Active | Moloch |
| 172.67.180.173 | Active | Moloch |
| 172.67.217.52 | Active | Moloch |
| 171.22.28.213 | Active | Moloch |
| 171.22.28.221 | Active | Moloch |
| 171.22.28.224 | Active | Moloch |
| 171.22.28.226 | Active | Moloch |
| 171.22.28.239 | Active | Moloch |
| 172.67.139.220 | Active | Moloch |
| 172.67.167.220 | Active | Moloch |
| 172.67.187.122 | Active | Moloch |
| 172.67.197.174 | Active | Moloch |
| 172.67.216.81 | Active | Moloch |
| 172.67.75.166 | Active | Moloch |
| 172.86.97.117 | Active | Moloch |
| 185.216.70.238 | Active | Moloch |
| 185.225.75.171 | Active | Moloch |
| 190.187.52.42 | Active | Moloch |
| 185.82.216.96 | Active | Moloch |
| 190.219.136.87 | Active | Moloch |
| 193.42.32.118 | Active | Moloch |
| 193.42.32.29 | Active | Moloch |
| 193.42.33.7 | Active | Moloch |
| 194.169.175.127 | Active | Moloch |
| 194.169.175.128 | Active | Moloch |
| 20.150.38.228 | Active | Moloch |
| 20.150.79.68 | Active | Moloch |
| 204.79.197.219 | Active | Moloch |
| 213.180.204.24 | Active | Moloch |
| 34.117.59.81 | Active | Moloch |
| 45.130.41.101 | Active | Moloch |
| 45.132.1.20 | Active | Moloch |
| 45.15.156.229 | Active | Moloch |
| 5.255.255.70 | Active | Moloch |
| 5.75.212.77 | Active | Moloch |
| 62.217.160.2 | Active | Moloch |
| 65.109.26.240 | Active | Moloch |
| 69.48.143.183 | Active | Moloch |
| 77.91.124.55 | Active | Moloch |
| 77.91.68.249 | Active | Moloch |
| 85.143.220.63 | Active | Moloch |
| 85.217.144.143 | Active | Moloch |
| 87.240.132.72 | Active | Moloch |
| 91.215.85.209 | Active | Moloch |
| 93.186.225.194 | Active | Moloch |
| 94.142.138.113 | Active | Moloch |
| 95.142.206.0 | Active | Moloch |
| 95.142.206.2 | Active | Moloch |
| 95.142.206.3 | Active | Moloch |
| 45.129.14.83 | Active | Moloch |
| 5.42.92.88 | Active | Moloch |
| 95.142.206.1 | Active | Moloch |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49178 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49187 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49201 104.21.34.37:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=experiment.pw | 5a:18:d3:ef:77:26:3f:d9:ff:c0:14:03:82:bb:01:c7:6d:e8:c8:b2 |
|
TLSv1 192.168.56.102:49236 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49238 95.142.206.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49239 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49249 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49235 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49252 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49254 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49255 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49253 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49246 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49251 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49250 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49256 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49263 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49257 95.142.206.3:443 |
None | None | None |
|
TLSv1 192.168.56.102:49272 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49273 5.255.255.70:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24 |
|
TLSv1 192.168.56.102:49279 172.67.139.220:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.2ip.ua | 89:d4:db:86:86:4b:66:21:04:8f:0e:6c:cc:a5:4a:d5:67:73:3c:c9 |
|
TLS 1.2 192.168.56.102:49276 104.20.67.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
|
TLS 1.2 192.168.56.102:49287 172.67.216.81:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=flyawayaero.net | 34:8b:a3:9d:94:c4:8d:02:5c:e1:f1:43:da:57:49:64:a9:1c:b6:fe |
|
TLS 1.2 192.168.56.102:49291 172.67.187.122:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=lycheepanel.info | 9f:29:fd:d3:0f:46:b4:fc:1f:d0:06:c7:4e:4d:21:d0:21:08:ea:43 |
|
TLS 1.2 192.168.56.102:49304 104.21.78.56:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=diplodoka.net | 08:f2:0c:9e:cc:84:cd:91:24:54:d5:fe:5e:3f:a9:46:68:a2:58:33 |
|
TLSv1 192.168.56.102:49299 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | 3a:82:43:a9:43:9c:c8:90:01:04:4f:74:1b:6c:cd:4b:9b:19:7d:93 |
|
TLSv1 192.168.56.102:49298 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLS 1.2 192.168.56.102:49297 45.130.41.101:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=laubenstein.space | d4:04:82:56:eb:8d:bb:fd:72:7a:36:fd:90:c1:07:aa:45:ac:92:27 |
|
TLSv1 192.168.56.102:49282 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
|
TLS 1.2 192.168.56.102:49293 172.67.197.174:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.grabyourpizza.com | 19:34:3f:f1:b2:75:20:7f:8a:58:d1:fd:26:b2:74:e2:ea:f8:76:e6 |
|
TLS 1.2 192.168.56.102:49303 104.21.35.235:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=potatogoose.com | 0f:a9:ea:9d:3e:af:d2:24:68:a0:8f:b7:58:00:c9:0b:f0:7f:31:37 |
|
TLS 1.2 192.168.56.102:49310 107.167.110.211:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com | 8b:1e:84:38:9c:97:8c:be:f7:e1:0e:28:14:15:bb:08:cc:fb:ad:af |
|
TLSv1 192.168.56.102:49313 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49316 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49320 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49319 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49334 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49335 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49341 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5 |
|
TLSv1 192.168.56.102:49343 104.21.65.24:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.2ip.ua | 89:d4:db:86:86:4b:66:21:04:8f:0e:6c:cc:a5:4a:d5:67:73:3c:c9 |
|
TLSv1 192.168.56.102:49347 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49391 172.67.167.220:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=experiment.pw | 5a:18:d3:ef:77:26:3f:d9:ff:c0:14:03:82:bb:01:c7:6d:e8:c8:b2 |
|
TLSv1 192.168.56.102:49410 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5 |
|
TLSv1 192.168.56.102:49405 87.240.132.72:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49406 87.240.132.72:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49413 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49423 87.240.132.72:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49375 87.240.132.72:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49412 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49393 104.21.21.189:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=octocrabs.com | 77:33:49:da:ac:e1:32:31:64:ad:8a:16:84:a3:aa:04:d0:fc:15:d7 |
|
TLSv1 192.168.56.102:49424 95.142.206.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49400 104.21.6.10:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=neuralshit.net | 48:34:be:08:a6:7d:1e:ee:b7:5d:2d:12:63:b2:18:02:6a:d9:0d:74 |
|
TLSv1 192.168.56.102:49426 20.150.38.228:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | CN=*.blob.core.windows.net | 6e:0d:1b:21:93:e6:c6:eb:18:68:57:6a:7e:85:c2:b6:90:ce:6b:9d |
|
TLSv1 192.168.56.102:49427 20.150.79.68:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | CN=*.blob.core.windows.net | 6e:0d:1b:21:93:e6:c6:eb:18:68:57:6a:7e:85:c2:b6:90:ce:6b:9d |
|
TLS 1.2 192.168.56.102:49435 104.20.68.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
|
TLSv1 192.168.56.102:49436 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49450 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLS 1.2 192.168.56.102:49456 172.67.217.52:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=diplodoka.net | 08:f2:0c:9e:cc:84:cd:91:24:54:d5:fe:5e:3f:a9:46:68:a2:58:33 |
|
TLS 1.2 192.168.56.102:49453 45.130.41.101:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=laubenstein.space | d4:04:82:56:eb:8d:bb:fd:72:7a:36:fd:90:c1:07:aa:45:ac:92:27 |
|
TLS 1.2 192.168.56.102:49457 107.167.110.211:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com | 8b:1e:84:38:9c:97:8c:be:f7:e1:0e:28:14:15:bb:08:cc:fb:ad:af |
|
TLSv1 192.168.56.102:49422 87.240.132.72:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLS 1.3 192.168.56.102:49463 162.159.135.233:443 |
None | None | None |
|
TLS 1.3 192.168.56.102:49462 185.82.216.96:443 |
None | None | None |
|
TLS 1.2 192.168.56.102:49443 172.67.216.81:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=flyawayaero.net | 34:8b:a3:9d:94:c4:8d:02:5c:e1:f1:43:da:57:49:64:a9:1c:b6:fe |
|
TLS 1.2 192.168.56.102:49446 104.21.32.208:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=lycheepanel.info | 9f:29:fd:d3:0f:46:b4:fc:1f:d0:06:c7:4e:4d:21:d0:21:08:ea:43 |
|
TLS 1.2 192.168.56.102:49447 104.21.90.82:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.grabyourpizza.com | 19:34:3f:f1:b2:75:20:7f:8a:58:d1:fd:26:b2:74:e2:ea:f8:76:e6 |
|
TLS 1.2 192.168.56.102:49455 172.67.180.173:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=potatogoose.com | 0f:a9:ea:9d:3e:af:d2:24:68:a0:8f:b7:58:00:c9:0b:f0:7f:31:37 |
|
TLSv1 192.168.56.102:49425 204.79.197.219:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=msdl.microsoft.com | 38:41:7e:3d:62:ae:23:84:cc:0e:a0:df:1b:44:80:83:13:e5:3b:51 |
| suspicious_features | Connection to IP address | suspicious_request | GET http://193.42.32.118/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.221/files/Random.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://77.91.68.249/navi/kur90.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.221/files/Random.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://77.91.68.249/navi/kur90.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://kevinrobinson.top/e9c345fc99a4e67e.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.15.156.229/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://94.142.138.113/api/tracemap.php | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://172.86.97.117/himeffectivelyproress.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://galandskiyher5.com/downloads/toolspub1.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://85.217.144.143/files/Amadey.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://gons01b.top/build.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://85.217.144.143/files/My2.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firecom.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://193.42.33.7/newumma.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.129.14.83/fra.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.129.14.83/fra.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://193.42.33.7/newumma.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://5.42.92.88/loghub/master | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.75.212.77/55d1d90f582be35927dbf245a6a59f6e | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.75.212.77/upgrade.zip | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.113/api/firegate.php | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://104.194.128.170/svp/Hfxbflp.mp3 | ||||||
| suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://193.42.33.7/mbSDvj3/index.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.213/3.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.221/files/Ads.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.221/files/Ads.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.213/3.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.75.212.77/13088c19c5a97b42d0d1d9573cc9f1b8 | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://5.75.212.77/ | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://gobo02fc.top/build.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/HPj0MzD6 | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://grabyourpizza.com/7a54bdb20779c4359694feaa1398dd25.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/xYhKBupz | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://potatogoose.com/011c9f113ddd731c796c737fa640ca01/baf14778c246e15550645e30ba78ce1c.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://diplodoka.net/011c9f113ddd731c796c737fa640ca01/7a54bdb20779c4359694feaa1398dd25.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
| request | GET http://193.42.32.118/api/tracemap.php |
| request | POST http://193.42.32.118/api/firegate.php |
| request | HEAD http://171.22.28.226/download/Services.exe |
| request | HEAD http://171.22.28.221/files/Random.exe |
| request | HEAD http://77.91.68.249/navi/kur90.exe |
| request | HEAD http://jackantonio.top/timeSync.exe |
| request | GET http://171.22.28.221/files/Random.exe |
| request | GET http://171.22.28.226/download/Services.exe |
| request | GET http://77.91.68.249/navi/kur90.exe |
| request | GET http://jackantonio.top/timeSync.exe |
| request | GET http://45.15.156.229/api/tracemap.php |
| request | POST http://kevinrobinson.top/e9c345fc99a4e67e.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | GET http://94.142.138.113/api/tracemap.php |
| request | GET http://172.86.97.117/himeffectivelyproress.exe |
| request | GET http://galandskiyher5.com/downloads/toolspub1.exe |
| request | GET http://85.217.144.143/files/Amadey.exe |
| request | GET http://gons01b.top/build.exe |
| request | GET http://85.217.144.143/files/My2.exe |
| request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
| request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 |
| request | POST http://193.42.32.118/api/firecom.php |
| request | GET http://www.maxmind.com/geoip/v2.1/city/me |
| request | HEAD http://193.42.33.7/newumma.exe |
| request | HEAD http://45.129.14.83/fra.exe |
| request | GET http://45.129.14.83/fra.exe |
| request | GET http://193.42.33.7/newumma.exe |
| request | HEAD http://171.22.28.226/download/WWW14_64.exe |
| request | GET http://171.22.28.226/download/WWW14_64.exe |
| request | POST http://5.42.92.88/loghub/master |
| request | GET http://5.75.212.77/55d1d90f582be35927dbf245a6a59f6e |
| request | GET http://5.75.212.77/upgrade.zip |
| request | GET http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true |
| request | POST http://94.142.138.113/api/firegate.php |
| request | GET http://colisumy.com/dl/build2.exe |
| request | GET http://104.194.128.170/svp/Hfxbflp.mp3 |
| request | POST http://193.42.33.7/mbSDvj3/index.php |
| request | GET http://zexeq.com/files/1/build3.exe |
| request | HEAD http://171.22.28.213/3.exe |
| request | HEAD http://171.22.28.221/files/Ads.exe |
| request | GET http://171.22.28.221/files/Ads.exe |
| request | GET http://171.22.28.213/3.exe |
| request | HEAD http://lakuiksong.known.co.ke/netTimer.exe |
| request | GET http://lakuiksong.known.co.ke/netTimer.exe |
| request | GET http://5.75.212.77/13088c19c5a97b42d0d1d9573cc9f1b8 |
| request | POST http://5.75.212.77/ |
| request | GET http://gobo02fc.top/build.exe |
| request | GET https://api.myip.com/ |
| request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
| request | GET https://experiment.pw/setup294.exe |
| request | POST http://193.42.32.118/api/firegate.php |
| request | POST http://kevinrobinson.top/e9c345fc99a4e67e.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | POST http://193.42.32.118/api/firecom.php |
| request | POST http://5.42.92.88/loghub/master |
| request | POST http://94.142.138.113/api/firegate.php |
| request | POST http://193.42.33.7/mbSDvj3/index.php |
| request | POST http://5.75.212.77/ |
| request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
| ip | 171.22.28.236 |
| ip | 171.22.28.224 |
| ip | 171.22.28.239 |
| ip | 185.216.70.238 |
| ip | 185.225.75.171 |
| ip | 194.169.175.128 |
| ip | 77.91.124.55 |
| ip | 142.251.2.127 |
| domain | experiment.pw | description | Palau domain TLD | ||||||
| domain | yandex.ru | description | Russian Federation domain TLD | ||||||
| domain | iplis.ru | description | Russian Federation domain TLD | ||||||
| domain | sso.passport.yandex.ru | description | Russian Federation domain TLD | ||||||
| domain | dzen.ru | description | Russian Federation domain TLD | ||||||
| domain | yip.su | description | Soviet Union domain TLD | ||||||
| domain | gons01b.top | description | Generic top level domain TLD | ||||||
| domain | kevinrobinson.top | description | Generic top level domain TLD | ||||||
| domain | jackantonio.top | description | Generic top level domain TLD | ||||||
| domain | gobo02fc.top | description | Generic top level domain TLD | ||||||
| domain | ipinfo.io |
| file | C:\Users\test22\AppData\Local\Temp\7zE0B3C1498\Setup_x64.exe |
| file | C:\Users\test22\AppData\Local\Temp\7zE0B3C1498\Setup_x86.exe |
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| domain | stun4.l.google.com |
| domain | ab07dfb1-b583-46f4-8c3d-99c8152cf07f.uuid.filesdumpplace.org |
| host | 104.194.128.170 | |||
| host | 171.22.28.236 | |||
| host | 171.22.28.213 | |||
| host | 171.22.28.221 | |||
| host | 171.22.28.224 | |||
| host | 171.22.28.226 | |||
| host | 171.22.28.239 | |||
| host | 172.86.97.117 | |||
| host | 185.216.70.238 | |||
| host | 185.225.75.171 | |||
| host | 193.42.32.118 | |||
| host | 193.42.32.29 | |||
| host | 193.42.33.7 | |||
| host | 194.169.175.128 | |||
| host | 45.15.156.229 | |||
| host | 5.75.212.77 | |||
| host | 77.91.124.55 | |||
| host | 77.91.68.249 | |||
| host | 85.217.144.143 | |||
| host | 94.142.138.113 | |||
| host | 45.129.14.83 | |||
| host | 5.42.92.88 | |||
| dead_host | 193.42.32.29:80 |