setup.7z| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Oct. 23, 2023, 3:58 p.m. | Oct. 23, 2023, 4 p.m. |
| IP Address | Status | Action |
|---|---|---|
| 104.21.79.77 | Active | Moloch |
| 107.167.110.216 | Active | Moloch |
| 104.21.6.10 | Active | Moloch |
| 104.18.146.235 | Active | Moloch |
| 104.21.34.37 | Active | Moloch |
| 104.21.65.24 | Active | Moloch |
| 104.21.93.225 | Active | Moloch |
| 104.244.42.193 | Active | Moloch |
| 104.26.5.15 | Active | Moloch |
| 104.26.8.59 | Active | Moloch |
| 104.76.78.101 | Active | Moloch |
| 109.107.182.133 | Active | Moloch |
| 109.107.182.2 | Active | Moloch |
| 121.254.136.18 | Active | Moloch |
| 142.250.66.132 | Active | Moloch |
| 146.59.70.14 | Active | Moloch |
| 148.251.234.83 | Active | Moloch |
| 148.251.234.93 | Active | Moloch |
| 149.154.167.99 | Active | Moloch |
| 157.240.31.174 | Active | Moloch |
| 157.240.31.63 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 172.67.180.173 | Active | Moloch |
| 171.22.28.213 | Active | Moloch |
| 171.22.28.221 | Active | Moloch |
| 169.148.95.39 | Active | Moloch |
| 171.22.28.226 | Active | Moloch |
| 171.22.28.236 | Active | Moloch |
| 171.22.28.239 | Active | Moloch |
| 172.67.167.220 | Active | Moloch |
| 172.67.187.122 | Active | Moloch |
| 172.67.217.52 | Active | Moloch |
| 172.67.197.174 | Active | Moloch |
| 172.67.200.10 | Active | Moloch |
| 172.67.34.170 | Active | Moloch |
| 172.67.75.163 | Active | Moloch |
| 176.113.115.135 | Active | Moloch |
| 176.113.115.136 | Active | Moloch |
| 176.113.115.84 | Active | Moloch |
| 172.67.75.166 | Active | Moloch |
| 185.172.128.69 | Active | Moloch |
| 193.233.255.73 | Active | Moloch |
| 193.42.32.118 | Active | Moloch |
| 193.42.33.68 | Active | Moloch |
| 194.169.175.128 | Active | Moloch |
| 195.158.3.162 | Active | Moloch |
| 213.180.204.24 | Active | Moloch |
| 34.117.59.81 | Active | Moloch |
| 37.139.129.88 | Active | Moloch |
| 45.11.27.150 | Active | Moloch |
| 45.130.41.101 | Active | Moloch |
| 45.143.201.238 | Active | Moloch |
| 45.15.156.229 | Active | Moloch |
| 62.217.160.2 | Active | Moloch |
| 77.88.55.88 | Active | Moloch |
| 87.240.132.78 | Active | Moloch |
| 91.215.85.209 | Active | Moloch |
| 94.142.138.131 | Active | Moloch |
| 95.142.206.0 | Active | Moloch |
| 95.142.206.3 | Active | Moloch |
| 61.111.58.34 | Active | Moloch |
| 62.122.184.92 | Active | Moloch |
| 77.91.124.1 | Active | Moloch |
| 77.91.68.249 | Active | Moloch |
| 80.66.75.4 | Active | Moloch |
| 80.66.75.77 | Active | Moloch |
| 83.97.73.44 | Active | Moloch |
| 85.143.220.63 | Active | Moloch |
| 85.217.144.143 | Active | Moloch |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49177 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49184 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49198 172.67.167.220:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=experiment.pw | 5a:18:d3:ef:77:26:3f:d9:ff:c0:14:03:82:bb:01:c7:6d:e8:c8:b2 |
|
TLSv1 192.168.56.102:49222 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49232 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49234 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49236 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49233 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49230 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49245 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49249 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49248 95.142.206.3:443 |
None | None | None |
|
TLSv1 192.168.56.102:49251 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49252 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49257 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49258 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49263 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49272 77.88.55.88:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24 |
|
TLSv1 192.168.56.102:49277 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
|
TLSv1 192.168.56.102:49292 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49289 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49293 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49270 104.21.65.24:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=2ip.ua | df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f |
|
TLSv1 192.168.56.102:49281 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | 3a:82:43:a9:43:9c:c8:90:01:04:4f:74:1b:6c:cd:4b:9b:19:7d:93 |
|
TLSv1 192.168.56.102:49285 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49307 104.21.65.24:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=2ip.ua | df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f |
|
TLSv1 192.168.56.102:49305 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49315 172.67.75.163:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49309 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49324 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49357 104.21.6.10:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=neuralshit.net | 48:34:be:08:a6:7d:1e:ee:b7:5d:2d:12:63:b2:18:02:6a:d9:0d:74 |
|
TLSv1 192.168.56.102:49341 172.67.200.10:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=octocrabs.com | 77:33:49:da:ac:e1:32:31:64:ad:8a:16:84:a3:aa:04:d0:fc:15:d7 |
|
TLSv1 192.168.56.102:49345 104.21.34.37:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=experiment.pw | 5a:18:d3:ef:77:26:3f:d9:ff:c0:14:03:82:bb:01:c7:6d:e8:c8:b2 |
|
TLSv1 192.168.56.102:49367 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49377 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5 |
|
TLSv1 192.168.56.102:49376 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49381 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49386 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLS 1.3 192.168.56.102:49387 149.154.167.99:443 |
None | None | None |
|
TLSv1 192.168.56.102:49382 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49385 95.142.206.3:443 |
None | None | None |
|
TLS 1.2 192.168.56.102:49398 104.21.79.77:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=yip.su | b6:2b:8b:a8:8c:60:65:fb:9d:d6:9b:25:cf:96:b2:78:7a:29:76:6b |
|
TLS 1.2 192.168.56.102:49392 172.67.34.170:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
|
TLS 1.2 192.168.56.102:49399 45.130.41.101:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=laubenstein.space | d4:04:82:56:eb:8d:bb:fd:72:7a:36:fd:90:c1:07:aa:45:ac:92:27 |
|
TLS 1.2 192.168.56.102:49393 104.21.93.225:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=flyawayaero.net | 34:8b:a3:9d:94:c4:8d:02:5c:e1:f1:43:da:57:49:64:a9:1c:b6:fe |
|
TLS 1.2 192.168.56.102:49403 172.67.217.52:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=diplodoka.net | 08:f2:0c:9e:cc:84:cd:91:24:54:d5:fe:5e:3f:a9:46:68:a2:58:33 |
|
TLS 1.2 192.168.56.102:49404 107.167.110.216:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com | 8b:1e:84:38:9c:97:8c:be:f7:e1:0e:28:14:15:bb:08:cc:fb:ad:af |
|
TLS 1.2 192.168.56.102:49396 172.67.187.122:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=lycheepanel.info | fa:2e:ff:d8:31:ff:34:7b:0d:ed:0c:88:91:99:bd:b3:72:10:92:93 |
|
TLS 1.3 192.168.56.102:49389 157.240.31.174:443 |
None | None | None |
|
TLS 1.2 192.168.56.102:49402 172.67.180.173:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=potatogoose.com | 0f:a9:ea:9d:3e:af:d2:24:68:a0:8f:b7:58:00:c9:0b:f0:7f:31:37 |
|
TLSv1 192.168.56.102:49409 172.67.75.163:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49418 87.240.132.78:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLS 1.2 192.168.56.102:49397 172.67.197.174:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=*.grabyourpizza.com | 19:34:3f:f1:b2:75:20:7f:8a:58:d1:fd:26:b2:74:e2:ea:f8:76:e6 |
| suspicious_features | Connection to IP address | suspicious_request | GET http://94.142.138.131/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.131/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.2/race/bus50.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.2/race/bus50.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://176.113.115.84:8080/4.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.15.156.229/api/firegate.php | ||||||
| suspicious_features | POST method with no referer header, POST method with no useragent header | suspicious_request | POST http://wyattsebastian.top/e9c345fc99a4e67e.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.233.255.73/loghub/master | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://193.42.32.118/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firecom.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://185.172.128.69/newumma.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://185.172.128.69/newumma.exe | ||||||
| suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://77.91.124.1/theme/index.php | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.68.249/fuza/2.ps1 | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.221/files/Ads.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://193.42.33.68/vpnmhcvbszad/boblspsqgegf.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.213/3.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.221/files/Ads.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.213/3.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://193.42.33.68/vpnmhcvbszad/boblspsqgegf.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.68.249/fuza/sus.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.68.249/fuza/foto2552.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.68.249/fuza/nalo.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://77.91.68.249/zoom/angi.exe | ||||||
| suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://85.217.144.143/files/My2.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://gobo03fc.top/build.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/xYhKBupz | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://grabyourpizza.com/7a54bdb20779c4359694feaa1398dd25.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://potatogoose.com/16d7385732355adc773732b0327e9c0c/baf14778c246e15550645e30ba78ce1c.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://diplodoka.net/16d7385732355adc773732b0327e9c0c/7a54bdb20779c4359694feaa1398dd25.exe | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
| request | GET http://94.142.138.131/api/tracemap.php |
| request | POST http://94.142.138.131/api/firegate.php |
| request | HEAD http://171.22.28.226/download/Services.exe |
| request | HEAD http://109.107.182.2/race/bus50.exe |
| request | HEAD http://jackantonio.top/timeSync.exe |
| request | GET http://171.22.28.226/download/Services.exe |
| request | GET http://109.107.182.2/race/bus50.exe |
| request | GET http://jackantonio.top/timeSync.exe |
| request | GET http://176.113.115.84:8080/4.php |
| request | GET http://45.15.156.229/api/tracemap.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | POST http://wyattsebastian.top/e9c345fc99a4e67e.php |
| request | POST http://193.233.255.73/loghub/master |
| request | GET http://193.42.32.118/api/tracemap.php |
| request | POST http://193.42.32.118/api/firecom.php |
| request | GET http://www.maxmind.com/geoip/v2.1/city/me |
| request | HEAD http://171.22.28.226/download/WWW14_64.exe |
| request | GET http://171.22.28.226/download/WWW14_64.exe |
| request | HEAD http://185.172.128.69/newumma.exe |
| request | GET http://185.172.128.69/newumma.exe |
| request | GET http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true |
| request | GET http://colisumy.com/dl/build2.exe |
| request | GET http://zexeq.com/files/1/build3.exe |
| request | POST http://77.91.124.1/theme/index.php |
| request | GET http://77.91.68.249/fuza/2.ps1 |
| request | HEAD http://171.22.28.221/files/Ads.exe |
| request | HEAD http://193.42.33.68/vpnmhcvbszad/boblspsqgegf.exe |
| request | HEAD http://171.22.28.213/3.exe |
| request | GET http://171.22.28.221/files/Ads.exe |
| request | GET http://171.22.28.213/3.exe |
| request | GET http://193.42.33.68/vpnmhcvbszad/boblspsqgegf.exe |
| request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
| request | HEAD http://lakuiksong.known.co.ke/netTimer.exe |
| request | GET http://lakuiksong.known.co.ke/netTimer.exe |
| request | GET http://77.91.68.249/fuza/sus.exe |
| request | GET http://www.google.com/ |
| request | GET http://77.91.68.249/fuza/foto2552.exe |
| request | GET http://77.91.68.249/fuza/nalo.exe |
| request | GET http://77.91.68.249/zoom/angi.exe |
| request | GET http://85.217.144.143/files/My2.exe |
| request | GET http://gobo03fc.top/build.exe |
| request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 |
| request | GET https://api.myip.com/ |
| request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
| request | GET https://experiment.pw/setup294.exe |
| request | GET https://vk.com/doc52355237_666778887?hash=MsypGwgfzH9k8tAFuGqJl0MJgVVDiak3EKsK8zRZBXP&dl=zbnEaURFd1h1t5v6QgcpBauCKgnVbU0YGtRdWYWulE8&api=1&no_preview=1 |
| request | GET https://vk.com/doc52355237_667021459?hash=JwfD1ZCA6QgwzFekXEx3DZwJrazNVwknSJ4vBCdj3Ys&dl=GOvejb9TzKE4gYCzHfWoYwfHsCK1bKByDgPNozGoPQ0&api=1&no_preview=1 |
| request | GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test |
| request | GET https://sun6-23.userapi.com/c909518/u52355237/docs/d49/5c0d068b2eac/PL_Client.bmp?extra=b8v6B06HpzoI3tSK0mTSwwXQMXnLc3q1jWsNUxfrUhg37IPgrTLUxJuXVjoqdaD6wxqd5omwvfT1I4ifIHPUpzMI6CdiRlp1tMXpPcZQCoixxWWU5YWu8GW5XHCV-7gyvoe17RzAXLzj21i0 |
| request | GET https://vk.com/doc52355237_667162081?hash=4BgzraSUlIskCw5J6xGm3ViPzq8b7svHxEssqfvoCPH&dl=LANzNVd3qg51q6TImeUt70feNJmp9qZlTmWM3bxixcD&api=1&no_preview=1#test22 |
| request | POST http://94.142.138.131/api/firegate.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | POST http://wyattsebastian.top/e9c345fc99a4e67e.php |
| request | POST http://193.233.255.73/loghub/master |
| request | POST http://193.42.32.118/api/firecom.php |
| request | POST http://77.91.124.1/theme/index.php |
| request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
| ip | 109.107.182.133 |
| ip | 171.22.28.236 |
| ip | 171.22.28.239 |
| ip | 176.113.115.84 |
| ip | 194.169.175.128 |
| domain | yip.su | description | Soviet Union domain TLD | ||||||
| domain | gobo03fc.top | description | Generic top level domain TLD | ||||||
| domain | ipinfo.io |
| file | C:\Users\test22\AppData\Local\Temp\7zE8989BF2D\File.exe |
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| host | 109.107.182.133 | |||
| host | 109.107.182.2 | |||
| host | 171.22.28.213 | |||
| host | 171.22.28.221 | |||
| host | 171.22.28.226 | |||
| host | 171.22.28.236 | |||
| host | 171.22.28.239 | |||
| host | 176.113.115.135 | |||
| host | 176.113.115.136 | |||
| host | 176.113.115.84 | |||
| host | 185.172.128.69 | |||
| host | 193.233.255.73 | |||
| host | 193.42.32.118 | |||
| host | 193.42.33.68 | |||
| host | 194.169.175.128 | |||
| host | 45.143.201.238 | |||
| host | 45.15.156.229 | |||
| host | 94.142.138.131 | |||
| host | 62.122.184.92 | |||
| host | 77.91.124.1 | |||
| host | 77.91.68.249 | |||
| host | 80.66.75.4 | |||
| host | 80.66.75.77 | |||
| host | 83.97.73.44 | |||
| host | 85.217.144.143 | |||
| dead_host | 176.113.115.84:80 |
| dead_host | 192.168.56.102:49190 |