Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.ssl.com | 54.87.241.101 |
GET
200
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
REQUEST
RESPONSE
BODY
GET /repository/SSLcomRootCertificationAuthorityRSA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.ssl.com
HTTP/1.1 200 OK
Date: Thu, 26 Oct 2023 01:30:42 GMT
Content-Type: application/pkix-cert
Content-Length: 1505
Connection: keep-alive
Server: nginx
x-amz-id-2: k5YyvYFmug+mqGRMEe5C24tu8Zxc5/tKvC1SwudLmZZAoIp9xGhngsF5MZG3kYEdzSRbQK0LjvA=
x-amz-request-id: 20ZDB2DRW77C5CX4
Cache-Control: max-age=31556952, public
Last-Modified: Mon, 12 Jun 2023 19:57:31 GMT
ETag: "866912c070f1ecacacc2d5bca55ba129"
X-Proxy-Cache: HIT
GET
200
http://49.13.119.73/GJDtkud/Aerot
REQUEST
RESPONSE
BODY
GET /GJDtkud/Aerot HTTP/1.1
Host: 49.13.119.73
User-Agent: curl/7.85.0
Accept: */*
HTTP/1.1 200 OK
Date: Thu, 26 Oct 2023 01:30:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 49.13.119.73:80 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 192.168.56.101:49167 -> 49.13.119.73:80 | 2034567 | ET HUNTING curl User-Agent to Dotted Quad | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts