Network Analysis
IP Address | Status | Action |
---|---|---|
125.253.92.50 | Active | Moloch |
104.18.146.235 | Active | Moloch |
104.244.42.1 | Active | Moloch |
104.26.5.15 | Active | Moloch |
121.254.136.18 | Active | Moloch |
149.154.167.99 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.193.129 | Active | Moloch |
172.67.75.166 | Active | Moloch |
213.180.204.24 | Active | Moloch |
34.117.59.81 | Active | Moloch |
5.255.255.70 | Active | Moloch |
62.217.160.2 | Active | Moloch |
91.92.243.151 | Active | Moloch |
94.142.138.131 | Active | Moloch |
- TCP Requests
-
-
125.253.92.50:3333 192.168.56.101:49163
-
192.168.56.101:49179 104.18.146.235:80www.maxmind.com
-
192.168.56.101:49165 104.244.42.1:443twitter.com
-
192.168.56.101:49166 104.244.42.1:443twitter.com
-
192.168.56.101:49177 104.26.5.15:443db-ip.com
-
192.168.56.101:49173 121.254.136.18:80apps.identrust.com
-
192.168.56.101:49162 149.154.167.99:443telegram.org
-
192.168.56.101:49164 149.154.167.99:443telegram.org
-
192.168.56.101:49172 172.67.193.129:443ironhost.io
-
192.168.56.101:49178 172.67.75.166:443db-ip.com
-
192.168.56.101:49169 213.180.204.24:443sso.passport.yandex.ru
-
192.168.56.101:49175 34.117.59.81:443ipinfo.io
-
192.168.56.101:49176 34.117.59.81:443ipinfo.io
-
192.168.56.101:49167 5.255.255.70:443yandex.ru
-
192.168.56.101:49168 62.217.160.2:443dzen.ru
-
192.168.56.101:49170 91.92.243.151:80
-
192.168.56.101:49174 94.142.138.131:80
-
- UDP Requests
-
-
192.168.56.101:51901 164.124.101.2:53
-
192.168.56.101:52753 164.124.101.2:53
-
192.168.56.101:52797 164.124.101.2:53
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:57986 164.124.101.2:53
-
192.168.56.101:58297 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:57989 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
192.168.56.103:137 192.168.56.101:137
-
GET
302
https://yandex.ru/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: yandex.ru
HTTP/1.1 302 Moved temporarily
Accept-CH: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
Cache-Control: max-age=1209600,private
Date: Mon, 06 Nov 2023 22:42:31 GMT
Location: https://dzen.ru/?yredirect=true
NEL: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
P3P: policyref="/w3c/p3p.xml", CP="NON DSP ADM DEV PSD IVDo OUR IND STP PHY PRE NAV UNI"
Portal: Home
Report-To: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Robots-Tag: unavailable_after: 12 Sep 2022 00:00:00 PST
X-Yandex-Req-Id: 1699310551298716-8197614451681877949-balancer-l7leveler-kubr-yp-vla-82-BAL-3999
set-cookie: is_gdpr=0; Path=/; Domain=.yandex.ru; Expires=Wed, 05 Nov 2025 22:42:31 GMT
set-cookie: is_gdpr_b=CIauJRCx2AEoAg==; Path=/; Domain=.yandex.ru; Expires=Wed, 05 Nov 2025 22:42:31 GMT
set-cookie: _yasc=GKXXa8XeWyBkilgphmiCRh1+UJ3Au0Oak1MDF6riFtkkxB/kceH3qD0wSUFaKce43vQ=; domain=.yandex.ru; path=/; expires=Thu, 03 Nov 2033 22:42:31 GMT; secure
set-cookie: i=UWFDVZLAkw8guTEv8TCKtodLL2VOelINXO/cob/h6+7GjK6ip8gcadlflg3RZfCNkob5YokHEJO/JWtvRNdLDtEQ+vo=; Expires=Wed, 05-Nov-2025 22:42:31 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly
set-cookie: yandexuid=8818779491699310551; Expires=Wed, 05-Nov-2025 22:42:31 GMT; Domain=.yandex.ru; Path=/; Secure
set-cookie: yashr=3991565871699310551; Path=/; Domain=.yandex.ru; Expires=Tue, 05 Nov 2024 22:42:31 GMT; Secure; HttpOnly
GET
302
https://dzen.ru/?yredirect=true
REQUEST
RESPONSE
BODY
GET /?yredirect=true HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: dzen.ru
HTTP/1.1 302 Found
Content-Length: 0
Content-Type: application/json;charset=utf-8
Date: Mon, 06 Nov 2023 22:42:32 GMT
Location: https://sso.passport.yandex.ru/push?uuid=17ee63be-a01d-4351-b836-3f7809d3449d&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
Set-Cookie: zen_sso_checked=1; Path=/; Domain=.dzen.ru; Expires=Tue, 07-Nov-2023 10:42:32 GMT; Max-Age=43200; Secure; HttpOnly
Set-Cookie: _yasc=VYDLAiMJBfqshwnb4V4i1Q78jcr65fmnBi8G55KQ+lsHgYs7nfSVBTjMBwj9uZIf; domain=.dzen.ru; path=/; expires=Thu, 03 Nov 2033 22:42:32 GMT; secure
GET
200
https://sso.passport.yandex.ru/push?uuid=17ee63be-a01d-4351-b836-3f7809d3449d&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
REQUEST
RESPONSE
BODY
GET /push?uuid=17ee63be-a01d-4351-b836-3f7809d3449d&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: sso.passport.yandex.ru
Cookie: yashr=3991565871699310551; yandexuid=8818779491699310551; i=UWFDVZLAkw8guTEv8TCKtodLL2VOelINXO/cob/h6+7GjK6ip8gcadlflg3RZfCNkob5YokHEJO/JWtvRNdLDtEQ+vo=; _yasc=GKXXa8XeWyBkilgphmiCRh1+UJ3Au0Oak1MDF6riFtkkxB/kceH3qD0wSUFaKce43vQ=; is_gdpr_b=CIauJRCx2AEoAg==; is_gdpr=0
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Nov 2023 22:42:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1957
Connection: close
Vary: Accept-Encoding
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Surrogate-Control: no-store
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
X-DNS-Prefetch-Control: off
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-ccf6e8ff1ee857a59d4158fbe50a2180' 'self'; img-src 'self'
Set-Cookie: mda2_beacon=1699310554204; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Set-Cookie: ys=c_chck.783981053; Domain=.yandex.ru; Secure; Path=/
Set-Cookie: mda2_domains=dzen.ru; Domain=.passport.yandex.ru; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; Path=/
Referrer-Policy: origin
ETag: W/"7a5-DVJlMluYufdfTw9m+RrWJhiJhdo"
Strict-Transport-Security: max-age=315360000; includeSubDomains
GET
200
https://db-ip.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: db-ip.com
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=28800
x-iplb-request-id: AC46C792:6E76_93878F2E:0050_65496BDF_1626582:0401
x-iplb-instance: 30783
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 06 Nov 2023 05:54:37 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMojdHbV6XvunqZ%2FhLapsteGuQtr%2B8uIHXN7VlQ1jOznXbHJEZsuIxUA7GeXvdrFyd1%2FdEJlzjoFspk3AHb%2FiVTlzVK%2BwZPJlRWr2cZSk7edTitoUM3K2q0lGw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8220d9d1793229d4-FUK
alt-svc: h3=":443"; ma=86400
POST
200
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
REQUEST
RESPONSE
BODY
POST /v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self HTTP/1.1
Connection: Keep-Alive
Referer: https://db-ip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 0
Host: api.db-ip.com
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: http*://*db-ip.com
cache-control: max-age=180
x-iplb-request-id: AC46C797:D074_93878F2E:0050_65496BDF_16399DC:BDC9
x-iplb-instance: 30782
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFv42ee22Ed0BHYWtN0fN32L91Y4affRWwl44lA15b%2BzSQ17lqn8hV8Vq%2FKqn9uQWUtrOnK7MLr5XOblrkZsCGXpAZMQhFLNCW3jibBqgOOHkndQv3f648AkyqyWF7U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8220d9d4dd7029da-FUK
alt-svc: h3=":443"; ma=86400
GET
302
http://91.92.243.151/api/tracemap.php
REQUEST
RESPONSE
BODY
GET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
Host: 91.92.243.151
HTTP/1.1 302 Found
Date: Mon, 06 Nov 2023 22:42:34 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.33
X-Powered-By: PHP/7.2.33
Set-Cookie: WHMCSdN8ZDh5Ye5PW=64nbptcrv41bilhauh0jmbvvrc; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://ironhost.io/index.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Mon, 06 Nov 2023 23:42:37 GMT
Date: Mon, 06 Nov 2023 22:42:37 GMT
Connection: keep-alive
GET
200
http://94.142.138.131/api/tracemap.php
REQUEST
RESPONSE
BODY
GET /api/tracemap.php HTTP/1.1
Connection: Keep-Alive
Host: 94.142.138.131
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:38 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 15
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST
200
http://94.142.138.131/api/firecom.php
REQUEST
RESPONSE
BODY
POST /api/firecom.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 25
Host: 94.142.138.131
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:38 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 3
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET
403
http://www.maxmind.com/geoip/v2.1/city/me
REQUEST
RESPONSE
BODY
GET /geoip/v2.1/city/me HTTP/1.1
Connection: Keep-Alive
Referer: https://www.maxmind.com/en/locate-my-ip-address
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: www.maxmind.com
HTTP/1.1 403 Forbidden
Date: Mon, 06 Nov 2023 22:42:39 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 4520
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Mon, 06 Nov 2023 22:42:54 GMT
Server: cloudflare
CF-RAY: 8220d9d78b43c087-ICN
POST
200
http://94.142.138.131/api/firecom.php
REQUEST
RESPONSE
BODY
POST /api/firecom.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 13
Host: 94.142.138.131
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:40 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 15
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST
200
http://94.142.138.131/api/firecom.php
REQUEST
RESPONSE
BODY
POST /api/firecom.php HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Length: 69
Host: 94.142.138.131
HTTP/1.1 200 OK
Date: Mon, 06 Nov 2023 22:42:40 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 41
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49167 5.255.255.70:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24 |
TLSv1 192.168.56.101:49169 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | 3a:82:43:a9:43:9c:c8:90:01:04:4f:74:1b:6c:cd:4b:9b:19:7d:93 |
TLSv1 192.168.56.101:49177 104.26.5.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.101:49168 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
TLSv1 192.168.56.101:49172 172.67.193.129:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=ironhost.io | bf:96:55:fe:92:31:2c:3b:86:d9:a5:21:ac:2a:4c:b7:56:b7:9e:19 |
TLSv1 192.168.56.101:49178 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
Snort Alerts
No Snort Alerts