Network Analysis
IP Address | Status | Action |
---|---|---|
154.39.239.56 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
- TCP Requests
GET
200
http://154.39.239.56:8000/1
REQUEST
RESPONSE
BODY
GET /1 HTTP/1.1
Host: 154.39.239.56:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 538224
last-modified: Sun, 29 Oct 2023 14:48:49 GMT
accept-ranges: bytes
content-disposition: attachment; filename="1"
content-type: application/octet-stream
etag: "0:83670:653e70d1:2adeb820"
date: Sat, 11 Nov 2023 07:38:35 GMT
GET
200
http://154.39.239.56:8000/2
REQUEST
RESPONSE
BODY
GET /2 HTTP/1.1
Host: 154.39.239.56:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 135352
last-modified: Mon, 16 Oct 2023 15:32:08 GMT
accept-ranges: bytes
content-disposition: attachment; filename="2"
content-type: application/octet-stream
etag: "0:210b8:652d5778:36261944"
date: Sat, 11 Nov 2023 07:38:36 GMT
GET
200
http://154.39.239.56:8000/3
REQUEST
RESPONSE
BODY
GET /3 HTTP/1.1
Host: 154.39.239.56:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 78336
last-modified: Wed, 01 Nov 2023 11:52:44 GMT
accept-ranges: bytes
content-disposition: attachment; filename="3"
content-type: application/octet-stream
etag: "0:13200:65423c0c:0"
date: Sat, 11 Nov 2023 07:38:36 GMT
GET
200
http://154.39.239.56:8000/4
REQUEST
RESPONSE
BODY
GET /4 HTTP/1.1
Host: 154.39.239.56:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 367269
last-modified: Mon, 16 Oct 2023 15:31:53 GMT
accept-ranges: bytes
content-disposition: attachment; filename="4"
content-type: application/octet-stream
etag: "0:59aa5:652d5769:266d0238"
date: Sat, 11 Nov 2023 07:38:36 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2023711 | ET MALWARE JS/WSF Downloader Dec 08 2016 M7 | A Network Trojan was detected |
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | Potentially Bad Traffic |
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2021076 | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response | Potentially Bad Traffic |
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
TCP 154.39.239.56:8000 -> 192.168.56.103:49164 | 2015744 | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts