Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
-
-
192.168.56.101:49161 154.92.16.100:80
-
192.168.56.101:49164 38.181.25.204:5858
-
192.168.56.101:49165 38.181.25.204:5858
-
192.168.56.101:49166 38.181.25.204:5858
-
192.168.56.101:49167 38.181.25.204:5858
-
192.168.56.101:49168 38.181.25.204:5858
-
192.168.56.101:49169 38.181.25.204:5858
-
192.168.56.101:49170 38.181.25.204:5858
-
192.168.56.101:49171 38.181.25.204:5858
-
192.168.56.101:49172 38.181.25.204:5858
-
192.168.56.101:49173 38.181.25.204:5858
-
192.168.56.101:49174 38.181.25.204:5858
-
192.168.56.101:49175 38.181.25.204:5858
-
192.168.56.101:49176 38.181.25.204:5858
-
192.168.56.101:49177 38.181.25.204:5858
-
192.168.56.101:49178 38.181.25.204:5858
-
192.168.56.101:49179 38.181.25.204:5858
-
192.168.56.101:49180 38.181.25.204:5858
-
192.168.56.101:49181 38.181.25.204:5858
-
GET
200
http://154.92.16.100/Admin/Admin.html
REQUEST
RESPONSE
BODY
GET /Admin/Admin.html HTTP/1.1
Host: 154.92.16.100
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 228868
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.631206697551534; path=/; HttpOnly
ETag: 0A443EE21DC2C0F934AFAFD525982D74
Last-Modified: Mon, 04 Dec 2023 16:23:04 GMT
Content-Disposition: filename="Admin.html";
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 154.92.16.100:80 -> 192.168.56.101:49161 | 2045860 | ET HUNTING Rejetto HTTP File Sever Response | A Network Trojan was detected |
Suricata TLS
Snort Alerts
No Snort Alerts