Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 117.236.188.177 | Active | Moloch |
| 134.35.106.7 | Active | Moloch |
| 146.70.53.161 | Active | Moloch |
| 151.234.69.79 | Active | Moloch |
| 151.235.83.141 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 178.217.173.26 | Active | Moloch |
| 185.215.113.66 | Active | Moloch |
| 20.72.235.82 | Active | Moloch |
| 217.30.171.37 | Active | Moloch |
| 46.248.37.21 | Active | Moloch |
| 5.233.65.104 | Active | Moloch |
| 78.106.189.161 | Active | Moloch |
| 82.137.218.134 | Active | Moloch |
| 94.183.35.131 | Active | Moloch |
| 95.59.234.182 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.update.microsoft.com | 20.72.235.82 |
- UDP Requests
-
-
192.168.56.103:52762 117.236.188.177:40500
-
192.168.56.103:52762 146.70.53.161:40500
-
192.168.56.103:52762 151.234.69.79:40500
-
192.168.56.103:52762 151.235.83.141:40500
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:52762 178.217.173.26:40500
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:52762 217.30.171.37:40500
-
192.168.56.103:49154 239.255.255.250:1900
-
192.168.56.103:52761 239.255.255.250:1900
-
192.168.56.103:52762 46.248.37.21:40500
-
192.168.56.103:52762 5.233.65.104:40500
-
192.168.56.103:52762 78.106.189.161:40500
-
192.168.56.103:52762 94.183.35.131:40500
-
192.168.56.103:52762 95.59.234.182:40500
-
GET
404
http://185.215.113.66/1
REQUEST
RESPONSE
BODY
GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Host: 185.215.113.66
HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Jul 2024 01:57:49 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive
GET
200
http://185.215.113.66/2
REQUEST
RESPONSE
BODY
GET /2 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Host: 185.215.113.66
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Jul 2024 01:57:51 GMT
Content-Type: application/octet-stream
Content-Length: 81928
Last-Modified: Sat, 13 Jul 2024 14:21:52 GMT
Connection: keep-alive
ETag: "66928d80-14008"
Accept-Ranges: bytes
GET
200
http://185.215.113.66/2
REQUEST
RESPONSE
BODY
GET /2 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Host: 185.215.113.66
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Jul 2024 01:57:53 GMT
Content-Type: application/octet-stream
Content-Length: 81928
Last-Modified: Sat, 13 Jul 2024 14:21:52 GMT
Connection: keep-alive
ETag: "66928d80-14008"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:52762 -> 94.183.35.131:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:52762 -> 151.234.69.79:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:52762 -> 5.233.65.104:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| TCP 185.215.113.66:80 -> 192.168.56.103:49164 | 2400032 | ET DROP Spamhaus DROP Listed Traffic Inbound group 33 | Misc Attack |
| UDP 192.168.56.103:52762 -> 146.70.53.161:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:52762 -> 178.217.173.26:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
| UDP 192.168.56.103:52762 -> 117.236.188.177:40500 | 2044077 | ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts