Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.coinstore.kr | 61.111.21.172 | |
| peras1.n-e.kr | ||
| v4imgs.pointshop.co.kr | 61.111.21.173 | |
| x1.i.lencr.org | 23.40.44.214 |
- TCP Requests
-
-
192.168.56.101:49207 117.18.232.200:80
-
192.168.56.101:49175 23.41.113.9:80x1.i.lencr.org
-
192.168.56.101:49176 23.41.113.9:80x1.i.lencr.org
-
192.168.56.101:49177 23.41.113.9:80x1.i.lencr.org
-
192.168.56.101:49178 23.41.113.9:80x1.i.lencr.org
-
192.168.56.101:49169 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49170 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49171 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49172 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49173 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49174 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49179 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49180 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49181 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49182 61.111.21.172:443www.coinstore.kr
-
192.168.56.101:49166 61.111.21.173:443v4imgs.pointshop.co.kr
-
192.168.56.101:49167 61.111.21.173:443v4imgs.pointshop.co.kr
-
192.168.56.101:49168 61.111.21.173:443v4imgs.pointshop.co.kr
-
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:55149 239.255.255.250:1900
-
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41680
Expires: Fri, 16 Aug 2024 21:06:16 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41733
Expires: Fri, 16 Aug 2024 21:07:09 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41680
Expires: Fri, 16 Aug 2024 21:06:16 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41680
Expires: Fri, 16 Aug 2024 21:06:16 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41680
Expires: Fri, 16 Aug 2024 21:06:16 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://x1.i.lencr.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-cert
Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
ETag: "64cd6654-56f"
Content-Disposition: attachment; filename="ISRG Root X1.der"
Cache-Control: max-age=41733
Expires: Fri, 16 Aug 2024 21:07:09 GMT
Date: Fri, 16 Aug 2024 09:31:36 GMT
Content-Length: 1391
Connection: keep-alive
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 7973
Cache-Control: max-age=21600
Content-MD5: p9g4jsuZO6TaLMVAI9ujVg==
Content-Type: text/xml
Date: Fri, 16 Aug 2024 09:32:35 GMT
Etag: 0x8D9521D2D2DF1EC
Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 46eb29ee-601e-0030-71ac-efd6cf000000
x-ms-version: 2009-09-19
Content-Length: 13702
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.172 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 | |
| 61.111.21.173 | 192.168.56.101 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49171 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49174 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49172 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49173 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49167 61.111.21.173:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 | CN=*.pointshop.co.kr | 93:f2:1a:8f:b1:ee:1c:32:6d:0d:e4:7f:67:b1:7b:c1:ac:35:67:04 |
|
TLSv1 192.168.56.101:49166 61.111.21.173:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 | CN=*.pointshop.co.kr | 93:f2:1a:8f:b1:ee:1c:32:6d:0d:e4:7f:67:b1:7b:c1:ac:35:67:04 |
|
TLSv1 192.168.56.101:49182 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49170 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49169 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49179 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49180 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
|
TLSv1 192.168.56.101:49181 61.111.21.172:443 |
C=US, O=Let's Encrypt, CN=R10 | CN=www.coinstore.kr | e5:74:81:77:51:0f:42:de:81:60:2c:36:0c:76:98:81:8e:50:0a:5e |
Snort Alerts
No Snort Alerts