Network Analysis
- TCP Requests
-
-
192.168.56.103:49173 152.195.38.76:80cacerts.digicert.com
-
192.168.56.103:49181 173.222.248.74:80officecdn.microsoft.com
-
192.168.56.103:49182 173.222.248.74:80officecdn.microsoft.com
-
192.168.56.103:49163 185.25.60.13:8080
-
192.168.56.103:49165 185.25.60.13:8080
-
192.168.56.103:49192 195.130.214.155:8080
-
192.168.56.103:49184 23.195.119.71:80
-
192.168.56.103:49185 23.40.45.184:80www.microsoft.com
-
192.168.56.103:49178 52.109.124.190:443mrodevicemgr.officeapps.live.com
-
192.168.56.103:49179 52.109.124.190:443mrodevicemgr.officeapps.live.com
-
192.168.56.103:49180 52.109.124.190:443mrodevicemgr.officeapps.live.com
-
192.168.56.103:49171 52.111.227.14:443nexusrules.officeapps.live.com
-
192.168.56.103:49172 52.113.194.132:443ecs.office.com
-
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64178 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
GET
200
http://185.25.60.13:8080/distr/components/deploy-mso.ver
REQUEST
RESPONSE
BODY
GET /distr/components/deploy-mso.ver HTTP/1.1
User-Agent: AutoIt
Host: 185.25.60.13:8080
HTTP/1.1 200 OK
Date: Thu, 17 Oct 2024 01:42:37 GMT
Server: Apache
Last-Modified: Mon, 24 Jul 2023 05:52:14 GMT
ETag: "e600000001ee39-3-60135375d5f6c"
Accept-Ranges: bytes
Content-Length: 3
Content-Type: text/plain
GET
200
http://185.25.60.13:8080/distr/components/deploy-mso.ver
REQUEST
RESPONSE
BODY
GET /distr/components/deploy-mso.ver HTTP/1.1
User-Agent: AutoIt
Host: 185.25.60.13:8080
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 17 Oct 2024 01:42:37 GMT
Server: Apache
Last-Modified: Mon, 24 Jul 2023 05:52:14 GMT
ETag: "e600000001ee39-3-60135375d5f6c"
Accept-Ranges: bytes
Content-Length: 3
Content-Type: text/plain
GET
200
http://185.25.60.13:8080/distr/components/deploy-mso.dst
REQUEST
RESPONSE
BODY
GET /distr/components/deploy-mso.dst HTTP/1.1
User-Agent: AutoIt
Host: 185.25.60.13:8080
HTTP/1.1 200 OK
Date: Thu, 17 Oct 2024 01:42:37 GMT
Server: Apache
Last-Modified: Mon, 24 Jul 2023 05:51:48 GMT
ETag: "8100000001ee52-33639e-6013535de3bed"
Accept-Ranges: bytes
Content-Length: 3367838
Content-Type: text/plain
GET
200
http://185.25.60.13:8080/distr/components/deploy-mso.dst
REQUEST
RESPONSE
BODY
GET /distr/components/deploy-mso.dst HTTP/1.1
User-Agent: AutoIt
Host: 185.25.60.13:8080
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 17 Oct 2024 01:42:37 GMT
Server: Apache
Last-Modified: Mon, 24 Jul 2023 05:51:48 GMT
ETag: "8100000001ee52-33639e-6013535de3bed"
Accept-Ranges: bytes
Content-Length: 3367838
Content-Type: text/plain
GET
200
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
REQUEST
RESPONSE
BODY
GET /DigiCertGlobalRootG2.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 27768
cache-control: max-age=172800, public
Content-Type: application/pkix-cert
Date: Thu, 17 Oct 2024 01:42:50 GMT
Etag: "5a286417-392"
expires: Sat, 19 Oct 2024 01:42:50 GMT
last-modified: Wed, 06 Dec 2017 21:41:43 GMT
Server: ECAcc (tkc/BEC7)
X-Cache: HIT
Content-Length: 914
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab HTTP/1.1
Connection: Keep-Alive
User-Agent: OfficeClickToRun
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64.cab; filename*=UTF-8''v64.cab
Content-Type: application/octet-stream
ETag: "0x5BDF00ED6A26DA9CC9142B5D4F9C7CFC15B4FC6B8A8E9C81769FD91FD5DFCFB9"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/8925)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 11223
Cache-Control: public, max-age=1472
Date: Thu, 17 Oct 2024 01:42:56 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64.cab; filename*=UTF-8''v64.cab
Content-Type: application/octet-stream
ETag: "0x5BDF00ED6A26DA9CC9142B5D4F9C7CFC15B4FC6B8A8E9C81769FD91FD5DFCFB9"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/8925)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 11223
Cache-Control: public, max-age=1472
Date: Thu, 17 Oct 2024 01:42:56 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
206
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab
REQUEST
RESPONSE
BODY
GET /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 15 Oct 2024 17:42:09 GMT
Range: bytes=0-0
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64.cab; filename*=UTF-8''v64.cab
Content-Type: application/octet-stream
ETag: "0x5BDF00ED6A26DA9CC9142B5D4F9C7CFC15B4FC6B8A8E9C81769FD91FD5DFCFB9"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/8925)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus-z1
Cache-Control: public, max-age=1554
Date: Thu, 17 Oct 2024 01:42:56 GMT
Content-Range: bytes 0-0/11223
Content-Length: 1
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64.cab; filename*=UTF-8''v64.cab
Content-Type: application/octet-stream
ETag: "0x5BDF00ED6A26DA9CC9142B5D4F9C7CFC15B4FC6B8A8E9C81769FD91FD5DFCFB9"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/8925)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 11223
Cache-Control: public, max-age=1472
Date: Thu, 17 Oct 2024 01:42:56 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab
REQUEST
RESPONSE
BODY
GET /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 15 Oct 2024 17:42:09 GMT
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64.cab; filename*=UTF-8''v64.cab
Content-Type: application/octet-stream
ETag: "0x5BDF00ED6A26DA9CC9142B5D4F9C7CFC15B4FC6B8A8E9C81769FD91FD5DFCFB9"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/8925)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus-z1
Content-Length: 11223
Cache-Control: public, max-age=1554
Date: Thu, 17 Oct 2024 01:42:56 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
200
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicRooCerAut_2010-06-23.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 824
Content-Type: application/octet-stream
Content-MD5: x9EjQ3bzOJ1sIg8NzyQ0Gw==
Last-Modified: Sun, 04 Aug 2024 00:32:17 GMT
ETag: 0x8DCB41CE50398A6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f2761a9f-201e-002d-1508-e6e499000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicCodSigPCA_2010-07-06.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 557
Content-Type: application/octet-stream
Content-MD5: 3fTeDcGsOcIvYFlXof5hSw==
Last-Modified: Tue, 20 Aug 2024 03:13:11 GMT
ETag: 0x8DCC0C605A2A48A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bdc9518d-201e-003d-7db2-f221f1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
GET
200
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
REQUEST
RESPONSE
BODY
GET /pki/crl/products/MicTimStaPCA_2010-07-01.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Length: 555
Content-Type: application/octet-stream
Content-MD5: wtXqKiXkX/Z3eKhgGdNZZA==
Last-Modified: Mon, 07 Oct 2024 02:16:10 GMT
ETag: 0x8DCE67602EA0936
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7baf43d9-901e-0017-2b6d-18fee1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
GET
200
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
REQUEST
RESPONSE
BODY
GET /pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com
HTTP/1.1 200 OK
Content-Length: 814
Content-Type: application/octet-stream
Content-MD5: ey2ImvqFWNkh1dlrv//zYQ==
Last-Modified: Sat, 28 Sep 2024 02:15:45 GMT
ETag: 0x8DCDF6375C49391
x-ms-request-id: 211eebe7-401e-0004-314d-11daed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV1c7c756b.0
ms-cv-esi: CASMicrosoftCV1c7c756b.0
X-RTag: RT
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20791.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20791.cab HTTP/1.1
Connection: Keep-Alive
User-Agent: OfficeClickToRun
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20791.cab; filename*=UTF-8''v64_16.0.14332.20791.cab
Content-Type: application/octet-stream
ETag: "0xB33392599993D728F56FE8C3E9F708BBFC7F8B37D716D945FA28EBB9B9693BB7"
Last-Modified: Tue, 08 Oct 2024 14:36:19 GMT
Server: ECAcc (tka/89C5)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus-z1
Content-Length: 11113
Cache-Control: public, max-age=46592
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab HTTP/1.1
Connection: Keep-Alive
User-Agent: OfficeClickToRun
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20303.cab; filename*=UTF-8''v64_16.0.14332.20303.cab
Content-Type: application/octet-stream
ETag: "0xB68AF0A4244DC4A6EF41777B05438A16530C747BA685284E1441D8CB9A20936C"
Last-Modified: Tue, 17 May 2022 17:27:36 GMT
Server: ECAcc (tka/889B)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 10999
Cache-Control: public, max-age=66777
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20303.cab; filename*=UTF-8''v64_16.0.14332.20303.cab
Content-Type: application/octet-stream
ETag: "0xB68AF0A4244DC4A6EF41777B05438A16530C747BA685284E1441D8CB9A20936C"
Last-Modified: Tue, 17 May 2022 17:27:36 GMT
Server: ECAcc (tka/889B)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 10999
Cache-Control: public, max-age=66777
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
206
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab
REQUEST
RESPONSE
BODY
GET /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 17 May 2022 17:27:36 GMT
Range: bytes=0-0
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20303.cab; filename*=UTF-8''v64_16.0.14332.20303.cab
Content-Type: application/octet-stream
ETag: "0xB68AF0A4244DC4A6EF41777B05438A16530C747BA685284E1441D8CB9A20936C"
Last-Modified: Tue, 17 May 2022 17:27:36 GMT
Server: ECAcc (tka/889B)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Cache-Control: public, max-age=66825
Date: Thu, 17 Oct 2024 01:42:57 GMT
Content-Range: bytes 0-0/10999
Content-Length: 1
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20303.cab; filename*=UTF-8''v64_16.0.14332.20303.cab
Content-Type: application/octet-stream
ETag: "0xB68AF0A4244DC4A6EF41777B05438A16530C747BA685284E1441D8CB9A20936C"
Last-Modified: Tue, 17 May 2022 17:27:36 GMT
Server: ECAcc (tka/889B)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 10999
Cache-Control: public, max-age=66777
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab
REQUEST
RESPONSE
BODY
GET /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 17 May 2022 17:27:36 GMT
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v64_16.0.14332.20303.cab; filename*=UTF-8''v64_16.0.14332.20303.cab
Content-Type: application/octet-stream
ETag: "0xB68AF0A4244DC4A6EF41777B05438A16530C747BA685284E1441D8CB9A20936C"
Last-Modified: Tue, 17 May 2022 17:27:36 GMT
Server: ECAcc (tka/889B)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus2-z1
Content-Length: 10999
Cache-Control: public, max-age=66825
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
HEAD
200
http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab
REQUEST
RESPONSE
BODY
HEAD /pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab HTTP/1.1
Connection: Keep-Alive
User-Agent: OfficeClickToRun
Host: officecdn.microsoft.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: attachment; filename=v32.cab; filename*=UTF-8''v32.cab
Content-Type: application/octet-stream
ETag: "0x061BAD44F090FB09AEED287FD5B7BC36A30FAA5ECDC0D90E409131EC9C1C42AC"
Last-Modified: Tue, 15 Oct 2024 17:42:09 GMT
Server: ECAcc (tka/889C)
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-eus-z1
Content-Length: 11223
Cache-Control: public, max-age=964
Date: Thu, 17 Oct 2024 01:42:57 GMT
Connection: keep-alive
X-CID: 2
X-CCC: JP
GET
200
http://195.130.214.155:8080/logUserActivity.php?u=3FE1525F8E2065C102140EB6C463BC5D&t=1729181842&m=common&a=run_Component:%20deploy-mso%20(pid%20=%201603)
REQUEST
RESPONSE
BODY
GET /logUserActivity.php?u=3FE1525F8E2065C102140EB6C463BC5D&t=1729181842&m=common&a=run_Component:%20deploy-mso%20(pid%20=%201603) HTTP/1.1
User-Agent: AutoIt
Host: 195.130.214.155:8080
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 17 Oct 2024 01:42:58 GMT
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Length: 0
Content-Type: text/html; charset=windows-1251
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49171 52.111.227.14:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=nexusrules.officeapps.live.com | 77:cd:ad:85:c4:22:05:fc:29:52:25:2e:5f:93:84:61:cd:0f:2b:26 |
|
TLS 1.2 192.168.56.103:49179 52.109.124.190:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=mrodevicemgr.officeapps.live.com | 6b:a3:4c:fa:eb:6a:87:c6:1b:da:fc:77:c8:2c:29:8c:66:17:14:96 |
|
TLS 1.2 192.168.56.103:49180 52.109.124.190:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=mrodevicemgr.officeapps.live.com | 6b:a3:4c:fa:eb:6a:87:c6:1b:da:fc:77:c8:2c:29:8c:66:17:14:96 |
|
TLS 1.2 192.168.56.103:49178 52.109.124.190:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=mrodevicemgr.officeapps.live.com | 6b:a3:4c:fa:eb:6a:87:c6:1b:da:fc:77:c8:2c:29:8c:66:17:14:96 |
|
TLS 1.2 192.168.56.103:49172 52.113.194.132:443 |
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=ecs.office.com | e6:c0:ff:d8:a6:41:8f:1f:de:e2:1b:3b:90:b8:4e:4b:7b:e9:08:0d |
Snort Alerts
No Snort Alerts