Network Analysis
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
50.197.243.125 | Active | Moloch |
67.212.241.178 | Active | Moloch |
68.201.55.46 | Active | Moloch |
70.119.149.64 | Active | Moloch |
71.40.62.107 | Active | Moloch |
71.42.188.85 | Active | Moloch |
71.66.92.190 | Active | Moloch |
72.128.158.51 | Active | Moloch |
73.103.36.158 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
- UDP Requests
-
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://72.128.158.51/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 72.128.158.51
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 26 Mar 2021 06:08:18 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
302
https://67.212.241.178/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.212.241.178
HTTP/1.1 302 Found
Set-Cookie: AIROS_802AA8F2699A=ec1a80c92fc8e6a765f56d2a85ada3c4; Path=/; Version=1
Location: /cookiechecker?uri=/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
Content-Length: 0
Date: Fri, 26 Mar 2021 01:04:05 GMT
Server: lighttpd/1.4.39
GET
302
https://67.212.241.178/cookiechecker?uri=/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /cookiechecker?uri=/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.212.241.178
Cookie: AIROS_802AA8F2699A=ec1a80c92fc8e6a765f56d2a85ada3c4
HTTP/1.1 302 Found
Location: /index.html
Content-Length: 0
Date: Fri, 26 Mar 2021 01:04:05 GMT
Server: lighttpd/1.4.39
GET
302
https://67.212.241.178/index.html
REQUEST
RESPONSE
BODY
GET /index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.212.241.178
Cookie: AIROS_802AA8F2699A=ec1a80c92fc8e6a765f56d2a85ada3c4
HTTP/1.1 302 Found
Location: /login.cgi?uri=/index.html
Content-Length: 0
Date: Fri, 26 Mar 2021 01:04:05 GMT
Server: lighttpd/1.4.39
GET
200
https://67.212.241.178/login.cgi?uri=/index.html
REQUEST
RESPONSE
BODY
GET /login.cgi?uri=/index.html HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.212.241.178
Cookie: AIROS_802AA8F2699A=ec1a80c92fc8e6a765f56d2a85ada3c4
HTTP/1.1 200 OK
Set-Cookie: ui_language=en_US; Path=/; Expires=Tuesday, 1-Jan-38 00:00:00 GMT; HttpOnly
Content-Type: text/html
Transfer-Encoding: chunked
Date: Fri, 26 Mar 2021 01:04:05 GMT
Server: lighttpd/1.4.39
GET
200
https://68.201.55.46/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 68.201.55.46
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 26 Mar 2021 06:09:09 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://72.128.158.51/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 72.128.158.51
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 26 Mar 2021 06:09:11 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://71.42.188.85/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 71.42.188.85
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 26 Mar 2021 06:09:36 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://71.66.92.190/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 71.66.92.190
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 26 Mar 2021 06:09:38 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://71.40.62.107/rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/
REQUEST
RESPONSE
BODY
GET /rob86/TEST22-PC_W617601.8737B6E31BA23B3C4DD9E983745731F0/5/file/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 71.40.62.107
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 26 Mar 2021 06:09:41 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
ICMP traffic
Source | Destination | ICMP Type | Data |
---|---|---|---|
96.110.168.174 | 192.168.56.101 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49211 71.42.188.85:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02 |
TLSv1 192.168.56.101:49207 68.201.55.46:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02 |
TLSv1 192.168.56.101:49203 72.128.158.51:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
TLSv1 192.168.56.101:49205 67.212.241.178:443 |
C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:F2:69:9A/emailAddress=support@ubnt.com | C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:F2:69:9A/emailAddress=support@ubnt.com | 36:b8:d5:9a:af:b4:cf:80:19:44:d3:fd:5e:8f:d1:75:49:3d:7a:71 |
TLSv1 192.168.56.101:49212 71.66.92.190:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | f8:68:0a:74:96:dc:19:0a:62:fa:35:3d:ca:ef:06:ff:20:bd:f4:c8 |
TLSv1 192.168.56.101:49213 71.40.62.107:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02 |
Snort Alerts
No Snort Alerts