Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ia801407.us.archive.org | 207.241.228.147 |
- UDP Requests
-
-
192.168.56.103:58285 164.124.101.2:53
-
192.168.56.103:64714 164.124.101.2:53
-
192.168.56.103:65511 164.124.101.2:53
-
192.168.56.103:1900 192.168.56.102:56752
-
192.168.56.103:3702 192.168.56.102:57663
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:1900 239.255.255.250:1900
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:50368 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
GET
200
http://www.bing.com/favicon.ico
REQUEST
RESPONSE
BODY
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public, max-age=15552000
Content-Length: 4286
Content-Type: image/x-icon
Last-Modified: Mon, 01 Jan 1601 00:00:00 GMT
X-Cache: TCP_HIT
Server: Kestrel
X-MSEdge-Ref: Ref A: 60E24E8348424308B2F9C42816092DBF Ref B: SLAEDGE0716 Ref C: 2021-03-27T02:33:39Z
Date: Sat, 27 Mar 2021 02:33:38 GMT
GET
200
http://198.251.72.110/ALL.txt
REQUEST
RESPONSE
BODY
GET /ALL.txt HTTP/1.1
Host: 198.251.72.110
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 27 Mar 2021 02:33:48 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
Last-Modified: Thu, 25 Mar 2021 16:21:40 GMT
ETag: "52b-5be5ecf73b182"
Accept-Ranges: bytes
Content-Length: 1323
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain
GET
200
http://198.251.72.110/Server.txt
REQUEST
RESPONSE
BODY
GET /Server.txt HTTP/1.1
Host: 198.251.72.110
HTTP/1.1 200 OK
Date: Sat, 27 Mar 2021 02:34:09 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
Last-Modified: Thu, 25 Mar 2021 16:21:00 GMT
ETag: "d17ac-5be5ecd16f5fb"
Accept-Ranges: bytes
Content-Length: 858028
Content-Type: text/plain
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49606 -> 207.241.228.147:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 198.251.72.110:80 -> 192.168.56.103:49608 | 2018856 | ET MALWARE Windows executable base64 encoded | A Network Trojan was detected |
| TCP 198.251.72.110:80 -> 192.168.56.103:49608 | 2029538 | ET HUNTING EXE Base64 Encoded potential malware | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49606 207.241.228.147:443 |
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | OU=Domain Control Validated, CN=*.us.archive.org | 9c:3c:d6:6d:65:69:f2:95:8c:99:48:e3:e0:7f:14:38:36:4c:ba:d0 |
Snort Alerts
No Snort Alerts