Analysis

Category Package Started Completed Duration Log
PCAP 2020-06-11 01:37:04 2020-06-11 01:37:04 0 seconds Show Log

    


Signatures

No signatures

Hosts

Direct IP Country Name
Y 67.212.40.141 [VT] United States
Y 54.176.154.229 [VT] United States
Y 21.242.131.14 [VT] United States
Y 208.13.136.186 [VT] United States
Y 67.215.65.132 [VT] United States
Y 102.81.163.47 [VT] unknown

DNS

No domains contacted.


Sorry! No behavior.

Hosts

Direct IP Country Name
Y 67.212.40.141 [VT] United States
Y 54.176.154.229 [VT] United States
Y 21.242.131.14 [VT] United States
Y 208.13.136.186 [VT] United States
Y 67.215.65.132 [VT] United States
Y 102.81.163.47 [VT] unknown

TCP

Source Source Port Destination Destination Port
102.81.163.47 59101 172.23.1.80 8080
172.22.1.81 34691 172.22.2.33 3306
172.22.1.81 34692 172.22.2.33 3306
172.22.1.81 34693 172.22.2.33 3306
172.22.1.81 34694 172.22.2.33 3306
172.22.1.81 34695 172.22.2.33 3306
172.22.1.81 34696 172.22.2.33 3306
172.22.1.81 34697 172.22.2.33 3306
172.22.1.81 34698 172.22.2.33 3306
172.22.1.81 34699 172.22.2.33 3306
172.22.1.81 45314 172.22.2.33 3306
172.23.1.101 54798 172.23.2.33 3306
172.23.1.80 45988 172.23.2.33 3306
172.28.1.22 2049 172.28.1.21 851
192.168.0.202 41225 192.168.0.25 445
192.168.0.25 445 192.168.0.33 58425
192.168.1.1 443 192.168.1.101 46936
192.168.1.1 443 192.168.1.103 46594
192.168.10.216 2575 192.168.12.56 13787
208.13.136.186 47045 172.22.1.80 8080
21.242.131.14 42363 172.22.1.80 8080
54.176.154.229 54280 172.22.1.81 8080
67.212.40.141 32898 172.22.1.81 8080

UDP

Source Source Port Destination Destination Port
192.168.222.201 60074 67.215.65.132 7078
192.168.222.203 60074 67.215.65.132 7078
192.168.222.205 60074 67.215.65.132 7078
192.168.222.206 60074 67.215.65.132 7078
192.168.222.210 60074 67.215.65.132 7078
67.215.65.132 7078 192.168.222.202 60074
67.215.65.132 7078 192.168.222.204 60074
67.215.65.132 7078 192.168.222.208 60074

DNS

No domains contacted.

HTTP Requests

URI Data
http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action
User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
Cookie: JSESSIONID=C712BE20797847C9E7F48DC84415FAAB
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=DOGS
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=DOGS HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewProduct=&productId=K9-PO-02
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36
Cookie: JSESSIONID=8D173AA3FA752B265CAA7035A6F4B4EA
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Catalog.action
GET /ecomapp/actions/Catalog.action HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Cart.action?viewCart=
User-Agent: Mozilla/5.0 (Android; Mobile; rv:28.0) Gecko/28.0 Firefox/28.0
Cookie: JSESSIONID=00B6B2C88BC77D1BA73CFE9B695468CE
Cookie2: $Version="1"
Connection: close

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download

Processing ( 1.0519999999999998 seconds )

  • 0.612 NetworkAnalysis
  • 0.412 CAPE
  • 0.023 AnalysisInfo
  • 0.004 Debug
  • 0.001 Suricata

Signatures ( 0.05200000000000001 seconds )

  • 0.01 ransomware_files
  • 0.006 antiav_detectreg
  • 0.006 ransomware_extensions
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 0.086 seconds )

  • 0.086 PCAP2CERT