Analysis

Category Package Started Completed Duration Log
PCAP 2020-06-11 01:39:56 2020-06-11 01:39:56 0 seconds Show Log

    


Signatures

No signatures

Hosts

Direct IP Country Name
Y 95.75.72.230 [VT] Italy
Y 76.91.71.230 [VT] United States
Y 7.44.48.65 [VT] United States
Y 63.207.160.92 [VT] United States
Y 21.177.60.96 [VT] United States
Y 67.215.65.132 [VT] United States
Y 180.86.78.173 [VT] China
Y 17.89.20.24 [VT] United States
Y 164.250.94.160 [VT] United States
Y 153.40.112.75 [VT] United States
Y 11.149.24.229 [VT] United States

DNS

No domains contacted.


Sorry! No behavior.

Hosts

Direct IP Country Name
Y 95.75.72.230 [VT] Italy
Y 76.91.71.230 [VT] United States
Y 7.44.48.65 [VT] United States
Y 63.207.160.92 [VT] United States
Y 21.177.60.96 [VT] United States
Y 67.215.65.132 [VT] United States
Y 180.86.78.173 [VT] China
Y 17.89.20.24 [VT] United States
Y 164.250.94.160 [VT] United States
Y 153.40.112.75 [VT] United States
Y 11.149.24.229 [VT] United States

TCP

Source Source Port Destination Destination Port
11.149.24.229 54090 172.22.1.81 8080
153.40.112.75 37267 172.22.1.81 8080
164.250.94.160 46635 172.22.1.80 8080
17.89.20.24 55898 172.24.1.80 8080
172.22.1.80 53741 172.22.2.33 3306
172.22.1.81 45314 172.22.2.33 3306
172.23.1.101 54798 172.23.2.33 3306
172.24.1.80 36150 172.24.2.33 3306
172.24.1.81 35646 172.24.2.33 3306
180.86.78.173 53753 172.24.1.81 8080
192.168.0.101 47604 192.168.0.1 80
192.168.0.101 47606 192.168.0.1 80
192.168.0.101 47608 192.168.0.1 80
192.168.0.101 47610 192.168.0.1 80
192.168.0.202 41225 192.168.0.25 445
192.168.1.1 443 192.168.1.101 46858
192.168.1.1 443 192.168.1.101 46862
21.177.60.96 46957 172.22.1.80 8080
63.207.160.92 52902 172.22.1.81 8080
7.44.48.65 38884 172.22.1.81 8080
76.91.71.230 60267 172.22.1.80 8080
95.75.72.230 56495 172.23.1.80 8080

UDP

Source Source Port Destination Destination Port
192.168.222.201 60074 67.215.65.132 7078
192.168.222.202 60074 67.215.65.132 7078
192.168.222.203 60074 67.215.65.132 7078
192.168.222.205 60074 67.215.65.132 7078
192.168.222.208 60074 67.215.65.132 7078
192.168.222.210 60074 67.215.65.132 7078
67.215.65.132 7078 192.168.222.204 60074
67.215.65.132 7078 192.168.222.206 60074

DNS

No domains contacted.

HTTP Requests

URI Data
http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewProduct=&productId=K9-BD-01
User-Agent: Mozilla/5.0 (Android; Mobile; rv:28.0) Gecko/28.0 Firefox/28.0
Cookie: JSESSIONID=A8DB5E547ED9AB760C933A1A913BA9E4
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action
User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
Cookie: JSESSIONID=A37349BE2F03230D2C1C8D83FD717AA7
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Cart.action?viewCart=
GET /ecomapp/actions/Cart.action?viewCart= HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
User-Agent: Mozilla/5.0 (Android; Mobile; rv:28.0) Gecko/28.0 Firefox/28.0
Cookie: JSESSIONID=987475128482AC868AD0D11CE4FA5F51
Cookie2: $Version="1"
Connection: close

http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
GET /jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: Keep-Alive, TE
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Cart.action?addItemToCart=&workingItemId=EST-18
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewCategory=&categoryId=DOGS
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0
Cookie: JSESSIONID=DBFFFD3465032A0BC54EBA8235496AB6
Cookie2: $Version="1"
Connection: close

http://192.168.0.1/jpetstore/images/logo-topbar.gif
GET /jpetstore/images/logo-topbar.gif HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

http://192.168.0.1/jpetstore/images/cart.gif
GET /jpetstore/images/cart.gif HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.101 46862 192.168.1.1 443 05a58a685c5b62b4363b55d4432d52b1 unknown
192.168.1.101 46862 192.168.1.1 443 05a58a685c5b62b4363b55d4432d52b1 unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download

Processing ( 1.39 seconds )

  • 0.837 NetworkAnalysis
  • 0.523 CAPE
  • 0.023 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis
  • 0.001 Suricata

Signatures ( 0.06900000000000002 seconds )

  • 0.012 ransomware_files
  • 0.008 antiav_detectreg
  • 0.007 ransomware_extensions
  • 0.005 antiav_detectfile
  • 0.004 persistence_autorun
  • 0.004 infostealer_ftp
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_bitcoin
  • 0.003 territorial_disputes_sigs
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 infostealer_im
  • 0.002 infostealer_mail
  • 0.002 revil_mutexes
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 rat_nanocore
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 disables_browser_warn
  • 0.001 masquerade_process_name

Reporting ( 0.092 seconds )

  • 0.092 PCAP2CERT