Analysis

Category Package Started Completed Duration Log
PCAP 2020-06-11 01:40:00 2020-06-11 01:40:00 0 seconds Show Log

    


Signatures

No signatures

Hosts

Direct IP Country Name
Y 95.75.72.230 [VT] Italy
Y 76.91.71.230 [VT] United States
Y 7.44.48.65 [VT] United States
Y 63.207.160.92 [VT] United States
Y 21.177.60.96 [VT] United States
Y 67.215.65.132 [VT] United States
Y 180.86.78.173 [VT] China
Y 17.89.20.24 [VT] United States
Y 164.250.94.160 [VT] United States
Y 153.40.112.75 [VT] United States
Y 11.149.24.229 [VT] United States

DNS

No domains contacted.


Sorry! No behavior.

Hosts

Direct IP Country Name
Y 95.75.72.230 [VT] Italy
Y 76.91.71.230 [VT] United States
Y 7.44.48.65 [VT] United States
Y 63.207.160.92 [VT] United States
Y 21.177.60.96 [VT] United States
Y 67.215.65.132 [VT] United States
Y 180.86.78.173 [VT] China
Y 17.89.20.24 [VT] United States
Y 164.250.94.160 [VT] United States
Y 153.40.112.75 [VT] United States
Y 11.149.24.229 [VT] United States

TCP

Source Source Port Destination Destination Port
11.149.24.229 54090 172.22.1.81 8080
153.40.112.75 37267 172.22.1.81 8080
164.250.94.160 46635 172.22.1.80 8080
17.89.20.24 55898 172.24.1.80 8080
172.22.1.80 53741 172.22.2.33 3306
172.22.1.81 45314 172.22.2.33 3306
172.23.1.101 54798 172.23.2.33 3306
172.24.1.80 36150 172.24.2.33 3306
172.24.1.81 35646 172.24.2.33 3306
180.86.78.173 53753 172.24.1.81 8080
192.168.0.101 47604 192.168.0.1 80
192.168.0.101 47606 192.168.0.1 80
192.168.0.101 47608 192.168.0.1 80
192.168.0.101 47610 192.168.0.1 80
192.168.0.202 41225 192.168.0.25 445
192.168.1.1 443 192.168.1.101 46858
192.168.1.1 443 192.168.1.101 46862
21.177.60.96 46957 172.22.1.80 8080
63.207.160.92 52902 172.22.1.81 8080
7.44.48.65 38884 172.22.1.81 8080
76.91.71.230 60267 172.22.1.80 8080
95.75.72.230 56495 172.23.1.80 8080

UDP

Source Source Port Destination Destination Port
192.168.222.201 60074 67.215.65.132 7078
192.168.222.202 60074 67.215.65.132 7078
192.168.222.203 60074 67.215.65.132 7078
192.168.222.205 60074 67.215.65.132 7078
192.168.222.208 60074 67.215.65.132 7078
192.168.222.210 60074 67.215.65.132 7078
67.215.65.132 7078 192.168.222.204 60074
67.215.65.132 7078 192.168.222.206 60074

DNS

No domains contacted.

HTTP Requests

URI Data
http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewProduct=&productId=K9-BD-01
User-Agent: Mozilla/5.0 (Android; Mobile; rv:28.0) Gecko/28.0 Firefox/28.0
Cookie: JSESSIONID=A8DB5E547ED9AB760C933A1A913BA9E4
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=REPTILES HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action
User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
Cookie: JSESSIONID=A37349BE2F03230D2C1C8D83FD717AA7
Cookie2: $Version="1"
Connection: close

http://demo.example.com:8080/ecomapp/actions/Cart.action?viewCart=
GET /ecomapp/actions/Cart.action?viewCart= HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
User-Agent: Mozilla/5.0 (Android; Mobile; rv:28.0) Gecko/28.0 Firefox/28.0
Cookie: JSESSIONID=987475128482AC868AD0D11CE4FA5F51
Cookie2: $Version="1"
Connection: close

http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
GET /jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: Keep-Alive, TE
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Cart.action?addItemToCart=&workingItemId=EST-18
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

http://demo.example.com:8080/ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH
GET /ecomapp/actions/Catalog.action?viewCategory=&categoryId=FISH HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: TE
Accept-Encoding: gzip
Host: demo.example.com
Referer: http://demo.example.com/ecomapp/actions/Catalog.action?viewCategory=&categoryId=DOGS
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0
Cookie: JSESSIONID=DBFFFD3465032A0BC54EBA8235496AB6
Cookie2: $Version="1"
Connection: close

http://192.168.0.1/jpetstore/images/logo-topbar.gif
GET /jpetstore/images/logo-topbar.gif HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

http://192.168.0.1/jpetstore/images/cart.gif
GET /jpetstore/images/cart.gif HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept-Encoding: gzip
Host: 192.168.0.1
Referer: http://192.168.0.1/jpetstore/actions/Catalog.action?viewCategory=&categoryId=BIRDS
User-Agent: WWW::Scripter/0.032
Cookie: JSESSIONID=main~D5BBB6F46814B1E476AF2C10615796EF
Cookie2: $Version="1"
X-TME-Webbot-Host: gartner-sea-client-1

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.101 46862 192.168.1.1 443 05a58a685c5b62b4363b55d4432d52b1 unknown
192.168.1.101 46862 192.168.1.1 443 05a58a685c5b62b4363b55d4432d52b1 unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download

Processing ( 1.236 seconds )

  • 0.739 NetworkAnalysis
  • 0.472 CAPE
  • 0.021 AnalysisInfo
  • 0.004 Debug

Signatures ( 0.05200000000000001 seconds )

  • 0.01 ransomware_files
  • 0.006 antiav_detectreg
  • 0.006 ransomware_extensions
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 0.09 seconds )

  • 0.09 PCAP2CERT