Analysis

Category Package Started Completed Duration Log
PCAP 2020-06-11 01:42:04 2020-06-11 01:42:04 0 seconds Show Log

    


Signatures

No signatures

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
l1-db-01.v2.int.eh [VT] A 192.168.221.23 [VT]
l1-db-01.v2.int.eh [VT]
80.1.24.172.in-addr.arpa [VT] PTR web1.syddmz.example.com [VT]
web1.syddmz.example.com [VT] A 172.24.1.80 [VT]
web1.syddmz.example.com [VT]
80.1.23.172.in-addr.arpa [VT] PTR web1.londmz.example.com [VT]
81.1.22.172.in-addr.arpa [VT] PTR web2.nycdmz.example.com [VT]
81.1.23.172.in-addr.arpa [VT] PTR web2.londmz.example.com [VT]
81.1.24.172.in-addr.arpa [VT] PTR web2.syddmz.example.com [VT]
80.1.22.172.in-addr.arpa [VT] PTR web1.nycdmz.example.com [VT]

Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
172.22.1.80 34127 172.22.1.3 53
172.22.1.80 56696 172.22.1.3 53
172.22.1.81 36386 172.22.1.3 53
172.22.1.81 47129 172.22.1.3 53
172.22.1.81 47182 172.22.1.3 53
172.22.1.81 53249 172.22.1.3 53
172.23.1.80 35950 172.23.1.3 53
172.23.1.80 52334 172.23.1.3 53
172.23.1.81 39734 172.23.1.3 53
172.23.1.81 55039 172.23.1.3 53
172.24.1.80 34576 172.24.1.3 53
172.24.1.80 43432 172.24.1.3 53
172.24.1.80 50024 172.24.1.3 53
172.24.1.81 34557 172.24.1.3 53
172.24.1.81 35749 172.24.1.3 53
172.24.1.81 51438 172.24.1.3 53
172.24.1.81 57296 172.24.1.3 53
192.168.221.22 32858 192.168.221.11 53
192.168.221.22 33027 192.168.221.11 53
192.168.221.22 33105 192.168.221.11 53
192.168.221.22 33163 192.168.221.11 53
192.168.221.22 33193 192.168.221.11 53
192.168.221.22 33225 192.168.221.11 53
192.168.221.22 33378 192.168.221.11 53
192.168.221.22 33533 192.168.221.11 53
192.168.221.22 33542 192.168.221.11 53
192.168.221.22 33545 192.168.221.11 53
192.168.221.22 33672 192.168.221.11 53
192.168.221.22 34021 192.168.221.11 53
192.168.221.22 34054 192.168.221.11 53
192.168.221.22 34105 192.168.221.11 53
192.168.221.22 34198 192.168.221.11 53
192.168.221.22 34248 192.168.221.11 53
192.168.221.22 34484 192.168.221.11 53
192.168.221.22 34533 192.168.221.11 53
192.168.221.22 34573 192.168.221.11 53
192.168.221.22 34698 192.168.221.11 53
192.168.221.22 34731 192.168.221.11 53
192.168.221.22 34745 192.168.221.11 53
192.168.221.22 35069 192.168.221.11 53
192.168.221.22 35101 192.168.221.11 53
192.168.221.22 35195 192.168.221.11 53
192.168.221.22 35293 192.168.221.11 53
192.168.221.22 35322 192.168.221.11 53
192.168.221.22 35397 192.168.221.11 53
192.168.221.22 35704 192.168.221.11 53
192.168.221.22 35809 192.168.221.11 53
192.168.221.22 36204 192.168.221.11 53
192.168.221.22 36251 192.168.221.11 53
192.168.221.22 36314 192.168.221.11 53
192.168.221.22 36331 192.168.221.11 53
192.168.221.22 36489 192.168.221.11 53
192.168.221.22 36940 192.168.221.11 53
192.168.221.22 36954 192.168.221.11 53
192.168.221.22 36986 192.168.221.11 53
192.168.221.22 37230 192.168.221.11 53
192.168.221.22 37310 192.168.221.11 53
192.168.221.22 37387 192.168.221.11 53
192.168.221.22 37683 192.168.221.11 53
192.168.221.22 37957 192.168.221.11 53
192.168.221.22 38098 192.168.221.11 53
192.168.221.22 38302 192.168.221.11 53
192.168.221.22 38351 192.168.221.11 53
192.168.221.22 38358 192.168.221.11 53
192.168.221.22 38629 192.168.221.11 53
192.168.221.22 38787 192.168.221.11 53
192.168.221.22 39082 192.168.221.11 53
192.168.221.22 39411 192.168.221.11 53
192.168.221.22 39447 192.168.221.11 53
192.168.221.22 39666 192.168.221.11 53
192.168.221.22 39699 192.168.221.11 53
192.168.221.22 39806 192.168.221.11 53
192.168.221.22 39888 192.168.221.11 53
192.168.221.22 40032 192.168.221.11 53
192.168.221.22 40242 192.168.221.11 53
192.168.221.22 40501 192.168.221.11 53
192.168.221.22 40544 192.168.221.11 53
192.168.221.22 40562 192.168.221.11 53
192.168.221.22 40574 192.168.221.11 53
192.168.221.22 40623 192.168.221.11 53
192.168.221.22 40629 192.168.221.11 53
192.168.221.22 40703 192.168.221.11 53
192.168.221.22 40759 192.168.221.11 53
192.168.221.22 40798 192.168.221.11 53
192.168.221.22 41201 192.168.221.11 53
192.168.221.22 41223 192.168.221.11 53
192.168.221.22 41262 192.168.221.11 53
192.168.221.22 41268 192.168.221.11 53
192.168.221.22 41934 192.168.221.11 53
192.168.221.22 42027 192.168.221.11 53
192.168.221.22 42061 192.168.221.11 53
192.168.221.22 42094 192.168.221.11 53
192.168.221.22 42241 192.168.221.11 53
192.168.221.22 42282 192.168.221.11 53
192.168.221.22 42524 192.168.221.11 53
192.168.221.22 42550 192.168.221.11 53
192.168.221.22 42804 192.168.221.11 53
192.168.221.22 42883 192.168.221.11 53
192.168.221.22 42991 192.168.221.11 53
192.168.221.22 43205 192.168.221.11 53
192.168.221.22 43273 192.168.221.11 53
192.168.221.22 43525 192.168.221.11 53
192.168.221.22 43898 192.168.221.11 53
192.168.221.22 43929 192.168.221.11 53
192.168.221.22 44174 192.168.221.11 53
192.168.221.22 44375 192.168.221.11 53
192.168.221.22 44435 192.168.221.11 53
192.168.221.22 44461 192.168.221.11 53
192.168.221.22 44773 192.168.221.11 53
192.168.221.22 44776 192.168.221.11 53
192.168.221.22 44839 192.168.221.11 53
192.168.221.22 44930 192.168.221.11 53
192.168.221.22 45129 192.168.221.11 53
192.168.221.22 45147 192.168.221.11 53
192.168.221.22 45227 192.168.221.11 53
192.168.221.22 45286 192.168.221.11 53
192.168.221.22 45411 192.168.221.11 53
192.168.221.22 45557 192.168.221.11 53
192.168.221.22 45572 192.168.221.11 53
192.168.221.22 45627 192.168.221.11 53
192.168.221.22 45648 192.168.221.11 53
192.168.221.22 45825 192.168.221.11 53
192.168.221.22 45927 192.168.221.11 53
192.168.221.22 45961 192.168.221.11 53
192.168.221.22 46282 192.168.221.11 53
192.168.221.22 46346 192.168.221.11 53
192.168.221.22 46365 192.168.221.11 53
192.168.221.22 46538 192.168.221.11 53
192.168.221.22 46560 192.168.221.11 53
192.168.221.22 46774 192.168.221.11 53
192.168.221.22 46788 192.168.221.11 53
192.168.221.22 47004 192.168.221.11 53
192.168.221.22 47103 192.168.221.11 53
192.168.221.22 47126 192.168.221.11 53
192.168.221.22 47133 192.168.221.11 53
192.168.221.22 47167 192.168.221.11 53
192.168.221.22 47353 192.168.221.11 53
192.168.221.22 47454 192.168.221.11 53
192.168.221.22 47629 192.168.221.11 53
192.168.221.22 47666 192.168.221.11 53
192.168.221.22 47929 192.168.221.11 53
192.168.221.22 47934 192.168.221.11 53
192.168.221.22 47977 192.168.221.11 53
192.168.221.22 48003 192.168.221.11 53
192.168.221.22 48259 192.168.221.11 53
192.168.221.22 48319 192.168.221.11 53
192.168.221.22 48394 192.168.221.11 53
192.168.221.22 48419 192.168.221.11 53
192.168.221.22 48768 192.168.221.11 53
192.168.221.22 48920 192.168.221.11 53
192.168.221.22 49111 192.168.221.11 53
192.168.221.22 49113 192.168.221.11 53
192.168.221.22 49118 192.168.221.11 53
192.168.221.22 49260 192.168.221.11 53
192.168.221.22 49375 192.168.221.11 53
192.168.221.22 49644 192.168.221.11 53
192.168.221.22 49719 192.168.221.11 53
192.168.221.22 50007 192.168.221.11 53
192.168.221.22 50246 192.168.221.11 53
192.168.221.22 50268 192.168.221.11 53
192.168.221.22 50416 192.168.221.11 53
192.168.221.22 50643 192.168.221.11 53
192.168.221.22 50720 192.168.221.11 53
192.168.221.22 50834 192.168.221.11 53
192.168.221.22 51023 192.168.221.11 53
192.168.221.22 51047 192.168.221.11 53
192.168.221.22 51279 192.168.221.11 53
192.168.221.22 51296 192.168.221.11 53
192.168.221.22 51426 192.168.221.11 53
192.168.221.22 51458 192.168.221.11 53
192.168.221.22 51700 192.168.221.11 53
192.168.221.22 51765 192.168.221.11 53
192.168.221.22 51892 192.168.221.11 53
192.168.221.22 52063 192.168.221.11 53
192.168.221.22 52167 192.168.221.11 53
192.168.221.22 52287 192.168.221.11 53
192.168.221.22 52289 192.168.221.11 53
192.168.221.22 52382 192.168.221.11 53
192.168.221.22 52515 192.168.221.11 53
192.168.221.22 52622 192.168.221.11 53
192.168.221.22 52668 192.168.221.11 53
192.168.221.22 52683 192.168.221.11 53
192.168.221.22 52726 192.168.221.11 53
192.168.221.22 52827 192.168.221.11 53
192.168.221.22 52884 192.168.221.11 53
192.168.221.22 52899 192.168.221.11 53
192.168.221.22 52982 192.168.221.11 53
192.168.221.22 53087 192.168.221.11 53
192.168.221.22 53126 192.168.221.11 53
192.168.221.22 53399 192.168.221.11 53
192.168.221.22 53456 192.168.221.11 53
192.168.221.22 53503 192.168.221.11 53
192.168.221.22 54037 192.168.221.11 53
192.168.221.22 54310 192.168.221.11 53
192.168.221.22 54402 192.168.221.11 53
192.168.221.22 54417 192.168.221.11 53
192.168.221.22 54430 192.168.221.11 53
192.168.221.22 54464 192.168.221.11 53
192.168.221.22 54545 192.168.221.11 53
192.168.221.22 54589 192.168.221.11 53
192.168.221.22 54700 192.168.221.11 53
192.168.221.22 54704 192.168.221.11 53
192.168.221.22 54849 192.168.221.11 53
192.168.221.22 54977 192.168.221.11 53
192.168.221.22 55083 192.168.221.11 53
192.168.221.22 55137 192.168.221.11 53
192.168.221.22 55173 192.168.221.11 53
192.168.221.22 55223 192.168.221.11 53
192.168.221.22 55358 192.168.221.11 53
192.168.221.22 55463 192.168.221.11 53
192.168.221.22 55560 192.168.221.11 53
192.168.221.22 55663 192.168.221.11 53
192.168.221.22 55680 192.168.221.11 53
192.168.221.22 55695 192.168.221.11 53
192.168.221.22 55836 192.168.221.11 53
192.168.221.22 55884 192.168.221.11 53
192.168.221.22 56039 192.168.221.11 53
192.168.221.22 56542 192.168.221.11 53
192.168.221.22 56584 192.168.221.11 53
192.168.221.22 56664 192.168.221.11 53
192.168.221.22 56734 192.168.221.11 53
192.168.221.22 56883 192.168.221.11 53
192.168.221.22 57023 192.168.221.11 53
192.168.221.22 57536 192.168.221.11 53
192.168.221.22 57659 192.168.221.11 53
192.168.221.22 57799 192.168.221.11 53
192.168.221.22 57902 192.168.221.11 53
192.168.221.22 57931 192.168.221.11 53
192.168.221.22 58063 192.168.221.11 53
192.168.221.22 58266 192.168.221.11 53
192.168.221.22 58301 192.168.221.11 53
192.168.221.22 58651 192.168.221.11 53
192.168.221.22 58806 192.168.221.11 53
192.168.221.22 58813 192.168.221.11 53
192.168.221.22 58849 192.168.221.11 53
192.168.221.22 58921 192.168.221.11 53
192.168.221.22 58958 192.168.221.11 53
192.168.221.22 58960 192.168.221.11 53
192.168.221.22 58982 192.168.221.11 53
192.168.221.22 59184 192.168.221.11 53
192.168.221.22 59212 192.168.221.11 53
192.168.221.22 59352 192.168.221.11 53
192.168.221.22 59376 192.168.221.11 53
192.168.221.22 59706 192.168.221.11 53
192.168.221.22 59888 192.168.221.11 53
192.168.221.22 59983 192.168.221.11 53
192.168.221.22 60045 192.168.221.11 53
192.168.221.22 60360 192.168.221.11 53
192.168.221.22 60363 192.168.221.11 53
192.168.221.22 60379 192.168.221.11 53
192.168.221.22 60546 192.168.221.11 53
192.168.221.22 60564 192.168.221.11 53
192.168.221.22 60614 192.168.221.11 53
192.168.221.22 60663 192.168.221.11 53
192.168.221.22 60720 192.168.221.11 53
192.168.221.22 60838 192.168.221.11 53

DNS

Name Response Post-Analysis Lookup
l1-db-01.v2.int.eh [VT] A 192.168.221.23 [VT]
l1-db-01.v2.int.eh [VT]
80.1.24.172.in-addr.arpa [VT] PTR web1.syddmz.example.com [VT]
web1.syddmz.example.com [VT] A 172.24.1.80 [VT]
web1.syddmz.example.com [VT]
80.1.23.172.in-addr.arpa [VT] PTR web1.londmz.example.com [VT]
81.1.22.172.in-addr.arpa [VT] PTR web2.nycdmz.example.com [VT]
81.1.23.172.in-addr.arpa [VT] PTR web2.londmz.example.com [VT]
81.1.24.172.in-addr.arpa [VT] PTR web2.syddmz.example.com [VT]
80.1.22.172.in-addr.arpa [VT] PTR web1.nycdmz.example.com [VT]

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download

Processing ( 23.963 seconds )

  • 23.828 NetworkAnalysis
  • 0.082 AnalysisInfo
  • 0.046 CAPE
  • 0.004 Debug
  • 0.003 Suricata

Signatures ( 0.046000000000000006 seconds )

  • 0.008 ransomware_files
  • 0.005 antiav_detectreg
  • 0.005 ransomware_extensions
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.002 persistence_autorun
  • 0.002 antianalysis_detectfile
  • 0.002 infostealer_bitcoin
  • 0.002 network_torgateway
  • 0.002 territorial_disputes_sigs
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 network_dns_opennic
  • 0.001 revil_mutexes

Reporting ( 0.048 seconds )

  • 0.048 PCAP2CERT