Network Analysis
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
No traffic
No traffic
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 1608
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:00 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
Transfer-Encoding: chunked
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 776
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Length: 240
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:00 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 220
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Length: 176
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:00 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 220
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Length: 176
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:10 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 220
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Length: 176
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:19 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
POST
200
http://142.93.165.203/data
REQUEST
RESPONSE
BODY
POST /data HTTP/1.1
Host: 142.93.165.203
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Content-Length: 220
Accept-Encoding: gzip
Connection: close
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache
Content-Length: 176
Content-Type: application/javascript; charset=utf-8
Content-Type: application/octet-stream
Date: Fri, 21 Mar 2025 13:49:29 GMT
Pragma: no-cache
Server: NetDNA-cache/2.2
Connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.168.106:38074 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
| TCP 192.168.168.106:38076 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
| TCP 192.168.168.106:38078 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
| TCP 192.168.168.106:38080 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
| TCP 192.168.168.106:38082 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
| TCP 192.168.168.106:38086 -> 142.93.165.203:80 | 2610844 | TGI HUNT Mythic Example C2 Profile Artifacts | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
