Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| checkip.dyndns.org |
CNAME
checkip.dyndns.com
|
131.186.113.70 |
| freegeoip.app | 172.67.188.154 |
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62326 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://freegeoip.app/xml/175.208.134.150
REQUEST
RESPONSE
BODY
GET /xml/175.208.134.150 HTTP/1.1
Host: freegeoip.app
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 03 May 2021 23:11:00 GMT
Content-Type: application/xml
Content-Length: 356
Connection: keep-alive
Set-Cookie: __cfduid=d7e2b03d8814944cb3a02a034b8ade91b1620083460; expires=Wed, 02-Jun-21 23:11:00 GMT; path=/; domain=.freegeoip.app; HttpOnly; SameSite=Lax; Secure
Vary: Origin
X-Database-Date: Thu, 16 Jul 2020 08:44:46 GMT
X-Ratelimit-Limit: 15000
X-Ratelimit-Remaining: 14999
X-Ratelimit-Reset: 3600
CF-Cache-Status: DYNAMIC
cf-request-id: 09d618e12c000036301333a000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BeEnMYbnqaeOZS62Em22gNwfaFWT8jX4Zvmut607y0YLwq4hGEJsT41Yi%2BHw18B1agNAosgTaT6bM4Ws7l%2FlqIqWASmy6hbHiyX2nE7w"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 649d2a7b7dc93630-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
GET
200
http://107.173.191.48/ewa/vbc.exe
REQUEST
RESPONSE
BODY
GET /ewa/vbc.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: 107.173.191.48
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 03 May 2021 23:09:15 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
Last-Modified: Mon, 03 May 2021 12:32:36 GMT
ETag: "b7200-5c16c28184649"
Accept-Ranges: bytes
Content-Length: 750080
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
GET
200
http://checkip.dyndns.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0.1
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 107
GET
200
http://checkip.dyndns.org/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
Host: checkip.dyndns.org
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0.1
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 107
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.101:49214 172.67.188.154:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a1:b3:fe:fd:e8:05:d5:f2:ad:ee:b3:5b:8c:5f:ae:4f:43:52:5e:89 |
Snort Alerts
No Snort Alerts