Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
prod.detectportal.prod.cloudops.mozgcp.net |
AAAA
2600:1901:0:38d7::
|
34.107.221.82 |
prod.detectportal.prod.cloudops.mozgcp.net | 34.107.221.82 | |
mozilla.org | 44.236.48.31 | |
detectportal.firefox.com | 34.107.221.82 |
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54221 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:62039 164.124.101.2:53
-
192.168.56.102:62461 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:62042 239.255.255.250:1900
-
192.168.56.102:62044 239.255.255.250:3702
-
192.168.56.102:62046 239.255.255.250:3702
-
192.168.56.102:62048 239.255.255.250:3702
-
GET
200
https://190.110.179.139/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/
REQUEST
RESPONSE
BODY
GET /tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 190.110.179.139
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 18 Jun 2021 00:49:41 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://27.72.107.215/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/
REQUEST
RESPONSE
BODY
GET /tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 27.72.107.215
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 18 Jun 2021 00:49:44 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://186.97.172.178/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/
REQUEST
RESPONSE
BODY
GET /tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 186.97.172.178
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 18 Jun 2021 00:49:48 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://186.97.172.178/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/
REQUEST
RESPONSE
BODY
GET /tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 186.97.172.178
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 18 Jun 2021 00:49:49 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
https://27.72.107.215/tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/
REQUEST
RESPONSE
BODY
GET /tot112/TEST22-PC_W617601.B83B71A0873C68B5D06BB278310EAB3F/5/kps/ HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.76.0
Host: 27.72.107.215
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 18 Jun 2021 00:50:14 GMT
Content-Type: application/octet-stream
Content-Length: 224
Connection: keep-alive
GET
200
http://detectportal.firefox.com/success.txt?ipv4
REQUEST
RESPONSE
BODY
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Jun 2021 14:28:16 GMT
Content-Type: text/plain
Content-Length: 8
Via: 1.1 google
Age: 37252
Cache-Control: public, must-revalidate, max-age=0, s-maxage=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49811 190.110.179.139:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | a4:a1:81:06:c2:26:c0:b1:d3:f0:fe:7a:2c:ff:b4:d6:09:65:aa:e7 |
TLSv1 192.168.56.102:49812 27.72.107.215:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | a4:a1:81:06:c2:26:c0:b1:d3:f0:fe:7a:2c:ff:b4:d6:09:65:aa:e7 |
TLSv1 192.168.56.102:49813 186.97.172.178:443 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 03:f9:52:49:c0:e2:62:9b:bf:52:1c:0d:34:ce:e9:25:49:fb:7e:cc |
Snort Alerts
No Snort Alerts