Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| email.yg9.me | 198.13.62.186 | |
| email.yg9.me | 198.13.62.186 | |
| ol.gamegame.info | 172.67.200.215 | |
| ip-api.com | 208.95.112.1 | |
| iw.gamegame.info | 172.67.200.215 |
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54221 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:50840 198.13.62.186:53email.yg9.me
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:50841 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:57661 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
http://ip-api.com/json/?fields=8198
REQUEST
RESPONSE
BODY
GET /json/?fields=8198 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ip-api.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 60
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
POST
200
http://iw.gamegame.info/report7.4.php
REQUEST
RESPONSE
BODY
POST /report7.4.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: iw.gamegame.info
Content-Length: 282
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:05 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
cf-request-id: 0ae22ce0600000eae7cd856000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5Jz7O%2BaSUIn971oeQaPamVvBGN5OaF6NX9xpwFzPAO%2B80SNpk7RYNjQVTdCI8maSnXZR89%2FsoUwCvFmsJHkdDpp2KnJ9%2Fn%2F1GlMzSFxgnO2lGmwMtB1rtPBQBFGrnw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 664a17470da6eae7-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
http://ip-api.com/json/?fields=8198
REQUEST
RESPONSE
BODY
GET /json/?fields=8198 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ip-api.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 60
Access-Control-Allow-Origin: *
X-Ttl: 59
X-Rl: 43
POST
200
http://ol.gamegame.info/report7.4.php
REQUEST
RESPONSE
BODY
POST /report7.4.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ol.gamegame.info
Content-Length: 282
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:06 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
cf-request-id: 0ae22ce4190000eb695aac0000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Aw13zmogLfTsd7Z7AmuM1FI8M7je0HwQM86Ngg%2F5VoS16it89jWzEtXSCIW78ErEqDiyzTgJC4LCj3tzObdymeBgScauNIbG0jM7NU%2BDqw7YSuGYXq8h8FHN9qLOBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 664a174cfa10eb69-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
http://ip-api.com/json/?fields=8198
REQUEST
RESPONSE
BODY
GET /json/?fields=8198 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ip-api.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:05 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 60
Access-Control-Allow-Origin: *
X-Ttl: 58
X-Rl: 42
POST
200
http://iw.gamegame.info/report7.4.php
REQUEST
RESPONSE
BODY
POST /report7.4.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: iw.gamegame.info
Content-Length: 282
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:06 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
cf-request-id: 0ae22ce67d0000eae7d6b86000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=h%2FeDrVTDsW1cpXnipcUvjHE2Wr%2F6ZadjLUnnhkRGCeBwHjkIqSzXTSs3UTzwwULJp5kqGCTKEJvgwT%2Foqrcr%2BVpxScfpLZyCs8c%2FOuw%2FxCJcWXq2qIj1NK9Hr5QASQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 664a1750cab4eae7-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
http://ip-api.com/json/?fields=8198
REQUEST
RESPONSE
BODY
GET /json/?fields=8198 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ip-api.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:06 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 60
Access-Control-Allow-Origin: *
X-Ttl: 57
X-Rl: 41
POST
200
http://iw.gamegame.info/report7.4.php
REQUEST
RESPONSE
BODY
POST /report7.4.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: iw.gamegame.info
Content-Length: 710
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:07 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
cf-request-id: 0ae22ce89f0000eae7cd8c0000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WIvPUuTFEmGbxK4LnbBcbZocs6Q8IcfAJFZFr7ozCmk81KhtqvLBQzpWPvW17jm2WWlh8DpIsbm741cHIr8dbISf14MB8jEXv2pDf3JvwHIGFjyC2xONCbyzITDmrw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 664a17543edeeae7-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET
200
http://ip-api.com/json/?fields=8198
REQUEST
RESPONSE
BODY
GET /json/?fields=8198 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: ip-api.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:06 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 60
Access-Control-Allow-Origin: *
X-Ttl: 56
X-Rl: 40
POST
200
http://iw.gamegame.info/report7.4.php
REQUEST
RESPONSE
BODY
POST /report7.4.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Host: iw.gamegame.info
Content-Length: 254
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Jun 2021 00:31:07 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
cf-request-id: 0ae22ceab90000eae759bd4000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Hzpc4CpPh2w3YmBWftN1hSCa68JPz3FjSdqD5u7mkh4u5MZqxCa9CtyepricSZiue8A4IKsk8TOSFkgYRdFfvSpKTI8vHX6WOmBbUY2HcgrRle1QLx%2BFwF3huHcMdA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 664a17578affeae7-LAX
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.102 | 164.124.101.2 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:50840 -> 198.13.62.186:53 | 2014702 | ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set | Potential Corporate Privacy Violation |
| TCP 192.168.56.102:49812 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.102:49812 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.102:49812 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.102:49812 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.102:49812 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts