Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| hata.co.za | 154.0.162.214 | |
| jerenyankipong.duckdns.org | 129.232.17.6 | |
| google.com | 142.250.207.14 | |
| www.google.com | 142.250.199.100 |
- UDP Requests
-
-
192.168.56.103:51935 164.124.101.2:53
-
192.168.56.103:60117 164.124.101.2:53
-
192.168.56.103:60880 164.124.101.2:53
-
192.168.56.103:63183 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49152 239.255.255.250:3702
-
192.168.56.103:63186 239.255.255.250:1900
-
GET
301
http://google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: google.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Dec 2021 02:18:00 GMT
Expires: Sat, 22 Jan 2022 02:18:00 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 23 Dec 2021 02:18:00 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-12-23-02; expires=Sat, 22-Jan-2022 02:18:00 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=Y6DjIXm8T0cHHwr5y_8AF_eM0NZDV6yHxaGKqgyX1iUPJgSdDMyvk4KOESLJNsYlub6upByaw0TZ2W4wCKMqYMOWr8VYuQBHmY--5wOmNbT5VlQT2d6xQjl0U7k4J_beSN-gjUoKGiMyFGiRBvfs82XQBRovpejpGHhRSfsfnuE; expires=Fri, 24-Jun-2022 02:18:00 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
301
http://google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Dec 2021 02:18:02 GMT
Expires: Sat, 22 Jan 2022 02:18:02 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
HTTP/1.1 200 OK
Date: Thu, 23 Dec 2021 02:18:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-12-23-02; expires=Sat, 22-Jan-2022 02:18:02 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=IauqRKO3CzGeRVjCCVgmim2rB0-Zx2XiAXGZfh1EVfwmqCdNMwTiTq4SoOrZH19znIpDy8L7n0CQ6Fl4P7Z-vY6Vv57RqcZN_tvUT0tWxD1ipP8sAATKKSMk3Tm54wzzBaboHFK--Aei-FUhLaNd1kjvrrUzsYgL3joRsvj9a40; expires=Fri, 24-Jun-2022 02:18:02 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
301
http://google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Dec 2021 02:18:04 GMT
Expires: Sat, 22 Jan 2022 02:18:04 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
HTTP/1.1 200 OK
Date: Thu, 23 Dec 2021 02:18:04 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-12-23-02; expires=Sat, 22-Jan-2022 02:18:04 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=hXNjUbYAD8MILqpaZKU-zKPSdiwiRMRAcXBnWYxxGtDtjCWPHi9NuYHbdNYTSiz06U20prAdcg6LV0IHAevJbX9GwFCmVuBMbjNzr5yDIwhDuueVnKFntqFPAVYgDmCxZhLwE305_l4KQwqalBr3a2uGmI7JOn8TQxMSvo33WFs; expires=Fri, 24-Jun-2022 02:18:04 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
301
http://google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Dec 2021 02:18:06 GMT
Expires: Sat, 22 Jan 2022 02:18:06 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
HTTP/1.1 200 OK
Date: Thu, 23 Dec 2021 02:18:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-12-23-02; expires=Sat, 22-Jan-2022 02:18:07 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=lzdChqrpAhsa52iA9ah2ZGux0xdlvVkHXCDkKZBf6t8Oiwh8My_QlCfe6VeLzvHTQrfsfq_g6sLFD_nF8b4kxFXgJUjcm3tNYQui54twcXIIYhQQY_3lDFJiWMOrw8_rqtDcKXbiAl7EFmYaY-a5g9ilIIpzHM3TRtMChEOf9gY; expires=Fri, 24-Jun-2022 02:18:07 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
301
http://google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Dec 2021 02:18:09 GMT
Expires: Sat, 22 Jan 2022 02:18:09 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET
200
http://www.google.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: www.google.com
HTTP/1.1 200 OK
Date: Thu, 23 Dec 2021 02:18:09 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2021-12-23-02; expires=Sat, 22-Jan-2022 02:18:09 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=Xfk85tM-ttJIgvuiC0-HSVLpnBGf2vAwUP3uYoPnZbmasG-yR2lKPobLXI099hqu-BMXQiO_FU3WkKg5OJk66u81Rv8G0KwimEOCG8sEuRhp-Jkc_j1i87lHhDK3QOqGCY74N2cPtbk4Ze15nqsVQcRiJOedb0b5oU5X4LbEncw; expires=Fri, 24-Jun-2022 02:18:09 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
GET
404
http://hata.co.za/FRE/JERENYAKIPONG.exe
REQUEST
RESPONSE
BODY
GET /FRE/JERENYAKIPONG.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3)
Host: hata.co.za
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 23 Dec 2021 02:18:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49162 -> 172.217.31.238:80 | 2018430 | ET HUNTING SUSPICIOUS Possible automated connectivity check (www.google.com) | Potentially Bad Traffic |
| UDP 192.168.56.103:60880 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts