Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| checkmybones.dns.army | 185.91.69.172 | |
| carrozzeriabalestra.it | 46.16.95.61 | |
| www.geoplugin.net |
CNAME
geoplugin.net
|
178.237.33.50 |
- TCP Requests
- UDP Requests
-
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56633 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
192.168.56.103:137 192.168.56.102:137
-
GET
200
http://www.geoplugin.net/json.gp?ip=175.208.134.152
REQUEST
RESPONSE
BODY
GET /json.gp?ip=175.208.134.152 HTTP/1.1
User-Agent: Java/1.8.0_131
Host: www.geoplugin.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
HTTP/1.1 200 OK
date: Fri, 07 Apr 2023 07:33:43 GMT
server: Apache
content-length: 948
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
access-control-allow-origin: *
GET
200
http://www.geoplugin.net/json.gp?ip=175.208.134.152
REQUEST
RESPONSE
BODY
GET /json.gp?ip=175.208.134.152 HTTP/1.1
User-Agent: Java/1.8.0_131
Host: www.geoplugin.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
HTTP/1.1 200 OK
date: Fri, 07 Apr 2023 08:56:48 GMT
server: Apache
expires: Fri, 07 Apr 2023 08:56:48 GMT
content-length: 948
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
access-control-allow-origin: *
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:56630 -> 164.124.101.2:53 | 2042831 | ET INFO DYNAMIC_DNS Query to a *.dns .army Domain | Potentially Bad Traffic |
| TCP 192.168.56.102:49166 -> 178.237.33.50:80 | 2019401 | ET POLICY Vulnerable Java Version 1.8.x Detected | Potentially Bad Traffic |
| TCP 192.168.56.102:49166 -> 178.237.33.50:80 | 2019401 | ET POLICY Vulnerable Java Version 1.8.x Detected | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49169 46.16.95.61:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.carrozzeriabalestra.it | 38:14:89:8b:c8:63:66:5c:06:66:99:87:1c:93:f8:e7:46:89:6a:0e |
|
TLS 1.2 192.168.56.102:49170 46.16.95.61:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.carrozzeriabalestra.it | 38:14:89:8b:c8:63:66:5c:06:66:99:87:1c:93:f8:e7:46:89:6a:0e |
|
TLS 1.2 192.168.56.102:49165 46.16.95.61:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.carrozzeriabalestra.it | 38:14:89:8b:c8:63:66:5c:06:66:99:87:1c:93:f8:e7:46:89:6a:0e |
Snort Alerts
No Snort Alerts