NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
51.142.119.24	Active	Moloch
91.215.85.180	Active	Moloch

Name	Response	Post-Analysis Lookup
balibumba1.com	A 91.215.85.180	91.215.85.180
geo.netsupportsoftware.com	A 51.142.119.24 CNAME geography.netsupportsoftware.com A 62.172.138.67	62.172.138.67

TCP Requests

UDP Requests

GET 200 http://geo.netsupportsoftware.com/location/loca.asp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49166 -> 51.142.119.24:80	2034559	ET POLICY NetSupport GeoLocation Lookup Request	Potential Corporate Privacy Violation
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2035892	ET INFO NetSupport Remote Admin Checkin	Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2035895	ET INFO NetSupport Remote Admin Response	Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2035892	ET INFO NetSupport Remote Admin Checkin	Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2035895	ET INFO NetSupport Remote Admin Response	Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2035892	ET INFO NetSupport Remote Admin Checkin	Misc activity
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2035895	ET INFO NetSupport Remote Admin Response	Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2035892	ET INFO NetSupport Remote Admin Checkin	Misc activity
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 91.215.85.180:5222 -> 192.168.56.102:49167	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.102:49167 -> 91.215.85.180:5222	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts