Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| secure.globalsign.com | 104.18.21.226 | |
| vintagecarsforlife.com | 162.33.179.65 | |
| prestige-castom.com | 162.33.179.65 |
- TCP Requests
-
-
175.208.134.153:58761 192.168.56.102:5911
-
192.168.56.102:49169 104.18.20.226:80secure.globalsign.com
-
192.168.56.102:49172 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49176 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49177 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49180 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49183 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49185 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49186 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49188 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49190 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49191 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49192 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49193 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49195 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49196 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49198 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49199 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49200 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49201 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49202 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49203 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49204 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49205 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49206 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49207 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49208 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49209 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49210 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49211 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49212 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49213 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49214 162.33.179.65:2351prestige-castom.com
-
192.168.56.102:49215 162.33.179.65:2351prestige-castom.com
-
- UDP Requests
-
-
192.168.56.102:51405 164.124.101.2:53
-
192.168.56.102:53778 164.124.101.2:53
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:65226 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:53781 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
200
http://secure.globalsign.com/cacert/codesigningrootr45.crt
REQUEST
RESPONSE
BODY
GET /cacert/codesigningrootr45.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: secure.globalsign.com
HTTP/1.1 200 OK
Date: Wed, 11 Oct 2023 02:15:25 GMT
Content-Type: application/x-x509-ca-cert
Content-Length: 1398
Connection: keep-alive
Last-Modified: Mon, 15 Aug 2022 11:54:13 GMT
ETag: "62fa33e5-576"
CF-Cache-Status: HIT
Age: 57820
Expires: Sat, 11 Nov 2023 02:15:25 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 8143985d48d4ee0d-ICN
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49176 -> 162.33.179.65:2351 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 192.168.56.102:49180 -> 162.33.179.65:2351 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 192.168.56.102:49172 -> 162.33.179.65:2351 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 162.33.179.65:2351 -> 192.168.56.102:49172 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 162.33.179.65:2351 -> 192.168.56.102:49172 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
| TCP 192.168.56.102:49183 -> 162.33.179.65:2351 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
| TCP 162.33.179.65:2351 -> 192.168.56.102:49180 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 162.33.179.65:2351 -> 192.168.56.102:49180 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts