Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 103.54.250.99 | Active | Moloch |
| 104.20.55.214 | Active | Moloch |
| 104.21.1.213 | Active | Moloch |
| 104.21.27.205 | Active | Moloch |
| 104.21.50.138 | Active | Moloch |
| 104.21.55.151 | Active | Moloch |
| 104.21.68.7 | Active | Moloch |
| 104.21.73.229 | Active | Moloch |
| 104.21.76.140 | Active | Moloch |
| 104.21.77.146 | Active | Moloch |
| 104.21.79.166 | Active | Moloch |
| 104.21.92.170 | Active | Moloch |
| 104.26.0.82 | Active | Moloch |
| 104.26.10.81 | Active | Moloch |
| 104.26.12.244 | Active | Moloch |
| 104.26.2.124 | Active | Moloch |
| 141.193.213.20 | Active | Moloch |
| 172.67.129.18 | Active | Moloch |
| 172.67.134.134 | Active | Moloch |
| 172.67.140.52 | Active | Moloch |
| 172.67.142.169 | Active | Moloch |
| 172.67.148.35 | Active | Moloch |
| 172.67.150.80 | Active | Moloch |
| 172.67.156.49 | Active | Moloch |
| 172.67.173.200 | Active | Moloch |
| 172.67.181.113 | Active | Moloch |
| 172.67.193.133 | Active | Moloch |
| 172.67.198.26 | Active | Moloch |
| 172.67.199.57 | Active | Moloch |
| 172.67.201.26 | Active | Moloch |
| 172.67.209.11 | Active | Moloch |
| 172.67.212.131 | Active | Moloch |
| 172.67.33.252 | Active | Moloch |
| 172.67.70.22 | Active | Moloch |
| 185.208.164.106 | Active | Moloch |
| 185.63.228.45 | Active | Moloch |
| 186.230.14.42 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 208.95.112.1 | Active | Moloch |
| 193.231.236.124 | Active | Moloch |
| 193.57.67.4 | Active | Moloch |
| 200.40.52.151 | Active | Moloch |
| 23.227.38.74 | Active | Moloch |
| 34.174.61.199 | Active | Moloch |
| 46.242.233.27 | Active | Moloch |
| 64.26.60.153 | Active | Moloch |
| 76.223.54.146 | Active | Moloch |
| 80.147.223.166 | Active | Moloch |
| 81.22.97.159 | Active | Moloch |
| 83.56.13.220 | Active | Moloch |
| 88.198.0.105 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| ip-api.com | 208.95.112.1 |
- TCP Requests
-
-
103.54.250.99:25 192.168.56.103:50076
-
172.67.156.49:443 192.168.56.103:49357
-
172.67.193.133:443 192.168.56.103:49289
-
172.67.199.57:443 192.168.56.103:49276
-
185.208.164.106:25 192.168.56.103:50099
-
185.63.228.45:25 192.168.56.103:50038
-
186.230.14.42:25 192.168.56.103:50031
-
192.168.56.103:49161 208.95.112.1:80ip-api.com
-
193.231.236.124:25 192.168.56.103:50046
-
193.57.67.4:25 192.168.56.103:50069
-
200.40.52.151:25 192.168.56.103:50027
-
34.174.61.199:25 192.168.56.103:50006
-
46.242.233.27:25 192.168.56.103:50072
-
64.26.60.153:25 192.168.56.103:50043
-
80.147.223.166:25 192.168.56.103:50034
-
81.22.97.159:25 192.168.56.103:50088
-
83.56.13.220:25 192.168.56.103:50083
-
88.198.0.105:25 192.168.56.103:50092
-
GET
200
http://ip-api.com/line/?fields=hosting
REQUEST
RESPONSE
BODY
GET /line/?fields=hosting HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Host: ip-api.com
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 12 Oct 2023 23:41:07 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.103:49161 -> 208.95.112.1:80 | 2022082 | ET POLICY External IP Lookup ip-api.com | Device Retrieving External IP Address Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts