Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| objects.githubusercontent.com | 185.199.108.133 | |
| repo1.maven.org | 199.232.196.209 | |
| jinvestments.duckdns.org | 103.47.144.44 | |
| github.com | 20.200.245.247 |
- TCP Requests
- UDP Requests
-
-
192.168.56.102:51405 164.124.101.2:53
-
192.168.56.102:53778 164.124.101.2:53
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:51408 239.255.255.250:1900
-
192.168.56.103:137 192.168.56.102:137
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:53778 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
| UDP 192.168.56.102:53778 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
| UDP 192.168.56.102:51405 -> 164.124.101.2:53 | 2042936 | ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain | Potentially Bad Traffic |
| UDP 192.168.56.102:51405 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.102:49163 151.101.196.209:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1 | CN=repo1.maven.org | 94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3 |
|
TLS 1.2 192.168.56.102:49166 185.199.109.133:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io | a1:46:14:c7:2a:1d:52:79:f6:aa:2b:b2:c5:0a:3b:d3:f5:02:06:75 |
|
TLS 1.2 192.168.56.102:49165 151.101.196.209:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1 | CN=repo1.maven.org | 94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3 |
|
TLS 1.2 192.168.56.102:49162 20.200.245.247:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com | a3:b5:9e:5f:e8:84:ee:1f:34:d9:8e:ef:85:8e:3f:b6:62:ac:10:4a |
|
TLS 1.2 192.168.56.102:49164 151.101.196.209:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2023 Q1 | CN=repo1.maven.org | 94:bc:2a:d0:1a:cf:41:94:d4:9a:de:44:ab:b4:42:39:8a:f6:bf:f3 |
Snort Alerts
No Snort Alerts