Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| indigopeter.ddns.net | 105.115.3.119 | |
| freegeoip.net | 104.26.14.73 |
- TCP Requests
- UDP Requests
-
-
192.168.56.102:56630 164.124.101.2:53
-
192.168.56.102:62846 164.124.101.2:53
-
192.168.56.102:63709 164.124.101.2:53
-
192.168.56.102:64513 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:62849 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
301
http://freegeoip.net/json/
REQUEST
RESPONSE
BODY
GET /json/ HTTP/1.1
Host: freegeoip.net
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Tue, 09 Jan 2024 05:47:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 09 Jan 2024 06:47:35 GMT
Location: http://freegeoip.net/shutdown
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ozC%2B5P3utrEBs5jE59%2BYrE12aY2xlxaf%2B0%2B%2FlBz8JiBpmUgpLaMMhy%2BNLVMi8f%2BcSqjjgRq%2BMpetj7EkNEPuCmpO8mq8m7XG%2BvFcvahvuSbk6K5PPJT9PhUVjT46s4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 842a62eb7a5e29e1-FUK
GET
200
http://freegeoip.net/shutdown
REQUEST
RESPONSE
BODY
GET /shutdown HTTP/1.1
Host: freegeoip.net
HTTP/1.1 200 OK
Date: Tue, 09 Jan 2024 05:47:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: max-age=31536000, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 17 Dec 2023 21:50:32 GMT
x-cache-miss-from: parking-56c7b4c6cb-b5f4k
CF-Cache-Status: HIT
Age: 1929423
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GlaUzWBZrW6JyOjRXCPz%2FRCE5qkYdSGekwdKgHo0Lj3ZLH8L69JKasPLXmNclDdx1RTwhQYF7CpbSPMjW2VoGvTuYhzt9J%2Bhb8NSZfD3bPwZL69K31XAhZr6ZnCQ%2FEk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 842a62ebbaeb29e1-FUK
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:63709 -> 164.124.101.2:53 | 2036860 | ET INFO External IP Lookup Domain (freegeiop .net in DNS lookup) | Device Retrieving External IP Address Detected |
| UDP 192.168.56.102:56630 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
| UDP 192.168.56.102:62846 -> 164.124.101.2:53 | 2028675 | ET POLICY DNS Query to DynDNS Domain *.ddns .net | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts