Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
| 183.111.183.31 | Active | Moloch |
| 194.9.94.86 | Active | Moloch |
| 198.12.241.35 | Active | Moloch |
| 45.33.6.223 | Active | Moloch |
| 66.96.161.166 | Active | Moloch |
| 67.223.117.189 | Active | Moloch |
| 91.195.240.19 | Active | Moloch |
| 93.127.196.151 | Active | Moloch |
| 94.23.162.163 | Active | Moloch |
- TCP Requests
-
-
192.168.56.101:49182 183.111.183.31:80www.mrart.co.kr
-
192.168.56.101:49183 183.111.183.31:80www.mrart.co.kr
-
192.168.56.101:49176 194.9.94.86:80www.xn--matfrmn-jxa4m.se
-
192.168.56.101:49177 194.9.94.86:80www.xn--matfrmn-jxa4m.se
-
192.168.56.101:49180 198.12.241.35:80www.aceautocorp.com
-
192.168.56.101:49181 198.12.241.35:80www.aceautocorp.com
-
192.168.56.101:49169 45.33.6.223:80www.sqlite.org
-
192.168.56.101:49167 66.96.161.166:80www.terelprime.com
-
192.168.56.101:49168 66.96.161.166:80www.terelprime.com
-
192.168.56.101:49184 67.223.117.189:80www.touchclean.top
-
192.168.56.101:49185 67.223.117.189:80www.touchclean.top
-
192.168.56.101:49178 91.195.240.19:80www.primeplay88.org
-
192.168.56.101:49179 91.195.240.19:80www.primeplay88.org
-
192.168.56.101:49186 93.127.196.151:80www.ibistradingco.com
-
192.168.56.101:49187 93.127.196.151:80www.ibistradingco.com
-
192.168.56.101:49174 94.23.162.163:80www.kinkynerdspro.blog
-
192.168.56.101:49175 94.23.162.163:80www.kinkynerdspro.blog
-
- UDP Requests
-
-
192.168.56.101:52753 164.124.101.2:53
-
192.168.56.101:52797 164.124.101.2:53
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:58297 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:53853 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.101:61950
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:58297 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.101:49180 -> 198.12.241.35:80 | 2221033 | SURICATA HTTP Request abnormal Content-Encoding header | Generic Protocol Command Decode |
| TCP 192.168.56.101:49185 -> 67.223.117.189:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts