Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 104.21.68.117 | Active | Moloch |
| 149.88.71.203 | Active | Moloch |
| 162.0.238.43 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 172.66.44.73 | Active | Moloch |
| 172.67.134.136 | Active | Moloch |
| 198.54.117.242 | Active | Moloch |
| 35.212.60.56 | Active | Moloch |
| 45.33.6.223 | Active | Moloch |
| 47.239.13.172 | Active | Moloch |
- TCP Requests
-
-
192.168.56.103:49187 104.21.68.117:80www.planningexcellence.org
-
192.168.56.103:49175 149.88.71.203:80www.mildhicky.com
-
192.168.56.103:49176 149.88.71.203:80www.mildhicky.com
-
192.168.56.103:49177 149.88.71.203:80www.mildhicky.com
-
192.168.56.103:49172 162.0.238.43:80www.heolty.xyz
-
192.168.56.103:49173 162.0.238.43:80www.heolty.xyz
-
192.168.56.103:49174 162.0.238.43:80www.heolty.xyz
-
192.168.56.103:49169 172.66.44.73:80www.5597043.com
-
192.168.56.103:49170 172.66.44.73:80www.5597043.com
-
192.168.56.103:49163 172.67.134.136:443dukeenergyltd.top
-
192.168.56.103:49178 198.54.117.242:80www.usebanq.com
-
192.168.56.103:49179 198.54.117.242:80www.usebanq.com
-
192.168.56.103:49180 198.54.117.242:80www.usebanq.com
-
192.168.56.103:49184 35.212.60.56:80www.baldjourney.com
-
192.168.56.103:49185 35.212.60.56:80www.baldjourney.com
-
192.168.56.103:49186 35.212.60.56:80www.baldjourney.com
-
192.168.56.103:49171 45.33.6.223:80www.sqlite.org
-
192.168.56.103:49181 47.239.13.172:80www.vt0lcffi5.sbs
-
192.168.56.103:49182 47.239.13.172:80www.vt0lcffi5.sbs
-
192.168.56.103:49183 47.239.13.172:80www.vt0lcffi5.sbs
-
- UDP Requests
-
-
192.168.56.103:50674 164.124.101.2:53
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:53658 164.124.101.2:53
-
192.168.56.103:53673 164.124.101.2:53
-
192.168.56.103:56613 164.124.101.2:53
-
192.168.56.103:57986 164.124.101.2:53
-
192.168.56.103:60225 164.124.101.2:53
-
192.168.56.103:62576 164.124.101.2:53
-
192.168.56.103:64178 164.124.101.2:53
-
192.168.56.103:64530 164.124.101.2:53
-
192.168.56.103:64631 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.101:137
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:64897 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.103:123
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:64894 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
| TCP 192.168.56.103:49163 -> 172.67.134.136:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.103:49185 -> 35.212.60.56:80 | 2221033 | SURICATA HTTP Request abnormal Content-Encoding header | Generic Protocol Command Decode |
| TCP 192.168.56.103:49184 -> 35.212.60.56:80 | 2221033 | SURICATA HTTP Request abnormal Content-Encoding header | Generic Protocol Command Decode |
| TCP 198.54.117.242:80 -> 192.168.56.103:49178 | 2527002 | ET Threatview.io High Confidence Cobalt Strike C2 IP group 3 | Misc Attack |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.103:49163 172.67.134.136:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=dukeenergyltd.top | dc:d1:cd:ef:25:8a:f4:08:21:69:c1:4e:19:c4:d8:e3:67:23:ee:f6 |
Snort Alerts
No Snort Alerts