Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| myexternalip.com | 34.117.118.44 | |
| ip-addr.es | 188.165.164.184 |
GET
308
http://ip-addr.es/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: ip-addr.es
Cache-Control: no-cache
HTTP/1.1 308 Permanent Redirect
Date: Sat, 06 Jul 2024 09:16:13 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://ip-addr.es/
Server: DYNAMIC+
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://myexternalip.com/raw
REQUEST
RESPONSE
BODY
GET /raw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: myexternalip.com
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Sat, 06 Jul 2024 09:22:31 GMT
content-type: text/plain; charset=utf-8
Content-Length: 15
access-control-allow-origin: *
via: 1.1 google
GET
308
http://ip-addr.es/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: ip-addr.es
Cache-Control: no-cache
HTTP/1.1 308 Permanent Redirect
Date: Sat, 06 Jul 2024 09:18:02 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://ip-addr.es/
Server: DYNAMIC+
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET
200
http://myexternalip.com/raw
REQUEST
RESPONSE
BODY
GET /raw HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: myexternalip.com
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Sat, 06 Jul 2024 09:24:20 GMT
content-type: text/plain; charset=utf-8
Content-Length: 15
access-control-allow-origin: *
via: 1.1 google
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 185.172.128.90:80 -> 192.168.56.101:49163 | 2400032 | ET DROP Spamhaus DROP Listed Traffic Inbound group 33 | Misc Attack |
| TCP 192.168.56.101:49163 -> 188.165.164.184:80 | 2020105 | ET INFO HTTP Request for External IP Check (ip-addr .es) | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49171 -> 188.165.164.184:80 | 2020105 | ET INFO HTTP Request for External IP Check (ip-addr .es) | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49164 -> 34.117.118.44:80 | 2019980 | ET POLICY External IP Check myexternalip.com | Device Retrieving External IP Address Detected |
| TCP 192.168.56.101:49172 -> 34.117.118.44:80 | 2019980 | ET POLICY External IP Check myexternalip.com | Device Retrieving External IP Address Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts