Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| strang-01-static.com | 111.90.145.141 | |
| strang-02-static.com | 111.90.145.141 | |
| voucher-01-static.com | 91.92.243.32 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.103:137
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:55149 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.101:123
-
8.8.8.8:53 192.168.56.101:53850
-
GET
200
http://voucher-01-static.com/rkei/1068.txt
REQUEST
RESPONSE
BODY
GET /rkei/1068.txt HTTP/1.1
Host: voucher-01-static.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 08 Jul 2024 07:49:43 GMT
Content-Type: text/plain
Content-Length: 737280
Last-Modified: Fri, 17 May 2024 05:38:10 GMT
Connection: keep-alive
ETag: "6646ed42-b4000"
Accept-Ranges: bytes
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 91.92.243.32:80 -> 192.168.56.101:49162 | 2400012 | ET DROP Spamhaus DROP Listed Traffic Inbound group 13 | Misc Attack |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts