Network Analysis
IP Address | Status | Action |
---|---|---|
1.0.0.1 | Active | Moloch |
129.250.35.250 | Active | Moloch |
129.250.35.251 | Active | Moloch |
156.154.70.1 | Active | Moloch |
156.154.70.22 | Active | Moloch |
156.154.70.25 | Active | Moloch |
156.154.71.1 | Active | Moloch |
156.154.71.22 | Active | Moloch |
156.154.71.25 | Active | Moloch |
164.124.101.2 | Active | Moloch |
198.153.192.1 | Active | Moloch |
198.153.194.1 | Active | Moloch |
198.41.0.4 | Active | Moloch |
199.2.252.10 | Active | Moloch |
204.117.214.10 | Active | Moloch |
204.194.232.200 | Active | Moloch |
204.194.234.200 | Active | Moloch |
204.97.212.10 | Active | Moloch |
208.67.220.123 | Active | Moloch |
208.67.220.220 | Active | Moloch |
208.67.220.222 | Active | Moloch |
208.67.222.123 | Active | Moloch |
208.67.222.220 | Active | Moloch |
208.67.222.222 | Active | Moloch |
209.55.0.110 | Active | Moloch |
209.55.1.220 | Active | Moloch |
216.231.41.2 | Active | Moloch |
216.254.95.2 | Active | Moloch |
216.27.175.2 | Active | Moloch |
24.113.32.29 | Active | Moloch |
24.113.32.30 | Active | Moloch |
4.2.2.1 | Active | Moloch |
4.2.2.2 | Active | Moloch |
4.2.2.3 | Active | Moloch |
4.2.2.4 | Active | Moloch |
4.2.2.5 | Active | Moloch |
4.2.2.6 | Active | Moloch |
4.79.142.202 | Active | Moloch |
64.81.111.2 | Active | Moloch |
64.81.127.2 | Active | Moloch |
64.81.159.2 | Active | Moloch |
64.81.45.2 | Active | Moloch |
64.81.79.2 | Active | Moloch |
66.92.159.2 | Active | Moloch |
66.92.224.2 | Active | Moloch |
66.92.64.2 | Active | Moloch |
66.93.87.2 | Active | Moloch |
68.1.18.25 | Active | Moloch |
68.1.18.30 | Active | Moloch |
68.10.16.25 | Active | Moloch |
68.10.16.30 | Active | Moloch |
68.100.16.25 | Active | Moloch |
68.100.16.30 | Active | Moloch |
68.11.16.25 | Active | Moloch |
68.11.16.30 | Active | Moloch |
68.111.16.25 | Active | Moloch |
68.111.16.30 | Active | Moloch |
68.12.16.25 | Active | Moloch |
68.12.16.30 | Active | Moloch |
68.13.16.25 | Active | Moloch |
68.13.16.30 | Active | Moloch |
68.2.16.25 | Active | Moloch |
68.2.16.30 | Active | Moloch |
68.4.16.25 | Active | Moloch |
68.4.16.30 | Active | Moloch |
68.6.16.25 | Active | Moloch |
68.6.16.30 | Active | Moloch |
68.87.64.154 | Active | Moloch |
68.87.68.170 | Active | Moloch |
68.87.69.154 | Active | Moloch |
68.9.16.25 | Active | Moloch |
68.9.16.30 | Active | Moloch |
74.118.212.1 | Active | Moloch |
74.118.212.2 | Active | Moloch |
9.9.9.9 | Active | Moloch |
- UDP Requests
-
-
192.168.56.101:49152 1.0.0.1:53
-
1.1.1.1:53 192.168.56.101:49152
-
192.168.56.101:49152 129.250.35.250:53
-
192.168.56.101:49152 129.250.35.251:53
-
192.168.56.101:49152 156.154.70.1:53
-
192.168.56.101:137 156.154.70.22:137
-
192.168.56.101:49152 156.154.70.22:53
-
192.168.56.101:137 156.154.70.25:137
-
192.168.56.101:49152 156.154.70.25:53
-
192.168.56.101:49152 156.154.71.1:53
-
192.168.56.101:137 156.154.71.22:137
-
192.168.56.101:49152 156.154.71.22:53
-
192.168.56.101:137 156.154.71.25:137
-
192.168.56.101:49152 156.154.71.25:53
-
192.168.56.101:49152 164.124.101.2:53
-
192.168.56.101:51901 164.124.101.2:53
-
192.168.56.101:52753 164.124.101.2:53
-
192.168.56.101:52797 164.124.101.2:53
-
192.168.56.101:52815 164.124.101.2:53
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:54883 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:57986 164.124.101.2:53
-
192.168.56.101:58297 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:61950 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:137 198.153.192.1:137
-
192.168.56.101:49152 198.153.192.1:53
-
192.168.56.101:137 198.153.194.1:137
-
192.168.56.101:49152 198.153.194.1:53
-
192.168.56.101:49152 198.41.0.4:53
-
192.168.56.101:49152 199.2.252.10:53
-
192.168.56.101:49152 204.117.214.10:53
-
192.168.56.101:49152 204.194.232.200:53
-
192.168.56.101:49152 204.194.234.200:53
-
192.168.56.101:49152 204.97.212.10:53
-
192.168.56.101:49152 208.67.220.123:53
-
192.168.56.101:49152 208.67.220.220:53
-
192.168.56.101:49152 208.67.220.222:53
-
192.168.56.101:49152 208.67.222.123:53
-
192.168.56.101:49152 208.67.222.220:53
-
192.168.56.101:49152 208.67.222.222:53
-
192.168.56.101:137 209.55.0.110:137
-
192.168.56.101:49152 209.55.0.110:53
-
192.168.56.101:137 209.55.1.220:137
-
192.168.56.101:49152 209.55.1.220:53
-
192.168.56.101:49152 216.231.41.2:53
-
192.168.56.101:49152 216.254.95.2:53
-
192.168.56.101:49152 216.27.175.2:53
-
192.168.56.101:57989 239.255.255.250:1900
-
192.168.56.101:49152 24.113.32.29:53
-
192.168.56.101:49152 24.113.32.30:53
-
192.168.56.101:49152 4.2.2.1:53
-
192.168.56.101:49152 4.2.2.2:53
-
192.168.56.101:49152 4.2.2.3:53
-
192.168.56.101:49152 4.2.2.4:53
-
192.168.56.101:49152 4.2.2.5:53
-
192.168.56.101:49152 4.2.2.6:53
-
192.168.56.101:49152 64.81.111.2:53
-
192.168.56.101:49152 64.81.127.2:53
-
192.168.56.101:49152 64.81.159.2:53
-
192.168.56.101:49152 64.81.45.2:53
-
192.168.56.101:49152 64.81.79.2:53
-
192.168.56.101:49152 66.92.159.2:53
-
192.168.56.101:49152 66.92.224.2:53
-
192.168.56.101:49152 66.92.64.2:53
-
192.168.56.101:49152 66.93.87.2:53
-
192.168.56.101:137 68.1.18.25:137
-
192.168.56.101:49152 68.1.18.25:53
-
192.168.56.101:137 68.1.18.30:137
-
192.168.56.101:49152 68.1.18.30:53
-
192.168.56.101:49152 68.10.16.25:53
-
192.168.56.101:49152 68.10.16.30:53
-
192.168.56.101:49152 68.100.16.25:53
-
192.168.56.101:49152 68.100.16.30:53
-
192.168.56.101:49152 68.11.16.25:53
-
192.168.56.101:49152 68.11.16.30:53
-
192.168.56.101:49152 68.111.16.25:53
-
192.168.56.101:49152 68.111.16.30:53
-
192.168.56.101:49152 68.12.16.25:53
-
192.168.56.101:49152 68.12.16.30:53
-
192.168.56.101:49152 68.13.16.25:53
-
192.168.56.101:49152 68.13.16.30:53
-
192.168.56.101:49152 68.2.16.25:53
-
192.168.56.101:49152 68.2.16.30:53
-
192.168.56.101:49152 68.4.16.25:53
-
192.168.56.101:49152 68.4.16.30:53
-
192.168.56.101:49152 68.6.16.25:53
-
192.168.56.101:49152 68.6.16.30:53
-
192.168.56.101:49152 68.87.64.154:53
-
192.168.56.101:49152 68.87.68.170:53
-
192.168.56.101:49152 68.87.69.154:53
-
192.168.56.101:49152 68.9.16.25:53
-
192.168.56.101:49152 68.9.16.30:53
-
192.168.56.101:137 74.118.212.1:137
-
192.168.56.101:49152 74.118.212.1:53
-
192.168.56.101:49152 74.118.212.2:53
-
8.8.4.4:53 192.168.56.101:49152
-
8.8.8.8:53 192.168.56.101:49152
-
192.168.56.101:49152 9.9.9.9:53
-
GET
200
https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 200 OK
Content-Length: 19396
Content-Type: application/octet-stream
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; preload
P3P: CP="NOI DSP COR NID NOR"
Set-Cookie: tpag=x4ed1jumftgyt; path=/
Set-Cookie: ppag=x4ed1jumftgyt; path=/; expires=Mon, 01-Jan-2046 00:00:00 GMT
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:49 GMT
GET
301
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 301 Moved Permanently
Location: https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:41 GMT
Content-Length: 0
GET
301
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 301 Moved Permanently
Location: https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:42 GMT
Content-Length: 0
GET
301
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 301 Moved Permanently
Location: https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:44 GMT
Content-Length: 0
GET
301
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 301 Moved Permanently
Location: https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:45 GMT
Content-Length: 0
GET
301
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
REQUEST
RESPONSE
BODY
GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1
User-Agent: Gibson Research Corporation DNS Benchmark
Host: www.grc.com
HTTP/1.1 301 Moved Permanently
Location: https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Server: GRC/IIS Hybrid Application Webserver
Date: Sat, 17 Aug 2024 13:52:47 GMT
Content-Length: 0
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49166 -> 4.79.142.202:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
UDP 156.154.71.25:53 -> 192.168.56.101:49152 | 2018666 | ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014 | A Network Trojan was detected |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49166 4.79.142.202:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=Laguna Niguel, O=Gibson Research Corporation, CN=grc.com | 73:15:ee:7d:f9:72:37:c4:2c:b8:3c:bd:4e:fd:43:ff:36:9d:c2:42 |
Snort Alerts
No Snort Alerts