Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| coach.028csc.com | 47.240.68.28 | |
| s.z163.xyz | 45.32.92.201 |
- UDP Requests
-
-
192.168.56.101:53004 164.124.101.2:53
-
192.168.56.101:53850 164.124.101.2:53
-
192.168.56.101:54148 164.124.101.2:53
-
192.168.56.101:55146 164.124.101.2:53
-
192.168.56.101:59002 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:53853 239.255.255.250:1900
-
192.168.56.103:137 192.168.56.101:137
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
| Command | Params | Type |
|---|---|---|
| CONNECT | %s HTTP/%s | client |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49161 -> 47.240.68.28:81 | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
| TCP 47.240.68.28:81 -> 192.168.56.101:49161 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49195 -> 47.240.68.28:81 | 2007695 | ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49195 -> 47.240.68.28:81 | 2016870 | ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. | Potential Corporate Privacy Violation |
| TCP 47.240.68.28:81 -> 192.168.56.101:49195 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 192.168.56.101:49161 -> 47.240.68.28:81 | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts