Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| 150.134.208.175.b.barracudacentral.org | 127.0.0.2 | |
| 150.134.208.175.zen.spamhaus.org | ||
| checkip.amazonaws.com | 52.206.184.85 | |
| 150.134.208.175.cbl.abuseat.org |
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
http://checkip.amazonaws.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: curl/7.72.0
Host: checkip.amazonaws.com
HTTP/1.1 200 OK
Date: Wed, 10 Mar 2021 04:44:35 GMT
Server: lighttpd/1.4.53
Content-Length: 16
Connection: keep-alive
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49812 -> 201.20.118.122:449 | 2028401 | ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex | Unknown Traffic |
| TCP 201.20.118.122:449 -> 192.168.56.102:49812 | 2011540 | ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) | Not Suspicious Traffic |
| TCP 192.168.56.102:49813 -> 52.204.109.97:80 | 2013028 | ET POLICY curl User-Agent Outbound | Attempted Information Leak |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49812 201.20.118.122:449 |
C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | C=AU, ST=Some-State, O=Internet Widgits Pty Ltd | 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02 |
Snort Alerts
No Snort Alerts