Network Analysis

Download pcap
Hosts 0 DNS 0 TCP 0 UDP 0 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action VT Location
No hosts contacted.
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.168.106:60490 -> 8.8.8.8:53 2844301 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:60490 -> 8.8.8.8:53 2042831 ET DYN_DNS DYNAMIC_DNS Query to a *.dns .army Domain Potentially Bad Traffic
TCP 137.220.194.112:8856 -> 192.168.168.106:48852 2400021 ET DROP Spamhaus DROP Listed Traffic Inbound group 22 Misc Attack
UDP 192.168.168.106:44489 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:44489 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic
UDP 192.168.168.106:60953 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:60953 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic
UDP 192.168.168.106:57428 -> 8.8.8.8:53 2844301 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:57428 -> 8.8.8.8:53 2042831 ET DYN_DNS DYNAMIC_DNS Query to a *.dns .army Domain Potentially Bad Traffic
UDP 192.168.168.106:42301 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:42301 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic
UDP 192.168.168.106:46631 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:46631 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic
UDP 192.168.168.106:55770 -> 8.8.8.8:53 2844301 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:55770 -> 8.8.8.8:53 2042831 ET DYN_DNS DYNAMIC_DNS Query to a *.dns .army Domain Potentially Bad Traffic
UDP 192.168.168.106:34206 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:34206 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic
UDP 192.168.168.106:55051 -> 8.8.8.8:53 2844303 ETPRO INFO Observed DNS Query to Dynamic DNS Service Potential Corporate Privacy Violation
UDP 192.168.168.106:55051 -> 8.8.8.8:53 2042837 ET DYN_DNS DYNAMIC_DNS Query to a *.dynv6 .net Domain Potentially Bad Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.168.106:45082
185.125.188.58:443 		C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=GB, L=London, O=CANONICAL GROUP LIMITED, CN=api.snapcraft.io 7d:a4:a1:3a:66:2a:57:7e:24:b4:01:4e:d4:9b:1b:67:27:ac:09:d0

Snort Alerts

Flow SID Message
UDP 192.168.168.106:60490 -> 8.8.8.8:53 2844301 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:60490 -> 8.8.8.8:53 2042831 ET INFO DYNAMIC_DNS Query to a *.dns .army Domain
UDP 192.168.168.106:44489 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:44489 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
UDP 192.168.168.106:60953 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:60953 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
UDP 192.168.168.106:57428 -> 8.8.8.8:53 2844301 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:57428 -> 8.8.8.8:53 2042831 ET INFO DYNAMIC_DNS Query to a *.dns .army Domain
UDP 192.168.168.106:42301 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:42301 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
UDP 192.168.168.106:46631 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:46631 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
UDP 192.168.168.106:55770 -> 8.8.8.8:53 2844301 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:55770 -> 8.8.8.8:53 2042831 ET INFO DYNAMIC_DNS Query to a *.dns .army Domain
UDP 192.168.168.106:34206 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:34206 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
UDP 192.168.168.106:55051 -> 8.8.8.8:53 2844303 ETPRO POLICY Observed DNS Query to Dynamic DNS Service
UDP 192.168.168.106:55051 -> 8.8.8.8:53 2042837 ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
Cuckoo

We're processing your submission... This could take a few seconds.