Network Analysis

Download pcap
Hosts 0 DNS 0 TCP 0 UDP 0 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action VT Location
No hosts contacted.
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.168.220:57123 -> 8.8.8.8:53 2043238 ET DYN_DNS External IP Lookup Domain in DNS Query (checkip .dyndns .org) Device Retrieving External IP Address Detected
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET INFO External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2039190 ET INFO 404/Snake/Matiex Keylogger Style External IP Check Device Retrieving External IP Address Detected
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET INFO External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
UDP 192.168.168.220:52298 -> 8.8.8.8:53 2051430 ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) Misc activity
TCP 192.168.168.220:49244 -> 104.21.48.1:443 2051431 ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI Misc activity
TCP 192.168.168.220:49244 -> 104.21.48.1:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET INFO External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET INFO External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.168.220:49244
104.21.48.1:443 		C=US, O=Google Trust Services, CN=WE1 CN=reallyfreegeoip.org 31:bc:5a:89:c1:05:f7:dd:36:ba:3a:54:6d:38:92:56:66:d7:d9:02

Snort Alerts

Flow SID Message
UDP 192.168.168.220:57123 -> 8.8.8.8:53 2043238 ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2039190 ET INFO 404/Snake/Matiex Keylogger Style External IP Check
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org
UDP 192.168.168.220:52298 -> 8.8.8.8:53 2051430 ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
TCP 192.168.168.220:49244 -> 104.21.48.1:443 2051431 ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org
TCP 192.168.168.220:49243 -> 193.122.6.168:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org
Cuckoo

We're processing your submission... This could take a few seconds.