Network Analysis
IP Address | Status | Action |
---|---|---|
104.168.155.143 | Active | Moloch |
107.170.39.149 | Active | Moloch |
115.68.227.76 | Active | Moloch |
164.124.101.2 | Active | Moloch |
164.90.222.65 | Active | Moloch |
167.172.199.165 | Active | Moloch |
172.105.226.75 | Active | Moloch |
187.63.160.88 | Active | Moloch |
202.129.205.3 | Active | Moloch |
209.126.85.32 | Active | Moloch |
213.239.212.5 | Active | Moloch |
5.135.159.50 | Active | Moloch |
94.23.45.86 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
- TCP Requests
-
-
175.208.134.153:55697 192.168.56.102:5911
-
192.168.56.102:49190 172.105.226.75:8080
-
192.168.56.102:49191 172.105.226.75:8080
-
192.168.56.102:49183 187.63.160.88:80
-
192.168.56.102:49184 187.63.160.88:80
-
192.168.56.102:49181 209.126.85.32:8080
-
192.168.56.102:49182 209.126.85.32:8080
-
192.168.56.102:49188 213.239.212.5:443
-
192.168.56.102:49189 213.239.212.5:443
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.102:49184 -> 187.63.160.88:80 | 2404307 | ET CNC Feodo Tracker Reported CnC Server group 8 | A Network Trojan was detected |
TCP 192.168.56.102:49186 -> 164.90.222.65:443 | 2404304 | ET CNC Feodo Tracker Reported CnC Server group 5 | A Network Trojan was detected |
TCP 192.168.56.102:49187 -> 104.168.155.143:8080 | 2404300 | ET CNC Feodo Tracker Reported CnC Server group 1 | A Network Trojan was detected |
TCP 187.63.160.88:80 -> 192.168.56.102:49184 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.102:49189 -> 213.239.212.5:443 | 2404309 | ET CNC Feodo Tracker Reported CnC Server group 10 | A Network Trojan was detected |
TCP 209.126.85.32:8080 -> 192.168.56.102:49182 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 213.239.212.5:443 -> 192.168.56.102:49189 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 172.105.226.75:8080 -> 192.168.56.102:49191 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts