NetWork | ZeroBOX

Network Analysis

IP Address Status Action
128.199.3.164 Active Moloch
164.124.101.2 Active Moloch
Name Response Post-Analysis Lookup
filtaferamoza.com 128.199.3.164
GET 403 http://filtaferamoza.com/
REQUEST
RESPONSE
GET 403 http://filtaferamoza.com/
REQUEST
RESPONSE

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49163 -> 128.199.3.164:80 2032086 ET MALWARE Win32/IcedID Request Cookie A Network Trojan was detected
UDP 192.168.56.102:63709 -> 164.124.101.2:53 2046894 ET MALWARE DNS Query for IcedID Domain (filtaferamoza .com) A Network Trojan was detected
TCP 192.168.56.102:49163 -> 128.199.3.164:80 2032086 ET MALWARE Win32/IcedID Request Cookie A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts