Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 103.130.216.153 | Active | Moloch |
| 103.180.163.202 | Active | Moloch |
| 103.241.192.11 | Active | Moloch |
| 103.82.23.11 | Active | Moloch |
| 108.163.147.62 | Active | Moloch |
| 134.0.9.202 | Active | Moloch |
| 144.76.62.230 | Active | Moloch |
| 148.72.70.150 | Active | Moloch |
| 150.95.115.130 | Active | Moloch |
| 154.49.142.244 | Active | Moloch |
| 154.56.47.107 | Active | Moloch |
| 154.56.47.11 | Active | Moloch |
| 154.56.47.99 | Active | Moloch |
| 172.67.137.14 | Active | Moloch |
| 172.67.184.164 | Active | Moloch |
| 172.67.192.137 | Active | Moloch |
| 173.236.195.85 | Active | Moloch |
| 185.62.75.179 | Active | Moloch |
| 191.96.56.157 | Active | Moloch |
| 193.31.27.127 | Active | Moloch |
| 194.195.84.59 | Active | Moloch |
| 194.36.45.220 | Active | Moloch |
| 195.35.33.11 | Active | Moloch |
| 216.246.47.153 | Active | Moloch |
| 217.160.0.58 | Active | Moloch |
| 43.230.201.100 | Active | Moloch |
| 66.235.200.146 | Active | Moloch |
| 66.235.200.147 | Active | Moloch |
| 69.10.36.187 | Active | Moloch |
| 74.208.236.229 | Active | Moloch |
| 85.208.144.164 | Active | Moloch |
| 89.117.169.122 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| muzigor.net | ||
| muzmix.net |
- TCP Requests
-
-
103.130.216.153:443 192.168.56.103:51896
-
103.180.163.202:443 192.168.56.103:51812
-
103.241.192.11:443 192.168.56.103:51638
-
103.82.23.11:443 192.168.56.103:51889
-
108.163.147.62:443 192.168.56.103:51910
-
134.0.9.202:443 192.168.56.103:51925
-
144.76.62.230:443 192.168.56.103:51874
-
148.72.70.150:443 192.168.56.103:51970
-
150.95.115.130:443 192.168.56.103:50554
-
154.49.142.244:443 192.168.56.103:51924
-
154.56.47.107:443 192.168.56.103:51959
-
154.56.47.11:443 192.168.56.103:51958
-
154.56.47.99:443 192.168.56.103:51953
-
172.67.137.14:443 192.168.56.103:51794
-
172.67.184.164:443 192.168.56.103:50843
-
172.67.192.137:443 192.168.56.103:51929
-
173.236.195.85:443 192.168.56.103:51967
-
191.96.56.157:443 192.168.56.103:51788
-
193.31.27.127:9001 192.168.56.103:49171
-
193.31.27.127:9001 192.168.56.103:49173
-
194.195.84.59:443 192.168.56.103:51921
-
194.36.45.220:443 192.168.56.103:51932
-
195.35.33.11:443 192.168.56.103:51946
-
216.246.47.153:443 192.168.56.103:51507
-
216.246.47.153:443 192.168.56.103:51508
-
216.246.47.153:443 192.168.56.103:51516
-
216.246.47.153:443 192.168.56.103:51587
-
217.160.0.58:443 192.168.56.103:51971
-
66.235.200.146:443 192.168.56.103:51912
-
66.235.200.147:443 192.168.56.103:51928
-
66.235.200.147:443 192.168.56.103:51957
-
69.10.36.187:443 192.168.56.103:51721
-
74.208.236.229:80 192.168.56.103:51911
-
85.208.144.164:443 192.168.56.103:49174
-
89.117.169.122:443 192.168.56.103:51852
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 85.208.144.164:443 -> 192.168.56.103:49174 | 2522773 | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 774 | Misc Attack |
| TCP 193.31.27.127:9001 -> 192.168.56.103:49173 | 2522302 | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 303 | Misc Attack |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts