Network Analysis
IP Address | Status | Action |
---|---|---|
94.177.131.249 | Active | Moloch |
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
- TCP Requests
-
-
192.168.56.101:49750 192.168.56.103:445
-
192.168.56.101:49783 192.168.56.103:445
-
192.168.56.101:49802 192.168.56.103:445
-
192.168.56.101:49806 192.168.56.103:445
-
192.168.56.101:49821 192.168.56.103:445
-
192.168.56.101:49824 192.168.56.103:445
-
192.168.56.101:49846 192.168.56.103:445
-
192.168.56.101:49857 192.168.56.103:445
-
192.168.56.101:49871 192.168.56.103:445
-
192.168.56.101:49880 192.168.56.103:445
-
192.168.56.101:49894 192.168.56.103:445
-
192.168.56.101:49911 192.168.56.103:445
-
192.168.56.101:49912 192.168.56.103:445
-
192.168.56.101:49947 192.168.56.103:445
-
192.168.56.101:49953 192.168.56.103:445
-
192.168.56.101:49978 192.168.56.103:445
-
192.168.56.101:50022 192.168.56.103:445
-
192.168.56.101:50052 192.168.56.103:445
-
192.168.56.101:50056 192.168.56.103:445
-
192.168.56.101:50057 192.168.56.103:445
-
192.168.56.101:50058 192.168.56.103:445
-
192.168.56.101:50059 192.168.56.103:445
-
192.168.56.101:50060 192.168.56.103:445
-
192.168.56.101:50061 192.168.56.103:445
-
192.168.56.101:50062 192.168.56.103:445
-
192.168.56.101:50063 192.168.56.103:445
-
192.168.56.101:50064 192.168.56.103:445
-
192.168.56.101:50065 192.168.56.103:445
-
192.168.56.101:50066 192.168.56.103:445
-
192.168.56.101:50067 192.168.56.103:445
-
192.168.56.101:50068 192.168.56.103:445
-
192.168.56.101:50069 192.168.56.103:445
-
192.168.56.101:50070 192.168.56.103:445
-
192.168.56.101:50074 192.168.56.103:445
-
192.168.56.101:50075 192.168.56.103:445
-
192.168.56.101:50076 192.168.56.103:445
-
192.168.56.101:50077 192.168.56.103:445
-
192.168.56.101:50078 192.168.56.103:445
-
192.168.56.101:50079 192.168.56.103:445
-
192.168.56.101:50293 192.168.56.103:135
-
192.168.56.101:50294 192.168.56.103:135
-
192.168.56.101:50301 192.168.56.103:135
-
192.168.56.101:50308 192.168.56.103:135
-
192.168.56.101:50313 192.168.56.103:135
-
192.168.56.101:50318 192.168.56.103:135
-
192.168.56.101:50323 192.168.56.103:135
-
192.168.56.101:50328 192.168.56.103:135
-
192.168.56.101:50333 192.168.56.103:135
-
192.168.56.101:50336 192.168.56.103:135
-
192.168.56.101:50343 192.168.56.103:135
-
192.168.56.101:50348 192.168.56.103:135
-
192.168.56.101:50352 192.168.56.103:135
-
192.168.56.101:50358 192.168.56.103:135
-
192.168.56.101:50363 192.168.56.103:135
-
192.168.56.101:50368 192.168.56.103:135
-
192.168.56.101:50372 192.168.56.103:135
-
192.168.56.101:50378 192.168.56.103:135
-
192.168.56.101:50383 192.168.56.103:135
-
192.168.56.101:50387 192.168.56.103:135
-
192.168.56.101:50390 192.168.56.103:135
-
192.168.56.101:50393 192.168.56.103:135
-
192.168.56.101:50396 192.168.56.103:135
-
192.168.56.101:50399 192.168.56.103:135
-
192.168.56.101:50402 192.168.56.103:135
-
192.168.56.101:50405 192.168.56.103:135
-
192.168.56.101:50408 192.168.56.103:135
-
192.168.56.101:50411 192.168.56.103:135
-
192.168.56.101:50413 192.168.56.103:135
-
192.168.56.101:50417 192.168.56.103:135
-
192.168.56.101:50420 192.168.56.103:135
-
192.168.56.101:50423 192.168.56.103:135
-
192.168.56.101:50426 192.168.56.103:135
-
192.168.56.101:50427 192.168.56.103:135
-
192.168.56.101:50430 192.168.56.103:135
-
192.168.56.101:50433 192.168.56.103:135
-
192.168.56.101:50435 192.168.56.103:135
-
192.168.56.101:50439 192.168.56.103:135
-
192.168.56.101:50442 192.168.56.103:135
-
192.168.56.101:50445 192.168.56.103:135
-
192.168.56.101:50448 192.168.56.103:135
-
192.168.56.101:50451 192.168.56.103:135
-
192.168.56.101:50454 192.168.56.103:135
-
192.168.56.101:50457 192.168.56.103:135
-
192.168.56.101:50460 192.168.56.103:135
-
192.168.56.101:50462 192.168.56.103:135
-
192.168.56.101:50466 192.168.56.103:135
-
192.168.56.101:50469 192.168.56.103:135
-
192.168.56.101:50473 192.168.56.103:135
-
192.168.56.101:50476 192.168.56.103:135
-
192.168.56.101:50479 192.168.56.103:135
-
192.168.56.101:50482 192.168.56.103:135
-
192.168.56.101:50485 192.168.56.103:135
-
192.168.56.101:50488 192.168.56.103:135
-
192.168.56.101:50491 192.168.56.103:135
-
192.168.56.101:50494 192.168.56.103:135
-
192.168.56.101:50497 192.168.56.103:135
-
192.168.56.101:50500 192.168.56.103:135
-
192.168.56.101:50503 192.168.56.103:135
-
192.168.56.101:50506 192.168.56.103:135
-
192.168.56.101:50509 192.168.56.103:135
-
192.168.56.101:50512 192.168.56.103:135
-
192.168.56.101:50515 192.168.56.103:135
-
192.168.56.101:50518 192.168.56.103:135
-
192.168.56.101:50521 192.168.56.103:135
-
192.168.56.101:50524 192.168.56.103:135
-
192.168.56.101:50527 192.168.56.103:135
-
192.168.56.101:50531 192.168.56.103:135
-
192.168.56.101:50534 192.168.56.103:135
-
192.168.56.101:50537 192.168.56.103:135
-
192.168.56.101:50540 192.168.56.103:135
-
192.168.56.101:50543 192.168.56.103:135
-
192.168.56.101:50546 192.168.56.103:135
-
192.168.56.101:50548 192.168.56.103:135
-
192.168.56.101:50549 192.168.56.103:135
-
192.168.56.101:50550 192.168.56.103:135
-
192.168.56.101:50551 192.168.56.103:135
-
192.168.56.101:50552 192.168.56.103:135
-
192.168.56.101:50553 192.168.56.103:135
-
192.168.56.101:50556 192.168.56.103:135
-
192.168.56.101:50562 192.168.56.103:135
-
192.168.56.101:50565 192.168.56.103:135
-
192.168.56.101:50567 192.168.56.103:135
-
192.168.56.101:50569 192.168.56.103:135
-
192.168.56.101:50572 192.168.56.103:135
-
192.168.56.101:50576 192.168.56.103:135
-
192.168.56.101:50578 192.168.56.103:135
-
192.168.56.101:50581 192.168.56.103:135
-
192.168.56.101:50586 192.168.56.103:135
-
192.168.56.101:50647 192.168.56.103:135
-
192.168.56.103:49161 94.177.131.249:8082
-
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:50052 -> 192.168.56.103:445 | 2024217 | ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray | A Network Trojan was detected |
TCP 192.168.56.103:445 -> 192.168.56.101:50052 | 2024218 | ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response | A Network Trojan was detected |
TCP 192.168.56.101:50378 -> 192.168.56.103:135 | 2001581 | ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts