NetWork | ZeroBOX

IP Address	Status	Action
194.15.46.189	Active	Moloch
54.37.204.238	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.103:49165 194.15.46.189:80
- 54.37.204.238:80 192.168.56.103:49221

UDP Requests

HEAD 200 http://194.15.46.189/UnRAR.exe

GET 206 http://194.15.46.189/UnRAR.exe

HEAD 200 http://194.15.46.189/letgrtsC1.rar

GET 206 http://194.15.46.189/letgrtsC1.rar

ICMP traffic

Source	Destination	ICMP Type	Data
8.8.8.8	192.168.56.103	0	abcdefghijklmnopqrstuvwabcdefghi

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 194.15.46.189:80 -> 192.168.56.103:49165	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 194.15.46.189:80 -> 192.168.56.103:49165	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2022858	ET HUNTING Suspicious BITS EXE DL From Dotted Quad	Misc activity
TCP 194.15.46.189:80 -> 192.168.56.103:49165	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 194.15.46.189:80	2027266	ET INFO Dotted Quad Host RAR Request	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts