Network Analysis

Download pcap
Hosts 0 DNS 0 TCP 0 UDP 0 HTTP 0 ICMP 0 IRC 0 Suricata Snort
IP Address Status Action VT Location
No hosts contacted.
Name Response Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow SID Signature Category
UDP 192.168.168.210:59073 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:56728 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.168.168.210:49240 -> 44.244.22.128:80 2850851 ETPRO MALWARE Win32/Expiro.NDO CnC Activity Malware Command and Control Activity Detected
UDP 192.168.168.210:57756 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:60307 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:52101 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:60837 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:59794 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.168.168.210:49244 -> 50.16.27.236:80 2862147 ETPRO MALWARE Win32/Expiro CnC Activity (POST) Malware Command and Control Activity Detected
UDP 192.168.168.210:57578 -> 8.8.8.8:53 2051648 ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) A Network Trojan was detected
UDP 192.168.168.210:57578 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:58161 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:57402 -> 8.8.8.8:53 2051648 ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) A Network Trojan was detected
UDP 192.168.168.210:57402 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:63524 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:60880 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:49826 -> 8.8.8.8:53 2051649 ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) A Network Trojan was detected
UDP 192.168.168.210:49826 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:52300 -> 8.8.8.8:53 2051649 ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) A Network Trojan was detected
UDP 192.168.168.210:52300 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:58377 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:51997 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:55266 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:50864 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:50445 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.64.119.165:80 -> 192.168.168.210:49252 2035208 ET INFO Namecheap URL Forward Misc activity
TCP 192.64.119.165:80 -> 192.168.168.210:49253 2035208 ET INFO Namecheap URL Forward Misc activity
UDP 192.168.168.210:50374 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
UDP 192.168.168.210:64487 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD Potentially Bad Traffic
TCP 192.64.119.165:80 -> 192.168.168.210:49252 2035208 ET INFO Namecheap URL Forward Misc activity
TCP 192.64.119.165:80 -> 192.168.168.210:49253 2035208 ET INFO Namecheap URL Forward Misc activity
TCP 192.168.168.210:49264 -> 192.168.168.211:139 3115336 Stamus Networks MS-SRVS service - NetrShareEnum undefined

Suricata TLS

No Suricata TLS

Snort Alerts

Flow SID Message
UDP 192.168.168.210:59073 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:56728 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:57756 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:60307 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:52101 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:60837 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:59794 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:57578 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:58161 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:57402 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:63524 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:60880 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:49826 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:52300 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:58377 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:51997 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:55266 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:50864 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:50445 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
TCP 192.64.119.165:80 -> 192.168.168.210:49252 2035208 ET INFO Namecheap URL Forward
TCP 192.64.119.165:80 -> 192.168.168.210:49253 2035208 ET INFO Namecheap URL Forward
TCP 192.64.119.165:80 -> 192.168.168.210:49252 2035208 ET INFO Namecheap URL Forward
UDP 192.168.168.210:50374 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
UDP 192.168.168.210:64487 -> 8.8.8.8:53 2027863 ET INFO Observed DNS Query to .biz TLD
TCP 192.64.119.165:80 -> 192.168.168.210:49253 2035208 ET INFO Namecheap URL Forward
Cuckoo

We're processing your submission... This could take a few seconds.