NetWork | ZeroBOX

IP Address	Status	Action
94.103.80.169	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests

UDP Requests

GET 200 http://94.103.80.169/gate.php?type=check&uid=14F63AB901393115137325

POST 200 http://94.103.80.169/gate.php?type=update&uid=14F63AB901393115137325

POST 200 http://94.103.80.169/gate.php?type=ping&uid=14F63AB901393115137325

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49173 -> 94.103.80.169:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.103:49173 -> 94.103.80.169:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.103:49172 -> 94.103.80.169:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.103:49173 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49172 -> 94.103.80.169:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.103:49172 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49168 -> 94.103.80.169:80	2022818	ET MALWARE Generic gate[.].php GET with minimal headers	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022818	ET MALWARE Generic gate[.].php GET with minimal headers	A Network Trojan was detected
TCP 192.168.56.103:49168 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49168 -> 94.103.80.169:80	2030802	ET HUNTING Suspicious GET To gate.php with no Referer	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2030802	ET HUNTING Suspicious GET To gate.php with no Referer	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 94.103.80.169:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.103:49174 -> 94.103.80.169:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.103:49174 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2020181	ET MALWARE WIN32/KOVTER.B Checkin	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.103:49171 -> 94.103.80.169:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts