NetWork | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.17 06:11
World’s First Virtual ...
11.17 06:11
IT Sicherheitsnews stü...
11.17 06:11
KI und Coding: Wie Kün...
11.17 06:11
Bye-bye, Windows 10: E...
11.17 03:11
[일본 애니메이션]世界最高の暗殺者、異世界...
11.17 03:11
Playing Chess Against ...
11.17 03:11
IT Sicherheitsnews tae...
11.17 03:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...
11.17 01:11
IT Sicherheitsnews tae...

NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
37.49.230.185	Active	Moloch

Name	Response	Post-Analysis Lookup
No hosts contacted.

TCP Requests
- 192.168.56.101:49214 37.49.230.185:80
- 192.168.56.101:49215 37.49.230.185:80

UDP Requests

POST 200 http://37.49.230.185/bp/gate.php?017BD04FB3BF45B68167E

POST 200 http://37.49.230.185/bp/gate.php?017BD04FB3BF45B68167E

POST 200 http://37.49.230.185/bp/gate.php?017BD04FB3BF45B68167E

POST 200 http://37.49.230.185/bp/gate.php?017BD04FB3BF45B68167E

POST 200 http://37.49.230.185/bp/gate.php?017BD04FB3BF45B68167E

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 37.49.230.185:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	A Network Trojan was detected
TCP 192.168.56.101:49214 -> 37.49.230.185:80	2022986	ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts