NetWork | ZeroBOX

IP Address	Status	Action
107.174.224.202	Active	Moloch
164.124.101.2	Active	Moloch
79.134.225.25	Active	Moloch

Name	Response	Post-Analysis Lookup
newmeforever.3utilities.com	A 79.134.225.25	79.134.225.25
newmeforever12.3utilities.com

TCP Requests
- 192.168.56.101:49205 107.174.224.202:80

UDP Requests

GET 200 http://107.174.224.202/fish.exe

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49205 -> 107.174.224.202:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 107.174.224.202:80 -> 192.168.56.101:49205	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
UDP 192.168.56.101:61479 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:60820 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:59369 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:65329 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:61794 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:56977 -> 164.124.101.2:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:62430 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:55629 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:55667 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
TCP 107.174.224.202:80 -> 192.168.56.101:49205	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 107.174.224.202:80 -> 192.168.56.101:49205	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 107.174.224.202:80 -> 192.168.56.101:49205	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
UDP 192.168.56.101:55450 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:63194 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:57460 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:54657 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:56887 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:63951 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:60751 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:61673 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:54056 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:50851 -> 8.8.8.8:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:62902 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic
UDP 192.168.56.101:62362 -> 8.8.4.4:53	2028677	ET POLICY DNS Query to DynDNS Domain *.3utilities .com	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts