NetWork | ZeroBOX

IP Address	Status	Action
100.24.208.97	Active	Moloch
104.21.2.9	Active	Moloch
128.199.158.128	Active	Moloch
156.241.132.45	Active	Moloch
164.124.101.2	Active	Moloch
172.67.155.197	Active	Moloch
172.67.166.87	Active	Moloch
182.50.132.242	Active	Moloch
192.249.119.170	Active	Moloch
198.12.107.117	Active	Moloch
23.227.38.74	Active	Moloch
3.223.115.185	Active	Moloch
34.102.136.180	Active	Moloch
91.184.0.100	Active	Moloch

Name	Response	Post-Analysis Lookup
www.tradeplay.net	A 104.21.2.9 A 172.67.128.125	172.67.128.125
www.puremicrodosing.com	A 91.184.0.100 CNAME puremicrodosing.com	91.184.0.100
www.standunitedforamerica.us	CNAME standunitedforamerica.us A 34.102.136.180	34.102.136.180
www.wandawallinbristow.com	A 192.249.119.170 CNAME wandawallinbristow.com	192.249.119.170
www.110cy.top	A 156.241.132.45	156.241.132.45
www.blinglj.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.happinessfashionline.com	CNAME s.website.thryv.com A 35.172.94.1 A 100.24.208.97 CNAME s.partnerwebsitedns.com	100.24.208.97
www.tamaracastrillejo.com	A 172.67.155.197 A 104.21.42.37	104.21.42.37
www.bgcs.online
www.xaudix.com	CNAME xaudix.com A 182.50.132.242	182.50.132.242
www.tasteofgadsdencounty.com	CNAME tasteofgadsdencounty.com A 34.102.136.180	34.102.136.180
www.minisoshop.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.oarlary.xyz	A 104.21.34.240 A 172.67.166.87	104.21.34.240
www.shopmoly.com	A 128.199.158.128	128.199.158.128
www.apeironnature.com	CNAME apeironnature.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

GET 200 http://198.12.107.117/0789/vbc.exe

POST 0 http://www.tradeplay.net/p08r/

GET 404 http://www.tradeplay.net/p08r/?sZ=4thJWcvRSTe4hV1bGSZ95meEdt450t9mNZxRaqxPEFoJU5xgEKef2WLJHyAlacZU2kQP+u82&4hO=NVxxIf

POST 405 http://www.tasteofgadsdencounty.com/p08r/

GET 403 http://www.tasteofgadsdencounty.com/p08r/?sZ=r9Yl5R9exgSt+THckHRGQHMSQ7lUP1MIKTFoA2QCQOTNM6XNLCYZhM17LQ5O2O7QDP/PNXJW&4hO=NVxxIf

POST 0 http://www.blinglj.com/p08r/

GET 403 http://www.blinglj.com/p08r/?sZ=VhZ5aNjufsg8yIKFt86vwNN5rsRGseTwSosfAD2rdPJJdPLarQSvJQIy1XR6o6k+V62Ea4hf&4hO=NVxxIf

POST 400 http://www.xaudix.com/p08r/

GET 400 http://www.xaudix.com/p08r/?sZ=AfsQzanRa/K71Sp+FC4vF/VUIPkDyKYCI0bhlWQZ5rKPtKnDleIrjtZ/eJx+lPng/2gI4886&4hO=NVxxIf

POST 404 http://www.puremicrodosing.com/p08r/

GET 404 http://www.puremicrodosing.com/p08r/?sZ=S62BtV/OXf7l+Oi9TcRmwChwada/mHY3jxfUfEoy5xEvr99fIfi+QJg3WuTcsjgo8nY7wmXr&4hO=NVxxIf

POST 0 http://www.shopmoly.com/p08r/

GET 301 http://www.shopmoly.com/p08r/?sZ=haQmUSKM/WHARPa2Lp+DqCKAjRoaKWuSZ/KrsjvHPH5ydyX7t0iOLK3MGHUJ/6Ys8itQ83ll&4hO=NVxxIf

POST 405 http://www.standunitedforamerica.us/p08r/

GET 403 http://www.standunitedforamerica.us/p08r/?sZ=B2ekqSjam2FgOpOVxsnLxAFuSlZHI4NAcaOSHs117iNT154ovp+tvM1jF1ib5fJR9u9nduUX&4hO=NVxxIf

POST 0 http://www.wandawallinbristow.com/p08r/

GET 0 http://www.wandawallinbristow.com/p08r/?sZ=rIasJTgHnlhvn49Ec1ufSUMfKeevfsoIo8VQBxBAm8yCbmuzA/iYh299dFqwI1FD4s8UWgPB&4hO=NVxxIf

POST 404 http://www.110cy.top/p08r/

GET 404 http://www.110cy.top/p08r/?sZ=MhB7f0VRGu4oeye/TacVaH4JpmGIqSeDQM+dXwNRcYHzFlxosf73jULnoJMcxlrSEXGcWsCB&4hO=NVxxIf

POST 405 http://www.apeironnature.com/p08r/

GET 403 http://www.apeironnature.com/p08r/?sZ=2/kdXLcJs10/2cxW7t+Sgy9pAx78D6goaK23LVVxeGeEx+y6ZAUjhmiP7vRD9HtJk4HFEsVc&4hO=NVxxIf

POST 0 http://www.oarlary.xyz/p08r/

GET 503 http://www.oarlary.xyz/p08r/?sZ=HWuJJXMS6EhDI+SwYjpjarifwZNGFMDpOH1wTDyGnvjHCAjlH9SD6hFmgIuMNdw6hyZKLj5p&4hO=NVxxIf

POST 403 http://www.happinessfashionline.com/p08r/

GET 403 http://www.happinessfashionline.com/p08r/?sZ=it2rKjXdnbVdg6Y0HoOw2Hy/OdzuHI5rq3rX4BBmEIww4S6XrH8d+i6ixz5qwTyrhXsqwNMN&4hO=NVxxIf

POST 0 http://www.tamaracastrillejo.com/p08r/

GET 301 http://www.tamaracastrillejo.com/p08r/?sZ=CnBaoYh9B4vymKiOFoQY3BcfDLNsJjln6ysWXfUNxXKSA6sOsy6cNvjP7hJHh5O3EQTGDoh3&4hO=NVxxIf

POST 302 http://www.minisoshop.com/p08r/

GET 302 http://www.minisoshop.com/p08r/?sZ=yt/y475BYeETL6/9CyyYP81IgtfMvB7e1GH5lU8k0UJ3W/3fb9aNkbEZFhB5uAoBowubwcMf&4hO=NVxxIf

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:50851 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 198.12.107.117:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49204 -> 198.12.107.117:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 128.199.158.128:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 156.241.132.45:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 128.199.158.128:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 128.199.158.128:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 198.12.107.117:80 -> 192.168.56.101:49204	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.168.56.101:49237 -> 172.67.155.197:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49237 -> 172.67.155.197:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49237 -> 172.67.155.197:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 104.21.2.9:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 104.21.2.9:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 104.21.2.9:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 198.12.107.117:80 -> 192.168.56.101:49204	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49215 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 198.12.107.117:80 -> 192.168.56.101:49204	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 192.168.56.101:49215 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 198.12.107.117:80 -> 192.168.56.101:49204	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 192.249.119.170:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 192.249.119.170:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 192.249.119.170:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49232 -> 172.67.166.87:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49232 -> 172.67.166.87:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49232 -> 172.67.166.87:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49232 -> 172.67.166.87:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 100.24.208.97:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49234 -> 100.24.208.97:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49234 -> 100.24.208.97:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 156.241.132.45:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 156.241.132.45:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 156.241.132.45:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 156.241.132.45:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 91.184.0.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 91.184.0.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 91.184.0.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49239 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49239 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49239 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts