NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
195.110.124.133	Active	Moloch
198.177.124.57	Active	Moloch
219.94.129.181	Active	Moloch
34.117.168.233	Active	Moloch
45.33.6.223	Active	Moloch
46.17.173.192	Active	Moloch
91.189.114.25	Active	Moloch
94.23.162.163	Active	Moloch

Name	Response	Post-Analysis Lookup
www.kunimi.org	CNAME kunimi.org A 219.94.129.181	219.94.129.181
www.marex.promo	A 91.189.114.25	91.189.114.25
www.meandclementina.com	CNAME meandclementina.com A 195.110.124.133	195.110.124.133
www.lowcome.life	A 198.177.124.57	198.177.124.57
www.starauctioneerspro.com	A 54.38.220.85 A 94.23.162.163	94.23.162.163
www.coba.dev	CNAME coba.dev A 46.17.173.192	46.17.173.192
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.organiclifestyle.biz	CNAME gcdn0.wixdns.net A 34.117.168.233 CNAME td-ccm-168-233.wixdns.net	34.117.168.233

TCP Requests

UDP Requests

GET 404 http://www.organiclifestyle.biz/u62a/?uyJ6NZy=VvqZGz3PHJbSx1QTtGtZ27JbTMCS5Ic5/4p6o7fkYDsqsQXV00C4Mjy3HEa1fsrCkNg75FGvKvR0eCFVX6t17fJz0m/poFYbzV0qA3k=&GqUv=WJjJdRiak0

GET 404 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip

GET 200 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip

POST 404 http://www.coba.dev/u62a/

GET 404 http://www.coba.dev/u62a/?uyJ6NZy=o8SCP/YnJ49qk75I5z3GzELHmg2Up2LUiNCn13SbmA4goaf+g+1fYa13Odsfun9rvkIDAdpJippA+Y6N0xwu8NBanTjMGd5U2PfRiS4=&GqUv=WJjJdRiak0

POST 404 http://www.meandclementina.com/u62a/

GET 404 http://www.meandclementina.com/u62a/?uyJ6NZy=sEdvL1ZGkULv2A8bNXBRaRmdYx+eWL4gYtShFj4pbN8o5eHSa3QtYRl1ZjlPIya8jQvOFXB8wZUlu2C2FpqSzuYXIQNHQFur3PZxkFI=&GqUv=WJjJdRiak0

POST 404 http://www.marex.promo/u62a/

GET 404 http://www.marex.promo/u62a/?uyJ6NZy=HTOKBE+ideXsbClCFIZFlPYDAjUuWFn3t4knnx885+0EkjdUagvAPmmh9nOXJS6XsZrvZ1YpL3hurMR7Bu4FKovUyILBMkHn6uQL+64=&GqUv=WJjJdRiak0

POST 0 http://www.starauctioneerspro.com/u62a/

GET 404 http://www.starauctioneerspro.com/u62a/?uyJ6NZy=xxICz6/4R5ldvKit9pQiZZ+jTsTJ1UXO3+kkY3b4PoRSc/9CGhnte6tVjQSTVfHBpnO/T6bLIQt5I4s4artxGH6TeZHS/DCwG7N4VUA=&GqUv=WJjJdRiak0

POST 404 http://www.lowcome.life/u62a/

GET 404 http://www.lowcome.life/u62a/?uyJ6NZy=SpYuczb0I67O/JB79loYgv0QPNy9tmAedxSPiGXP/gajLTktWHzWDdz7w0u65687mA4BdpaJEcNqadlvkC0xWpASIIM+xKCPpUlgMWA=&GqUv=WJjJdRiak0

POST 0 http://www.kunimi.org/u62a/

GET 301 http://www.kunimi.org/u62a/?uyJ6NZy=Do2YNZmdCCnGDS2WdMJQZ6ZCKAd/GRXgo7DNSK9yFY09r/FIwMWpAWGLeKjsO9QXj5EgxT/2XN8JUIdJtTBe0orCvwywWdiUJLw1V4E=&GqUv=WJjJdRiak0

ICMP traffic

Source	Destination	ICMP Type	Data
192.168.56.101	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2027863	ET INFO Observed DNS Query to .biz TLD	Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2027876	ET INFO HTTP Request to Suspicious *.life Domain	Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2027876	ET INFO HTTP Request to Suspicious *.life Domain	Potentially Bad Traffic
UDP 192.168.56.101:54883 -> 8.8.8.8:53	2027867	ET INFO Observed DNS Query to .life TLD	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 198.177.124.57:80	2027876	ET INFO HTTP Request to Suspicious *.life Domain	Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 91.189.114.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 91.189.114.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 91.189.114.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 94.23.162.163:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 94.23.162.163:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 94.23.162.163:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 198.177.124.57:80	2027876	ET INFO HTTP Request to Suspicious *.life Domain	Potentially Bad Traffic
TCP 192.168.56.101:49168 -> 46.17.173.192:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 46.17.173.192:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 46.17.173.192:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 195.110.124.133:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 195.110.124.133:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 195.110.124.133:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 34.117.168.233:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 34.117.168.233:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 34.117.168.233:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 219.94.129.181:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 219.94.129.181:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 219.94.129.181:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts