NetWork | ZeroBOX

IP Address	Status	Action
104.253.54.44	Active	Moloch
164.124.101.2	Active	Moloch
172.67.213.169	Active	Moloch
18.140.6.45	Active	Moloch
194.58.112.174	Active	Moloch
198.54.117.218	Active	Moloch
216.40.34.41	Active	Moloch
23.231.72.112	Active	Moloch
34.117.168.233	Active	Moloch
45.33.6.223	Active	Moloch
66.96.162.138	Active	Moloch

Name	Response	Post-Analysis Lookup
www.azstoreatoderma.click	CNAME dns.ladipage.com A 18.140.6.45 A 3.1.17.18 A 52.76.101.124	3.1.17.18
www.wearecatalyst.app	A 216.40.34.41	216.40.34.41
www.olympusmix.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.217
www.csrvcars.com	A 23.231.72.112	23.231.72.112
www.special-order.online	A 194.58.112.174	194.58.112.174
www.centaura.community	A 66.96.162.138	66.96.162.138
www.zhn.biz	A 172.67.213.169 A 104.21.16.153	172.67.213.169
www.bianchibeverage.com	A 104.253.54.44	104.253.54.44
www.ghostdyes.net	CNAME gcdn0.wixdns.net A 34.117.168.233 CNAME td-ccm-168-233.wixdns.net	34.117.168.233
www.sqlite.org	A 45.33.6.223	45.33.6.223

TCP Requests

UDP Requests

GET 200 http://www.csrvcars.com/udh1/?cUMMa5v=XEemPPOTV26sKXQzDYMsrkGsJokzxPFPbFpU+n9uCd2chnbXsi75dkjdHRd+i/N9AgC/cMMMBBk+slWuActf4QAZvLu0iyaFuJXVPTg=&GV=hSkJd_W

GET 200 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip

POST 200 http://www.zhn.biz/udh1/

GET 200 http://www.zhn.biz/udh1/?cUMMa5v=LfrgFpvSkJA2y41K7oV1vuuQyWHfo0uy5ufNO5HpKtxTTE0bBGpeg3SJ2RFsjNe1w4Pec63rxh4rwW+J1uIf4mhDhIMbmXY09bayaEE=&GV=hSkJd_W

POST 404 http://www.special-order.online/udh1/

GET 404 http://www.special-order.online/udh1/?cUMMa5v=CwuBCJt94bxtc2gNtpoM3E+US0dkKMARx3Pvc7vf2LAtLU32691wJ0dQetaubb0PioG6wR7W5uX4+q4XU8z6LBF3Qfs1ipW/MdlZd78=&GV=hSkJd_W

POST 301 http://www.azstoreatoderma.click/udh1/

GET 301 http://www.azstoreatoderma.click/udh1/?cUMMa5v=R/kB4/0HM2tcwqvhXH4XIYj1eTxJXqndlHH19RjFed8ZhY1qAasVyZxg1ws7A7LtJYEr4634gz6I87tnmhAW+ys9K/jaGw++UPdFo8c=&GV=hSkJd_W

POST 405 http://www.olympusmix.com/udh1/

GET 0 http://www.olympusmix.com/udh1/?cUMMa5v=lWZk+s3blMuiGWpXy6frpU4enEwBG5gJanUH8/6Evmw4nHtx+SdA/kN+9f5N/0KA2bk6RtFa0tH8PADjgLi95JHf+wn8BjREHXSWn6U=&GV=hSkJd_W

POST 403 http://www.ghostdyes.net/udh1/

GET 404 http://www.ghostdyes.net/udh1/?cUMMa5v=lj2vP+EAw0fELJNPJ5VtAcTjxQQz8hKi5d9v+h5W1hvMFJJN0lWMU8OkjsFxsGAkw0S50RNizKyMtcUDX4tgR0i1IahDyycai/CThP0=&GV=hSkJd_W

POST 404 http://www.wearecatalyst.app/udh1/

GET 200 http://www.wearecatalyst.app/udh1/?cUMMa5v=tt9dYLtFsKfLIIIXMfpRfs924GbOuHLcMLKVMdaTOcJrEAGIFAHeQ5Ly9YOpmT4Rz3p2Jl5Xgzq6cAPtFXnDdyfQg2kRv5Z1dRZDL3M=&GV=hSkJd_W

POST 404 http://www.centaura.community/udh1/

GET 404 http://www.centaura.community/udh1/?cUMMa5v=kMKsR5rTxSYNZgWncVUlGrpLkwsOTig3tGW39qhs19NQJLtwYtRkr4H+EIRE8MUOxMFfo6MP6730mq+L8n2Tmf9vKWCdpbnfDO0cF8Q=&GV=hSkJd_W

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:53004 -> 164.124.101.2:53	2027863	ET INFO Observed DNS Query to .biz TLD	Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 194.58.112.174:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 194.58.112.174:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 194.58.112.174:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 216.40.34.41:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 23.231.72.112:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 172.67.213.169:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 34.117.168.233:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 66.96.162.138:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 18.140.6.45:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 198.54.117.218:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts