NetWork | ZeroBOX

IP Address	Status	Action
104.232.64.103	Active	Moloch
162.241.216.98	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
198.71.232.3	Active	Moloch
216.58.220.211	Active	Moloch
3.233.171.147	Active	Moloch
34.102.136.180	Active	Moloch
45.39.88.198	Active	Moloch
50.118.250.118	Active	Moloch
52.58.78.16	Active	Moloch
94.136.40.51	Active	Moloch

Name	Response	Post-Analysis Lookup
www.sligogolfacademy.com	A 104.232.64.103	104.232.64.103
www.eoapdj.com	A 45.39.88.198	45.39.88.198
www.4608capaydrive.com	A 3.233.171.147 CNAME domains.relahq.com A 3.232.116.190	3.233.171.147
www.halostreams.net
www.gritchiecharcoal.com	A 94.136.40.51	94.136.40.51
www.potviper.com	A 50.118.250.118	50.118.250.118
www.californiaredstate.com	A 34.102.136.180 CNAME californiaredstate.com	34.102.136.180
www.bhcsva.com
www.warriornotesgolbalprayer.com	A 34.102.136.180 CNAME warriornotesgolbalprayer.com	34.102.136.180
www.graniteinaminute.com	CNAME graniteinaminute.com A 198.71.232.3	182.50.132.242
www.gailrichardson.com	A 52.58.78.16	52.58.78.16
www.crochenista.com	CNAME crochenista.com A 162.241.216.98	162.241.216.98
www.startrekepisode.com	A 34.102.136.180 CNAME startrekepisode.com	34.102.136.180
www.sembachtigers.info	A 216.58.220.211 CNAME ghs.googlehosted.com A 172.217.175.243	172.217.175.243
www.investiose.info	CNAME investiose.info A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

POST 404 http://www.potviper.com/qjnt/

GET 404 http://www.potviper.com/qjnt/?GVoxs=S2pLJQ56SFKSAj7UcVU/hxx54jK3fBRD9w/6371FREoT6cUtpaNEoawUGeYwfPT+9gmkOdMX&5jr=UlSt

POST 403 http://www.eoapdj.com/qjnt/

GET 403 http://www.eoapdj.com/qjnt/?GVoxs=tDoVZ8LrXdfM2UePKwC2rJ8resXPJc2dnDhd6WgKQtKZKBlahDoyQOcxbwTJkNKzfSZAVv0R&5jr=UlSt

POST 405 http://www.investiose.info/qjnt/

GET 403 http://www.investiose.info/qjnt/?GVoxs=ZxcvZy8ZLczqtvfEla7uZ1L3KAM6BWVTFYDKbjT+DQ7ivFAcZk5kBU1oTK1xQfOK60beZP/V&5jr=UlSt

POST 405 http://www.warriornotesgolbalprayer.com/qjnt/

GET 403 http://www.warriornotesgolbalprayer.com/qjnt/?GVoxs=NZEjDeTbQWI4t+jLVj6ckcPfHkTvqBwW1gJjjcociDWZiHYNHkrr42q5Qu5MGWq/DbzHTKzP&5jr=UlSt

POST 404 http://www.crochenista.com/qjnt/

GET 404 http://www.crochenista.com/qjnt/?GVoxs=J6zJO2/PwCYDrPfd6ahXoqg8qe3TXVYRwNW46sX1F3TUCNiZ+HIDBehPRyNHfGKllpDSpMGn&5jr=UlSt

POST 410 http://www.gailrichardson.com/qjnt/

GET 410 http://www.gailrichardson.com/qjnt/?GVoxs=cQpYuVHVGObCoOy3oJObHgw0bCNAclVj5U/7sRdD/qRSo/tXEB2YKGAusTd/rcUBeGIQZ61D&5jr=UlSt

POST 404 http://www.gritchiecharcoal.com/qjnt/

GET 404 http://www.gritchiecharcoal.com/qjnt/?GVoxs=dVs14fUu2Ven2658hBFx9jliZTLZEVHuVQGBY3ziSv8BPTKHH6vE10KIv0y/hbAn0E72jEmA&5jr=UlSt

POST 405 http://www.startrekepisode.com/qjnt/

GET 403 http://www.startrekepisode.com/qjnt/?GVoxs=5+BnPckFTRrJGxaMVUv0BF1FKPa8eJDIfTmAxOSqxwEOI5f2tl64h5cJxkg2lQOsq3TBX7Br&5jr=UlSt

POST 405 http://www.californiaredstate.com/qjnt/

GET 403 http://www.californiaredstate.com/qjnt/?GVoxs=zQPqhV0zjwqOH7+4I463/IP/2KgA+kN0HIdOkui6XhPhedEq6pmyyx37MiuAH/2FJlIb70cd&5jr=UlSt

POST 400 http://www.graniteinaminute.com/qjnt/

GET 400 http://www.graniteinaminute.com/qjnt/?GVoxs=Kc40ChrvGMsz5sDUgJdI1Tm80ndRwqOobrZe5CnH/KVtq0OHhWuXcnL+C6x+hGBLT8rXGqGg&5jr=UlSt

POST 404 http://www.4608capaydrive.com/qjnt/

GET 404 http://www.4608capaydrive.com/qjnt/?GVoxs=iLUFueU10hOppTwP3ag0TEkx55OWImdDKFK/X6WyCwcuL4AvnIYcIMaE+BFiiDsTNyxyLE8j&5jr=UlSt

POST 404 http://www.sembachtigers.info/qjnt/

GET 404 http://www.sembachtigers.info/qjnt/?GVoxs=+Yp94tLL6Z+72WMpgDjwP3Oyxs1A784iv/kiT+2T4sgwKfW7AAGEyVE3ppqLFrE+wMT4F9ry&5jr=UlSt

GET 0 http://www.sligogolfacademy.com/qjnt/?GVoxs=jW8pZHGrNu+IDaEzBY5u1VpwwzeNUmqGp5ujPvgX8FP3RhC0Cv3sVN1JA0V0HBZXOpjzOmY1&5jr=UlSt

GET 404 http://www.potviper.com/qjnt/?GVoxs=S2pLJQ56SFKSAj7UcVU/hxx54jK3fBRD9w/6371FREoT6cUtpaNEoawUGeYwfPT+9gmkOdMX&5jr=UlSt

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49816 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49816 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49816 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49828 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49828 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49828 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49834 -> 216.58.220.211:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49834 -> 216.58.220.211:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49834 -> 216.58.220.211:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49812 -> 50.118.250.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49812 -> 50.118.250.118:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49812 -> 50.118.250.118:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49830 -> 198.71.232.3:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49830 -> 198.71.232.3:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49830 -> 198.71.232.3:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49837 -> 50.118.250.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49837 -> 50.118.250.118:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49837 -> 50.118.250.118:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49826 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49826 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49826 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49822 -> 52.58.78.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49822 -> 52.58.78.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49822 -> 52.58.78.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49824 -> 94.136.40.51:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49824 -> 94.136.40.51:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49824 -> 94.136.40.51:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 45.39.88.198:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 45.39.88.198:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49814 -> 45.39.88.198:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49836 -> 104.232.64.103:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49836 -> 104.232.64.103:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49836 -> 104.232.64.103:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49818 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49832 -> 3.233.171.147:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49832 -> 3.233.171.147:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49832 -> 3.233.171.147:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 162.241.216.98:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 162.241.216.98:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49820 -> 162.241.216.98:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts