NetWork | ZeroBOX

IP Address	Status	Action
142.250.66.115	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.96.191.170	Active	Moloch
184.168.131.241	Active	Moloch
192.185.0.218	Active	Moloch
203.245.44.109	Active	Moloch
34.102.136.180	Active	Moloch
81.169.145.72	Active	Moloch

Name	Response	Post-Analysis Lookup
www.dembyanndson.com
www.sportsiri.com	A 34.102.136.180 CNAME sportsiri.com	34.102.136.180
www.lnbes.com
www.xn--2o2b1z87x8sb.com	A 203.245.44.109 CNAME xn--2o2b1z87x8sb.com	203.245.44.109
www.nodeaths.com	A 184.168.131.241 CNAME nodeaths.com	184.168.131.241
www.kesat-ya10.com
www.centroufologicosiciliano.info	CNAME centroufologicosiciliano.info A 172.96.191.170	172.96.191.170
www.oceancollaborative.com	A 184.168.131.241 CNAME oceancollaborative.com	184.168.131.241
www.my-ela.com	A 81.169.145.72 CNAME my-ela.com	81.169.145.72
www.motivactivewear.com	CNAME motivactivewear.com A 34.102.136.180	34.102.136.180
www.dr-farshidtajik.com
www.jacksonmesser.com	A 192.185.0.218	192.185.0.218
www.foldarusa.com	A 142.250.66.115 CNAME ghs.googlehosted.com	172.217.24.147

TCP Requests

UDP Requests

POST 404 http://www.xn--2o2b1z87x8sb.com/bp3i/

GET 404 http://www.xn--2o2b1z87x8sb.com/bp3i/?tZU0=w0/TDHIc1+HezrcFGU9wSyY7ZohJU/wG9FEU96VZi51pjs1Dms3z4YPKKIrAiX80z3Y2jYtY&Unt8E=GTdPPh0XeT3ldb

POST 405 http://www.sportsiri.com/bp3i/

GET 403 http://www.sportsiri.com/bp3i/?tZU0=aSvVGLLpXGw3OAXV2aZVnJ1iJf4AHcjemKA4E5Yqpc3oSPveS9L08/xGI3+5sNlqw1RF4nLk&Unt8E=GTdPPh0XeT3ldb

POST 405 http://www.motivactivewear.com/bp3i/

GET 403 http://www.motivactivewear.com/bp3i/?tZU0=zzYPr0OCNAmsWBGG6HNOV25V/HRJbXLG3dsQYpoWqUnjOdCdFgLO0pBdP9GuYgb2I6ZBWy1X&Unt8E=GTdPPh0XeT3ldb

POST 301 http://www.jacksonmesser.com/bp3i/

GET 301 http://www.jacksonmesser.com/bp3i/?tZU0=W/CXmC3h5YAUZ8fFOtRWLSI9/aEaYl+nDG0UZjOjUVUC3iozDGVhybHRgTy+sMA/oIlFk4+3&Unt8E=GTdPPh0XeT3ldb

POST 404 http://www.centroufologicosiciliano.info/bp3i/

GET 301 http://www.centroufologicosiciliano.info/bp3i/?tZU0=2oBW7Gq+oPyidiztoZuoYWcRATQmT11vWq8k6VNoEktLf6pbSYsZXTRFel/syGWUqWuQjZZt&Unt8E=GTdPPh0XeT3ldb

POST 0 http://www.oceancollaborative.com/bp3i/

GET 302 http://www.oceancollaborative.com/bp3i/?tZU0=+tA82degRgcQ4mmnQvXabF4qHjy6FJLdLGPOjGCu1vH9ecmhDfriaGule7Kf6ooavhCfc5XG&Unt8E=GTdPPh0XeT3ldb

POST 0 http://www.my-ela.com/bp3i/

GET 0 http://www.my-ela.com/bp3i/?tZU0=x3Xsx3kFmfVBk/03I35QZMI5K2UCf+f3EJo6s08DD7agpFQ+QRU8y9pTR1ZGHvyReF/CgWzd&Unt8E=GTdPPh0XeT3ldb

POST 301 http://www.foldarusa.com/bp3i/

GET 301 http://www.foldarusa.com/bp3i/?tZU0=+xosTUoEG+X0Mmn9EyQPKyy4IkvTxBKuOGd9HmuPL+IfZbfpIZ2h3r2SnBjxbTFGvCCtepcQ&Unt8E=GTdPPh0XeT3ldb

POST 0 http://www.nodeaths.com/bp3i/

GET 302 http://www.nodeaths.com/bp3i/?tZU0=lAVGsZAimvW2FIy65vEHNJIN9n86K8XX6jwSW4mk+OH7OVxpkEktiPioJCYmNQpgOpJRaQcs&Unt8E=GTdPPh0XeT3ldb

ICMP traffic

Source	Destination	ICMP Type
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3
192.168.56.102	164.124.101.2	3

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49815 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49815 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49815 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49819 -> 172.96.191.170:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49819 -> 172.96.191.170:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49819 -> 172.96.191.170:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49821 -> 184.168.131.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49821 -> 184.168.131.241:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49821 -> 184.168.131.241:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49823 -> 81.169.145.72:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49823 -> 81.169.145.72:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49823 -> 81.169.145.72:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49813 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 203.245.44.109:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 203.245.44.109:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49811 -> 203.245.44.109:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49825 -> 142.250.66.115:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49825 -> 142.250.66.115:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49827 -> 184.168.131.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49825 -> 142.250.66.115:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49817 -> 192.185.0.218:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49827 -> 184.168.131.241:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49817 -> 192.185.0.218:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49817 -> 192.185.0.218:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49827 -> 184.168.131.241:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts