NetWork | ZeroBOX

IP Address	Status	Action
104.17.66.15	Active	Moloch
154.212.216.43	Active	Moloch
163.123.204.26	Active	Moloch
164.124.101.2	Active	Moloch
164.68.104.58	Active	Moloch
198.74.106.237	Active	Moloch
23.108.179.100	Active	Moloch
23.227.38.74	Active	Moloch
34.102.136.180	Active	Moloch
34.80.190.141	Active	Moloch
74.208.236.178	Active	Moloch

Name	Response	Post-Analysis Lookup
www.runninghogfarm.com	A 23.108.179.100	23.108.179.100
www.gilleyaviation.com
www.atokastore.com	CNAME atokastore.com A 34.102.136.180	34.102.136.180
www.cmnkt-byem.xyz
www.macrovigilance.com	A 154.212.216.43	154.212.216.43
www.466se.com	A 198.74.106.237	198.74.106.237
www.ifn.xyz	A 104.17.92.27 CNAME connect.shopbase.com A 104.17.66.15	104.17.92.27
www.joinlashedbyjamie.com	A 74.208.236.178	74.208.236.178
www.circusocks.com	A 163.123.204.26 CNAME circusocks.com	163.123.204.26
www.nazarppe.com	CNAME www23.wixdns.net A 34.80.190.141 CNAME td-balancer-ae1-190-141.wixdns.net CNAME 47363d5c-balancer.wixdns.net CNAME balancer.wixdns.net	34.80.190.141
www.gee825.com
www.lovebodystyles.com	A 34.102.136.180 CNAME lovebodystyles.com	34.102.136.180
www.tunnurl.com	A 34.102.136.180 CNAME tunnurl.com	34.102.136.180
www.twinedinmagic.com	CNAME twined-in-magic.myshopify.com A 23.227.38.74 CNAME shops.myshopify.com	23.227.38.74
www.ejsuniqueclasses.com	A 164.68.104.58 CNAME ejsuniqueclasses.com	164.68.104.58

TCP Requests

UDP Requests

POST 0 http://www.twinedinmagic.com/ehp9/

GET 403 http://www.twinedinmagic.com/ehp9/?DXFTJ=I8oiP9SoG5h48m6KhZc1JhaZpcQmSrut+JcyFmPalQS48JdChQkexhtZM/EBi3DjLJXpgbrL&Jt7=XPv4nH2h

POST 405 http://www.lovebodystyles.com/ehp9/

GET 403 http://www.lovebodystyles.com/ehp9/?DXFTJ=fQONYJVf+drtsBymL6LN0IYUYxuzf9afeJHOCvotCVRqAxc+aKra+zVgjtRtDEfwsmLVAV7e&Jt7=XPv4nH2h

GET 200 http://www.macrovigilance.com/ehp9/?DXFTJ=TrVpt/Sm2xJ9IGi4K3NwgAhB6j/uvsDHzHwNFROlzNa3rgYvh2eLdGW0sMsxruWtvTWJfmAK&Jt7=XPv4nH2h

POST 405 http://www.tunnurl.com/ehp9/

GET 403 http://www.tunnurl.com/ehp9/?DXFTJ=QhkqBxVohxlqPUcu6G0chdX25ZqKuFpZq4xLpZwu6mKCp53I4Tvx5rMPt0/BXf9pPvuvFI6V&Jt7=XPv4nH2h

POST 405 http://www.atokastore.com/ehp9/

GET 403 http://www.atokastore.com/ehp9/?DXFTJ=0LqjHGvSuyDGgeop76VF70PcmE//HpHSJ558UeTMc749V6eczRm/Pf3IqfOFmaD//tqFBTEy&Jt7=XPv4nH2h

POST 0 http://www.runninghogfarm.com/ehp9/

GET 0 http://www.runninghogfarm.com/ehp9/?DXFTJ=TiEJkYh9nBwlrsDRUzymswvqStp9NyNn6K1JUARvaYpBqYPnTPyRdaxdWm2SESo4LeuL0jJk&Jt7=XPv4nH2h

POST 0 http://www.ejsuniqueclasses.com/ehp9/

GET 301 http://www.ejsuniqueclasses.com/ehp9/?DXFTJ=8c/5QoMU/LJp2F/JqDOgvqNfypt6IHckOwRzCQjdzO4ATzLHPoPQ6gSPk/oNBgTWB7oKG4q8&Jt7=XPv4nH2h

POST 0 http://www.joinlashedbyjamie.com/ehp9/

GET 302 http://www.joinlashedbyjamie.com/ehp9/?DXFTJ=+eGaCpWIeY1GeVLPRfBKIdnCFP4bn1fBUg7gUF+CiQV6Bp5ohh8tCc+mNs21JISC/amISJ9y&Jt7=XPv4nH2h

POST 0 http://www.circusocks.com/ehp9/

GET 404 http://www.circusocks.com/ehp9/?DXFTJ=oRr9ZXzYir31EMpQ4cLVquMpSAfNXH/ZGOcaxDo65nuPHc2Zv4aHZ1gD7lNSjr7j2ZXrkkv7&Jt7=XPv4nH2h

POST 0 http://www.nazarppe.com/ehp9/

GET 301 http://www.nazarppe.com/ehp9/?DXFTJ=ForhLKJW5s3cPVf6/6Q1cyVpQBFSYL410ahzi4TIJRZgcvQolUc5UDI3pLbwinN7hftJyfKf&Jt7=XPv4nH2h

POST 0 http://www.ifn.xyz/ehp9/

GET 301 http://www.ifn.xyz/ehp9/?DXFTJ=52eH09aBYPtE5DyiejMY8v2uxe7c6i3pelrpIF5DWEK+lqUjHfhnU3NPACtVlTQkZMRHjcr5&Jt7=XPv4nH2h

POST 0 http://www.466se.com/ehp9/

GET 404 http://www.466se.com/ehp9/?DXFTJ=UsPTfcJ2cekV2xN0pFMXthX3126RUWmODdc5A73g6eF5qcZ7S3zbdbbJe1Glq8VOYp62ahzf&Jt7=XPv4nH2h

GET 403 http://www.twinedinmagic.com/ehp9/?DXFTJ=I8oiP9SoG5h48m6KhZc1JhaZpcQmSrut+JcyFmPalQS48JdChQkexhtZM/EBi3DjLJXpgbrL&Jt7=XPv4nH2h

POST 405 http://www.lovebodystyles.com/ehp9/

GET 403 http://www.lovebodystyles.com/ehp9/?DXFTJ=fQONYJVf+drtsBymL6LN0IYUYxuzf9afeJHOCvotCVRqAxc+aKra+zVgjtRtDEfwsmLVAV7e&Jt7=XPv4nH2h

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49208 -> 154.212.216.43:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 154.212.216.43:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 154.212.216.43:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 104.17.66.15:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 104.17.66.15:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 104.17.66.15:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 104.17.66.15:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49214 -> 23.108.179.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 23.108.179.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 23.108.179.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 163.123.204.26:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 163.123.204.26:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 163.123.204.26:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 74.208.236.178:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 74.208.236.178:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 74.208.236.178:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 164.68.104.58:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 164.68.104.58:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 164.68.104.58:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 34.80.190.141:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 34.80.190.141:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 34.80.190.141:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 198.74.106.237:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 198.74.106.237:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 198.74.106.237:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts