NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.210	Active	Moloch
104.16.13.194	Active	Moloch
104.167.94.227	Active	Moloch
104.21.51.3	Active	Moloch
104.248.158.121	Active	Moloch
108.179.246.105	Active	Moloch
164.124.101.2	Active	Moloch
184.168.131.241	Active	Moloch
198.54.117.215	Active	Moloch
199.59.242.153	Active	Moloch
23.227.38.74	Active	Moloch
3.223.115.185	Active	Moloch
34.102.136.180	Active	Moloch
66.29.132.69	Active	Moloch

Name	Response	Post-Analysis Lookup
www.chilestew.com
www.productprinting.online	A 108.179.246.105 CNAME productprinting.online	108.179.246.105
www.car-insurance-rates-x2.info	CNAME car-insurance-rates-x2.info A 66.29.132.69	66.29.132.69
www.behiscalm.com	CNAME behiscalm.com A 34.102.136.180	34.102.136.180
www.mccorklehometeam.com	A 184.168.131.241 CNAME mccorklehometeam.com	184.168.131.241
www.calmingscience.com	A 172.67.215.123 A 104.21.51.3	172.67.215.123
www.p60p.com	A 104.167.94.227 CNAME p60p.com	104.167.94.227
www.dubaibiologicdentist.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.215
www.luvnecklace.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.ziototoristorante.com	A 199.59.242.153	199.59.242.153
www.anielleharris.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.simpeltattofor.men	A 103.224.182.210	103.224.182.210
www.mabduh.com	A 104.248.158.121 A 206.189.46.168	104.248.158.121
www.chinatowndeliver.com	CNAME chinatowndeliver.com A 34.102.136.180	34.102.136.180
www.healthylifefit.com	CNAME target.clickfunnels.com A 104.16.15.194 A 104.16.16.194 A 104.16.12.194 A 104.16.13.194 A 104.16.14.194	104.16.12.194

TCP Requests

UDP Requests

POST 0 http://www.p60p.com/mjyv/

GET 0 http://www.p60p.com/mjyv/?r6=Nc2ITi3hwuQIcyh1bMkL43y7/hZHkWWA0ujPuKcdOOsTZzLfHZK3SBjMOtbWV1AocZlKDKA1&CZ9=8pHxu0K

POST 0 http://www.ziototoristorante.com/mjyv/

GET 200 http://www.ziototoristorante.com/mjyv/?r6=BGF3MaDqcKXz2+ypQpBN49HcofQtIb5uumrf5yGZXgK71e6jsOADztt5ugiiGjAz+eZLHYvw&CZ9=8pHxu0K

POST 301 http://www.mabduh.com/mjyv/

GET 301 http://www.mabduh.com/mjyv/?r6=46trCuKNqElCtXxdD3CcU/1zXCvbbh+innazVP0/Ec93daT9L2c67QrrBUNmDwq56qbHS8kb&CZ9=8pHxu0K

POST 405 http://www.chinatowndeliver.com/mjyv/

GET 403 http://www.chinatowndeliver.com/mjyv/?r6=XUhyKAoNxujTTpq6c1lVw6UQrcGLXYJeNJQlydFnX5NrKnJZi3xXzQdWOhxeGOo0cSGE9W02&CZ9=8pHxu0K

POST 302 http://www.luvnecklace.com/mjyv/

GET 302 http://www.luvnecklace.com/mjyv/?r6=d9nWK9gIaGH81JCj1TOn6Acpjx5yU8RNy3mdtKdpBGdfCLj/BDbaNBqHqAwZa6LVFNP/k/vR&CZ9=8pHxu0K

POST 503 http://www.simpeltattofor.men/mjyv/

GET 302 http://www.simpeltattofor.men/mjyv/?r6=YF19YjsW8YJ3UOve4Qb3KBW5CTiNCbLMIoRIqgRYw5C7pHv6F5Yv7+2MVeO4kquiRvNeMbg8&CZ9=8pHxu0K

POST 404 http://www.productprinting.online/mjyv/

GET 301 http://www.productprinting.online/mjyv/?r6=dI0EVfu1T7SuYQVSFiskZOhLU8OYvItQe6UNnJ1ElFuaQLbdP5Uf2YRPyTd8+GYShGrxOpBk&CZ9=8pHxu0K

POST 405 http://www.dubaibiologicdentist.com/mjyv/

GET 0 http://www.dubaibiologicdentist.com/mjyv/?r6=BKHfsn/GYCC1h//vT8riYCukHI0Zyw57gwlmm1nTEYp+2eyN1NLV8AZGtmaXrDVZIiSg94F5&CZ9=8pHxu0K

POST 0 http://www.anielleharris.com/mjyv/

GET 403 http://www.anielleharris.com/mjyv/?r6=Vdqln5Bga6RSx61h1Kvk7xYPJlO1KgLwQnK13iOT9vNjy68/mEc8j6E46zK0xbCAzSox5p/r&CZ9=8pHxu0K

POST 404 http://www.car-insurance-rates-x2.info/mjyv/

GET 404 http://www.car-insurance-rates-x2.info/mjyv/?r6=JsVmDLitPD5sN21NuRjxCxYGWX6Zun1yL1UzMyeyoC0PN1VTm+kRrJp4mrpqyvRLfa8C5kJ3&CZ9=8pHxu0K

POST 0 http://www.calmingscience.com/mjyv/

GET 301 http://www.calmingscience.com/mjyv/?r6=88UrMb6q8kEA6d0RMNJBQg7TjSnN5axFSt02V9alnUE8WVXARanhd7Zn9ZpbXjvnPJPP0laE&CZ9=8pHxu0K

POST 405 http://www.behiscalm.com/mjyv/

GET 403 http://www.behiscalm.com/mjyv/?r6=K9FJa1ryPTd/bsjfiuRfbodFPMpyTpIbchH43KPgl0gdBdpLbzvy0KNnzkM4/ITWWD0DdyPm&CZ9=8pHxu0K

POST 0 http://www.mccorklehometeam.com/mjyv/

GET 301 http://www.mccorklehometeam.com/mjyv/?r6=R98Rpb+Ys7+0hNBLZTeJnFF4NkgkCgUAMyRYh/dXiy03XFnOcrWkZjimNn9sRbYS/za5FcC6&CZ9=8pHxu0K

POST 0 http://www.healthylifefit.com/mjyv/

GET 404 http://www.healthylifefit.com/mjyv/?r6=wu4G29Df/3jk6rtufY07T1aH5SRRTSPupQ0Am8+JIxBphBMLoCuvIjFknaaw90h7xGBdC+KC&CZ9=8pHxu0K

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49206 -> 199.59.242.153:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 199.59.242.153:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 199.59.242.153:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 104.167.94.227:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 104.167.94.227:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 104.167.94.227:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 104.21.51.3:80	2221045	SURICATA HTTP Unexpected Request body	Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 104.16.13.194:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49230 -> 104.16.13.194:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49230 -> 104.16.13.194:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 103.224.182.210:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 103.224.182.210:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 104.248.158.121:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 103.224.182.210:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 104.248.158.121:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 104.248.158.121:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 108.179.246.105:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 108.179.246.105:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 108.179.246.105:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 66.29.132.69:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 66.29.132.69:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 66.29.132.69:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49228 -> 184.168.131.241:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49228 -> 184.168.131.241:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49228 -> 184.168.131.241:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 198.54.117.215:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 198.54.117.215:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 198.54.117.215:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts