NetWork | ZeroBOX

IP Address	Status	Action
104.21.35.47	Active	Moloch
164.124.101.2	Active	Moloch
172.120.106.61	Active	Moloch
192.0.78.24	Active	Moloch
195.110.124.133	Active	Moloch
198.71.233.83	Active	Moloch
216.239.136.99	Active	Moloch
34.102.136.180	Active	Moloch
35.186.238.101	Active	Moloch
45.39.212.162	Active	Moloch

Name	Response	Post-Analysis Lookup
www.govusergroup.com	A 216.239.136.99	216.239.136.99
www.restaurant-utopia.xyz	A 172.67.213.229 A 104.21.35.47	172.67.213.229
www.szyyglass.com	A 172.120.106.61	172.120.106.61
www.fis.photos	A 192.0.78.25 A 192.0.78.24 CNAME fis.photos	192.0.78.25
www.planetgreennetwork.com	CNAME planetgreennetwork.com A 34.102.136.180	34.102.136.180
www.arcflorals.com	A 198.71.233.83 CNAME arcflorals.com	198.71.233.83
www.docomoau.xyz
www.conquershirts.store	CNAME conquershirts.store A 195.110.124.133	195.110.124.133
www.ahljsm.com	A 45.39.212.162	45.39.212.162
www.satellitphonestore.com	A 35.186.238.101	35.186.238.101

TCP Requests

UDP Requests

GET 200 http://www.szyyglass.com/ef6c/?MZkp=WJZ/PBlgU2sqxbhuKWSW0gAF450CRpcifwWN2Hn02+HJZd2OB2qk7jd6844pcDa/ZUIS0tAu&U4kp=Ntx0ULGH4Bu8xJ0

GET 301 http://www.restaurant-utopia.xyz/ef6c/?MZkp=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&U4kp=Ntx0ULGH4Bu8xJ0

GET 403 http://www.satellitphonestore.com/ef6c/?MZkp=2HQYiK3SqCAOAD8t1I4UDgwc9i5WnuBSVk/U/jy+BINbcOU7l/xUqscit0kTEHSPOQww5Ion&U4kp=Ntx0ULGH4Bu8xJ0

GET 404 http://www.conquershirts.store/ef6c/?MZkp=95iB74+m3m1QSa2Yie21q98JT48wC3F76MvrX9tv4DSLixTQWiFMLp60PgPoHI6cr/owSd7w&U4kp=Ntx0ULGH4Bu8xJ0

GET 302 http://www.govusergroup.com/ef6c/?MZkp=N5yAIzzPvIdqoqJ3aV/wdndIILsjG1yD75IcTmUgg2IU59G+YJKqbdhtrw9qqSyAgMIiKVbn&U4kp=Ntx0ULGH4Bu8xJ0

GET 200 http://www.ahljsm.com/ef6c/?MZkp=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&U4kp=Ntx0ULGH4Bu8xJ0

GET 400 http://www.arcflorals.com/ef6c/?MZkp=kGlMeYY5BdILFMvYVNR7bZ0Mn33Q8LI2mKSsuAJB2+8tGFV37lUpti1UFknkbAVSBI+8nqql&U4kp=Ntx0ULGH4Bu8xJ0

GET 403 http://www.planetgreennetwork.com/ef6c/?MZkp=viiOdeoYufNRN60WkpfLEAw1fJ1OatCxqWV4tuVbpGnby6TfOu9tKnuCwWlJt5WAZl2p+p2R&U4kp=Ntx0ULGH4Bu8xJ0

GET 301 http://www.fis.photos/ef6c/?MZkp=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&U4kp=Ntx0ULGH4Bu8xJ0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49173 -> 35.186.238.101:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 35.186.238.101:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 35.186.238.101:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 195.110.124.133:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 195.110.124.133:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 195.110.124.133:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 198.71.233.83:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 198.71.233.83:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 198.71.233.83:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 216.239.136.99:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 216.239.136.99:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 216.239.136.99:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 192.0.78.24:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 192.0.78.24:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 192.0.78.24:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 104.21.35.47:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 104.21.35.47:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 104.21.35.47:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 104.21.35.47:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49176 -> 45.39.212.162:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 45.39.212.162:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 45.39.212.162:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.120.106.61:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.120.106.61:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.120.106.61:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts