NetWork | ZeroBOX

IP Address	Status	Action
121.254.178.253	Active	Moloch
134.122.133.133	Active	Moloch
145.131.10.226	Active	Moloch
150.95.54.145	Active	Moloch
164.124.101.2	Active	Moloch
185.46.123.48	Active	Moloch
198.54.121.137	Active	Moloch
2.57.90.16	Active	Moloch
209.17.116.163	Active	Moloch
23.227.38.74	Active	Moloch
45.35.13.43	Active	Moloch
91.184.0.100	Active	Moloch
92.205.12.148	Active	Moloch

Name	Response	Post-Analysis Lookup
www.puremicrodosing.com	A 91.184.0.100 CNAME puremicrodosing.com	91.184.0.100
www.cameroon-infos.net	A 185.46.123.48 CNAME cameroon-infos.net	185.46.123.48
www.serviciomovistar.online	A 2.57.90.16 CNAME serviciomovistar.online	2.57.90.16
www.alskdfalskdf.com
www.kennycheng.tech	CNAME kennycheng.tech A 198.54.121.137	198.54.121.137
www.adult-affi2401.com	CNAME adult-affi2401.com A 150.95.54.145	150.95.54.145
www.clarysvillemotel.online	A 209.17.116.163	209.17.116.163
www.consumersvoice.net	CNAME consumersvoice.net A 92.205.12.148	92.205.12.148
www.cyworldl.com	A 121.254.178.253	121.254.178.253
www.globalservicesproviders.com	A 45.35.13.43	45.35.13.43
www.989451.com	A 134.122.133.133	134.122.133.133
www.elemnetoutdoor.com
www.flintandfern.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.lockolock.com	A 145.131.10.226	145.131.10.226

TCP Requests

UDP Requests

POST 404 http://www.adult-affi2401.com/p08r/

GET 404 http://www.adult-affi2401.com/p08r/?b6A=YBD8ehEBguM+6gGh+VaunkeJelFsPauf8nWvRLa2Q8b5I/eD3+1cxq8HW72tGpOj6qnVLgtZ&D8S=_FNHAt

POST 400 http://www.kennycheng.tech/p08r/

GET 301 http://www.kennycheng.tech/p08r/?b6A=RPRpMFG5DiuH4Me2ReofCDIxeK3pjVq+7UTLX2dtWYx9bGYak7LoJY9NsO7Y0IdpYyXG1k8C&D8S=_FNHAt

POST 302 http://www.lockolock.com/p08r/

GET 302 http://www.lockolock.com/p08r/?b6A=BojzXC5XtUXJCn/sviLjp1FSKX3F4rfFxOtL/HTn2WsxIabSXw8AIYc51ovw4Dh6Oxhyfgcs&D8S=_FNHAt

POST 404 http://www.serviciomovistar.online/p08r/

GET 404 http://www.serviciomovistar.online/p08r/?b6A=F620ax2IXshNfJXYyz520Uk8ZUO6TkBejSV6e6QrtPv/Tnjc0fjbzMUqFeGXtuHmpTp57JhT&D8S=_FNHAt

POST 404 http://www.globalservicesproviders.com/p08r/

GET 404 http://www.globalservicesproviders.com/p08r/?b6A=kc0HlcHOykXtlE83QAp9W1Y7yFJ/9Iqs5v9tv8rxcf4fEK7gRz8fegFivJuBABnMLio7jmeg&D8S=_FNHAt

POST 404 http://www.puremicrodosing.com/p08r/

GET 404 http://www.puremicrodosing.com/p08r/?b6A=S62BtV/OXf7l+Oi9TcRmwChwada/mHY3jxfUfEoy5xEvr99fIfi+QJg3WuTcsjgo8nY7wmXr&D8S=_FNHAt

POST 404 http://www.cyworldl.com/p08r/

GET 404 http://www.cyworldl.com/p08r/?b6A=NwV8JJ6ZJlAEmD5b4H2bl/w3OwpG2MFDo8NShXAeVJkYkzdeWNbXotIvNWoszNS/7oJ1T3z8&D8S=_FNHAt

POST 404 http://www.cameroon-infos.net/p08r/

GET 404 http://www.cameroon-infos.net/p08r/?b6A=IYc7WM2wy7ET8TsfVSWUiPW1jV3rdQu07vYpL+EaMYvNKjdhepHWyqeEAJ8IIY8trn3trjsC&D8S=_FNHAt

POST 301 http://www.989451.com/p08r/

GET 301 http://www.989451.com/p08r/?b6A=wgGfLhEduyoESPnrST6AXTlsvRUW71KfhZuOrHw7TI51lUsZgWgyOnM3Xtx4zYYaTke8CEyN&D8S=_FNHAt

POST 0 http://www.consumersvoice.net/p08r/

GET 0 http://www.consumersvoice.net/p08r/?b6A=R7Z4cCaC1e2zv+EAWAiOXCWhjhnPFC37ZRsWBv89zgeIsWdkaTqQTyClsbCcSyhG48O6u0Ah&D8S=_FNHAt

POST 0 http://www.clarysvillemotel.online/p08r/

GET 400 http://www.clarysvillemotel.online/p08r/?b6A=/y0eURr3ltnoyVqmCF5+hABmIP5vOnvBOsV4557ulpQQHqCgOASkt/vB2/md2DwCkqo9P7oS&D8S=_FNHAt

POST 0 http://www.flintandfern.com/p08r/

GET 403 http://www.flintandfern.com/p08r/?b6A=Ig7E2VbjhUNLzfDSaZHXL8/SDch0w/CqTC9CFS6jYTZ7o1whS6OcAV/jB/WfzBNJNz1c2WE1&D8S=_FNHAt

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49218 -> 185.46.123.48:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 185.46.123.48:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 185.46.123.48:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 145.131.10.226:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.17.116.163:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 145.131.10.226:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.17.116.163:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 145.131.10.226:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.17.116.163:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49226 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 92.205.12.148:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 45.35.13.43:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 92.205.12.148:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 45.35.13.43:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 92.205.12.148:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 45.35.13.43:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 198.54.121.137:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 198.54.121.137:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 198.54.121.137:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.54.145:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.54.145:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.54.145:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 91.184.0.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 121.254.178.253:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 91.184.0.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 121.254.178.253:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 91.184.0.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 121.254.178.253:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 134.122.133.133:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 134.122.133.133:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 134.122.133.133:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts