NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.131.184	Active	Moloch
178.32.114.31	Active	Moloch
183.181.96.123	Active	Moloch
194.9.94.86	Active	Moloch
34.102.136.180	Active	Moloch
52.118.136.180	Active	Moloch
68.65.123.42	Active	Moloch

Name	Response	Post-Analysis Lookup
www.xn--vhqp8mm8dbtz.group
www.xn--zbss74a16j.xn--czru2d
www.iphone13promax.support
www.trailer-racks.xyz	A 172.67.131.184 A 104.21.10.200	172.67.131.184
www.onlyforu14.rest	CNAME onlyforu14.rest A 68.65.123.42	68.65.123.42
www.number-is-04.net	A 183.181.96.123	183.181.96.123
www.dirtcheapfire.com
www.jillianvansice.com	A 34.102.136.180 CNAME jillianvansice.com	34.102.136.180
www.mglracing.com
www.unarecord.com	A 52.118.136.180	52.118.136.180
www.pixlrz.com	A 194.9.94.86 A 194.9.94.85	194.9.94.85
www.thepretenseofjustice.com
www.auth-appsgo.com
www.micj7873.com
www.bois-applique.com	A 178.32.114.31	178.32.114.31

TCP Requests

UDP Requests

GET 301 http://www.number-is-04.net/noha/?-Z=533EpRLMvdGd3LnMjF6P5H4aqTXvZDN7WJAPd7m9vKZsB2Z3JtcedJpU+7lZs6mIB3YhcvB0&rZ=X48HRfqP

GET 403 http://www.jillianvansice.com/noha/?-Z=bTEtFpzNECc+Zd5QB8tCW0UsQG/fhyCLGPTCJuWDJdj6hcfbAUUaBGVN8lsGkgtE30da91+N&rZ=X48HRfqP

GET 200 http://www.pixlrz.com/noha/?-Z=pbWa/Zt+jrM37Qkna2LUMphJ1OY8Arc0yZpnLLVq+3NFtdjGEGVpqkOGzVDKwJoEZyTRHeQT&rZ=X48HRfqP

GET 404 http://www.onlyforu14.rest/noha/?-Z=P/l8qiYiqt8kvrDBUGtG7DlBr1gw3QxKROVjrB5CU3iUOyLfx1uglQZs8tc2Ej0fs967LZqC&rZ=X48HRfqP

GET 301 http://www.trailer-racks.xyz/noha/?-Z=Ou7YUPBTFqGSK3DvNmtMJgItTS2fZVPHMamwR7WZ66jVlUXAfwWzjD3kZpIOV1hCTXPt1LBU&rZ=X48HRfqP

GET 404 http://www.unarecord.com/noha/?-Z=YvZkpRzIvhyEmlzzRS448ue/J8Mk5cJYV8d0kFvUSx81G2wer5LDh4vokaiGyVzfr6bGhK1c&rZ=X48HRfqP

GET 0 http://www.bois-applique.com/noha/?-Z=bUhQERLpyNF3S/4WPZx/2yInVQcXiLPDhxdoMCXhoM+5+115cTKOZoaz7w3+FhRX4eW13PBz&rZ=X48HRfqP

GET 301 http://www.trailer-racks.xyz/noha/?-Z=Ou7YUPBTFqGSK3DvNmtMJgItTS2fZVPHMamwR7WZ66jVlUXAfwWzjD3kZpIOV1hCTXPt1LBU&9r4P-=J4k0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 183.181.96.123:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 52.118.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 52.118.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 183.181.96.123:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 194.9.94.86:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 52.118.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 183.181.96.123:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 194.9.94.86:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 194.9.94.86:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.67.131.184:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.67.131.184:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.67.131.184:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 172.67.131.184:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49174 -> 172.67.131.184:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 172.67.131.184:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 172.67.131.184:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 172.67.131.184:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 178.32.114.31:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 178.32.114.31:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 178.32.114.31:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 68.65.123.42:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 68.65.123.42:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 68.65.123.42:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts