NetWork | ZeroBOX

IP Address	Status	Action
164.124.101.2	Active	Moloch
192.185.0.218	Active	Moloch
195.149.84.101	Active	Moloch
198.54.117.218	Active	Moloch
207.148.248.143	Active	Moloch
209.15.40.102	Active	Moloch
3.223.115.185	Active	Moloch
34.98.99.30	Active	Moloch
5.181.216.107	Active	Moloch
51.195.17.68	Active	Moloch
77.222.61.114	Active	Moloch

Name	Response	Post-Analysis Lookup
www.kedaiherbalalami.com	A 5.181.216.107 CNAME kedaiherbalalami.com	5.181.216.107
www.cabalzi.com	A 34.98.99.30 CNAME cabalzi.com	34.98.99.30
www.cbspecialists.com	A 207.148.248.143	207.148.248.143
www.profesyonelkampcadiri.net
www.shuangyashanpower.com	A 195.149.84.101 A 195.149.84.100	195.149.84.100
www.aryadesigningstudio.com	CNAME aryadesigningstudio.com A 34.98.99.30	34.98.99.30
www.khadarelhodge.com	A 192.185.0.218	192.185.0.218
www.helpmovingandstorage.com	A 209.15.40.102 CNAME helpmovingandstorage.com	209.15.40.102
www.meetheveganz.com
www.starlangue.com	A 77.222.61.114	77.222.61.114
www.msalee.net
www.asteroid.finance	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.212
www.42shenmao.com	A 51.195.17.68	51.195.17.68
www.maximumsale.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.dalvascleaningservice.com

TCP Requests

UDP Requests

POST 404 http://www.cbspecialists.com/b6a4/

GET 403 http://www.cbspecialists.com/b6a4/?h0Gl9hf=evtpUE4huYbesJcHMcONCfRNSBT00PmI2ZEopGNqYdx8ef/JxfONVVxMCDT+WEjswdimTH7J&MXEL9=XbiptfYxWjcdj6k0

POST 0 http://www.42shenmao.com/b6a4/

GET 200 http://www.42shenmao.com/b6a4/?h0Gl9hf=/YLPVle51s/wMjptNjSN7dsoOectpdxamVjEBuIIjQO2gjITNfwF/374CWCNKQU8LkxY9Lpe&MXEL9=XbiptfYxWjcdj6k0

POST 302 http://www.kedaiherbalalami.com/b6a4/

GET 302 http://www.kedaiherbalalami.com/b6a4/?h0Gl9hf=AClaEyNViDSune13/YZUUjazMao4yP2qoW92J+V8GQKrmRmlM8SyMJgG/BS9WoJI+nFJwME4&MXEL9=XbiptfYxWjcdj6k0

POST 405 http://www.asteroid.finance/b6a4/

GET 0 http://www.asteroid.finance/b6a4/?h0Gl9hf=qLtgNToSswb6CMFxrgf7fmc+nXqwhZnGR9zX0c9pvpxyA4sUtmU5qGoaAQCzoAft52FbUOHw&MXEL9=XbiptfYxWjcdj6k0

POST 405 http://www.cabalzi.com/b6a4/

GET 403 http://www.cabalzi.com/b6a4/?h0Gl9hf=vCEfkciNsJLnQ6NTKgmnH0RKiXqKx4X1OsBfXMLmCHhcM6UjpXRp9mu9MO0KT8GS97XSNDdh&MXEL9=XbiptfYxWjcdj6k0

POST 0 http://www.starlangue.com/b6a4/

GET 404 http://www.starlangue.com/b6a4/?h0Gl9hf=g69R7dbOA8vG6mackXWbpFQiI3jHqcSgcWnxdpV03totRPt41IlhRiyddP1MDY+gUZ8Ltk0r&MXEL9=XbiptfYxWjcdj6k0

POST 405 http://www.aryadesigningstudio.com/b6a4/

GET 403 http://www.aryadesigningstudio.com/b6a4/?h0Gl9hf=yCgAN4tsczShp29S318tv4ZltSNu4XfQYE5+ktzl6CIAkzW36D9NAkECVM5DnUVdw2E5gUoj&MXEL9=XbiptfYxWjcdj6k0

POST 301 http://www.khadarelhodge.com/b6a4/

GET 301 http://www.khadarelhodge.com/b6a4/?h0Gl9hf=ISFOGxfdiE1PPsNkkPhd2vjxQRkX0rrnM8iioAzdPJooWlLmYfY3DJnTJL0my3ntIGXVziQO&MXEL9=XbiptfYxWjcdj6k0

POST 301 http://www.shuangyashanpower.com/b6a4/

GET 301 http://www.shuangyashanpower.com/b6a4/?h0Gl9hf=VB2wfkl4CXJnVTEEGMGPXmuuPrI7urt4dwMiQOsc4hS9dMr3PM8JoDhoprhFz887WFewqIR9&MXEL9=XbiptfYxWjcdj6k0

POST 302 http://www.maximumsale.com/b6a4/

GET 302 http://www.maximumsale.com/b6a4/?h0Gl9hf=jUXSBmmEOkRVD/snHUZVGd++nKvIB5C3Qlbp0N4c/DnjLwT5QCEf4v32ZuriMDGEoBVryIv8&MXEL9=XbiptfYxWjcdj6k0

POST 301 http://www.helpmovingandstorage.com/b6a4/

GET 301 http://www.helpmovingandstorage.com/b6a4/?h0Gl9hf=WCQPk6OV774AQmQZK5qr8VSUgSKsV6/gws8DuEwnniOEFY0oNuiFQFr5fT8XTvC//aYnyiLC&MXEL9=XbiptfYxWjcdj6k0

GET 403 http://www.cbspecialists.com/b6a4/?h0Gl9hf=evtpUE4huYbesJcHMcONCfRNSBT00PmI2ZEopGNqYdx8ef/JxfONVVxMCDT+WEjswdimTH7J&MXEL9=XbiptfYxWjcdj6k0

POST 0 http://www.42shenmao.com/b6a4/

GET 200 http://www.42shenmao.com/b6a4/?h0Gl9hf=/YLPVle51s/wMjptNjSN7dsoOectpdxamVjEBuIIjQO2gjITNfwF/374CWCNKQU8LkxY9Lpe&MXEL9=XbiptfYxWjcdj6k0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49206 -> 51.195.17.68:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 51.195.17.68:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 51.195.17.68:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 51.195.17.68:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 51.195.17.68:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 51.195.17.68:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 192.185.0.218:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 192.185.0.218:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 192.185.0.218:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 77.222.61.114:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 77.222.61.114:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 77.222.61.114:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 198.54.117.218:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 198.54.117.218:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 198.54.117.218:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 5.181.216.107:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 5.181.216.107:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 5.181.216.107:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 207.148.248.143:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 207.148.248.143:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 207.148.248.143:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 207.148.248.143:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 207.148.248.143:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 207.148.248.143:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 195.149.84.101:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 195.149.84.101:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 195.149.84.101:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.15.40.102:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.15.40.102:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49224 -> 209.15.40.102:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts