NetWork | ZeroBOX

IP Address	Status	Action
108.170.14.102	Active	Moloch
156.234.138.25	Active	Moloch
164.124.101.2	Active	Moloch
172.67.213.229	Active	Moloch
194.9.94.85	Active	Moloch
203.170.80.250	Active	Moloch
209.99.40.222	Active	Moloch
34.102.136.180	Active	Moloch
45.39.212.162	Active	Moloch

Name	Response	Post-Analysis Lookup
www.charlottewright.online	A 203.170.80.250	203.170.80.250
www.restaurant-utopia.xyz	A 172.67.213.229 A 104.21.35.47	104.21.35.47
www.test-testjisdnsec.store	A 209.99.40.222
www.ambrandt.com	A 156.234.138.25	156.234.138.25
www.publicationsplace.com	A 108.170.14.102 CNAME emailforts.com	108.170.14.102
www.ahljsm.com	A 45.39.212.162	45.39.212.162
www.gaminghallarna.net	A 194.9.94.86 A 194.9.94.85	194.9.94.85
www.conversationspit.com	A 34.102.136.180 CNAME conversationspit.com	34.102.136.180

TCP Requests

UDP Requests

GET 301 http://www.restaurant-utopia.xyz/ef6c/?q48=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&rTFx8=GBZt2020W4qxT2g

GET 301 http://www.ambrandt.com/ef6c/?q48=LpvmmmP8130l+/J4QjVaSApGnUfMJ5/j1z/KRz5qiZs92IprYNoIBOkfulD2ZI4sCy4j1IwA&rTFx8=GBZt2020W4qxT2g

GET 200 http://www.gaminghallarna.net/ef6c/?q48=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&rTFx8=GBZt2020W4qxT2g

GET 200 http://www.test-testjisdnsec.store/ef6c/?q48=pCgBXBmDeodDN9Ij/QwvhvCGUOrFtlbKKwJyINTUtb59Z1VInJrq7ZxQE5p6wLD76RTmpOOc&rTFx8=GBZt2020W4qxT2g

GET 200 http://www.ahljsm.com/ef6c/?q48=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&rTFx8=GBZt2020W4qxT2g

GET 403 http://www.conversationspit.com/ef6c/?q48=2B3AR6Tylpqs5Gri0FIlqBRxWQiEdo1VgukX0Re3vdIAR+O8ytnn3lUzDvQXM3H/f6RyrHJq&rTFx8=GBZt2020W4qxT2g

GET 0 http://www.charlottewright.online/ef6c/?q48=bKl6S2PMskhcSXFE7HfaeHnYXQvAUl613IM//zHPO3TKPYZdoHU3iT1YZPc6b5wFOFr3iCzD&rTFx8=GBZt2020W4qxT2g

GET 404 http://www.publicationsplace.com/ef6c/?q48=69obzrOqqjyeWfIWJOBGpgM4gb/C38tuSyxXcmdwhPVCiSErrrcVtImRdCopiSdNHcaNy3Iv&rTFx8=GBZt2020W4qxT2g

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49169 -> 194.9.94.85:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 194.9.94.85:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 194.9.94.85:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 203.170.80.250:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 203.170.80.250:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 203.170.80.250:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 209.99.40.222:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 209.99.40.222:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 209.99.40.222:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 156.234.138.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 156.234.138.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 156.234.138.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 45.39.212.162:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 45.39.212.162:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 45.39.212.162:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 172.67.213.229:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 172.67.213.229:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 172.67.213.229:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 172.67.213.229:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49174 -> 108.170.14.102:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 108.170.14.102:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 108.170.14.102:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts