NetWork | ZeroBOX

IP Address	Status	Action
104.18.26.58	Active	Moloch
104.21.9.160	Active	Moloch
154.23.109.132	Active	Moloch
164.124.101.2	Active	Moloch
172.67.200.237	Active	Moloch
183.181.96.120	Active	Moloch
185.215.4.14	Active	Moloch
198.54.117.244	Active	Moloch
34.102.136.180	Active	Moloch
37.123.118.150	Active	Moloch
5.79.70.98	Active	Moloch

Name	Response	Post-Analysis Lookup
www.workospbit.space	CNAME workospbit.space A 185.215.4.14	185.215.4.14
www.chantaldesign.space
www.sinagropuree.com	A 154.23.109.132	154.23.109.132
www.blessedfurnitures.com	A 104.21.9.160 A 172.67.160.71	104.21.9.160
www.straetah.com	A 104.18.27.58 A 104.18.26.58 CNAME shops.myfunpinpin.com	104.18.26.58
www.eygtogel021.com	A 172.67.200.237 A 104.21.21.225	172.67.200.237
www.pokipass-niigata.com	A 183.181.96.120	183.181.96.120
www.muescabynes.quest	A 37.123.118.150	37.123.118.150
www.yourhomestimate.com	A 198.54.117.244	198.54.117.244
www.weeklywars.com	A 34.102.136.180 CNAME weeklywars.com	34.102.136.180
www.insightmyhome.com	A 5.79.70.98	5.79.70.98

TCP Requests

UDP Requests

POST 0 http://www.sinagropuree.com/wogm/

GET 0 http://www.sinagropuree.com/wogm/?jDKP8=nwMgSNojV35EyJ9hphk06is8J3BDs4E1a66hewTnIuP7M3cS+zLeGjThioYS1Y8r0L7sYBrx&8p3=IbtHbD

POST 404 http://www.workospbit.space/wogm/

GET 404 http://www.workospbit.space/wogm/?jDKP8=tAL4F5NLH4VmvVC1AGtDqpAVgb8tD+i+qrKuhbccqAXskllAguOxxUH0apD5Y6EEQuKJRsNk&8p3=IbtHbD

POST 0 http://www.eygtogel021.com/wogm/

GET 301 http://www.eygtogel021.com/wogm/?jDKP8=OLfsUZOZM89huaQ2Rhq4Iq6vg35ZMytgB5JTmZSEOAiHvxtp6AgRBdz2Ob59YcBboWHm0lh9&8p3=IbtHbD

POST 200 http://www.insightmyhome.com/wogm/

GET 200 http://www.insightmyhome.com/wogm/?jDKP8=85BUmEEX/LdX7Ydf+9I0bWyJhbr74kbGW+J4EcMhGlvjV6F5mj5NWVmgik83SynmBl96r7SB&8p3=IbtHbD

POST 405 http://www.weeklywars.com/wogm/

GET 403 http://www.weeklywars.com/wogm/?jDKP8=4vPo1SJ4QXujYzlw76fQXs7HvlTQbV0+0txMnGRghQaMN633jA6UZgSWswdwEnRAOgPWuZC1&8p3=IbtHbD

POST 0 http://www.straetah.com/wogm/

GET 409 http://www.straetah.com/wogm/?jDKP8=VugJ8iGiQbMyEpiZcguIhpak7udmJ3C00wBMtiXi6+Au/rTbCR/obkne6QZn8sjGYaJfXaMw&8p3=IbtHbD

POST 0 http://www.yourhomestimate.com/wogm/

GET 0 http://www.yourhomestimate.com/wogm/?jDKP8=OiSf9jV3Npz/RZJgbb0bKL9e2athsvXRQV6jCPdiTUSk124+vr4+cLKhD6dZYTypWjoW5Nc5&8p3=IbtHbD

POST 301 http://www.pokipass-niigata.com/wogm/

GET 301 http://www.pokipass-niigata.com/wogm/?jDKP8=5JB5Sfq0uItgtJtC5HDt9qd+awyibUOSqveCkor2hMTAiAHHLxQY8a2Rwp3Q+p3+yguzgVgy&8p3=IbtHbD

POST 403 http://www.muescabynes.quest/wogm/

GET 403 http://www.muescabynes.quest/wogm/?jDKP8=Cp2YzvgLUfohnHjhVFBNosoQ2J5qGB8UGxOLTRa7K8nkaGFbF9DyFpQO+4Qxvwo23h3ZSf7z&8p3=IbtHbD

POST 0 http://www.blessedfurnitures.com/wogm/

GET 0 http://www.blessedfurnitures.com/wogm/?jDKP8=zV6Dv0kcLx7IGnnwhXAN0xDRsIYVVts8P2q2S3hOBQp88DOpKfnLZ8aifiCKR08hOFrs3RzE&8p3=IbtHbD

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49208 -> 172.67.200.237:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 172.67.200.237:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 172.67.200.237:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 104.21.9.160:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 104.21.9.160:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49222 -> 104.21.9.160:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 5.79.70.98:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 5.79.70.98:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 5.79.70.98:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 104.18.26.58:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 104.18.26.58:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 104.18.26.58:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 154.23.109.132:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 154.23.109.132:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.215.4.14:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 154.23.109.132:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.215.4.14:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 185.215.4.14:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 183.181.96.120:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 183.181.96.120:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 183.181.96.120:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 37.123.118.150:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 37.123.118.150:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 198.54.117.244:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49220 -> 37.123.118.150:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 198.54.117.244:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 198.54.117.244:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts