NetWork | ZeroBOX

IP Address	Status	Action
102.38.50.130	Active	Moloch
103.26.164.155	Active	Moloch
154.216.110.149	Active	Moloch
164.124.101.2	Active	Moloch
172.104.94.112	Active	Moloch
198.54.117.211	Active	Moloch
198.54.125.203	Active	Moloch
23.227.38.74	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.uniqued.net	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.azapsolutions.com	A 34.102.136.180 CNAME azapsolutions.com	34.102.136.180
www.rd26x.com	A 172.104.94.112 CNAME rd26x.com	172.104.94.112
www.wmh3gk2fzw2m.biz	A 103.26.164.155	103.26.164.155
www.nobleminers.com	CNAME nobleminers.com A 198.54.125.203	198.54.125.203
www.aliexpress-br.com
www.mabnapakhsh.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.217
www.iphone13promax.design
www.zamarasystem.com	CNAME zamarasystem.com A 102.38.50.130	102.38.50.130
www.cyebang.com	A 154.216.110.149	154.216.110.149

TCP Requests

UDP Requests

GET 302 http://www.wmh3gk2fzw2m.biz/mexq/?pPX=UyUE9kQD2x0NeQsdW0XUMy2W5i5z8llb4rGWC4I5jJBYHOEz6j34RyUiYVdu4xyLAbElxCEC&1b=jnKtRfUpV

GET 403 http://www.azapsolutions.com/mexq/?pPX=7rR6BaTC2ZAVgrwWEwsiYxD1jvft00Lf8vhj4S3/jlbfZqCXGSgwsCSL1bpPofYLOYB36uTd&1b=jnKtRfUpV

GET 404 http://www.nobleminers.com/mexq/?pPX=9oCgplpD3xGa2B0UFztcflHu20ZJUbeX+izpMRcCrbgVD6lp5zPwjx/SvD7T51v7jx3DIm2R&1b=jnKtRfUpV

GET 404 http://www.zamarasystem.com/mexq/?pPX=IpqNqv0O7XNQoDVXX4yFHUH7VRliJnhxicL0cWaIY68A61Zjj4pLnCTIwF7r9iYi6pGSwZZa&1b=jnKtRfUpV

GET 200 http://www.cyebang.com/mexq/?pPX=g6L0/Z2cdy+PQR0/l6rXBhzWGtzMcF3Ol137FLHMI1/7C2CX6Ije7QQ81WlooZwAwjE41ZtU&1b=jnKtRfUpV

GET 403 http://www.uniqued.net/mexq/?pPX=/3l62yGpIujmRd23NYyOlMT7eauth93xr/VrnqvY3AX4beNsr7BJ6oW+mJu6AhSMiBiHOIq9&1b=jnKtRfUpV

GET 301 http://www.rd26x.com/mexq/?pPX=NkB1NXPBFDbDKRQZsa3bgqux4BDsfoNouiBmY062wfTHfxIwCLTnegL+vUKelNVaBIOAn2Cu&1b=jnKtRfUpV

GET 0 http://www.mabnapakhsh.com/mexq/?pPX=OU1GtVXDbsnAoZAJ+r3UhPtpR181l/ARJ5oFEWbh76Mk/J1Ds5ZKsjMHrQjA03ZUl7BK7iZc&1b=jnKtRfUpV

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:52062 -> 164.124.101.2:53	2027863	ET INFO Observed DNS Query to .biz TLD	Potentially Bad Traffic
TCP 192.168.56.102:49174 -> 172.104.94.112:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 103.26.164.155:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 172.104.94.112:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 103.26.164.155:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 172.104.94.112:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 103.26.164.155:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 198.54.125.203:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 198.54.125.203:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 198.54.125.203:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 154.216.110.149:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 154.216.110.149:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 154.216.110.149:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 102.38.50.130:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 102.38.50.130:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 102.38.50.130:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 198.54.117.211:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 198.54.117.211:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 198.54.117.211:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts