NetWork | ZeroBOX

IP Address	Status	Action
156.234.138.25	Active	Moloch
164.124.101.2	Active	Moloch
172.67.213.229	Active	Moloch
192.0.78.25	Active	Moloch
194.9.94.86	Active	Moloch
198.54.117.212	Active	Moloch
23.225.32.156	Active	Moloch
34.102.136.180	Active	Moloch
45.39.212.162	Active	Moloch
46.17.172.173	Active	Moloch
64.190.62.111	Active	Moloch
91.136.8.131	Active	Moloch

Name	Response	Post-Analysis Lookup
www.kinglot2499.com	CNAME kinglot2499.com A 34.102.136.180	34.102.136.180
www.discovercotswoldcottages.com	A 91.136.8.131	91.136.8.131
www.ambrandt.com	A 156.234.138.25	156.234.138.25
www.restaurant-utopia.xyz	A 172.67.213.229 A 104.21.35.47	172.67.213.229
www.instatechnovelz.com
www.fis.photos	A 192.0.78.25 A 192.0.78.24 CNAME fis.photos	192.0.78.25
www.narbaal.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.212
www.ahljsm.com	A 45.39.212.162	45.39.212.162
www.freekagyans.com	A 46.17.172.173 CNAME freekagyans.com	46.17.172.173
www.gaminghallarna.net	A 194.9.94.86 A 194.9.94.85	194.9.94.86
www.shacksolid.com	A 64.190.62.111	64.190.62.111
www.44mpt.xyz	A 23.225.32.156 A 23.224.235.100 A 23.225.30.43 CNAME www.9tv-cname.com A 104.233.177.157 CNAME 9tv-cname.com	23.225.32.156
www.geniuseven.net

TCP Requests

UDP Requests

GET 200 http://www.gaminghallarna.net/ef6c/?FTRPbxU=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&DxoHR=VDKPcJchZl9tJT

GET 0 http://www.narbaal.com/ef6c/?FTRPbxU=Qfq1eVj1tbY6wk2fC6TNcABTYUkfKUx3lN3xLkopolv8k3yEzrfjTRmV/Ar6z0XOJR0dF2R8&DxoHR=VDKPcJchZl9tJT

GET 301 http://www.44mpt.xyz/ef6c/?FTRPbxU=jKy9H8VqZwiUle4gjb+CLEX9fpBCwuv2o754Pr7fJKTzkjLdsKrrwvS2m3F+8CxbXLoYiDn1&DxoHR=VDKPcJchZl9tJT

GET 200 http://www.ahljsm.com/ef6c/?FTRPbxU=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&DxoHR=VDKPcJchZl9tJT

GET 404 http://www.freekagyans.com/ef6c/?FTRPbxU=kpxr/bFC7l3rMl6oOTLL9yT8CLcAAaNLZTC+YQJe+DOZzjEQ9TLw2kEJrxZCMv5aVRwmFn5W&DxoHR=VDKPcJchZl9tJT

GET 302 http://www.shacksolid.com/ef6c/?FTRPbxU=JeohSOzV/eF3b++alSWyFy7AWxQU0a2IMxUYSulMFNSbZpwQl2hdImGcJZ3OYLlpDcL1Ncux&DxoHR=VDKPcJchZl9tJT

GET 403 http://www.discovercotswoldcottages.com/ef6c/?FTRPbxU=BIDo9GBbq26+tRTULeHAa20kRn4DZ7/ZgIW2IC+7vRIIeELykZIx4inPOl/SIZLSvHjtcUe3&DxoHR=VDKPcJchZl9tJT

GET 301 http://www.fis.photos/ef6c/?FTRPbxU=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&DxoHR=VDKPcJchZl9tJT

GET 403 http://www.kinglot2499.com/ef6c/?FTRPbxU=qvbt8KP2xJHnSv2agWrG6RDVV6/Qaw5OSzzUHxaBtBqMEVf61rcn+NRYzRRlOu08cWsbP+g5&DxoHR=VDKPcJchZl9tJT

GET 301 http://www.restaurant-utopia.xyz/ef6c/?FTRPbxU=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&DxoHR=VDKPcJchZl9tJT

GET 301 http://www.ambrandt.com/ef6c/?FTRPbxU=LpvmmmP8130l+/J4QjVaSApGnUfMJ5/j1z/KRz5qiZs92IprYNoIBOkfulD2ZI4sCy4j1IwA&DxoHR=VDKPcJchZl9tJT

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 194.9.94.86:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 194.9.94.86:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 194.9.94.86:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 23.225.32.156:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 23.225.32.156:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 23.225.32.156:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 23.225.32.156:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49173 -> 91.136.8.131:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 91.136.8.131:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 172.67.213.229:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 91.136.8.131:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 172.67.213.229:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 172.67.213.229:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 172.67.213.229:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.102:49171 -> 46.17.172.173:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 46.17.172.173:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 46.17.172.173:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 64.190.62.111:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 64.190.62.111:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 64.190.62.111:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 156.234.138.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 156.234.138.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 156.234.138.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 192.0.78.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 192.0.78.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 192.0.78.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 45.39.212.162:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 45.39.212.162:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 45.39.212.162:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 198.54.117.212:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 198.54.117.212:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 198.54.117.212:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts