NetWork | ZeroBOX

IP Address	Status	Action
154.208.173.238	Active	Moloch
164.124.101.2	Active	Moloch
182.50.132.242	Active	Moloch
198.54.117.244	Active	Moloch
198.71.233.83	Active	Moloch
20.43.94.199	Active	Moloch
208.91.197.27	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.gicaredocs.com	A 208.91.197.27	208.91.197.27
www.kidzgovroom.com	A 34.102.136.180 CNAME kidzgovroom.com	34.102.136.180
www.arcflorals.com	A 198.71.233.83 CNAME arcflorals.com	198.71.233.83
www.sensorypantry.com	CNAME sensorypantry.com A 34.102.136.180	34.102.136.180
www.docomoau.xyz
www.levanttradegroup.com	A 34.102.136.180 CNAME levanttradegroup.com	34.102.136.180
www.yeyelm744.com	A 154.208.173.238	154.208.173.238
www.lacucinadesign.com	CNAME lacucinadesign.com A 34.102.136.180	34.102.136.180
www.thehomedesigncentre.com	CNAME thehomedesigncentre.com A 182.50.132.242	182.50.132.242
www.redelirevearyseuiop.xyz	A 198.54.117.244	198.54.117.244

TCP Requests

UDP Requests

POST 405 http://www.lacucinadesign.com/ef6c/

GET 403 http://www.lacucinadesign.com/ef6c/?6lXXNxw8=9TcXST3u6WT+pAlmYAmWVPk3OXoAybXjykt4lIGhEDNMUFCSIfL5p2hxsWhOg+dHKCBclHOd&3f=Yn9ps04xrhS

POST 0 http://www.gicaredocs.com/ef6c/

GET 200 http://www.gicaredocs.com/ef6c/?6lXXNxw8=dQ8jXmGBocPwA167SrVCKSfe9kfjfwf5Y/UytJXCMDqauGkqvJ/2eQvfbvtaR0w7HyB9eXq/&3f=Yn9ps04xrhS

POST 405 http://www.sensorypantry.com/ef6c/

GET 403 http://www.sensorypantry.com/ef6c/?6lXXNxw8=cw2PwNl+5NOQItrLnKllT2tGwrd+rdd5UTQlQyS8ptLSIxj973nGji9KRlDOdanBBwTAA2mM&3f=Yn9ps04xrhS

POST 405 http://www.kidzgovroom.com/ef6c/

GET 403 http://www.kidzgovroom.com/ef6c/?6lXXNxw8=tzJrmRJzv3aPTlM/CF6MHo9U8s5+ZqDCvPfiw0R1aW0dhX7KrJSn+QKF8yUKGl3PwVlYeY7t&3f=Yn9ps04xrhS

POST 0 http://www.yeyelm744.com/ef6c/

GET 0 http://www.yeyelm744.com/ef6c/?6lXXNxw8=py3wLkMjkCQUnrtMjMuweSzljtf41F1OQ4vI/gne8vtV4RQAg2yAGXyPfsj9FUUfcHu/E+eO&3f=Yn9ps04xrhS

POST 405 http://www.levanttradegroup.com/ef6c/

GET 403 http://www.levanttradegroup.com/ef6c/?6lXXNxw8=9g8sfBGzWY6JJ+yJLDpPQys/8ShNqhTPTp4cpY8RvCwAQwKx0UrfmPEzoi+Z1D/DgpYog5qv&3f=Yn9ps04xrhS

POST 503 http://www.arcflorals.com/ef6c/

GET 301 http://www.arcflorals.com/ef6c/?6lXXNxw8=kGlMeYY5BdILFMvYVNR7bZ0Mn33Q8LI2mKSsuAJB2+8tGFV37lUpti1UFknkbAVSBI+8nqql&3f=Yn9ps04xrhS

POST 0 http://www.redelirevearyseuiop.xyz/ef6c/

GET 0 http://www.redelirevearyseuiop.xyz/ef6c/?6lXXNxw8=+zggs108Zt88mF3I15I6Vl7MIKEVgTDkllssvVc7oGo+vC3UJFm7tcArJeeO3BpO4YdkYwbo&3f=Yn9ps04xrhS

POST 400 http://www.thehomedesigncentre.com/ef6c/

GET 400 http://www.thehomedesigncentre.com/ef6c/?6lXXNxw8=9wsWOtXIBwVQgnAdKHWMBZ2XTuANRe7RvMDkkEur0h7nsDNFbjXu49qLHHcqWq2d/uilIqbn&3f=Yn9ps04xrhS

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49203 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 208.91.197.27:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 208.91.197.27:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 208.91.197.27:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 198.54.117.244:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 198.54.117.244:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 198.54.117.244:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 198.54.117.244:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 198.71.233.83:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 198.71.233.83:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 198.71.233.83:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 154.208.173.238:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 154.208.173.238:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 154.208.173.238:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts