NetWork | ZeroBOX

IP Address	Status	Action
109.68.33.25	Active	Moloch
138.128.160.186	Active	Moloch
138.201.145.141	Active	Moloch
154.210.71.198	Active	Moloch
156.67.73.75	Active	Moloch
162.241.24.110	Active	Moloch
164.124.101.2	Active	Moloch
172.217.31.243	Active	Moloch
208.91.197.27	Active	Moloch
216.194.173.79	Active	Moloch
45.138.216.23	Active	Moloch
51.81.73.1	Active	Moloch
52.58.78.16	Active	Moloch
94.138.198.5	Active	Moloch

Name	Response	Post-Analysis Lookup
www.facetofacewith.com	A 109.68.33.25	109.68.33.25
www.globalmarineserv.com	A 138.128.160.186 CNAME globalmarineserv.com	138.128.160.186
www.lowestfars.com	A 154.210.71.198	154.210.71.198
www.candypalette.com	A 216.194.173.79 CNAME candypalette.com	216.194.173.79
www.companyintelcloud.com	A 45.138.216.23	45.138.216.23
www.tigerstarmatka.com	CNAME tigerstarmatka.com A 51.81.73.1	51.81.73.1
www.publicyazilim.com	A 94.138.198.5	94.138.198.5
www.surfsolutions.info	A 138.201.145.141	138.201.145.141
www.meggisiegert.com	A 162.241.24.110 CNAME meggisiegert.com	162.241.24.110
www.gratitudeland.com	A 172.217.31.243 CNAME ghs.googlehosted.com	216.58.220.115
www.midatlanticbath.com	A 208.91.197.27	208.91.197.27
www.caffeiny.com	CNAME caffeiny.com A 156.67.73.75	156.67.73.75
www.unlimitedrehab.com	A 52.58.78.16	52.58.78.16
www.edfnu.com

TCP Requests

UDP Requests

GET 0 http://www.tigerstarmatka.com/kqna/?GFNl=WsqGZAQros6YqmWTBX4NfZ/s8YWhGwfZXTAI3K43qiDXPWL+08MoNe9ItI/4zkDRJBUw3EwW&OH2LRV=YVIXx4dp

GET 301 http://www.candypalette.com/kqna/?GFNl=gfz7SykQtqnvqGHDVt9Sq/sQwFu3mmkE3P7hoh5mXhnlze04JbT/9GbgDzlkmDUFL9Oz3qhg&OH2LRV=YVIXx4dp

GET 200 http://www.midatlanticbath.com/kqna/?GFNl=ggB/CL/KYRtKG6XlF3MzMphhLgqrG506l6vnNW5K6bJVc8waEANRFYYD3RhOV4cBkcToPXaa&OH2LRV=YVIXx4dp

GET 301 http://www.globalmarineserv.com/kqna/?GFNl=OcQswr2RSap8Tqs4oU4ZFsiLsHswYX19Q+tKNUlPXhjH/8KnGfVJ0KkYssvjpVDRe7cJzP2E&OH2LRV=YVIXx4dp

GET 301 http://www.meggisiegert.com/kqna/?GFNl=hfZ862mxRIeJidQqdd8aIL9GgrYgW2e5BMIURab2fcg5ookX2qmzIsDvlSNuYbByVPhkgpDv&OH2LRV=YVIXx4dp

GET 404 http://www.facetofacewith.com/kqna/?GFNl=PeXUNRBzWcryXXSI2NVMVXg+mLiheTzLRpyqlDxU843yly7wQ7gwUXyhf0XDvNpMpT2dSlCe&OH2LRV=YVIXx4dp

GET 301 http://www.surfsolutions.info/kqna/?GFNl=dcnZeOVVJSfvUaco8qQNZ9XrhbJ3we+xyEUMa9yoWpEuWq2eXXPIXA5TkXgJFjsZU/Pq8NER&OH2LRV=YVIXx4dp

GET 301 http://www.companyintelcloud.com/kqna/?GFNl=i87PhLMCdOyavfe8oe3DoVk+8hYSao8t8gBpFSFV3/RERuMX7oVU6SWWtdnlVjPYz2f2GpRC&OH2LRV=YVIXx4dp

GET 500 http://www.publicyazilim.com/kqna/?GFNl=dFrlS2l6Li5DGfafNkfe9QOrXwTG+WFHgmJ24ihxQTN3FrlEXBXr0CXukKrPa6aNFySxrST0&OH2LRV=YVIXx4dp

GET 301 http://www.caffeiny.com/kqna/?GFNl=/STjzQyNMBearyUbGha0kbvlvZ+XKPyeS+XuwOFlk5E7OzqCtoQRiHyTBU0aBvHeRKpACBp2&OH2LRV=YVIXx4dp

GET 410 http://www.unlimitedrehab.com/kqna/?GFNl=cFNgKBTbA1svsN6cC8/+W5UTP+1BdxdtTipUKJnf15V+/a8Yee6hrfZJvGg98qTC6E/a5FqG&OH2LRV=YVIXx4dp

GET 302 http://www.gratitudeland.com/kqna/?GFNl=IVdY3CvIYo9KzjpPCV4V1YKYcmgBkczyN/XlE7carAyFA9E+23LHf6/wDJYA6pWe4zRkRj1R&OH2LRV=YVIXx4dp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49171 -> 216.194.173.79:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 216.194.173.79:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 216.194.173.79:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 162.241.24.110:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 162.241.24.110:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 162.241.24.110:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 51.81.73.1:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 51.81.73.1:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 51.81.73.1:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 172.217.31.243:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 172.217.31.243:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 172.217.31.243:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 94.138.198.5:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 94.138.198.5:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 94.138.198.5:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 138.201.145.141:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 138.201.145.141:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49178 -> 138.201.145.141:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49177 -> 109.68.33.25:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49177 -> 109.68.33.25:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49177 -> 109.68.33.25:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 45.138.216.23:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 45.138.216.23:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 45.138.216.23:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 138.128.160.186:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 138.128.160.186:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 138.128.160.186:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49183 -> 52.58.78.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49183 -> 52.58.78.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49183 -> 52.58.78.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 156.67.73.75:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 156.67.73.75:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49181 -> 156.67.73.75:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 208.91.197.27:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 208.91.197.27:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 208.91.197.27:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49182 -> 154.210.71.198:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49182 -> 154.210.71.198:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49182 -> 154.210.71.198:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts