NetWork | ZeroBOX

IP Address	Status	Action
101.32.31.22	Active	Moloch
108.167.135.122	Active	Moloch
164.124.101.2	Active	Moloch
182.50.132.242	Active	Moloch
23.227.38.74	Active	Moloch
37.97.254.27	Active	Moloch
74.220.199.6	Active	Moloch
81.169.145.161	Active	Moloch

Name	Response	Post-Analysis Lookup
www.begukiu0.info
www.kangrungao.com	A 101.32.31.22	101.32.31.22
www.esyscoloradosprings.com	CNAME websites076.homestead.com A 108.167.135.122	108.167.135.122
www.ribbonofficial.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.markarge.com	CNAME markarge.com A 182.50.132.242	182.50.132.242
www.lavishbynovell.com	A 37.97.254.27 CNAME lavishbynovell.com	37.97.254.27
www.mountlaketerraceapartments.com
www.eclecticrenaissancewoman.com	A 74.220.199.6	74.220.199.6
www.dmc--llc.com
www.floaterslaser.com	A 81.169.145.161 CNAME floaterslaser.com	81.169.145.161

TCP Requests

UDP Requests

GET 200 http://www.eclecticrenaissancewoman.com/fqiq/?Bh=r0/ZbJtj1KlrPUtj6ktEAad/47kkdxrfw2ceKfpFhpDkJU8+thj5a8jyelsFbI6qHEc9DomI&SzrhP4=EzrtzlQp

GET 400 http://www.markarge.com/fqiq/?Bh=XEjjI14tUtVaEH1QyrI6OtCMD91wQ8G2c0pwY2Wm0y537Ju/QhVbfyWLrlCWZSdAfVrEc7mJ&SzrhP4=EzrtzlQp

GET 200 http://www.lavishbynovell.com/fqiq/?Bh=A0k50bUP9Xo0F1fuesuUyOcgxOBnaOltcHXAUh5ipYJu8U4xshhCEanj2JPK9AjCHyuZW1cJ&SzrhP4=EzrtzlQp

GET 0 http://www.kangrungao.com/fqiq/?Bh=c0qy46zMNJWMlIfJWvLWas23i13YCpczqQVz26IikTOu0V/FV9kYBe5yW824zHJtR/JIW+qz&SzrhP4=EzrtzlQp

GET 403 http://www.ribbonofficial.com/fqiq/?Bh=MhZqZeIjocZO8TTrBOs++VNt6zdxCxYLlsPuJAiQzU371teukL1ZYFZBA4It4Rq6QPk1WBTT&SzrhP4=EzrtzlQp

GET 404 http://www.floaterslaser.com/fqiq/?Bh=cd5R1bQmbqnLvLG63I3E0k/wUnqrUWXrQuGYWdnnzDIYGyWqiJOfWgNnmMSyom/RYKC7YMH4&SzrhP4=EzrtzlQp

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49175 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 108.167.135.122:80 -> 192.168.56.103:49173	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode
TCP 192.168.56.103:49171 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 37.97.254.27:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 37.97.254.27:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 37.97.254.27:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 74.220.199.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 74.220.199.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 108.167.135.122:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 74.220.199.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 108.167.135.122:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 108.167.135.122:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 101.32.31.22:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 101.32.31.22:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 101.32.31.22:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 81.169.145.161:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 81.169.145.161:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 81.169.145.161:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts