NetWork | ZeroBOX

IP Address	Status	Action
104.233.161.7	Active	Moloch
107.180.0.6	Active	Moloch
143.95.1.174	Active	Moloch
164.124.101.2	Active	Moloch
23.227.38.74	Active	Moloch
23.230.206.51	Active	Moloch
3.223.115.185	Active	Moloch
3.64.163.50	Active	Moloch
34.102.136.180	Active	Moloch
34.98.99.30	Active	Moloch
43.129.169.28	Active	Moloch
88.214.207.96	Active	Moloch
89.191.148.30	Active	Moloch

Name	Response	Post-Analysis Lookup
www.find0utnowfy.info
www.belledescontos.com	CNAME shops.myshopify.com CNAME belo-descontos.myshopify.com A 23.227.38.74	23.227.38.74
www.soulwinningministry.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.afghantattoos.com	A 3.64.163.50	3.64.163.50
www.corvusexpeditii.xyz	A 88.214.207.96	88.214.207.96
www.qqcx666888.top	CNAME web3.dns80.cn A 43.129.169.28	43.129.169.28
www.infinityrope.store	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.gritzcharlestonluxuryinn.store	CNAME gritzcharlestonluxuryinn.store A 34.102.136.180	34.102.136.180
www.theselectdifference.com
www.acacave.com	A 23.230.206.51	23.230.206.51
www.nobodybutgod.com	A 34.98.99.30 CNAME nobodybutgod.com	34.98.99.30
www.onra.top	A 104.233.161.7	104.233.161.7
www.mystudentregistration.com	A 107.180.0.6 CNAME mystudentregistration.com	107.180.0.6
www.szkoleniawcag.online	A 89.191.148.30 CNAME szkoleniawcag.online	89.191.148.30
www.egyptian-museum.com	CNAME egyptian-museum.com A 143.95.1.174	143.95.1.174

TCP Requests

UDP Requests

POST 404 http://www.egyptian-museum.com/ga6b/

GET 0 http://www.egyptian-museum.com/ga6b/?lDKXxv3=CYKd0A9ffzzmh+HMixfnmJt+Ibe3PgwQT1IowcrJSMkSzDwRXwABXy8G05QumwrEDOfj2gVO&Kzux=PnjtLHyHSr

POST 301 http://www.szkoleniawcag.online/ga6b/

GET 301 http://www.szkoleniawcag.online/ga6b/?lDKXxv3=gnsA4ZbKwcCBT4B1BZOwnz85wF4eeNbRrbSFWu41EJQIcvRDWo1d+7UOhMG+MofppSWBY2n5&Kzux=PnjtLHyHSr

POST 405 http://www.gritzcharlestonluxuryinn.store/ga6b/

GET 403 http://www.gritzcharlestonluxuryinn.store/ga6b/?lDKXxv3=I7+lOFJZANFPU21x37A527c95H/aJlATolxoDPbL88ZB7wUaWO1fPidq8y9dbqc40d5vraaW&Kzux=PnjtLHyHSr

POST 405 http://www.nobodybutgod.com/ga6b/

GET 403 http://www.nobodybutgod.com/ga6b/?lDKXxv3=BS+Mkr60hnaz2VUqn6F4jElENEwbATWztr1txOlCDy4YTJ8rldrX7GuvTHEqc04l9LT0WVoV&Kzux=PnjtLHyHSr

POST 410 http://www.afghantattoos.com/ga6b/

GET 410 http://www.afghantattoos.com/ga6b/?lDKXxv3=2Ru1HfNJkzg9zqDfItmBkvjjxlVS0LNfThNY9X9fgrCeE16wu3v6AqM2D0FDDG0AnjNX5uQ/&Kzux=PnjtLHyHSr

POST 404 http://www.mystudentregistration.com/ga6b/

GET 404 http://www.mystudentregistration.com/ga6b/?lDKXxv3=FVoCe1A8hVjRCYMBrNnCX0kDnu+C161o3wWxJxzL6alfMQ3NhDSyui/P1g/HSSLfHx6+Mmre&Kzux=PnjtLHyHSr

POST 0 http://www.corvusexpeditii.xyz/ga6b/

GET 302 http://www.corvusexpeditii.xyz/ga6b/?lDKXxv3=7T8vebYEf2GnHvqeOh/0TgFFgNzfckxTcBNzZeSGzjlNLlbJ9NDPNSTqSdLNqh5j9wLWy4Dd&Kzux=PnjtLHyHSr

POST 0 http://www.qqcx666888.top/ga6b/

GET 500 http://www.qqcx666888.top/ga6b/?lDKXxv3=eIOqojsK4xpnapytTTDNeQQlEQNyaN45Mu2frT25CMa88Pt4x/OA2saBEpBSOPq2dGKSSZM3&Kzux=PnjtLHyHSr

POST 0 http://www.belledescontos.com/ga6b/

GET 403 http://www.belledescontos.com/ga6b/?lDKXxv3=jgYBUTBv6juzDCabe4OWCqutfSnVgXfaFkkijkSn/1f1jJLEA2ITjcU5AEV22xDLWIcCZZOm&Kzux=PnjtLHyHSr

POST 404 http://www.onra.top/ga6b/

GET 404 http://www.onra.top/ga6b/?lDKXxv3=oElzuWp1f34WuFFQH0ElFrJlzB2XRtqeKiQMWTUoMD39vhgZ+y+e3BJkM1IQMs1XY69eCkQ6&Kzux=PnjtLHyHSr

POST 302 http://www.soulwinningministry.com/ga6b/

GET 302 http://www.soulwinningministry.com/ga6b/?lDKXxv3=QlWlhrdmA38F39wdH59qDKgCLzke0jtbLkghOfWKUCAF1Rx/+ASUr0tJhxHvOSZs2DWzt0F9&Kzux=PnjtLHyHSr

POST 0 http://www.infinityrope.store/ga6b/

GET 403 http://www.infinityrope.store/ga6b/?lDKXxv3=L/c9eZQCXLd/YVoAQOP3tZ3B8nNkn+pww7YQb0Xhol9/59b8TqV7CKFWTb/5H/3WmVOflfic&Kzux=PnjtLHyHSr

POST 0 http://www.acacave.com/ga6b/

GET 0 http://www.acacave.com/ga6b/?lDKXxv3=LZj7dIufhWlgov4/daUw8E4ZVYKGDHaQ4e5klmj4Sj863sAeUYBdGT0Z9uhDs1Zyx3HrxG1c&Kzux=PnjtLHyHSr

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49231 -> 23.230.206.51:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49231 -> 23.230.206.51:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49231 -> 23.230.206.51:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 143.95.1.174:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 143.95.1.174:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 143.95.1.174:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
UDP 192.168.56.101:50851 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 104.233.161.7:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 43.129.169.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 43.129.169.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 43.129.169.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 43.129.169.28:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49229 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 104.233.161.7:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 104.233.161.7:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 104.233.161.7:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 104.233.161.7:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49227 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 88.214.207.96:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 88.214.207.96:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 88.214.207.96:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 89.191.148.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 88.214.207.96:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 89.191.148.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 89.191.148.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 107.180.0.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 107.180.0.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 107.180.0.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 3.64.163.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 3.64.163.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 3.64.163.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts