NetWork | ZeroBOX

IP Address	Status	Action
108.179.232.90	Active	Moloch
142.250.66.83	Active	Moloch
15.197.142.173	Active	Moloch
150.95.255.38	Active	Moloch
164.124.101.2	Active	Moloch
185.146.22.238	Active	Moloch
208.91.197.27	Active	Moloch
3.64.163.50	Active	Moloch
89.42.211.109	Active	Moloch

Name	Response	Post-Analysis Lookup
www.yourotcs.com	A 208.91.197.27	208.91.197.27
www.heser.net	CNAME ghs.googlehosted.com A 142.250.66.83	142.250.196.115
www.mecasso.store	A 15.197.142.173 CNAME mecasso.store A 3.33.152.147	3.33.152.147
www.longshifa.online	CNAME longshifa.online A 108.179.232.90	108.179.232.90
www.hgaffiliates.net
www.webtiyan.com	CNAME webtiyan.com A 89.42.211.109	89.42.211.109
www.mirai-energy.com	CNAME mirai-energy.com A 185.146.22.238	185.146.22.238
www.pepeavatar.com	A 3.64.163.50	3.64.163.50
www.hrtaro.com	A 150.95.255.38	150.95.255.38

TCP Requests

UDP Requests

POST 302 http://www.hrtaro.com/euzn/

GET 302 http://www.hrtaro.com/euzn/?Urth=+YfQRi9G+OJ9foaealRkr8LisM1crxi2VOPn4pm0QzAMut2NXQSv7KOAA77xRrkGBn/uu5YB&R2Jl9Z=JR-Pylih38z8

POST 0 http://www.longshifa.online/euzn/

GET 301 http://www.longshifa.online/euzn/?Urth=uAv+hDNIaWKTJHmotFieJseyqVavRyN/hzmyr84dVQggb+iPx2yKvWnxBifTpegawz+9IKiJ&R2Jl9Z=JR-Pylih38z8

POST 404 http://www.mirai-energy.com/euzn/

GET 301 http://www.mirai-energy.com/euzn/?Urth=+5dot/Um/aCw9VRcqHMkvSpgRj3TUDBdyqjJB+g9c7BNuG3ZT163ETXRjJvbKjSKvOHW+POd&R2Jl9Z=JR-Pylih38z8

POST 301 http://www.heser.net/euzn/

GET 301 http://www.heser.net/euzn/?Urth=3YIIvuVMPod2ghyVzlrVbDIKpMNjGC1jVshcE/xay47UBDuWohiRTIe7T0ywrtH6KgyQLQcn&R2Jl9Z=JR-Pylih38z8

POST 410 http://www.pepeavatar.com/euzn/

GET 410 http://www.pepeavatar.com/euzn/?Urth=c52/idsZybo5+++XEfR74GyO3sFn94uB9Bi9sGgwmuYdSzcMkVUF1vuwnR+zyHyG1b/8nRaD&R2Jl9Z=JR-Pylih38z8

POST 0 http://www.yourotcs.com/euzn/

GET 200 http://www.yourotcs.com/euzn/?Urth=Jq5AABYltJgia4nxN4nPQwsgHB5GKQbjMY80BC1dCGLaE2JFWzpybbqNbVech2C1JzELhHSE&R2Jl9Z=JR-Pylih38z8

POST 0 http://www.mecasso.store/euzn/

GET 403 http://www.mecasso.store/euzn/?Urth=5V4tZ993so02mJc3sFQ1G2n5zFyOyfQP63UMvRPf7Sx02fgR5BEy180KOo1jDAfLNmzZkM90&R2Jl9Z=JR-Pylih38z8

POST 301 http://www.webtiyan.com/euzn/

GET 301 http://www.webtiyan.com/euzn/?Urth=M/fuIQwK/ZOUk1ha5jOAEPH6Fi1UC0+LMnfjVDCh9LdHL89/7JzIvaFyxwOx9tG+xgqAWMBk&R2Jl9Z=JR-Pylih38z8

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49208 -> 185.146.22.238:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 185.146.22.238:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49208 -> 185.146.22.238:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 108.179.232.90:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 108.179.232.90:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49206 -> 108.179.232.90:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 142.250.66.83:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 142.250.66.83:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 142.250.66.83:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 208.91.197.27:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 208.91.197.27:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49214 -> 208.91.197.27:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.64.163.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.64.163.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49212 -> 3.64.163.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.255.38:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.255.38:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49204 -> 150.95.255.38:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 89.42.211.109:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 89.42.211.109:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49218 -> 89.42.211.109:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 15.197.142.173:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 15.197.142.173:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49216 -> 15.197.142.173:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts