NetWork | ZeroBOX

IP Address	Status	Action
108.186.180.80	Active	Moloch
164.124.101.2	Active	Moloch
166.88.19.180	Active	Moloch
198.23.62.250	Active	Moloch
198.50.252.64	Active	Moloch
198.54.117.215	Active	Moloch
34.102.136.180	Active	Moloch
50.62.168.3	Active	Moloch

Name	Response	Post-Analysis Lookup
www.dsknit.com	CNAME dsknit.com A 50.62.168.3	50.62.168.3
www.gdmo112.com	A 198.50.252.64	198.50.252.64
www.abetttermountbethel.com	CNAME abetttermountbethel.com A 34.102.136.180	34.102.136.180
www.idaivos.com
www.smokersoutletinc.com	A 166.88.19.180 A 68.68.98.160 A 166.88.19.181	166.88.19.180
www.publicitysocial.com
www.salomesac.com	A 198.23.62.250 CNAME salomesac.com	198.23.62.250
www.makingitreignz.com	A 198.54.117.218 A 198.54.117.216 A 198.54.117.217 CNAME parkingpage.namecheap.com A 198.54.117.215 A 198.54.117.212 A 198.54.117.210 A 198.54.117.211	198.54.117.218
www.dgredg.com	A 108.186.180.80	108.186.180.80
www.ceramicfinishing.com	CNAME ceramicfinishing.com A 34.102.136.180	34.102.136.180

TCP Requests

UDP Requests

GET 404 http://www.salomesac.com/n58i/?BRjh4N=aZfo+S27NrbfQQhEr8v2KchNwgf0tHTkYwom9YPvjlEyQeeVCfyp9AG6dFYVWO2tY8aKQlCW&J46Tz=ARm8z0AXOho0l0p0

GET 403 http://www.abetttermountbethel.com/n58i/?BRjh4N=N7DE5u1U4fOL0ilborjUwsLvYfOzBR0FDt/+0a2DezgJKO4tm6ThJVxI8l7XCkIcO9hMk87n&J46Tz=ARm8z0AXOho0l0p0

GET 301 http://www.smokersoutletinc.com/n58i/?BRjh4N=5UXjEy3qtPasRjwirbU21i6O37Lor1jWu2m05Me1/8+sn2gOcdu+xcYhHiP/jpkJNBOmhhuo&J46Tz=ARm8z0AXOho0l0p0

GET 0 http://www.makingitreignz.com/n58i/?BRjh4N=U3jsdgp8CDPcVzUFF4v7nlk0sWC9y6sI+RhE9xOYErFVjtQIs/TTt3K+xGjNiiNAejKA27CK&J46Tz=ARm8z0AXOho0l0p0

GET 200 http://www.dgredg.com/n58i/?BRjh4N=1Lq7LF0ntItHTNtmIzwdP1Lf7WzIxIJFH3MjbUP9GZ27RfoHQ26Ib5y2lTwDxLgwc9rt6MSP&J46Tz=ARm8z0AXOho0l0p0

GET 403 http://www.ceramicfinishing.com/n58i/?BRjh4N=+Rs7EkKJ9nC5R4pSEiT2YngIN36piw3al8LxLxiH96aUukE+tfuosgB2nCpI+NLBjM8PJX0q&J46Tz=ARm8z0AXOho0l0p0

GET 200 http://www.gdmo112.com/n58i/?BRjh4N=wicQen1ff3fRM08VnZMTzPtaRw1xTvZDFcZ4henDOdH9UHSkNu/mptd4xDAE6swP9J849hZG&J46Tz=ARm8z0AXOho0l0p0

GET 404 http://www.dsknit.com/n58i/?BRjh4N=SoKM3gHEWCBWgdUJzSLCKeauc0V37QuEskfBqIKKO1rm+wpQUSSqpp7kY0wxGvSqaTO25VSq&J46Tz=ARm8z0AXOho0l0p0

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49170 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49170 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 198.23.62.250:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 198.23.62.250:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 198.23.62.250:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 198.54.117.215:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 198.54.117.215:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 198.54.117.215:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 50.62.168.3:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 50.62.168.3:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 50.62.168.3:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.50.252.64:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.50.252.64:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49171 -> 198.50.252.64:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 108.186.180.80:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 108.186.180.80:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 108.186.180.80:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 166.88.19.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 166.88.19.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 166.88.19.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts