NetWork | ZeroBOX

IP Address	Status	Action
142.250.204.147	Active	Moloch
154.203.8.28	Active	Moloch
154.86.195.217	Active	Moloch
164.124.101.2	Active	Moloch
185.146.22.236	Active	Moloch
185.151.30.177	Active	Moloch
2.57.90.16	Active	Moloch
204.11.56.48	Active	Moloch
216.137.179.182	Active	Moloch
23.227.38.74	Active	Moloch
3.64.163.50	Active	Moloch
34.102.136.180	Active	Moloch

Name	Response	Post-Analysis Lookup
www.decentralstream.com	A 3.64.163.50	3.64.163.50
www.omnebrand.com	CNAME shops.myshopify.com A 23.227.38.74	23.227.38.74
www.alo360.net	A 154.203.8.28	154.203.8.28
www.thaivisapro.com
www.myadpwisely.com
www.fuqoguiders.xyz	A 185.151.30.177	185.151.30.177
www.engelskapiste.com
www.fairshakeforfarmers.com	CNAME ghs.googlehosted.com A 142.250.204.147	172.217.31.147
www.jshntn.com	A 216.137.179.182	216.137.179.182
www.doctorfly.mobi	A 34.102.136.180 CNAME doctorfly.mobi	34.102.136.180
www.drfarhad-amini.com	CNAME drfarhad-amini.com A 185.146.22.236	185.146.22.236
www.astairazur.xyz
www.lghl56.com	A 154.86.195.217	154.86.195.217
www.capitandelamarina.com	CNAME capitandelamarina.com A 2.57.90.16	2.57.90.16
www.leadgenteambyec2.online	A 34.102.136.180 CNAME leadgenteambyec2.online	34.102.136.180
www.invalidmob.com	A 204.11.56.48	204.11.56.48
www.eislamiceducation.net

TCP Requests

UDP Requests

GET 403 http://www.doctorfly.mobi/fg6s/?hBZ=ZD+CDfKzm/2YQc3YUSWpgqXUEniGIQPqGnxtch4bxt/WqhYVJmOg1TegURDgRtjTY4agDkrV&or=3f2pdRAhg

GET 200 http://www.lghl56.com/fg6s/?hBZ=uc/5PuIUZlG36os+7LexRTPp6wnTJKg2zgJfW+2DzVSFDGp/ZX6ed7j6rzoWHlmopcfw67ac&or=3f2pdRAhg

GET 301 http://www.fairshakeforfarmers.com/fg6s/?hBZ=xKxtAmNEnxoBUukVIEF1kvuK+nwXMLOnedC+SNz+BGaFhI5v6X1MgDSserQot0MFGqCPeyki&or=3f2pdRAhg

GET 403 http://www.omnebrand.com/fg6s/?hBZ=9brTSNv+C1bZjAKjYfad4vi7E65W3zPrh1IQvHFu7UT2xWBfg4DahvTXlUjO1GKskhxRzYYt&or=3f2pdRAhg

GET 403 http://www.leadgenteambyec2.online/fg6s/?hBZ=F2Zf2n4P0FXRaLVHjnLjEfJTEg7xi89YsuUiESEaACXybpqmv6BiuuaznmyJ6mz5DteeP808&or=3f2pdRAhg

GET 301 http://www.jshntn.com/fg6s/?hBZ=QhJT/lj89jmoERcPnbTQCqPc65rPokueh5BqelcbeJy7pcqc3+lUtgWUw0fy5Ld9UWGgu0ep&or=3f2pdRAhg

GET 200 http://www.alo360.net/fg6s/?hBZ=Mz4uLoABPVXo3kz7cY9kI1UW/VC8dhujTXpbszs0NPRWzSBmB/biWYhkOb4QFg4YZ/yq4ZIw&or=3f2pdRAhg

GET 410 http://www.decentralstream.com/fg6s/?hBZ=5w4qcH3RtmDmlmYd8peDY0KE2wDS2yAwKjriKCc5syzJGBsdqKRa5Igiu1uXS3h05ItrAZN3&or=3f2pdRAhg

GET 401 http://www.fuqoguiders.xyz/fg6s/?hBZ=GOXv9FyzhJsa8KS8dsMmj7/YoTn1jmPQeNfbpJuZqmm6ucgpeks34qCTkToYyxiW+NLP4pkS&or=3f2pdRAhg

GET 404 http://www.drfarhad-amini.com/fg6s/?hBZ=YemKNOFl2uCC2w2+Hf7nWnP/ao/99kBWt1q/O2BJCHQBIGOUleovmks/GdEUoR1FOJMr1UT2&or=3f2pdRAhg

GET 200 http://www.invalidmob.com/fg6s/?hBZ=c239r9fe958S+F1/a+Ow4ejRZ5GHg1F7woFiZTSPM63bBEDr1IS9Bs9IDA3udVl18SDeT0jt&VRKh=vDKtMDQphn4DpR

GET 404 http://www.capitandelamarina.com/fg6s/?hBZ=sLzNFFNyjDEco478Bhn0l2SjjrMBdiGF5KmlY86sslKlGHEC66IFdMgpFM2UPuLAB2LyR8Wr&VRKh=vDKtMDQphn4DpR

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49167 -> 23.227.38.74:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 23.227.38.74:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 23.227.38.74:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 185.146.22.236:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 185.146.22.236:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49173 -> 185.146.22.236:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 204.11.56.48:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 204.11.56.48:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 204.11.56.48:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 216.137.179.182:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 216.137.179.182:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 216.137.179.182:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 142.250.204.147:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 142.250.204.147:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 142.250.204.147:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 154.203.8.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 154.203.8.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 154.203.8.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 185.151.30.177:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 185.151.30.177:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 185.151.30.177:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49172 -> 185.151.30.177:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 3.64.163.50:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 3.64.163.50:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 3.64.163.50:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 154.86.195.217:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 154.86.195.217:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 154.86.195.217:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts