NetWork | ZeroBOX

IP Address	Status	Action
103.224.182.210	Active	Moloch
116.202.53.24	Active	Moloch
162.210.102.230	Active	Moloch
164.124.101.2	Active	Moloch
170.33.12.250	Active	Moloch
183.181.96.6	Active	Moloch
199.59.242.153	Active	Moloch
207.148.70.230	Active	Moloch
34.102.136.180	Active	Moloch
68.183.15.160	Active	Moloch

Name	Response	Post-Analysis Lookup
www.peacemaker-recruit.com	A 183.181.96.6	183.181.96.6
www.tenloe089.xyz	A 170.33.12.250 CNAME zvlzw6.g.ngxfence.org	170.33.12.250
www.astodome.com	A 68.183.15.160	68.183.15.160
www.4444wns.com	CNAME vinisi.winisiren.com A 207.148.70.230	207.148.70.230
www.curtisdanielstattoostudio.com	A 199.59.242.153	199.59.242.153
www.iqhotelgroup.com	CNAME iqhotelgroup.com A 116.202.53.24	182.50.132.242
www.smartag1.xyz
www.cheapshoppy.com	CNAME cheapshoppy.com A 34.102.136.180	34.102.136.180
www.mariareis.space	A 162.210.102.230	162.210.102.230
www.handbagbnuusj.xyz
www.digitalunivers.city	A 103.224.182.210	103.224.182.210

TCP Requests

UDP Requests

GET 404 http://www.4444wns.com/rf5o/?QFQLCr=9q0GOrZ0nNjsFLr+8PLaypET/07tWd7bS7qUMFECVdpaS/NnVj/0qTd+KOhq+XsRxYHeTQ0B&oXU=_6g8ydKPyJots

GET 200 http://www.iqhotelgroup.com/rf5o/?QFQLCr=wEeOS8h+IxXA/tEOS5Y8BAd2GC4lulicjkhIA7B6VHupSh5b9SkAv9/2wQRS+ceEDC60QArq&oXU=_6g8ydKPyJots

GET 302 http://www.digitalunivers.city/rf5o/?QFQLCr=BZ4DWq00hiEzBgfWc5RZz2jh2HhmSypNEmoJbJdvt3c9RX7gAuQ2h0yMdTyvDyhXwZmblXKa&oXU=_6g8ydKPyJots

GET 404 http://www.mariareis.space/rf5o/?QFQLCr=jN3Zixm4nAysEcvizo+5uOLAcqqB+o813wWf4LGH2MYSrvoMsEig3Mg28FTcxwgcIdrDE8tP&oXU=_6g8ydKPyJots

GET 301 http://www.peacemaker-recruit.com/rf5o/?QFQLCr=WErm4lIJlLt5N5mwclGj/AL+cX0ZhYdgjkqhvrVwbaMjesjeWO+0Qd22g5V7bn/XQQd7hvVo&oXU=_6g8ydKPyJots

GET 0 http://www.tenloe089.xyz/rf5o/?QFQLCr=PxELiG7O3Q87mJ1J2f5hkXpl7mf4tUbVqGAfw1ZZ+IF8lSX79o1sFMLuOfTLfpqswjwhsVjH&oXU=_6g8ydKPyJots

GET 200 http://www.curtisdanielstattoostudio.com/rf5o/?QFQLCr=pdJ3GYWJb+yi5LO2Ccl1vGP+EDIOHtu9wy+pJOGFtfUqFiMQSXnDKiq516+4QvJ/5KRoxfWS&oXU=_6g8ydKPyJots

GET 403 http://www.cheapshoppy.com/rf5o/?QFQLCr=Q+PKZ9c1fIuSHpecD6akMfkf92SqZJChLDu6QnJCm1MgP3RMXPHvolXPqwxJ+Spda1Bnw+QV&oXU=_6g8ydKPyJots

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49165 -> 116.202.53.24:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 116.202.53.24:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49165 -> 116.202.53.24:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 170.33.12.250:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 170.33.12.250:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 170.33.12.250:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49169 -> 170.33.12.250:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 162.210.102.230:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 162.210.102.230:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49167 -> 162.210.102.230:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 207.148.70.230:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 207.148.70.230:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49164 -> 207.148.70.230:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 199.59.242.153:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 199.59.242.153:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49170 -> 199.59.242.153:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.224.182.210:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.224.182.210:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49166 -> 103.224.182.210:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 183.181.96.6:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 183.181.96.6:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 183.181.96.6:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts