NetWork | ZeroBOX

IP Address	Status	Action
104.21.10.248	Active	Moloch
164.124.101.2	Active	Moloch
166.88.174.43	Active	Moloch
198.251.89.247	Active	Moloch
199.59.243.220	Active	Moloch
23.82.12.29	Active	Moloch
66.235.200.145	Active	Moloch
69.57.161.210	Active	Moloch
98.124.224.17	Active	Moloch

Name	Response	Post-Analysis Lookup
www.enjoyhavoc.online
www.groupeinvictuscorporation.com	A 98.124.224.17	98.124.224.17
www.vrmonster.xyz	A 199.59.243.220 CNAME 86539.bodis.com	199.59.243.220
www.freecrdditreport.com	A 23.82.12.29	23.82.12.29
www.happy-tile.com
www.zs-yaoshi.com	A 166.88.174.43	166.88.174.43
www.thinoe.com	A 104.21.10.248 A 172.67.164.215	172.67.164.215
www.premhub.club	A 198.251.89.247	198.251.89.247
www.sportape.xyz	A 199.59.243.220 CNAME parking.bodis.com	199.59.243.220
www.daquan168.com
www.fxivcama.com	A 69.57.161.210	69.57.161.210
www.gasgangllc.com	CNAME gasgangllc.com A 66.235.200.145	66.235.200.145

TCP Requests

UDP Requests

GET 200 http://www.vrmonster.xyz/zgtb/?rV0Dp0=yGWCvZ6aXyPwd/HaByyb1PcjzSfhPJ4mPOKYFhnxq8MOGNJ9WwwNGvqQXAUdDfxSPUTOhpzO&VRKt=wBZhTR28eHU8oX

GET 0 http://www.gasgangllc.com/zgtb/?rV0Dp0=XBCDKB8yZNPw5rieyjkNoySF5lyaVown+0zN4aC/hTAwbQTJYjSVmvUihdbcSS68tEiAe5v7&VRKt=wBZhTR28eHU8oX

GET 302 http://www.freecrdditreport.com/zgtb/?rV0Dp0=cSeqCoZ/Qxqx0oFjHQgY06ue/xjuDAwZq94sVXf9gbC670UeP6nVXPWkyiMI8zJro53zKq4f&VRKt=wBZhTR28eHU8oX

GET 200 http://www.sportape.xyz/zgtb/?rV0Dp0=B1IhHrbEoLmNiKqFw3nOQ4nB+Ru/UnGK+xQs1uzRCyrXbDyV7GDWrJYCa9K93Ok02ne5v/zq&VRKt=wBZhTR28eHU8oX

GET 404 http://www.thinoe.com/zgtb/?rV0Dp0=vP2WowvSy7B0zvm54FH0qhQ94GEq0SYSISsT0ZJ8HtV4iWLfigDeA4acBS6J/oIN9USF4lDF&VRKt=wBZhTR28eHU8oX

GET 301 http://www.premhub.club/zgtb/?rV0Dp0=427pZnyXITI7Ip9u+pOH0pYmXREpkYT1pT1nLFHw2WpO7KnSqPdmzxmz5QHEG+gMjJI65xaD&VRKt=wBZhTR28eHU8oX

GET 404 http://www.groupeinvictuscorporation.com/zgtb/?rV0Dp0=IMEWREyt93k8WN2P6tFyYGTowkTAVD/ankE6vsOOfkwqV9OcF+fH7h0AGDSndfQDZwle3EBF&VRKt=wBZhTR28eHU8oX

GET 404 http://www.fxivcama.com/zgtb/?rV0Dp0=0cXM1yajRVYT+Sf+AOTFp2noOU25hrpEDqSUA+OhbGVgDEpEovrOWBIqAtDi4kK6U4QSsOxc&VRKt=wBZhTR28eHU8oX

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49167 -> 23.82.12.29:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 23.82.12.29:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49167 -> 23.82.12.29:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 199.59.243.220:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 199.59.243.220:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 199.59.243.220:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 199.59.243.220:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 104.21.10.248:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 104.21.10.248:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 104.21.10.248:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 66.235.200.145:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 66.235.200.145:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 66.235.200.145:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 198.251.89.247:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 198.251.89.247:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49172 -> 198.251.89.247:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 98.124.224.17:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 98.124.224.17:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49173 -> 98.124.224.17:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 199.59.243.220:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 199.59.243.220:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 199.59.243.220:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49165 -> 199.59.243.220:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49174 -> 69.57.161.210:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 69.57.161.210:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49174 -> 69.57.161.210:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts