NetWork | ZeroBOX

IP Address	Status	Action
154.22.100.62	Active	Moloch
155.159.61.221	Active	Moloch
162.0.238.93	Active	Moloch
162.214.129.149	Active	Moloch
164.124.101.2	Active	Moloch
192.185.217.47	Active	Moloch
192.185.35.86	Active	Moloch
195.24.68.23	Active	Moloch
2.57.90.16	Active	Moloch
206.233.197.135	Active	Moloch
45.33.6.223	Active	Moloch
66.29.141.188	Active	Moloch
66.29.151.40	Active	Moloch

Name	Response	Post-Analysis Lookup
www.brennancorps.info	A 2.57.90.16 CNAME brennancorps.info	2.57.90.16
www.youandmegb136.shop	CNAME youandmegb136.shop A 66.29.141.188	66.29.141.188
www.foxwhistle.com	A 154.22.100.62	154.22.100.62
www.courdak.info	A 66.29.151.40	66.29.151.40
www.automotiveparts-store.com	CNAME automotiveparts-store.com A 162.0.238.93	162.0.238.93
www.seufi.com	A 2.57.90.16 CNAME seufi.com	2.57.90.16
www.afterdarksocial.club	A 162.214.129.149	162.214.129.149
www.eufidelizo.com	CNAME eufidelizo.com A 192.185.217.47	192.185.217.47
www.lopezmodeling.com	A 192.185.35.86 CNAME lopezmodeling.com	192.185.35.86
www.lyonfinancialusa.com	A 206.233.197.135	206.233.197.135
www.patrickguarte.com	A 155.159.61.221	155.159.61.221
www.19t221013d.tokyo
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.phootka.ru	A 195.24.68.23	195.24.68.23

TCP Requests

UDP Requests

GET 404 http://www.eufidelizo.com/henz/?nbWl8n=wcp3urA+/rGtUuNVdzf16ZeZGpZq4XGXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqWKQvjoVWw+U5Y7ODGkonKNL7W0=&D8cH=NdndsZxX

GET 200 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip

GET 404 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip

GET 200 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip

GET 200 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip

GET 200 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip

GET 301 http://www.lyonfinancialusa.com/henz/?nbWl8n=I97X75yj3reE70KD0H/Cak1oo2zHy9G/KKFZ2xPoakAfOE75REIsiEdUspxqeb3/DlFpoh36cAjqvl85DwXllB7WLme1uHpNnCumkME=&D8cH=NdndsZxX

GET 404 http://www.afterdarksocial.club/henz/?nbWl8n=8TptbrIX6F4NxrWdTnVKCiNdtmXGEuELv5cUeaX5N5UPFd9Hxy/eCwrx8CSqMIuqYtp16J6ah9tFi3/97BblSlVnUMukTQJmI59ItyY=&D8cH=NdndsZxX

GET 404 http://www.patrickguarte.com/henz/?nbWl8n=5p9Ov6C7qce51hIp6nkbqV/d59cDddN77lLEFw6Ufibk2yN56suGmW9SnR2oT5DaW1POG/xMOeVc/Muqlx89dGklgcJInIpBk29/OFI=&D8cH=NdndsZxX

GET 404 http://www.brennancorps.info/henz/?nbWl8n=P4ST2IJPckjMYpRf2hTG7XGyBDGAy7OOggEf6mHPhnME1yGBMW0exDItYRA37f+XnLyPH15dACF6dKWBGe8FrnsbvwR+k5hXy5NlDxw=&D8cH=NdndsZxX

GET 404 http://www.lopezmodeling.com/henz/?nbWl8n=dpH6BKfQQ0cm5ImeofuKRskABJrBNfLp0vSyI4bn1RZjePkdeS9a/FiQgEdxlvmzsB0l+sQcpRgj8HqvSEXtkBUtM/7b2ek1qpGMuFI=&D8cH=NdndsZxX

GET 200 http://www.foxwhistle.com/henz/?nbWl8n=jIhXpQA4pSG2yYWBbTjo4KjMDsvsQ9F5uiLrR0YNz1ez7r/FQUV2XPmUrykxRWDvkt62w03aCUUodajM6m+91s+tfqSr6z5AiriQQhU=&D8cH=NdndsZxX

GET 404 http://www.phootka.ru/henz/?nbWl8n=w1bwPjtuf2ZlKfJJwO+BTMATo3IZhxYr0xwxA7aVeAjkl5kFf+SBsbPh/8ORAg46rPRxP2SAJydpY5hX47JJGDyZCrebhSML6UzwAv0=&D8cH=NdndsZxX

GET 404 http://www.courdak.info/henz/?nbWl8n=vdyVzLcxoZUoogW6+NKMfwQ5LAGTMZCWuq0zGM5B+O39UoDsvg/hobD3JDgVlVzjVFZes90R2RhtZev/AI+f5OQ7oLMklDSyOnM4EYU=&D8cH=NdndsZxX

GET 301 http://www.automotiveparts-store.com/henz/?nbWl8n=l755dn3SV1HJ85bgdYLXX0FitE0O++oBuxO/p/rOD3cyNdqLfUPJLAMkl1O9xhY/fGSw1luYDYlS6H/677nep41+QBgryFqg6K8ooWg=&D8cH=NdndsZxX

GET 404 http://www.seufi.com/henz/?nbWl8n=IBGzHMg16oJNSPrzw250+MvRfpuZJ+UNeLGkgBGOsROhXn3QAnT7j8xX9Jlog+RFk3dGiXHpM08k153fm/VBkqw4m0Htf2ZTok+naIQ=&D8cH=NdndsZxX

GET 302 http://www.youandmegb136.shop/henz/?nbWl8n=UtZym1qImX06+GpDcpN9/2+kdchdxBnkrVUZumUi1jx9tPAiXeTjhhssvsimU8yI7A/xS1pJIIlTb23usgwKY3ermdd4E2Ie0oOK+14=&D8cH=NdndsZxX

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49182 -> 66.29.151.40:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49182 -> 66.29.151.40:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 155.159.61.221:80 -> 192.168.56.101:49177	2400012	ET DROP Spamhaus DROP Listed Traffic Inbound group 13	Misc Attack
TCP 192.168.56.101:49182 -> 66.29.151.40:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 155.159.61.221:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 155.159.61.221:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49177 -> 155.159.61.221:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49178 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 192.185.35.86:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 192.185.35.86:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 192.185.35.86:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 195.24.68.23:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 195.24.68.23:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 195.24.68.23:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49184 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 192.185.217.47:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 162.214.129.149:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 192.185.217.47:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 162.214.129.149:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49168 -> 192.185.217.47:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49176 -> 162.214.129.149:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 206.233.197.135:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 206.233.197.135:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 206.233.197.135:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49185 -> 66.29.141.188:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49185 -> 66.29.141.188:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49185 -> 66.29.141.188:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 154.22.100.62:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 154.22.100.62:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49180 -> 154.22.100.62:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 162.0.238.93:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 162.0.238.93:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49183 -> 162.0.238.93:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts