Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.thewellnessloft365.com |
CNAME
www240.wixdns.net
CNAME
balancer.wixdns.net
|
34.80.190.141 |
| www.marciaroyal.com |
CNAME
cname.landingi.com
|
52.212.68.12 |
GET
404
http://www.thewellnessloft365.com/mxwf/?qR-Hnlnp=fz3zRSjyHRBjl1rIa6bXMycrHgGaqLoAb4IqFvz+fVGVYL9pMq7tPSAWMNs8UcZiZ+kcIEfT&TVjH4P=yjRhIXLxMLQ
REQUEST
RESPONSE
BODY
GET /mxwf/?qR-Hnlnp=fz3zRSjyHRBjl1rIa6bXMycrHgGaqLoAb4IqFvz+fVGVYL9pMq7tPSAWMNs8UcZiZ+kcIEfT&TVjH4P=yjRhIXLxMLQ HTTP/1.1
Host: www.thewellnessloft365.com
Connection: close
HTTP/1.1 404 Not Found
Date: Tue, 31 Aug 2021 02:17:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2963
Connection: close
x-wix-request-id: 1630376276.634540364066423685
Age: 0
Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=ae1
X-Seen-By: sHU62EDOGnH2FBkJkG/Wx8EeXWsWdHrhlvbxtlynkVgvtGDF2XlzEMzPI7W//Psq,m0j2EEknGIVUW/liY8BLLhelbX19xiUh2V4v17iBWY+a46R9xNIlpQ4eUPYpBuqs,2d58ifebGbosy5xc+FRaliVeqRAqjfdLiTjrYvI+ivuEAdCHF9hEtj/BaKHx3brB4ePBDJcwjkv2qT7eD3nfkEsdn+kA4g0ENfroHbRUs2Q=,2UNV7KOq4oGjA5+PKsX47Mci82Q35Aqg07TRfNbLwJRYgeUJqUXtid+86vZww+nL,YO37Gu9ywAGROWP0rn2IfgW5PRv7IKD225xALAZbAmk=,xXLsLbWEHLk6hl9EcGlmxvyUVz4QtOJP4qjVctZGTrU=,9bmvtgOsMBj+rhOGTJK8fsvWe3QDFpsUhj871vH3CaHOQZL7Sg6faY+W66Oy1EIGNF1luM9Bu28rUwyuQdECUw==
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: Pepyaka/1.19.10
GET
301
http://www.marciaroyal.com/mxwf/?qR-Hnlnp=zMR5KUFiiGsDPWyfVgT3p2HrI4PM/zQ2oGkj6QE3oz/tMoivHJSrooVNzgWf7GF3ogq7LXJb&TVjH4P=yjRhIXLxMLQ
REQUEST
RESPONSE
BODY
GET /mxwf/?qR-Hnlnp=zMR5KUFiiGsDPWyfVgT3p2HrI4PM/zQ2oGkj6QE3oz/tMoivHJSrooVNzgWf7GF3ogq7LXJb&TVjH4P=yjRhIXLxMLQ HTTP/1.1
Host: www.marciaroyal.com
Connection: close
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://www.marciaroyal.com/mxwf/?qR-Hnlnp=zMR5KUFiiGsDPWyfVgT3p2HrI4PM/zQ2oGkj6QE3oz/tMoivHJSrooVNzgWf7GF3ogq7LXJb&TVjH4P=yjRhIXLxMLQ
connection: close
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49166 -> 34.80.190.141:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 34.80.190.141:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49166 -> 34.80.190.141:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49167 -> 52.212.68.12:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49167 -> 52.212.68.12:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.102:49167 -> 52.212.68.12:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts