Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| www.mymatam.com |
CNAME
mymatam.com
|
103.28.91.20 |
- TCP Requests
GET
301
http://www.mymatam.com/fg58/?KzrtE=WpDF5rR8GhL85HDW55HvY2UzFumc4+CxavBF5rgmPNYEZf40Rr2HPxuZ1925OstCFu5iCPlj&p0G=kJEPdT4hIPU4hj
REQUEST
RESPONSE
BODY
GET /fg58/?KzrtE=WpDF5rR8GhL85HDW55HvY2UzFumc4+CxavBF5rgmPNYEZf40Rr2HPxuZ1925OstCFu5iCPlj&p0G=kJEPdT4hIPU4hj HTTP/1.1
Host: www.mymatam.com
Connection: close
HTTP/1.1 301 Moved Permanently
Connection: close
x-powered-by: PHP/8.0.28
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
disabled-plugins: 0 on 2023-06-27 10:56:30
x-redirect-by: WordPress
location: http://mymatam.com/fg58/?KzrtE=WpDF5rR8GhL85HDW55HvY2UzFumc4+CxavBF5rgmPNYEZf40Rr2HPxuZ1925OstCFu5iCPlj&p0G=kJEPdT4hIPU4hj
content-length: 0
date: Tue, 27 Jun 2023 10:56:30 GMT
server: LiteSpeed
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49167 -> 103.28.91.20:80 | 2031412 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49167 -> 103.28.91.20:80 | 2031449 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
| TCP 192.168.56.101:49167 -> 103.28.91.20:80 | 2031453 | ET MALWARE FormBook CnC Checkin (GET) | Malware Command and Control Activity Detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts