Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| google.com | 172.217.161.78 | |
| fouratlinks.com | 199.192.17.247 |
GET
200
http://fouratlinks.com/stockmerchandise/regular_punch_rec/zbqackY6g2W8AyNWZ8NJ.exe
REQUEST
RESPONSE
BODY
GET /stockmerchandise/regular_punch_rec/zbqackY6g2W8AyNWZ8NJ.exe HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Other
Host: fouratlinks.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 05 Nov 2021 01:47:51 GMT
Server: Apache
Last-Modified: Mon, 01 Nov 2021 16:20:50 GMT
ETag: "95c00-5cfbc8f633c80"
Accept-Ranges: bytes
Content-Length: 613376
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 142.250.66.78 | 8 | \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
| 142.250.66.78 | 192.168.56.101 | 0 | \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 199.192.17.247:80 -> 192.168.56.101:49162 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts