Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| feetifu.net |
GET
200
http://202.79.173.167:8000/1
REQUEST
RESPONSE
BODY
GET /1 HTTP/1.1
Host: 202.79.173.167:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 538224
etag: "0:83670:653e70d1:2b2b1a08"
accept-ranges: bytes
content-disposition: attachment; filename="1"
content-type: application/octet-stream
last-modified: Sun, 29 Oct 2023 14:48:49 GMT
date: Mon, 06 Nov 2023 00:45:56 GMT
GET
200
http://202.79.173.167:8000/2
REQUEST
RESPONSE
BODY
GET /2 HTTP/1.1
Host: 202.79.173.167:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 135352
etag: "0:210b8:64e0a758:dd45d34"
accept-ranges: bytes
content-disposition: attachment; filename="2"
content-type: application/octet-stream
last-modified: Sat, 19 Aug 2023 11:28:24 GMT
date: Mon, 06 Nov 2023 00:45:56 GMT
GET
200
http://202.79.173.167:8000/3
REQUEST
RESPONSE
BODY
GET /3 HTTP/1.1
Host: 202.79.173.167:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 78336
accept-ranges: bytes
last-modified: Wed, 01 Nov 2023 11:52:44 GMT
etag: "0:13200:65423c0c:0"
content-type: application/octet-stream
content-disposition: attachment; filename="3"
date: Mon, 06 Nov 2023 00:45:57 GMT
GET
200
http://202.79.173.167:8000/4
REQUEST
RESPONSE
BODY
GET /4 HTTP/1.1
Host: 202.79.173.167:8000
Cache-Control: no-cache
HTTP/1.1 200 OK
content-length: 367269
accept-ranges: bytes
last-modified: Sat, 19 Aug 2023 13:25:58 GMT
etag: "0:59aa5:64e0c2e6:260a6d8"
content-type: application/octet-stream
content-disposition: attachment; filename="4"
date: Mon, 06 Nov 2023 00:45:57 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 202.79.173.167:8000 -> 192.168.56.101:49163 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
| TCP 202.79.173.167:8000 -> 192.168.56.101:49163 | 2023711 | ET MALWARE JS/WSF Downloader Dec 08 2016 M7 | A Network Trojan was detected |
| TCP 202.79.173.167:8000 -> 192.168.56.101:49163 | 2016538 | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | Potentially Bad Traffic |
| TCP 202.79.173.167:8000 -> 192.168.56.101:49163 | 2021076 | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response | Potentially Bad Traffic |
| TCP 202.79.173.167:8000 -> 192.168.56.101:49163 | 2014520 | ET INFO EXE - Served Attached HTTP | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts