| agnes-nue.com/image/putty.exe | 46.166.189.98 | 302 Moved Temporarily | 1 B |
URL User Request GET HTTP/1.1agnes-nue.com/image/putty.exe IP46.166.189.98:80 ASN#43350 NForce Entertainment B.V.
File typevery short file (no magic) Hash68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
NIDS | Severity | Alert | suricata | high | ETPRO POLICY HTTP Request for named PuTTY exe | suricata | medium | ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location |
GET /image/putty.exe HTTP/1.1
Host: agnes-nue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 06 Jun 2023 07:06:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.33
location: http://agnes.be/image/putty.exe
|
URL User Request GET HTTP/1.1IP213.186.33.3:80
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hash62962daa1b19bbcc2db10b7bfd531ea6 d64bae91091eda6a7532ebec06aa70893b79e1f8 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
NIDS | Severity | Alert | suricata | high | ETPRO POLICY HTTP Request for named PuTTY exe | suricata | medium | ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location |
GET /image/putty.exe HTTP/1.1
Host: agnes.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Tue, 06 Jun 2023 05:57:22 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
server: Apache
X-Firefox-Spdy: h2
|
URL User Request GET HTTP/1.1IP213.186.33.3:80
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hash62962daa1b19bbcc2db10b7bfd531ea6 d64bae91091eda6a7532ebec06aa70893b79e1f8 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
NIDS | Severity | Alert | suricata | high | ETPRO POLICY HTTP Request for named PuTTY exe | suricata | medium | ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location |
GET /image/putty.exe HTTP/1.1
Host: agnes.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
date: Tue, 06 Jun 2023 05:57:22 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
server: Apache
x-iplb-request-id: 5B5A2A9A:6C66_D5BA2103:0050_647ECAC2_7736:26390
x-iplb-instance: 28307
|
IP213.186.33.3:80
Requested byhttp://agnes.be/image/putty.exe
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hash62962daa1b19bbcc2db10b7bfd531ea6 d64bae91091eda6a7532ebec06aa70893b79e1f8 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
GET /favicon.ico HTTP/1.1
Host: agnes.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://agnes.be/image/putty.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
date: Tue, 06 Jun 2023 05:57:22 GMT
content-type: text/html; charset=iso-8859-1
content-length: 196
server: Apache
x-iplb-request-id: 5B5A2A9A:6C66_D5BA2103:0050_647ECAC2_7737:26390
x-iplb-instance: 28307
|