IP 119.29.235.104:0
ASN #45090 Shenzhen Tencent Computer Systems Company Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 0e7e2ec92624fa1f85ea8434029432b3
400725f88b9e1b936bcee5623283ca7d5907bfba
4ec4f4e631d0f3321aaefe727b9512c1f7b0cacf017fe3f5ff43e1b65a5ab347
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: 119.29.235.104
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1856
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.941331674810499; path=/; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
Content-Encoding: gzip
119.29.235.104/Bin/PP/4.bin
119.29.235.104200 OK 537 kB URL User Request GET HTTP/1.1 119.29.235.104/Bin/PP/4.bin
IP 119.29.235.104:80
ASN #45090 Shenzhen Tencent Computer Systems Company Limited
File type ASCII text, with very long lines (65536), with no line terminators
Size 537 kB (536576 bytes)
Hash bbd49cc8625747ddfe21f6cb54698ae4
4a5fa0262ea62b235792fabb3ace43f47f644921
b2781a68996f78828846c4997b0c28241503938027bd06ada7b0ec46849d46c8
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata high ET MALWARE Generic .bin download from Dotted Quad
suricata high ET MALWARE PE EXE or DLL Windows file download Text M2
suricata high ET SHELLCODE Common 0a0a0a0a Heap Spray String
GET /Bin/PP/4.bin HTTP/1.1
Host: 119.29.235.104
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 536576
Accept-Ranges: bytes
Server: HFS 2.3m
Set-Cookie: HFS_SID_=0.775236617540941; path=/; HttpOnly
ETag: E9BCA01A7DC0A1877D701149DBD16BF9
Last-Modified: Wed, 17 May 2023 14:12:24 GMT
Content-Disposition: attachment; filename="4.bin";