{"report_id":"00a0e514-1d70-4633-bd5b-988a1d06140a","version":6,"status":"done","tags":[],"date":"2025-01-15T23:28:29Z","url":{"schema":"http","addr":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"ip":{"addr":"104.21.40.91","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"title":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-26T23:28:29Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"gajrokerio.icu","ip":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2024-08-18","domain_rank":0,"first_seen":"2025-01-15T23:28:29.574124Z","last_seen":"2025-01-15T23:28:29.574124Z","alert_count":0,"request_count":2,"received_data":851830,"sent_data":962,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"9f823778701969823c5a01ef3ece57b7","sha1":"da733f482825ec2d91f9f1186a3f934a2ea21fa1","sha256":"abca7cf12937da14c9323c880ec490cc0e063d7a3eef2eac878cd25c84cf1660","sha512":"ffc40b16f5ea2124629d797dc3a431beb929373bfa773c6cddc21d0dc4105d7360a485ea502ce8ea3b12ee8dca8275a0ec386ea179093af3aa8b31b4dd3ae1ca","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":841903,"url":{"schema":"https","addr":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"ip":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"9f823778701969823c5a01ef3ece57b7","sha1":"da733f482825ec2d91f9f1186a3f934a2ea21fa1","sha256":"abca7cf12937da14c9323c880ec490cc0e063d7a3eef2eac878cd25c84cf1660","sha512":"ffc40b16f5ea2124629d797dc3a431beb929373bfa773c6cddc21d0dc4105d7360a485ea502ce8ea3b12ee8dca8275a0ec386ea179093af3aa8b31b4dd3ae1ca","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":841903,"url":{"schema":"https","addr":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"ip":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-01-15T23:28:03Z","timestamp":1736983683,"ip_dst":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.25","port":42126,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-01-15T23:28:03.972624+0000\",\"flow_id\":1023957860071698,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":42126,\"dest_ip\":\"172.67.183.71\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"gajrokerio.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2025-01-15T23:28:03.964882+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"gajrokerio.icu/favicon.ico","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"ip":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gajrokerio.icu/Bin/ScreenConnect.Windows.dll","date":"2025-01-15T23:28:09.993Z","timestamp":1736983689993,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gajrokerio.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Dec 2024 01:48:36 GMT","end":"Sat, 15 Mar 2025 02:46:01 GMT"},"fingerprint":{"sha1":"BA:59:65:98:1E:12:88:98:F8:A7:34:76:A7:4C:9B:68:9F:B6:66:53","sha256":"45:E6:98:E1:E2:A0:6C:45:E7:3B:37:66:4C:F4:0A:9C:1D:8C:02:50:0C:CE:DD:F6:34:1F:23:83:33:CC:0B:D1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gajrokerio.icu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gajrokerio.icu/Bin/ScreenConnect.Windows.dll\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 15 Jan 2025 23:28:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private\r\ncf-cache-status: BYPASS\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=BaFRKapdBFVgKwEEXFS%2BeJjVsmGO4Av2J2LnHeNAqTwgrJXA76UT5oINqAQJoAl38lk92y11%2FKRXatLPj3sY3lETBr2%2BHModE9eaya%2B9JJp7kObP2%2Bid3Bfo7OC2ueUumA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9029a3e9ad5d0b65-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=4619\u0026min_rtt=3142\u0026rtt_var=2233\u0026sent=14\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=4217\u0026recv_bytes=1324\u0026delivery_rate=189011\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=fb5e8f60a4bba9cd\u0026ts=2651\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":8261,"size_decoded":1922,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"fe13e7946b45b0110de267c1f85bd38c","sha1":"b4d864661a98607f5751dcb81bf87df80ea80822","sha256":"cb659eae953d8a427ea235c2df88ede9e4258a932594362364e857c8d8078ed9","sha512":"f59dd66b961ced05322ed5f41a3a8fe142385e84587e8f61c2f6a0be9102afa984c6a824f1a820fdf1ae9b963d0a50d3f397707ed73e8c4634b97d0d7b9b9126","ssdeep":"","tlshash":"ce410e53a941141b95b3082a39027318ef35019797628ba1b99f1a06effa55723c7f8c","first_seen":"2023-04-06T14:39:01Z","last_seen":"2026-03-22T19:42:59.642278Z","times_seen":1689,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gajrokerio.icu/Bin/ScreenConnect.Windows.dll","fqdn":"gajrokerio.icu","domain":"gajrokerio.icu","tld":"icu"},"ip":{"addr":"172.67.183.71","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-15T23:28:03.965Z","timestamp":1736983683965,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gajrokerio.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Dec 2024 01:48:36 GMT","end":"Sat, 15 Mar 2025 02:46:01 GMT"},"fingerprint":{"sha1":"BA:59:65:98:1E:12:88:98:F8:A7:34:76:A7:4C:9B:68:9F:B6:66:53","sha256":"45:E6:98:E1:E2:A0:6C:45:E7:3B:37:66:4C:F4:0A:9C:1D:8C:02:50:0C:CE:DD:F6:34:1F:23:83:33:CC:0B:D1"}}},"request":{"raw":"GET /Bin/ScreenConnect.Windows.dll HTTP/1.1\r\nHost: gajrokerio.icu\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Jan 2025 23:28:04 GMT\r\ncontent-type: text/html\r\ncache-control: private\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=KnK04WC3aJ%2BObrc228zQyaXLP20S8w%2FUN5Mg0zNBjX1dLj1UsGWGM7DPUTAocw1QFz%2BcrtqF6m1ye4vnkAlBYMwP9nCJWjpqGJ%2FhChm1CbVp0Zwikpzm5nWkNIstnKS1iA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9029a3d8ec4fb512-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=5849\u0026min_rtt=451\u0026rtt_var=10817\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3209\u0026recv_bytes=1137\u0026delivery_rate=7798922\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=1cb51b6a5b07b9be\u0026ts=208\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":841903,"size_decoded":1721856,"mime_type":"text/html","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"9f823778701969823c5a01ef3ece57b7","sha1":"da733f482825ec2d91f9f1186a3f934a2ea21fa1","sha256":"abca7cf12937da14c9323c880ec490cc0e063d7a3eef2eac878cd25c84cf1660","sha512":"ffc40b16f5ea2124629d797dc3a431beb929373bfa773c6cddc21d0dc4105d7360a485ea502ce8ea3b12ee8dca8275a0ec386ea179093af3aa8b31b4dd3ae1ca","ssdeep":"24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP","tlshash":"0d85bd41e2c365f5d46b047888bf572aba743c080315cafb97d4ae3a6d33bc09a36756","first_seen":"2024-09-20T10:54:02Z","last_seen":"2025-02-04T20:22:04.184701Z","times_seen":13,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":189,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}