{"report_id":"0756fcb5-d1ef-41e9-9ecb-b559518fda30","version":6,"status":"done","tags":[],"date":"2024-07-09T08:49:09Z","url":{"schema":"http","addr":"103.195.237.43/GtOVUxlNa102.bin","fqdn":"103.195.237.43","domain":"103.195.237.43","tld":""},"ip":{"addr":"103.195.237.43","port":0,"asn":140827,"as":"AZ VIET NAM COMMUNICATIONS TECHNOLOGY COMPANY LIMITED","country":"Vietnam","country_code":"VN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T10:24:24Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"103.195.237.43","ip":{"addr":"103.195.237.43","port":80,"asn":140827,"as":"AZ VIET NAM COMMUNICATIONS TECHNOLOGY COMPANY LIMITED","country":"Vietnam","country_code":"VN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2017-09-15 02:11:35","last_seen":"2022-12-17 17:45:57","alert_count":2,"request_count":1,"received_data":494896,"sent_data":401,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-08 18:12:20","alert_count":0,"request_count":6,"received_data":5323,"sent_data":1962,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-09T08:48:45Z","timestamp":1720514925,"ip_dst":{"addr":"103.195.237.43","port":80,"asn":140827,"as":"AZ VIET NAM COMMUNICATIONS TECHNOLOGY COMPANY LIMITED","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"Client IP","port":59134,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Generic .bin download from Dotted Quad","source":"{\"timestamp\":\"2024-07-09T08:48:45.810133+0000\",\"flow_id\":2153187254332447,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.26\",\"src_port\":59134,\"dest_ip\":\"103.195.237.43\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018752,\"rev\":13,\"signature\":\"ET HUNTING Generic .bin download from Dotted Quad\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"source\":{\"ip\":\"103.195.237.43\",\"port\":80},\"target\":{\"ip\":\"172.18.0.26\",\"port\":59134},\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2014_07_23\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_08\"]}},\"http\":{\"hostname\":\"103.195.237.43\",\"url\":\"/GtOVUxlNa102.bin\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1206},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":675,\"bytes_toclient\":6130,\"start\":\"2024-07-09T08:48:45.322591+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-09","alert":"Sinkholed","trigger":"103.195.237.43","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:44.203101256Z","timestamp":1720514924203,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"41E6A348AAC9E9DB44BFA14B3AA29D411F4489B375AE1F1BE6B0D280AF98541D\"\r\nLast-Modified: Mon, 08 Jul 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2475\r\nExpires: Tue, 09 Jul 2024 09:29:59 GMT\r\nDate: Tue, 09 Jul 2024 08:48:44 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b34ca6af54e2b9fea57d418f5d1928f7","sha1":"510b69f4470789a573217726d6f1a3d6ee765460","sha256":"41e6a348aac9e9db44bfa14b3aa29d411f4489b375ae1f1be6b0d280af98541d","sha512":"56fc288af1ca048d6ad95019c5fe4a6be829ae0e6d834e51d920e79cb96aa3de97763b94d41b4c691f461b7a46ef961dd157b791947e0463310e5d0abd1422c8","ssdeep":"","tlshash":"def0055627d5a6016a710a911de5d31a1e2058fb305018f223d451e33923bbe1ec8446","first_seen":"2024-07-08T05:19:45Z","last_seen":"2024-08-19T17:39:41.553406Z","times_seen":34939,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:44.244532792Z","timestamp":1720514924244,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED\"\r\nLast-Modified: Sun, 07 Jul 2024 03:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2464\r\nExpires: Tue, 09 Jul 2024 09:29:48 GMT\r\nDate: Tue, 09 Jul 2024 08:48:44 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"abec3934929082bd707108b7042796da","sha1":"4f200b04ad1c6fcac9833107c492a59ebf36dc6e","sha256":"8e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed","sha512":"cab860d7ad427afe6f633e714c3c41da9055d0ff75b7366e2df1866a99077e350b7ac25f40c0675b0d830748b0725c07a4bdf934cb09f6085fb02f27c1a1610b","ssdeep":"","tlshash":"c4f00e82427c39147ae03e2b2bf9d12a1f34adf815611df5645013937453fed01c8e4b","first_seen":"2024-07-07T10:17:04Z","last_seen":"2024-08-19T17:44:50.422556Z","times_seen":23660,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:44.589590696Z","timestamp":1720514924589,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F\"\r\nLast-Modified: Sun, 07 Jul 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8461\r\nExpires: Tue, 09 Jul 2024 11:09:45 GMT\r\nDate: Tue, 09 Jul 2024 08:48:44 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41036a4c62e61466443bce27a927e029","sha1":"39a2a8a258c5feaf020246696135700b0c30740d","sha256":"e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f","sha512":"50f9d880f413719b46b17c5f9633a79d3f2f4b41d3d415f05206c6c628277fe0acbc56cacdd931ec59b7a4fdcebb3b252b0bc80578bd35ee05112d2723a6fae3","ssdeep":"","tlshash":"2cf0c0aa29d5f88076711a24b864ea246b205e6a7810daf614d082fbf8057a6450844e","first_seen":"2024-07-07T14:27:09Z","last_seen":"2024-08-19T17:43:40.432277Z","times_seen":38887,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:44.963430552Z","timestamp":1720514924963,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"74180138E5609F4047B5A20BC58BFD360DEA9BBA200ACF14FD43FC2D6B5DA34B\"\r\nLast-Modified: Sun, 07 Jul 2024 04:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17681\r\nExpires: Tue, 09 Jul 2024 13:43:25 GMT\r\nDate: Tue, 09 Jul 2024 08:48:44 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c1f3573a71cfe2a8f30b3fbc7d2d3453","sha1":"101371f5030c41e4dad4e1e6ac102342db020318","sha256":"74180138e5609f4047b5a20bc58bfd360dea9bba200acf14fd43fc2d6b5da34b","sha512":"820baf1cd85b3df20be2ec47b112a3dbce7acb3ed6d5c1ed348669e7a45315b1c544dd62618ed8db4156d1b1703f043f697e8152e403a7db396c55879a936c10","ssdeep":"","tlshash":"5af00e650690bd027672462794d8c42d1f24a6f9344130e2a86011daac21feb9eac00b","first_seen":"2024-07-07T11:38:19Z","last_seen":"2024-08-19T17:44:28.537533Z","times_seen":17242,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:46.728489736Z","timestamp":1720514926728,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9868\r\nExpires: Tue, 09 Jul 2024 11:33:14 GMT\r\nDate: Tue, 09 Jul 2024 08:48:46 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T08:48:46.730801019Z","timestamp":1720514926730,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9868\r\nExpires: Tue, 09 Jul 2024 11:33:14 GMT\r\nDate: Tue, 09 Jul 2024 08:48:46 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"103.195.237.43/GtOVUxlNa102.bin","fqdn":"103.195.237.43","domain":"103.195.237.43","tld":"43"},"ip":{"addr":"103.195.237.43","port":80,"asn":140827,"as":"AZ VIET NAM COMMUNICATIONS TECHNOLOGY COMPANY LIMITED","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-09T08:48:45.323Z","timestamp":1720514925323,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /GtOVUxlNa102.bin HTTP/1.1\r\nHost: 103.195.237.43\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/octet-stream\r\nLast-Modified: Sun, 07 Jul 2024 22:46:16 GMT\r\nAccept-Ranges: bytes\r\nETag: \"96e3c979bfd0da1:0\"\r\nServer: Microsoft-IIS/8.5\r\nDate: Tue, 09 Jul 2024 08:48:44 GMT\r\nContent-Length: 494656\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":494656,"size_decoded":494656,"mime_type":"application/octet-stream","magic":"data","md5":"52ff99c7c0d339a7792d853a9009ed97","sha1":"b5620790bd383468c5c04fcbf8294b4fa97d73a2","sha256":"ec8e40d4ca239a68924955c08d0ca0d579dbeb664ff082fc1dadb38bf8a7381c","sha512":"2063d5a5e246113b55dd1ba9c8db97db5d1e79ede3761c6c120174ee01a43deb8b1d8207f97c420bd31922d10b82085555512a036eeb83c1f027ec150d6158a3","ssdeep":"12288:HuCwAdGoCbT+SvpTGjyWDKi2KdE962KxbpzQ7FSP3:HuCwAdGoBwTGl2i2WcNmA23","tlshash":"bfb4239a66f9928b550adfa600b6c8cf64804cbd4ec637bf37a5e704c67d1484983e37","first_seen":"2024-07-09T10:48:58Z","last_seen":"2024-09-20T20:03:08.687934Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2201,"timings":{"blocked":242,"dns":0,"connect":242,"send":0,"wait":245,"receive":1472,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-09T08:48:45Z","timestamp":1720514925,"ip_dst":{"addr":"103.195.237.43","port":80,"asn":140827,"as":"AZ VIET NAM COMMUNICATIONS TECHNOLOGY COMPANY LIMITED","country":"Vietnam","country_code":"VN"},"ip_src":{"addr":"172.18.0.26","port":59134,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Generic .bin download from Dotted Quad","source":"{\"timestamp\":\"2024-07-09T08:48:45.810133+0000\",\"flow_id\":2153187254332447,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.26\",\"src_port\":59134,\"dest_ip\":\"103.195.237.43\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018752,\"rev\":13,\"signature\":\"ET HUNTING Generic .bin download from Dotted Quad\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"source\":{\"ip\":\"103.195.237.43\",\"port\":80},\"target\":{\"ip\":\"172.18.0.26\",\"port\":59134},\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2014_07_23\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_08\"]}},\"http\":{\"hostname\":\"103.195.237.43\",\"url\":\"/GtOVUxlNa102.bin\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1206},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":675,\"bytes_toclient\":6130,\"start\":\"2024-07-09T08:48:45.322591+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-09","alert":"Sinkholed","trigger":"103.195.237.43","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}