{"report_id":"14812e16-1a44-4f2b-8079-5a55e529c917","version":6,"status":"done","tags":[],"date":"2024-10-14T11:05:06Z","url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"xmsecu.com","domain":"xmsecu.com","tld":"com"},"ip":{"addr":"49.4.84.205","port":0,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2026-12-23T11:05:06Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"184.51.252.176","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06T21:45:11Z","last_seen":"2024-10-13T11:01:32.822962Z","alert_count":0,"request_count":4,"received_data":3552,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07T07:43:57Z","last_seen":"2024-10-13T11:01:32.826898Z","alert_count":0,"request_count":2,"received_data":1776,"sent_data":654,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xmsecu.com","ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"domain_registered":"2010-11-18","domain_rank":247383,"first_seen":"2012-07-13T16:49:33Z","last_seen":"2024-01-20T17:45:22Z","alert_count":3,"request_count":1,"received_data":5069254,"sent_data":403,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"48646c40120925c774754e5de36c33cc","sha1":"35b7cf02001365714a75861809ba59c462e253d8","sha256":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","sha512":"be32a77b95ff16593412d08f01940d96aea2c14e3840e0fae51643c6e493092f9ba69f0af48ed47f812daa2abf48ad25c61a2afa67394d22822b050b17c1a228","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":5069003,"url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"xmsecu.com","domain":"xmsecu.com","tld":"com"},"ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-14","alert":"Scan result 2/73","trigger":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-10-14T11:04:41Z","timestamp":1728903881,"ip_dst":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"ip_src":{"addr":"172.18.0.24","port":54650,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"URLhaus Known malware download URL detected (3225160)","source":"{\"timestamp\":\"2024-10-14T11:04:41.135955+0000\",\"flow_id\":891089662252473,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":54650,\"dest_ip\":\"49.4.84.205\",\"dest_port\":8080,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":84088260,\"rev\":1,\"signature\":\"URLhaus Known malware download URL detected (3225160)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2024_10_08\"]}},\"http\":{\"hostname\":\"xmsecu.com\",\"http_port\":8080,\"url\":\"/ocx/NewActive.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1195},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":677,\"bytes_toclient\":4682,\"start\":\"2024-10-14T11:04:40.529849+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-10-14T11:04:41Z","timestamp":1728903881,"ip_dst":{"addr":"172.18.0.24","port":54650,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2024-10-14T11:04:41.733857+0000\",\"flow_id\":891089662252473,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"49.4.84.205\",\"src_port\":8080,\"dest_ip\":\"172.18.0.24\",\"dest_port\":54650,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_08_19\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"xmsecu.com\",\"http_port\":8080,\"url\":\"/ocx/NewActive.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":43187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":33,\"bytes_toserver\":2009,\"bytes_toclient\":47074,\"start\":\"2024-10-14T11:04:40.529849+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-10-14T11:04:41Z","timestamp":1728903881,"ip_dst":{"addr":"172.18.0.24","port":54650,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"severity":"low","alert":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","source":"{\"timestamp\":\"2024-10-14T11:04:41.733857+0000\",\"flow_id\":891089662252473,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"49.4.84.205\",\"src_port\":8080,\"dest_ip\":\"172.18.0.24\",\"dest_port\":54650,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2015744,\"rev\":6,\"signature\":\"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2012_09_28\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_30\"]}},\"http\":{\"hostname\":\"xmsecu.com\",\"http_port\":8080,\"url\":\"/ocx/NewActive.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":43187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":33,\"bytes_toserver\":2009,\"bytes_toclient\":47074,\"start\":\"2024-10-14T11:04:40.529849+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"Mnemonic Secure DNS","scan_date":"2024-10-14","alert":"Sinkholed","trigger":"xmsecu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null}]},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-14","alert":"Sinkholed","trigger":"xmsecu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.176","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:39.902143145Z","timestamp":1728903879902,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1839E2EB73C24C27FDA8E6BF4715B73CE52CC1C059BD1DFD9B739E71409CDA3B\"\r\nLast-Modified: Mon, 14 Oct 2024 08:07:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13182\r\nExpires: Mon, 14 Oct 2024 14:44:21 GMT\r\nDate: Mon, 14 Oct 2024 11:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8c678121da7ea2edc90ea014cf3552af","sha1":"3d76ebd2a3aba8dab56e3c15310551e9b226e249","sha256":"1839e2eb73c24c27fda8e6bf4715b73ce52cc1c059bd1dfd9b739e71409cda3b","sha512":"d65acc8dbb99bfcaf08fc62c6a72e2c21b0766ca87743ea61c20036d4aa917dd728dcfe88acff4b1ceab8fcfa93a4590addd511360c68b0a8bf7b478338b4163","ssdeep":"","tlshash":"c9f005e56297784047eb680715fcf035bf1159b434043bf4b4c592769c13bf458440cc","first_seen":"2024-10-14T08:50:39.802212Z","last_seen":"2024-10-15T07:44:44.950369Z","times_seen":9989,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.176","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:39.925413652Z","timestamp":1728903879925,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD3368B109660E2AD4D41E0454B8A57636C39B539E9E20DA7CEBFFDB1ED3EB09\"\r\nLast-Modified: Mon, 14 Oct 2024 07:57:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13359\r\nExpires: Mon, 14 Oct 2024 14:47:18 GMT\r\nDate: Mon, 14 Oct 2024 11:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"55ba07a71a62bbad2ddcc748da0561df","sha1":"93e163eae818fff5965c4e08f77a30009a4c85d4","sha256":"dd3368b109660e2ad4d41e0454b8a57636c39b539e9e20da7cebffdb1ed3eb09","sha512":"ffba71a465813fcb2a35fd14719d0e693ae7f5b69d838abde88a0b159aff1aa4d1f16de3a9d681cd771d1eb87f492dbdabed73c7e8b93336c6dabbdf3d62a2fc","ssdeep":"","tlshash":"f9f00e5721f1fa1267f809057eb2de370e24afae360c65c206c84ff66852bf9d10881a","first_seen":"2024-10-14T08:49:13.313976Z","last_seen":"2024-10-14T14:16:26.621911Z","times_seen":2270,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.176","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:40.314311898Z","timestamp":1728903880314,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8B02810ECC47D5F71219990370D9538BFFF6E45C5FF895E7A3C60392423C5ADB\"\r\nLast-Modified: Sat, 12 Oct 2024 08:15:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13598\r\nExpires: Mon, 14 Oct 2024 14:51:18 GMT\r\nDate: Mon, 14 Oct 2024 11:04:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0047c90c620c7ae5d6e899dbcd92d7f9","sha1":"b40765060b59aa1231b7e4c552c7657c957a505e","sha256":"8b02810ecc47d5f71219990370d9538bfff6e45c5ff895e7a3c60392423c5adb","sha512":"3bfce57c46f25b72e75082b2b1c77e10307f154fce4ed16165c524440682111a59a9ea79beceee72bffd2797754aa76038d78fa618bf05492bbdcb24f6613ff1","ssdeep":"","tlshash":"6af0548612e639a073730726bc38ee2ebc33a9ad748a125121c383b03811bf843cc05d","first_seen":"2024-10-12T10:17:26Z","last_seen":"2024-10-14T14:16:26.622764Z","times_seen":14152,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"184.51.252.176","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:40.603501781Z","timestamp":1728903880603,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5438EE24C6B0170E7FA46E12C21B8A3BAC1EB29BC86B1810A267DD3C72EA95AE\"\r\nLast-Modified: Mon, 14 Oct 2024 06:24:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13318\r\nExpires: Mon, 14 Oct 2024 14:46:38 GMT\r\nDate: Mon, 14 Oct 2024 11:04:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7d3f40edab25e8d6b700410399e281dd","sha1":"5abaaed5e9ea61626fd4d67b7c817195302b43a8","sha256":"5438ee24c6b0170e7fa46e12c21b8a3bac1eb29bc86b1810a267dd3c72ea95ae","sha512":"14e9e79733fcb18f467994a11465284192cd1753a65898b27dedec4bfe04cb235a181a5c9362c490e8e6b5bf84797e071646da7a039e9eb6b5f7baca44e2720a","ssdeep":"","tlshash":"6af09ed60e8ab90567634f613821d525bdb0fae668d2a69657e013f1306affcb9c900c","first_seen":"2024-10-14T08:47:36.826639Z","last_seen":"2024-10-15T06:25:22.421078Z","times_seen":6645,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:42.371948245Z","timestamp":1728903882371,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"49A0D47BC68BECFB87EFB3D9271F71A04B3FB324F50BB793A9D012DBE3F0030E\"\r\nLast-Modified: Sat, 12 Oct 2024 11:02:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14694\r\nExpires: Mon, 14 Oct 2024 15:09:36 GMT\r\nDate: Mon, 14 Oct 2024 11:04:42 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"241105d8fc709e6bd1be3519f5b7866f","sha1":"fa41e9781f5c9c82f9a3feb36e44ed02216c1011","sha256":"49a0d47bc68becfb87efb3d9271f71a04b3fb324f50bb793a9d012dbe3f0030e","sha512":"45ac86b4cc2b756348e5864bd11b313562bcc125d62da720b4702bc392770c6839cf6cfbb40e5d625efb054f2891727d656e623f17dcbb77cddbfe209b5e26bb","ssdeep":"","tlshash":"60f0c90539247d5497aa86be8a90f02b29679ee428a142ca61e042e62c06bfe0688848","first_seen":"2024-10-13T01:25:03.891565Z","last_seen":"2024-10-14T19:59:47.395071Z","times_seen":5289,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-14T11:04:42.374091726Z","timestamp":1728903882374,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"49A0D47BC68BECFB87EFB3D9271F71A04B3FB324F50BB793A9D012DBE3F0030E\"\r\nLast-Modified: Sat, 12 Oct 2024 11:02:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14694\r\nExpires: Mon, 14 Oct 2024 15:09:36 GMT\r\nDate: Mon, 14 Oct 2024 11:04:42 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"241105d8fc709e6bd1be3519f5b7866f","sha1":"fa41e9781f5c9c82f9a3feb36e44ed02216c1011","sha256":"49a0d47bc68becfb87efb3d9271f71a04b3fb324f50bb793a9d012dbe3f0030e","sha512":"45ac86b4cc2b756348e5864bd11b313562bcc125d62da720b4702bc392770c6839cf6cfbb40e5d625efb054f2891727d656e623f17dcbb77cddbfe209b5e26bb","ssdeep":"","tlshash":"60f0c90539247d5497aa86be8a90f02b29679ee428a142ca61e042e62c06bfe0688848","first_seen":"2024-10-13T01:25:03.891565Z","last_seen":"2024-10-14T19:59:47.395071Z","times_seen":5289,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"xmsecu.com","domain":"xmsecu.com","tld":"com"},"ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-14T11:04:40.504Z","timestamp":1728903880504,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /ocx/NewActive.exe HTTP/1.1\r\nHost: xmsecu.com:8080\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 14 Oct 2024 11:04:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 5069003\r\nLast-Modified: Mon, 13 Feb 2023 12:57:37 GMT\r\nConnection: keep-alive\r\nETag: \"63ea33c1-4d58cb\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5069003,"size_decoded":5069003,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"48646c40120925c774754e5de36c33cc","sha1":"35b7cf02001365714a75861809ba59c462e253d8","sha256":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","sha512":"be32a77b95ff16593412d08f01940d96aea2c14e3840e0fae51643c6e493092f9ba69f0af48ed47f812daa2abf48ad25c61a2afa67394d22822b050b17c1a228","ssdeep":"98304:O06FOznLo0+Dd6uxcr1N5njt2hlTziny/MzEm3B2+4VmDb55d:O3F6n80W6uGrth4Jz/OEG4eb1","tlshash":"4e362347f283d4b1d5a601b408669b724a756c3283bad5e76fd0396e9e303d0eb3364b","first_seen":"2023-06-13T04:18:19Z","last_seen":"2024-10-21T04:17:35.813752Z","times_seen":82,"resource_available":false,"data":null}},"time_used":4020,"timings":{"blocked":337,"dns":37,"connect":311,"send":0,"wait":295,"receive":3040,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"Mnemonic Secure DNS","scan_date":"2024-10-14","alert":"Sinkholed","trigger":"xmsecu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-14","alert":"Sinkholed","trigger":"xmsecu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-14","alert":"Scan result 2/73","trigger":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","meta":null}],"urlquery":null}}]}