{"report_id":"1e62755f-4f58-4d7c-906b-b17d3948274e","version":6,"status":"done","tags":[],"date":"2023-11-14T17:51:39Z","url":{"schema":"http","addr":"61.220.103.186/","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":""},"ip":{"addr":"61.220.103.186","port":0,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"final":{"url":{"schema":"http","addr":"61.220.103.186/","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"title":"TurboMeeting Video Conferencing \u0026 Remote Support Server"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T13:53:09Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.totalswiss.com.tw","ip":{"addr":"61.220.103.184","port":443,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2016-01-26 23:02:20","last_seen":"2023-08-14 13:28:48","alert_count":0,"request_count":2,"received_data":48463,"sent_data":794,"comment":"","tags":null,"fingerprints":null},{"fqdn":"61.220.103.186","ip":{"addr":"61.220.103.186","port":0,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2022-11-26 06:32:18","last_seen":"2022-11-26 06:32:18","alert_count":6,"request_count":6,"received_data":20026,"sent_data":2109,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.rhubcom.cn","ip":{"addr":"115.159.124.94","port":80,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2012-06-25","domain_rank":0,"first_seen":"2015-02-04 05:05:50","last_seen":"2023-11-02 05:06:26","alert_count":0,"request_count":1,"received_data":8935,"sent_data":354,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"61.220.103.186/","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":0,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-14T17:51:21.948Z","timestamp":1699984281948,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 15 Nov 2023 01:51:23 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nContent-Type: text/html\r\nContent-Length: 8124\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":8124,"size_decoded":0,"mime_type":"","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"943145d4272452cc0eca2143feeccc55","sha1":"3f56924017342c0d05b8fab560e96a33f8cbee43","sha256":"e9b9690e55b86c23bbe11b59f40fef6236edb97097e8185262b0231cf5d3a4fa","sha512":"3d84a1fcfdc1cc425fa81114ef5a8728b8b14dbcf8022eea1fd9fd8aa78ea84ece639616cc2412c3c228ad192f527d81382cd9c425df2bdd36bf0055469aaaed","ssdeep":"96:ovKFaj/jrySdKHyl4r/WEC8ieE22KCvTEoZTEozTEJTEwe4w0l1WC1:9UjboyiWV8ie/2KCrxFxHYxp9","tlshash":"36f1481475f0379d64109a20eb603eaf4ea160bba3434d40b80fbabe5fa95e7507736d","first_seen":"2023-11-14T18:51:47Z","last_seen":"2023-11-24T23:10:54Z","times_seen":5,"resource_available":false,"data":null}},"time_used":884,"timings":{"blocked":0,"dns":0,"connect":298,"send":0,"wait":0,"receive":0,"ssl":583},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"61.220.103.186/as/style/general1.css","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":80,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:23.976Z","timestamp":1699984283976,"http_version":"HTTP/1.0","security_state":"insecure","security_info":null,"request":{"raw":"GET /as/style/general1.css HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nDate: Wed, 15 Nov 2023 01:51:24 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Type: text/css\r\nLast-Modified: Sun, 30 Aug 2020 11:16:09 GMT\r\nContent-Length: 3460\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3460,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2f0ecdf809c7017718abbb01205da461","sha1":"b6ead3a4de3cbe67bb424ca850f60c8c78f39197","sha256":"e71f8c346808f7097388adf14acc78f5854a52a9b8bc95b8570a3b27db072e77","sha512":"dc1b98c8f2abb65584ce664ca95db9a17a0258debeef09e0c569b3484caaf156e691653636d4c3070b168355e3d8589b23959b217538d219b666dde6ba388b85","ssdeep":"","tlshash":"a7616413fa461746f117e89af307bed1a70da94b809f8f60789d7b58cf814e0056072d","first_seen":"2023-07-05T03:55:40Z","last_seen":"2024-12-13T16:06:20.553455Z","times_seen":4,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"61.220.103.186/image/join.png","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":80,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:23.980Z","timestamp":1699984283980,"http_version":"HTTP/1.0","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/join.png HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nDate: Wed, 15 Nov 2023 01:51:24 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Type: image/png\r\nLast-Modified: Sun, 30 Aug 2020 11:16:09 GMT\r\nContent-Length: 3280\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3280,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 37 x 38, 8-bit/color RGBA, non-interlaced\\012- data","md5":"a44cdcaac1910da41d6bc7f3499b4fed","sha1":"088cb56aa938cae965f3547a5b4dc0989b4026b6","sha256":"d1f2329c14a05ef5c4e04edac77a95b40cc7eaf0869a8e330ac31bfa8980df8d","sha512":"86499c2a9348fdecd7637b7684584c0f55164419a7a6bdc03798df97162c9beeea61fcf93d80e25fa6552e7bfd869014b9590935794798b61555bf71c79377a5","ssdeep":"","tlshash":"01615ca03268128ccd035264ff42875392ce8f602e261997e81f6d3127b499e51ba74d","first_seen":"2023-07-05T03:55:40Z","last_seen":"2024-08-20T19:37:55.582585Z","times_seen":3,"resource_available":false,"data":null}},"time_used":573,"timings":{"blocked":287,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"61.220.103.186/image/host.png","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":80,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:23.982Z","timestamp":1699984283982,"http_version":"HTTP/1.0","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/host.png HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nDate: Wed, 15 Nov 2023 01:51:24 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Type: image/png\r\nLast-Modified: Sun, 30 Aug 2020 11:16:09 GMT\r\nContent-Length: 3061\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3061,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 37 x 38, 8-bit/color RGBA, non-interlaced\\012- data","md5":"82f2334fd70d0c6dd6ecc5e7f267336e","sha1":"40051a4aafef856b258816b307460c67ff7e776e","sha256":"fc152015b3370c70bd39aacce771a76663dad9fd8c272b73f9cbc5fc3c7ab8fe","sha512":"07eec37af8ac4d2c9dec0336ffe599b23d8f41721393a1e1702199addd8a45493089cb92c03ad649c12c2ac35fa6c84452528b1f1ca514ed5cb2e3fc598ddb02","ssdeep":"","tlshash":"73513ce434fd1ac1feea83216297c1b6889efe06c90e5426652d7aa050c9ed03c3991f","first_seen":"2023-07-05T03:55:40Z","last_seen":"2024-08-20T19:37:55.58332Z","times_seen":3,"resource_available":false,"data":null}},"time_used":877,"timings":{"blocked":285,"dns":0,"connect":297,"send":0,"wait":293,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"61.220.103.186/image/indicator.jpg","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":80,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:23.983Z","timestamp":1699984283983,"http_version":"HTTP/1.0","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/indicator.jpg HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nDate: Wed, 15 Nov 2023 01:51:24 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 30 Aug 2020 11:16:09 GMT\r\nContent-Length: 711\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":711,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: \"LEAD Technologies Inc. V1.01\", baseline, precision 8, 10x9, components 3\\012- data","md5":"43f3a7ebd2c2ec39654481a258f5474f","sha1":"9daf298e8972556933e389c7b39decfd58a3b418","sha256":"ef852c1762e72c10369974a149a16f1c652829e1118619f687263570ba5c0fda","sha512":"26df8bc4b2f231ee81b9d8f0a1b3134ef2b10288e21fd7161b972c94c530c883bba4b155e32f799f8716728e29361c452dfad36463edf9b0d49b37177317730b","ssdeep":"","tlshash":"3501686a7b028280cc1391bf4e1a13bfe1ced6813c51c9453e6205f5ceb1dc9918db5c","first_seen":"2023-07-05T03:55:40Z","last_seen":"2024-08-20T19:37:55.584022Z","times_seen":3,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":284,"dns":0,"connect":300,"send":0,"wait":293,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.rhubcom.cn/image/RHUB-appliance.jpg","fqdn":"www.rhubcom.cn","domain":"rhubcom.cn","tld":"cn"},"ip":{"addr":"115.159.124.94","port":80,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:23.986Z","timestamp":1699984283986,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/RHUB-appliance.jpg HTTP/1.1\r\nHost: www.rhubcom.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 14 Nov 2023 17:51:24 GMT\r\nServer: Apache/2.4.23 (Win32)\r\nLast-Modified: Wed, 29 Nov 2017 22:49:19 GMT\r\nETag: \"21ca-55f26f21df9c0\"\r\nAccept-Ranges: bytes\r\nContent-Length: 8650\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8650,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x33, components 3\\012- data","md5":"c4a29644632c87c0c447c73e71628647","sha1":"a1062e97748d21f6ec5b8c25e5794a080383cb67","sha256":"9f3ac29efbf347a0bb476078e31e4f33b25bec3ac8f92cd26fd328445973d92a","sha512":"1b7d58895e35da19dc5797051f46ce5013d56991bba112df0439d23d0aec6b6ffe0c3cd34856ae8b6e04c5e00c195fd36d485b0289fcc25ef4ab58ef3cd1200e","ssdeep":"","tlshash":"","first_seen":"2023-11-14T18:51:47Z","last_seen":"2023-11-14T18:51:47Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1870,"timings":{"blocked":801,"dns":552,"connect":258,"send":0,"wait":258,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"61.220.103.186/favicon.ico","fqdn":"61.220.103.186","domain":"61.220.103.186","tld":"186"},"ip":{"addr":"61.220.103.186","port":80,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:25.157Z","timestamp":1699984285157,"http_version":"HTTP/1.0","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 61.220.103.186\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 404 Not Found\r\nDate: Wed, 15 Nov 2023 01:51:25 GMT\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Type: text/html\r\nLast-Modified: Sat, 06 Jun 1970 11:40:03 GMT\r\nContent-Length: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-14","alert":"Sinkholed","trigger":"61.220.103.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.totalswiss.com.tw/images/sharelogo.jpg","fqdn":"www.totalswiss.com.tw","domain":"totalswiss.com.tw","tld":"com.tw"},"ip":{"addr":"61.220.103.184","port":443,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:26.377Z","timestamp":1699984286377,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"totalswiss.com.tw","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 Sep 2023 16:21:43 GMT","end":"Fri, 22 Dec 2023 16:21:42 GMT"},"fingerprint":{"sha1":"E5:1B:F3:D4:EF:BB:F3:D4:56:9B:13:8F:6A:5C:E0:FC:50:6E:C7:BC","sha256":"EC:DE:9E:97:5A:89:E7:DF:2B:39:02:3C:65:F2:01:2D:D5:0F:FF:25:FE:AE:83:43:9B:DB:A7:A8:B6:19:CD:38"}}},"request":{"raw":"GET /images/sharelogo.jpg HTTP/1.1\r\nHost: www.totalswiss.com.tw\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://61.220.103.186/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Tue, 14 Nov 2023 17:51:26 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://www.totalswiss.com.tw/images/sharelogo.jpg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":162,"size_decoded":0,"mime_type":"image/jpeg","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with CRLF line terminators","md5":"4f8e702cc244ec5d4de32740c0ecbd97","sha1":"3adb1f02d5b6054de0046e367c1d687b6cdf7aff","sha256":"9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a","sha512":"21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f","ssdeep":"","tlshash":"0bc08cadab022cc8b8a73b3861c36160e2ec80701699451101b04a07f1cf1979ec23d1","first_seen":"2023-04-05T03:07:27Z","last_seen":"2025-10-21T23:58:19.216342Z","times_seen":131101,"resource_available":false,"data":null}},"time_used":2712,"timings":{"blocked":924,"dns":20,"connect":290,"send":0,"wait":287,"receive":577,"ssl":611},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.totalswiss.com.tw/images/sharelogo.jpg","fqdn":"www.totalswiss.com.tw","domain":"totalswiss.com.tw","tld":"com.tw"},"ip":{"addr":"61.220.103.184","port":443,"asn":3462,"as":"Data Communication Business Group","country":"Taiwan","country_code":"TW"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://61.220.103.186/","date":"2023-11-14T17:51:26.377Z","timestamp":1699984286377,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"totalswiss.com.tw","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 Sep 2023 16:21:43 GMT","end":"Fri, 22 Dec 2023 16:21:42 GMT"},"fingerprint":{"sha1":"E5:1B:F3:D4:EF:BB:F3:D4:56:9B:13:8F:6A:5C:E0:FC:50:6E:C7:BC","sha256":"EC:DE:9E:97:5A:89:E7:DF:2B:39:02:3C:65:F2:01:2D:D5:0F:FF:25:FE:AE:83:43:9B:DB:A7:A8:B6:19:CD:38"}}},"request":{"raw":"GET /images/sharelogo.jpg HTTP/1.1\r\nHost: www.totalswiss.com.tw\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://61.220.103.186/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 14 Nov 2023 17:51:27 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 47784\r\nlast-modified: Wed, 18 Jan 2023 10:46:50 GMT\r\netag: \"63c7ce1a-baa8\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":47784,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 512x512, components 3\\012- data","md5":"57d54e0442e090105ca75370dc14fffa","sha1":"cfaf5046c6546a3e523846291f896213c295e32a","sha256":"f891f303f925956aea5b79ca05d4a17206a315ff954f1f6355df969f24076bd2","sha512":"da2a35b8c21cfd960c1cd9a4f3f87c48e1a7ac2792d53efc355c80fc401993e0e41925bca773775c360e94a24c44195135f3b67b07fab79fac457d47108ec02a","ssdeep":"","tlshash":"","first_seen":"2023-11-14T18:51:47Z","last_seen":"2023-11-14T18:51:47Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2712,"timings":{"blocked":924,"dns":20,"connect":290,"send":0,"wait":287,"receive":577,"ssl":611},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}