{"report_id":"2a24b113-97e5-498a-b3d8-cc825dca17df","version":6,"status":"done","tags":[],"date":"2024-06-25T07:12:33Z","url":{"schema":"http","addr":"mdx.dcs.renault.com/mdx/RBox/docs/RBOXInfo.exe","fqdn":"mdx.dcs.renault.com","domain":"renault.com","tld":"com"},"ip":{"addr":"193.194.134.81","port":0,"asn":8528,"as":"Renault SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T12:09:52Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-06-24 18:13:10","alert_count":0,"request_count":5,"received_data":4437,"sent_data":1635,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mdx.dcs.renault.com","ip":{"addr":"193.194.134.81","port":443,"asn":8528,"as":"Renault SAS","country":"France","country_code":"FR"},"domain_registered":"1994-11-22","domain_rank":0,"first_seen":"2017-02-02 07:28:10","last_seen":"2020-02-13 17:20:05","alert_count":1,"request_count":1,"received_data":6883569,"sent_data":500,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"38dd16107e6aa78db067870d729cde3f","sha1":"b97d88bdb096423c8698a42fa55010ebda27738e","sha256":"db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","sha512":"937dc45a9e995a6886bcfecc8cc53a3b5cf1e8c830323f0825782df5e51f7a203f6318b6ed7c6c464f2375f2f9400cdf1bdac6663c63236d1c4db611faf5cbf0","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":6883280,"url":{"schema":"https","addr":"mdx.dcs.renault.com/mdx/RBox/docs/RBOXInfo.exe","fqdn":"mdx.dcs.renault.com","domain":"renault.com","tld":"com"},"ip":{"addr":"193.194.134.81","port":443,"asn":8528,"as":"Renault SAS","country":"France","country_code":"FR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-06-25","alert":"Scan result 3/72","trigger":"db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","verdict":"suspicious","severity":"","comment":"suspicious - 3/72","link":"https://www.virustotal.com/gui/file/db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-25T07:12:06.281096558Z","timestamp":1719299526281,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F661A4C5B81EDB82EC095D2D50B655E19536630577352B6ABBFC3962ADF3454C\"\r\nLast-Modified: Sun, 23 Jun 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7892\r\nExpires: Tue, 25 Jun 2024 09:23:38 GMT\r\nDate: Tue, 25 Jun 2024 07:12:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"116d4d1edb43ea3783c92812f245f108","sha1":"02c09fc6450c50f5d2f7f6162fed01cf2c4bf6b8","sha256":"f661a4c5b81edb82ec095d2d50b655e19536630577352b6abbfc3962adf3454c","sha512":"f0a634e57794959630347a12281aea2ee67104b5287a3c468e491da7421b1deb933a82170f98525872fe67647b70b9536ed0249204107c19e10188bbdf38a37f","ssdeep":"","tlshash":"79f0057d017a7751f224151529e8d6645e40de953d0517a1b56010d3b026ffd4190089","first_seen":"2024-06-23T05:49:43Z","last_seen":"2024-08-19T19:08:18.438208Z","times_seen":25208,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-25T07:12:06.552495999Z","timestamp":1719299526552,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D01CB238CF68EFECDCE74166A560DCF6989862AB6ADF726A764DEABB4F8EF017\"\r\nLast-Modified: Mon, 24 Jun 2024 23:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7970\r\nExpires: Tue, 25 Jun 2024 09:24:56 GMT\r\nDate: Tue, 25 Jun 2024 07:12:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a0df476aabc83408676a1db571e8e885","sha1":"a8522ed457ae3e068d543d0c52e3d041a14e8f72","sha256":"d01cb238cf68efecdce74166a560dcf6989862ab6adf726a764deabb4f8ef017","sha512":"542c9ba9d6eb79c8effe2628831c14e35c9734fe921188efd7d5853a2c0aae6e8eb5222a449893aa0361528dc4d2319dc28de6ed80ed8983cf967a171a1a5db4","ssdeep":"","tlshash":"9ef0055b23e2bd84b2b43f453ca6d71067046de43d08c1ece0d8d28734467fb4185414","first_seen":"2024-06-25T03:17:19Z","last_seen":"2024-08-19T18:59:50.373817Z","times_seen":2603,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-25T07:12:06.620491145Z","timestamp":1719299526620,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D4178B58A3BA98404F5136DD600E8EE69CD3A669237D75CB632C1234EF647CBC\"\r\nLast-Modified: Mon, 24 Jun 2024 16:21:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2773\r\nExpires: Tue, 25 Jun 2024 07:58:19 GMT\r\nDate: Tue, 25 Jun 2024 07:12:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b759b7db0b1e744941c094170ce2d69d","sha1":"455ac12d34df1d589a07c8e8c6403be6484d0a04","sha256":"d4178b58a3ba98404f5136dd600e8ee69cd3a669237d75cb632c1234ef647cbc","sha512":"a688cb1e2951301a14cff0c187bf534aaf7bc90d5868413f59d899e4b00e2d2ccd5417f01d4e0644bc73b1f3dc854486dc76a201efbc365a2b74c32c9c5e5b51","ssdeep":"","tlshash":"c4f00e5336b2be8005592b0a3849d627ad20abfcf00024cac8a063d155f6bfe9bc044e","first_seen":"2024-06-25T04:03:28Z","last_seen":"2024-08-19T18:59:41.647539Z","times_seen":3027,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mdx.dcs.renault.com/mdx/RBox/docs/RBOXInfo.exe","fqdn":"mdx.dcs.renault.com","domain":"renault.com","tld":"com"},"ip":{"addr":"193.194.134.81","port":443,"asn":8528,"as":"Renault SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-25T07:12:06.999Z","timestamp":1719299526999,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mdx.dcs.renault.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 09 May 2024 00:00:00 GMT","end":"Fri, 23 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"71:E0:CC:FF:52:3C:4A:D2:CF:D4:B1:12:46:06:59:9B:FB:D6:78:88","sha256":"C8:3D:B1:72:C8:96:58:EF:AB:43:80:85:DE:AA:71:40:9A:D2:9D:86:5E:DD:77:6C:97:6B:AE:4B:10:74:85:AB"}}},"request":{"raw":"GET /mdx/RBox/docs/RBOXInfo.exe HTTP/1.1\r\nHost: mdx.dcs.renault.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 25 Jun 2024 07:12:07 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 01 Mar 2024 14:10:21 GMT\r\nETag: \"6907d0-61299efc021fd\"\r\nAccept-Ranges: bytes\r\nContent-Length: 6883280\r\nContent-Type: application/x-msdownload\r\nKeep-Alive: timeout=5, max=300\r\nConnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6883280,"size_decoded":6883280,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"38dd16107e6aa78db067870d729cde3f","sha1":"b97d88bdb096423c8698a42fa55010ebda27738e","sha256":"db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","sha512":"937dc45a9e995a6886bcfecc8cc53a3b5cf1e8c830323f0825782df5e51f7a203f6318b6ed7c6c464f2375f2f9400cdf1bdac6663c63236d1c4db611faf5cbf0","ssdeep":"98304:PX+HwEcjzYPVZ49yPSuHhcE8RtKH9Q9Ddm9/dq/0Q0890SmVGS:POHLcjzxT3K9sdmnQp70","tlshash":"f46633603bc44d2adefb07f06ab68a61033a7f51a176e79d2dd47c9e22b7b818111743","first_seen":"2024-06-25T09:12:34Z","last_seen":"2024-08-19T18:58:36.194421Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1200,"timings":{"blocked":133,"dns":1,"connect":33,"send":0,"wait":41,"receive":884,"ssl":91},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-06-25","alert":"Scan result 3/72","trigger":"db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","verdict":"suspicious","severity":"","comment":"suspicious - 3/72","link":"https://www.virustotal.com/gui/file/db8a40cf154f33681a0450da70f36647f301bd208d884ce56582fb01f9ded70e","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-25T07:12:09.11828159Z","timestamp":1719299529118,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11942\r\nExpires: Tue, 25 Jun 2024 10:31:10 GMT\r\nDate: Tue, 25 Jun 2024 07:12:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-25T07:12:09.119127316Z","timestamp":1719299529119,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11942\r\nExpires: Tue, 25 Jun 2024 10:31:10 GMT\r\nDate: Tue, 25 Jun 2024 07:12:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}