{"report_id":"2a88f0a4-d905-472a-9051-8ed9d05d8ca4","version":6,"status":"done","tags":[],"date":"2023-08-11T16:54:18Z","url":{"schema":"http","addr":"188.170.171.134/login/","fqdn":"188.170.171.134","domain":"188.170.171.134","tld":""},"ip":{"addr":"188.170.171.134","port":0,"asn":31163,"as":"PJSC MegaFon","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"188.170.171.134/login/","fqdn":"188.170.171.134","domain":"188.170.171.134","tld":"134"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T09:22:25Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"188.170.171.134","ip":{"addr":"188.170.171.134","port":0,"asn":31163,"as":"PJSC MegaFon","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":1952,"sent_data":743,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-08-11","alert":"Sinkholed","trigger":"188.170.171.134","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-08-11","alert":"Sinkholed","trigger":"188.170.171.134","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"188.170.171.134/login/","fqdn":"188.170.171.134","domain":"188.170.171.134","tld":"134"},"ip":{"addr":"188.170.171.134","port":0,"asn":31163,"as":"PJSC MegaFon","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-08-11T16:53:57.178Z","timestamp":1691772837178,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /login/ HTTP/1.1\r\nHost: 188.170.171.134\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.17.9\r\nDate: Fri, 11 Aug 2023 16:54:01 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":153,"size_decoded":0,"mime_type":"","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with CRLF line terminators","md5":"3d4d4e2662889fcaa1eb520e6b5b1466","sha1":"1266c1e4f8e4a3a1fb7db08077c9f82d282ad572","sha256":"97d3c80540771522dbe65d2e59be3c80197eb9d62fb35861261f5e10ba9fefad","sha512":"980777242c2de8a48b00e231da388f8ef9d6734d88a411f89fdf9146fec35704c65a1f875cf6e9cf4e70a7aacbca9d3190781f7681e968a221603a2a43f240f0","ssdeep":"","tlshash":"45c02b6d36137c4cc5a3357422c3b090c0c6933764fa41120400840371cf2998ec339b","first_seen":"2023-05-06T09:01:04Z","last_seen":"2026-04-05T06:41:01.312388Z","times_seen":18,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":108,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-08-11","alert":"Sinkholed","trigger":"188.170.171.134","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"188.170.171.134/favicon.ico","fqdn":"188.170.171.134","domain":"188.170.171.134","tld":"134"},"ip":{"addr":"188.170.171.134","port":80,"asn":31163,"as":"PJSC MegaFon","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://188.170.171.134/login/","date":"2023-08-11T16:53:57.890Z","timestamp":1691772837890,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 188.170.171.134\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://188.170.171.134/login/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.17.9\r\nDate: Fri, 11 Aug 2023 16:54:01 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1406\r\nLast-Modified: Wed, 14 Sep 2022 09:29:08 GMT\r\nConnection: keep-alive\r\nETag: \"63219ee4-57e\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 255 colors\\012- data","md5":"17507f45a0880a0d85a20761392c29a7","sha1":"a4705938266ff38731e25e3ebf5aa45b7419c6c0","sha256":"fef110b17f1dd44567253abe96ccef9306c829c9da6141f676a0c0a4f3ddce7f","sha512":"fc14efe5d430f7c6224633ad36183df63b786d5eac1f4bfdd1ce8e570f22b8d01a1530f0585f3badf193ca8a0ad2eb395acc2de86c66063c7e34a5bb04e6b2be","ssdeep":"","tlshash":"","first_seen":"2023-08-11T18:54:24Z","last_seen":"2023-08-12T05:58:51Z","times_seen":2,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":140,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-08-11","alert":"Sinkholed","trigger":"188.170.171.134","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}