{"report_id":"2eada1cd-9bdb-4fa8-88ff-581f3574652d","version":6,"status":"done","tags":[],"date":"2024-09-25T22:33:51Z","url":{"schema":"http","addr":"185.246.84.66/","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":""},"ip":{"addr":"185.246.84.66","port":0,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"https","addr":"185.246.84.66/","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":"66"},"title":"Request failed"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-07T07:39:48Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"185.246.84.66","ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2019-05-30 09:26:55","last_seen":"2024-03-22 11:55:24","alert_count":2,"request_count":2,"received_data":110492,"sent_data":887,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-25 18:12:29","alert_count":0,"request_count":1,"received_data":887,"sent_data":327,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"185.246.84.66/","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":"66"},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-25T22:33:21.714584425Z","timestamp":1727303601714,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"6DDBCC3388C5458C7BE8C867CBFF8D6AE16D588349605DB0C7B5996EA32DE452\"\r\nLast-Modified: Wed, 25 Sep 2024 19:04:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9900\r\nExpires: Thu, 26 Sep 2024 01:18:21 GMT\r\nDate: Wed, 25 Sep 2024 22:33:21 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e49ce6a2ffd1afe9fdb15fd32491f4c5","sha1":"7def7bdba49613d39e69a640fbe216a4ffee38cb","sha256":"6ddbcc3388c5458c7be8c867cbff8d6ae16d588349605db0c7b5996ea32de452","sha512":"c14cac66eb5d7e8f1f19552ac48f23116edb402ef81be4ca45d3c1cf737be5ff0152cb4df12ae6397e1f85439c16274f62fc236f7d7e48d4230dfb3f643b6e94","ssdeep":"","tlshash":"c6f005d226e17a0097f406766d7895331e0055ed3c7416d075d593f57970ffe4b0500c","first_seen":"2024-09-25T21:20:18Z","last_seen":"2024-09-28T07:42:28.800828Z","times_seen":4049,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"185.246.84.66/","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":"66"},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-25T22:33:21.960Z","timestamp":1727303601960,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iko-rmb.cpprx.info","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Sep 2024 00:00:00 GMT","end":"Fri, 13 Dec 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:E6:4A:1E:20:F0:BB:CC:3B:15:A8:CD:F7:59:60:5B:27:64:BC:0A","sha256":"A5:D0:F3:88:C2:E6:C7:15:07:69:A8:26:90:0E:DF:17:68:98:ED:2E:18:D9:7E:54:0C:FF:C9:84:66:33:73:D9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 500 Internal Server Error\r\nDate: Wed, 25 Sep 2024 22:33:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 9064\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=15768000; includeSubDomains\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":null,"data":{"size":9064,"size_decoded":9064,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3281)","md5":"b438ddea9d113da1e3ec33632867ace1","sha1":"cfb2913cff64bb782c7acabc20ff30b1dadf613f","sha256":"139ae8f63595f621cb2ad73e1c31571878eaaa63f2f0d5bb8314acfb405950f9","sha512":"de721a3b52b23b79b8d33781d502ca41ec5a75edcf1cbb58b425f474ce1890b37644177fce6e182470e3e319907586e2d699764a1e68d75089251941c1bdaa4c","ssdeep":"192:vCyIcIR11WlL9yJ8PEkeseaDWGg4GWY/YXb22CJnaQkYv9F4dI:zE14lL9yJnkORQe","tlshash":"7212392aede7184ab10364345357b7f07e36800b866bcc7a7eac7354ef8969149c178c","first_seen":"2024-09-28T07:39:51.032359Z","last_seen":"2024-09-28T07:39:51.032359Z","times_seen":1,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":81,"dns":0,"connect":31,"send":0,"wait":32,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"185.246.84.66/favicon.ico","fqdn":"185.246.84.66","domain":"185.246.84.66","tld":"66"},"ip":{"addr":"185.246.84.66","port":443,"asn":21409,"as":"Ikoula Net SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://185.246.84.66/","date":"2024-09-25T22:33:22.448Z","timestamp":1727303602448,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"iko-rmb.cpprx.info","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Sep 2024 00:00:00 GMT","end":"Fri, 13 Dec 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:E6:4A:1E:20:F0:BB:CC:3B:15:A8:CD:F7:59:60:5B:27:64:BC:0A","sha256":"A5:D0:F3:88:C2:E6:C7:15:07:69:A8:26:90:0E:DF:17:68:98:ED:2E:18:D9:7E:54:0C:FF:C9:84:66:33:73:D9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 185.246.84.66\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://185.246.84.66/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 25 Sep 2024 22:33:22 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 100919\r\nLast-Modified: Mon, 02 Aug 2021 12:50:09 GMT\r\nConnection: keep-alive\r\nETag: \"6107ea01-18a37\"\r\nStrict-Transport-Security: max-age=15768000; includeSubDomains\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":100919,"size_decoded":100919,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel","md5":"dffd9354b07b4b6fb78ef061376e5fd5","sha1":"6f80c3fe9c1ad984eb9bf588a4ebf005255a0643","sha256":"74d7e2196ace54d5845d6f2d3022ee1eaa635a067ad5974f68bf2554630ebca4","sha512":"f73c4cd76fdf5365c07d3d3092eb51dc35dcab011f3664ec4ed2b424d1110d06b0ad89761542e7d97b78cbbf5f9613d2d16e2b39375d5ffb4a86f247c6ab0c41","ssdeep":"48:1+4YSihT4leOnnnnnnny3333333lnnna///zuu3AAWnezP7n/:SPTvOnnnnnnnannn0uuCnwj/","tlshash":"83a3b35fe11c9227d1a9fb71b911f2caa6392ff4d73616016ba7667e8fde8040e70108","first_seen":"2023-05-04T00:21:13Z","last_seen":"2026-03-29T17:19:20.393712Z","times_seen":206,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-25","alert":"Sinkholed","trigger":"185.246.84.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}