{"report_id":"33722d9a-bb5e-4fcc-bdcc-ed6962f5e0dc","version":6,"status":"done","tags":[],"date":"2025-11-22T16:37:28Z","url":{"schema":"http","addr":"154.6.197.44/bin/Polar.x86","fqdn":"154.6.197.44","domain":"154.6.197.44","tld":""},"ip":{"addr":"154.6.197.44","port":0,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":4657,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"68744c237305efbcc529630639a41a4e","sha1":"67a04a133a92f0f08272e702165ac6666db0911f","sha256":"eaf7416b63d0a12774d655348e38a229eae601124ee077f5558a5caa0c369a3d","sha512":"ad0f27f46f426f17365d9e1256562a177c3239bc035f77a34c5748459ee67fda5319b28fdf95777c79ad19a0e4048e61a3ee1a686267ccc9fffba90dc2cda9ad","ssdeep":"96:AMDFs1Bx1U3b61j1XB7gx10UFZV2WOzCBTjl22D+i8kDNLerlS:n561FpEmULV2jUjM2D+z0sJS","tlshash":"00a143a944f0663b189392a5e9c1bf57af816607cb8d69807baf40f31fc7d54886f10d","dom_hash":"domhash0f75e96bbe12b34f36b59d8eab215780","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"154.6.197.44/bin/Polar.x86","fqdn":"154.6.197.44","domain":"154.6.197.44","tld":""},"ip":{"addr":"154.6.197.44","port":0,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-27T16:37:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO x86 File Download Request from IP Address","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025126,\"rev\":3,\"signature\":\"ET INFO x86 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_12_05\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .x86","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032924,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .x86\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"IoT\",\"Linux\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_05_10\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_10\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:07Z","timestamp":1763829427,"ip_dst":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-11-22T16:37:07.271537+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.6.197.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":40450,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":50417},\"files\":[{\"filename\":\"/bin/Polar.x86\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":50417,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":41,\"bytes_toserver\":3148,\"bytes_toclient\":59186,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-11-22","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"clamav","sensor_type":"antivirus","title":"ClamAV","description":"ClamAV","scan_date":"2025-11-22","alert":"Unix.Dropper.Mirai-7135858-0","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malicious","severity":"medium","comment":"","link":"https://www.clamav.net/","meta":null}],"urlquery":null},"summary":[{"fqdn":"154.6.197.44","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":9,"request_count":2,"received_data":53191,"sent_data":904,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"dfe08de9e9abbc255050011f222d7b0e","sha1":"0e6a2f00e12b8eed62290b0d5e8dfc9e787a6c8d","sha256":"93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","sha512":"0c8b78c52d4632104d21d54a88f3be2dbfa00f9bca95c66a9c400bda246ac3a19e7b8773092ad6d3c81bb638800ada3c1739d1db382c51963c9a016db466e622","magic":"ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)","size":52928,"url":{"schema":"http","addr":"154.6.197.44/bin/Polar.x86","fqdn":"154.6.197.44","domain":"154.6.197.44","tld":""},"ip":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-11-22","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"virustotal","sensor_type":"file","title":"VirusTotal","description":"VirusTotal","scan_date":"2025-11-20","alert":"Scan result 27/65","trigger":"93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","verdict":"malicious","severity":"","comment":"malicious - 27/65","link":"https://www.virustotal.com/gui/file/93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","meta":null},{"sensor_name":"clamav","sensor_type":"antivirus","title":"ClamAV","description":"ClamAV","scan_date":"2025-11-22","alert":"Unix.Dropper.Mirai-7135858-0","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malicious","severity":"medium","comment":"","link":"https://www.clamav.net/","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"154.6.197.44/bin/Polar.x86","fqdn":"154.6.197.44","domain":"154.6.197.44","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T16:37:05.745Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bin/Polar.x86 HTTP/1.1\r\nHost: 154.6.197.44\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T18:38:10.932347Z","times_seen":15447864,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":139,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO x86 File Download Request from IP Address","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025126,\"rev\":3,\"signature\":\"ET INFO x86 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_12_05\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .x86","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032924,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .x86\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"IoT\",\"Linux\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_05_10\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_10\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:07Z","timestamp":1763829427,"ip_dst":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-11-22T16:37:07.271537+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.6.197.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":40450,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":50417},\"files\":[{\"filename\":\"/bin/Polar.x86\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":50417,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":41,\"bytes_toserver\":3148,\"bytes_toclient\":59186,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"154.6.197.44/bin/Polar.x86","fqdn":"154.6.197.44","domain":"154.6.197.44","tld":""},"ip":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T16:37:06.041Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bin/Polar.x86 HTTP/1.1\r\nHost: 154.6.197.44\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 22 Nov 2025 16:37:06 GMT\r\nServer: Apache/2.4.58 (Ubuntu)\r\nLast-Modified: Sat, 22 Nov 2025 11:29:23 GMT\r\nETag: \"cec0-6442d3de68ac0\"\r\nAccept-Ranges: bytes\r\nContent-Length: 52928\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":52928,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)","md5":"dfe08de9e9abbc255050011f222d7b0e","sha1":"0e6a2f00e12b8eed62290b0d5e8dfc9e787a6c8d","sha256":"93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","sha512":"0c8b78c52d4632104d21d54a88f3be2dbfa00f9bca95c66a9c400bda246ac3a19e7b8773092ad6d3c81bb638800ada3c1739d1db382c51963c9a016db466e622","ssdeep":"1536:U2bgyKRrB1Q1qgWvhe1rDjODj7r3o9rwhQRDVgnouy8tyH:UxR/Q6uqDj7IVDeouti","tlshash":"4233f131856b1289e23c513d04aef71e04c9742ba74d81f783e8919fa5effa9292418b","first_seen":"2025-11-22T16:37:32.560505Z","last_seen":"2025-11-22T16:37:32.560505Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1520,"timings":{"blocked":133,"dns":0,"connect":135,"send":0,"wait":136,"receive":1116,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO x86 File Download Request from IP Address","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025126,\"rev\":3,\"signature\":\"ET INFO x86 File Download Request from IP Address\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"IoT\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_12_05\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:06Z","timestamp":1763829426,"ip_dst":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET HUNTING Suspicious GET Request for .x86","source":"{\"timestamp\":\"2025-11-22T16:37:06.309780+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":40450,\"dest_ip\":\"154.6.197.44\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032924,\"rev\":1,\"signature\":\"ET HUNTING Suspicious GET Request for .x86\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"IoT\",\"Linux\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_05_10\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_10\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":4682,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-22T16:37:07Z","timestamp":1763829427,"ip_dst":{"addr":"172.18.0.7","port":40450,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.6.197.44","port":80,"asn":60707,"as":"Kapteyan Bilisim Teknolojileri Sanayi ve Ticaret A.S","country":"United States","country_code":"US"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download Over HTTP","source":"{\"timestamp\":\"2025-11-22T16:37:07.271537+0000\",\"flow_id\":852623598196521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.6.197.44\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":40450,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\",\"ET.ELFDownload\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2019240,\"rev\":14,\"signature\":\"ET POLICY Executable and linking format (ELF) file download Over HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2014_09_25\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_12\"]}},\"http\":{\"hostname\":\"154.6.197.44\",\"url\":\"/bin/Polar.x86\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":50417},\"files\":[{\"filename\":\"/bin/Polar.x86\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":50417,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":41,\"bytes_toserver\":3148,\"bytes_toclient\":59186,\"start\":\"2025-11-22T16:37:06.038697+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-11-22","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"virustotal","sensor_type":"file","title":"VirusTotal","description":"VirusTotal","scan_date":"2025-11-20","alert":"Scan result 27/65","trigger":"93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","verdict":"malicious","severity":"","comment":"malicious - 27/65","link":"https://www.virustotal.com/gui/file/93a1c252d10d76024a5d488f92658d0f9cd32dc0ad90ed9ed64b26bcb93194ca","meta":null},{"sensor_name":"clamav","sensor_type":"antivirus","title":"ClamAV","description":"ClamAV","scan_date":"2025-11-22","alert":"Unix.Dropper.Mirai-7135858-0","trigger":"154.6.197.44/bin/Polar.x86","verdict":"malicious","severity":"medium","comment":"","link":"https://www.clamav.net/","meta":null}],"urlquery":null}}]}