{"report_id":"3ace6c61-c518-4d54-ad40-1a9c944d0a6b","version":6,"status":"done","tags":[],"date":"2024-11-29T21:06:49Z","url":{"schema":"http","addr":"93.127.200.211/a/08/150822/au/auout/anexo.zip","fqdn":"93.127.200.211","domain":"93.127.200.211","tld":""},"ip":{"addr":"93.127.200.211","port":0,"asn":47583,"as":"Hostinger International Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T21:06:49Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"93.127.200.211","ip":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-01-12T02:01:22Z","last_seen":"2023-02-15T18:40:08Z","alert_count":3,"request_count":1,"received_data":808,"sent_data":415,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"f6ca39e0d06b0e690d8af2799c64dcc4","sha1":"04ccd33c9b4e471e7a647f207889b4072cd58676","sha256":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","sha512":"d3af38eec9195c8caf52504b8e4a5b39ebb8d92dbce3e513912c9e3dca22195ae15ac9b4fb532b9250068788639bf3ee3e203f363cb4a92ba073c7e03361fff3","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":519,"url":{"schema":"http","addr":"93.127.200.211/a/08/150822/au/auout/anexo.zip","fqdn":"93.127.200.211","domain":"93.127.200.211","tld":""},"ip":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"archive":[{"path":"R8H8K2C5m9N2Y69957298262.html","filename":"R8H8K2C5m9N2Y69957298262.html","modified":"","Modified":"2024-11-28T12:50:26Z","magic":"HTML document, ASCII text, with CRLF line terminators","size":534,"md5":"56772e4ac5d4cd1b08dba36d94326a15","sha1":"6d7947a4b8c02b7ee2a0f01b01e04e72f7d8691b","sha256":"d9164091e035c8ee6e1540a591d76634f952ab47714a14f67d94c1b7ac5188b3","sha512":"f4f9f9a847a3f7ecca8e649bca8d830841d311b9d99fbfa3781288de8cdcaa3eeb4ab590b1ac7fdbdd324a6086e323dd34640070277d5d13af6ebc5835700752","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 2/65","trigger":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f6ca39e0d06b0e690d8af2799c64dcc4","sha1":"04ccd33c9b4e471e7a647f207889b4072cd58676","sha256":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","sha512":"d3af38eec9195c8caf52504b8e4a5b39ebb8d92dbce3e513912c9e3dca22195ae15ac9b4fb532b9250068788639bf3ee3e203f363cb4a92ba073c7e03361fff3","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":519,"url":{"schema":"http","addr":"93.127.200.211/a/08/150822/au/auout/anexo.zip","fqdn":"93.127.200.211","domain":"93.127.200.211","tld":""},"ip":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"archive":[{"path":"R8H8K2C5m9N2Y69957298262.html","filename":"R8H8K2C5m9N2Y69957298262.html","modified":"","Modified":"2024-11-28T12:50:26Z","magic":"HTML document, ASCII text, with CRLF line terminators","size":534,"md5":"56772e4ac5d4cd1b08dba36d94326a15","sha1":"6d7947a4b8c02b7ee2a0f01b01e04e72f7d8691b","sha256":"d9164091e035c8ee6e1540a591d76634f952ab47714a14f67d94c1b7ac5188b3","sha512":"f4f9f9a847a3f7ecca8e649bca8d830841d311b9d99fbfa3781288de8cdcaa3eeb4ab590b1ac7fdbdd324a6086e323dd34640070277d5d13af6ebc5835700752","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 2/65","trigger":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:06:24Z","timestamp":1732914384,"ip_dst":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.2","port":47056,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Dotted Quad Host ZIP Request","source":"{\"timestamp\":\"2024-11-29T21:06:24.872683+0000\",\"flow_id\":487138090080808,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":47056,\"dest_ip\":\"93.127.200.211\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost.zip\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027262,\"rev\":4,\"signature\":\"ET INFO Dotted Quad Host ZIP Request\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_04_23\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_04_08\"]}},\"http\":{\"hostname\":\"93.127.200.211\",\"url\":\"/a/08/150822/au/auout/anexo.zip\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":519},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":689,\"bytes_toclient\":1016,\"start\":\"2024-11-29T21:06:24.580136+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-29","alert":"Sinkholed","trigger":"93.127.200.211","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"93.127.200.211/a/08/150822/au/auout/anexo.zip","fqdn":"93.127.200.211","domain":"93.127.200.211","tld":""},"ip":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T21:06:24.580Z","timestamp":1732914384580,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /a/08/150822/au/auout/anexo.zip HTTP/1.1\r\nHost: 93.127.200.211\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 29 Nov 2024 21:06:24 GMT\r\nServer: Apache/2.4.58 (Ubuntu)\r\nLast-Modified: Thu, 28 Nov 2024 15:50:26 GMT\r\nETag: \"207-627fb0a755480\"\r\nAccept-Ranges: bytes\r\nContent-Length: 519\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":519,"size_decoded":519,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"f6ca39e0d06b0e690d8af2799c64dcc4","sha1":"04ccd33c9b4e471e7a647f207889b4072cd58676","sha256":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","sha512":"d3af38eec9195c8caf52504b8e4a5b39ebb8d92dbce3e513912c9e3dca22195ae15ac9b4fb532b9250068788639bf3ee3e203f363cb4a92ba073c7e03361fff3","ssdeep":"","tlshash":"2cf059a174ed100fda335672349162266a1a800db5c0da0f2889406e5b5b25dbf6c308","first_seen":"2024-11-29T21:06:50.335442Z","last_seen":"2024-11-29T21:06:50.335442Z","times_seen":1,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":146,"dns":0,"connect":146,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T21:06:24Z","timestamp":1732914384,"ip_dst":{"addr":"93.127.200.211","port":80,"asn":31400,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.2","port":47056,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Dotted Quad Host ZIP Request","source":"{\"timestamp\":\"2024-11-29T21:06:24.872683+0000\",\"flow_id\":487138090080808,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":47056,\"dest_ip\":\"93.127.200.211\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost.zip\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027262,\"rev\":4,\"signature\":\"ET INFO Dotted Quad Host ZIP Request\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_04_23\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_04_08\"]}},\"http\":{\"hostname\":\"93.127.200.211\",\"url\":\"/a/08/150822/au/auout/anexo.zip\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/zip\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":519},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":689,\"bytes_toclient\":1016,\"start\":\"2024-11-29T21:06:24.580136+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-11-29","alert":"Sinkholed","trigger":"93.127.200.211","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-29","alert":"Scan result 2/65","trigger":"47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/47e0ce6eb85a91cdf4077350b0cb123f87944da775b1285752551cb40d363af8","meta":null}],"urlquery":null}}]}