{"report_id":"42fa7de9-b7d3-4ab5-bea9-2f1da7c280d4","version":6,"status":"done","tags":[],"date":"2023-12-06T19:14:35Z","url":{"schema":"http","addr":"redstir420.000webhostapp.com/hello.zip","fqdn":"redstir420.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":0,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T08:48:59Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"redstir420.000webhostapp.com","ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"domain_registered":"2016-05-11","domain_rank":0,"first_seen":"2023-11-24 06:02:52","last_seen":"2023-12-04 15:19:04","alert_count":0,"request_count":1,"received_data":7279740,"sent_data":504,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f221aab4b0495eb7d5495e624026edb4","sha1":"91fee4bf2e7f03da63a9147c60931637d30db851","sha256":"990be090dadceba8325f99c80256a4abfa89f550180b9df6583e872ecb963973","sha512":"19cbb53c5883912876253a123a8544f0aa9f8659273cbd1ef5682529a0b3c5e6dcbc6c479da476510bca428ea30205c7e9473f5b726106ddb98926dd4e7f7094","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate\\012- data","size":7279416,"url":{"schema":"https","addr":"redstir420.000webhostapp.com/hello.zip","fqdn":"redstir420.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-06T19:14:22Z","timestamp":1701890062,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54809,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)","source":"{\"timestamp\":\"2023-12-06T19:14:22.608286+0000\",\"flow_id\":1140437432551454,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.18\",\"src_port\":54809,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026657,\"rev\":4,\"signature\":\"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)\",\"category\":\"Not Suspicious Traffic\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_03_16\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":11597,\"rrname\":\"redstir420.000webhostapp.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-06T19:14:22.608286+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-06T19:14:22Z","timestamp":1701890062,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47129,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)","source":"{\"timestamp\":\"2023-12-06T19:14:22.608590+0000\",\"flow_id\":1269969351231822,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.18\",\"src_port\":47129,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026657,\"rev\":4,\"signature\":\"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)\",\"category\":\"Not Suspicious Traffic\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_03_16\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":1151,\"rrname\":\"redstir420.000webhostapp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-06T19:14:22.608590+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"redstir420.000webhostapp.com/hello.zip","fqdn":"redstir420.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-06T19:14:22.653Z","timestamp":1701890062653,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.000webhostapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 11 Jul 2023 00:00:00 GMT","end":"Sat, 10 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"B0:57:03:97:AE:15:06:79:FC:86:0E:E2:79:B6:B0:9D:37:04:A5:49","sha256":"DC:E0:EF:18:CB:FE:D1:75:E2:C0:0F:A9:B9:CE:33:ED:90:54:D3:74:A6:3D:47:1D:06:AB:B5:0F:CE:CE:51:C8"}}},"request":{"raw":"GET /hello.zip HTTP/1.1\r\nHost: redstir420.000webhostapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 06 Dec 2023 19:14:16 GMT\r\ncontent-type: application/zip\r\ncontent-length: 7279416\r\nlast-modified: Sun, 03 Dec 2023 01:08:42 GMT\r\naccept-ranges: bytes\r\nserver: awex\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-request-id: 4d57f5ecd99659e7dee2f99ff5b44a3a\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7279416,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate\\012- data","md5":"f221aab4b0495eb7d5495e624026edb4","sha1":"91fee4bf2e7f03da63a9147c60931637d30db851","sha256":"990be090dadceba8325f99c80256a4abfa89f550180b9df6583e872ecb963973","sha512":"19cbb53c5883912876253a123a8544f0aa9f8659273cbd1ef5682529a0b3c5e6dcbc6c479da476510bca428ea30205c7e9473f5b726106ddb98926dd4e7f7094","ssdeep":"196608:ypa5RVkS+Lyv9u8kN37uBjKf86+BLpd6z+qE8D2mJ:ypWRVkVLyMpCJ36+ZG4m","tlshash":"177633cd940ef72358577be1e4807e6482b1743b9d96312f88338cf1a26b8d94be7469","first_seen":"2023-12-03T20:23:04Z","last_seen":"2024-08-20T16:54:35.978883Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2897,"timings":{"blocked":263,"dns":0,"connect":123,"send":0,"wait":125,"receive":2241,"ssl":141},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}