{"report_id":"45b0cc3c-01ad-4f2f-a7b1-593b23994597","version":6,"status":"done","tags":[],"date":"2025-10-18T09:28:38Z","url":{"schema":"http","addr":"www.amega.sk/update/updated.exe","fqdn":"www.amega.sk","domain":"amega.sk","tld":"sk"},"ip":{"addr":"37.9.175.189","port":0,"asn":51013,"as":"WebSupport s.r.o.","country":"Slovakia","country_code":"SK"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"http","addr":"www.amega.sk/update/updated.exe","fqdn":"www.amega.sk","domain":"amega.sk","tld":"sk"},"ip":{"addr":"37.9.175.189","port":0,"asn":51013,"as":"WebSupport s.r.o.","country":"Slovakia","country_code":"SK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-22T09:28:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"www.amega.sk","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.amega.sk","ip":{"addr":"37.9.175.189","port":443,"asn":51013,"as":"WebSupport s.r.o.","country":"Slovakia","country_code":"SK"},"domain_registered":"2006-10-26","domain_rank":0,"first_seen":"2015-04-29T07:47:01Z","last_seen":"2025-05-24T13:46:40.858814Z","alert_count":1,"request_count":1,"received_data":12244850,"sent_data":499,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"acd077eeb4bab4159329211648d99a46","sha1":"9f99dc6d6f40ba3c6521d6474f0195b1277c089b","sha256":"e56ffaebf61bbd0d734fd9c626704bb9165af4bdcd483b9d600b3106c5056b01","sha512":"0a5b784e37980aaa7831737eff053d3dd298a1feef46f2c91b7a70db1f89e32ee4a67d2aa7091188785dc5c8f1a3b9681fe953235b5896740f0809fa631b17fb","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":12244563,"url":{"schema":"https","addr":"www.amega.sk/update/updated.exe","fqdn":"www.amega.sk","domain":"amega.sk","tld":"sk"},"ip":{"addr":"37.9.175.189","port":443,"asn":51013,"as":"WebSupport s.r.o.","country":"Slovakia","country_code":"SK"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.amega.sk/update/updated.exe","fqdn":"www.amega.sk","domain":"amega.sk","tld":"sk"},"ip":{"addr":"37.9.175.189","port":443,"asn":51013,"as":"WebSupport s.r.o.","country":"Slovakia","country_code":"SK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T09:28:12.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.amega.sk","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 11:40:35 GMT","end":"Sun, 11 Jan 2026 11:40:34 GMT"},"fingerprint":{"sha1":"A1:F3:84:1F:5F:4B:1D:C5:27:59:11:6C:15:B4:6E:24:1B:62:C5:63","sha256":"57:F0:69:38:E4:F3:D6:BA:F1:F2:E2:6D:AD:CA:E1:DC:E9:2B:4E:95:13:42:F6:22:44:2A:00:52:0E:A2:73:6E"}}},"request":{"raw":"GET /update/updated.exe HTTP/1.1\r\nHost: www.amega.sk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sat, 18 Oct 2025 09:28:12 GMT\r\ncontent-type: application/x-msdownload\r\ncontent-length: 12244563\r\nlast-modified: Thu, 09 Oct 2025 12:15:35 GMT\r\netag: \"bad653-640b8c21bd64c\"\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12244563,"size_decoded":0,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","md5":"acd077eeb4bab4159329211648d99a46","sha1":"9f99dc6d6f40ba3c6521d6474f0195b1277c089b","sha256":"e56ffaebf61bbd0d734fd9c626704bb9165af4bdcd483b9d600b3106c5056b01","sha512":"0a5b784e37980aaa7831737eff053d3dd298a1feef46f2c91b7a70db1f89e32ee4a67d2aa7091188785dc5c8f1a3b9681fe953235b5896740f0809fa631b17fb","ssdeep":"24576:rPRPKaMy9xKmfhhbJLOUXF26rTJDe+DK3x:r4ab9omphtRY6rM+ox","tlshash":"5325d072b6e00433d1735a399c2b9768a82afe113e64b9463bf41d0c5f39791782a3d7","first_seen":"2025-10-18T09:28:42.415263Z","last_seen":"2025-10-18T09:28:42.415263Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1058,"timings":{"blocked":145,"dns":62,"connect":33,"send":0,"wait":34,"receive":735,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"www.amega.sk","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}