{"report_id":"52f16329-48ca-4c58-a0ab-a9a6d58ea692","version":6,"status":"done","tags":[],"date":"2024-10-06T19:27:59Z","url":{"schema":"https","addr":"siemensbubbles.click/","fqdn":"siemensbubbles.click","domain":"siemensbubbles.click","tld":"click"},"ip":{"addr":"173.237.68.76","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"siemensbubbles.click/","fqdn":"siemensbubbles.click","domain":"siemensbubbles.click","tld":"click"},"title":"siemensbubbles.click/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-15T22:32:23Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.225","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-10-05 18:12:17","alert_count":0,"request_count":1,"received_data":887,"sent_data":327,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.225","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-10-05 18:13:05","alert_count":0,"request_count":1,"received_data":887,"sent_data":327,"comment":"","tags":null,"fingerprints":null},{"fqdn":"siemensbubbles.click","ip":{"addr":"173.0.146.206","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":3,"received_data":2546,"sent_data":1217,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.225","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-06T19:27:34.373580647Z","timestamp":1728242854373,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"7E1C229FCA475D3A4760D7950E2CCD0B8BB27F4C4BC5FD43E96260BFA32388B7\"\r\nLast-Modified: Sat, 05 Oct 2024 16:15:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9893\r\nExpires: Sun, 06 Oct 2024 22:12:27 GMT\r\nDate: Sun, 06 Oct 2024 19:27:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"92cd7893843bf7005d9d4281f7ddeb25","sha1":"1d1762ecf80a622168eb8734901fc27382da2b2a","sha256":"7e1c229fca475d3a4760d7950e2ccd0b8bb27f4c4bc5fd43e96260bfa32388b7","sha512":"b4004c4db4e1cce5fd0b4a6f1b67d5bb96a57ec64967218661d491a8084afbf33fdea54cd5d4078ef950711d3c3301166e86ee2048e4a1341af3429de93b9932","ssdeep":"","tlshash":"78f00ec507b6ba109f621e247529e23eae106bb6611613a520e803e75486bde2bd882c","first_seen":"2024-10-06T02:22:48Z","last_seen":"2024-10-11T09:16:25.205845Z","times_seen":23072,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.225","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-06T19:27:34.90825113Z","timestamp":1728242854908,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DB0A3491892E5D9C45CAF788A55E1CC1FF4598057A2F3DFF793414909E72589F\"\r\nLast-Modified: Sun, 06 Oct 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2457\r\nExpires: Sun, 06 Oct 2024 20:08:31 GMT\r\nDate: Sun, 06 Oct 2024 19:27:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"152f1075981216b9d42385b89ba98cbc","sha1":"3d68588b5a8cf3614c959d16b29705de8e5806ed","sha256":"db0a3491892e5d9c45caf788a55e1cc1ff4598057a2f3dff793414909e72589f","sha512":"e991d82a55f5d249b970ba0aaa490277f2f8f196214cce4a84662d1c3b2a7f546fc31b5da0e0b317bef1999d172535867adf946ed28024ac7cc3f30e6265198b","ssdeep":"","tlshash":"d2f0754327143e814b4000353ed2e43631306e7834500b5235c847fb28407ec1641008","first_seen":"2024-10-06T22:32:13.532568Z","last_seen":"2024-10-06T22:32:25.476393Z","times_seen":2,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"siemensbubbles.click/","fqdn":"siemensbubbles.click","domain":"siemensbubbles.click","tld":"click"},"ip":{"addr":"173.0.146.206","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-06T19:27:34.640Z","timestamp":1728242854640,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"siemensbubbles.click","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 04 Oct 2024 00:39:29 GMT","end":"Thu, 02 Jan 2025 00:39:28 GMT"},"fingerprint":{"sha1":"2A:A5:6D:24:8E:B3:61:4F:DB:A1:D7:1E:71:10:43:8D:9D:40:4C:4B","sha256":"90:52:64:DC:2C:36:38:79:69:BB:74:54:23:45:6D:F5:62:E2:05:1D:3D:78:D9:57:83:CA:74:60:AF:83:12:F6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: siemensbubbles.click\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 06 Oct 2024 19:27:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":20,"size_decoded":20,"mime_type":"text/html; charset=UTF-8","magic":"gzip compressed data, from Unix","md5":"7029066c27ac6f5ef18d660d5741979a","sha1":"46c6643f07aa7f6bfe7118de926b86defc5087c4","sha256":"59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2","sha512":"7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f","ssdeep":"","tlshash":"de70000000c03c30cc00003000000000000c30000000c00300000c3000030c000c003c","first_seen":"2023-04-09T15:32:38Z","last_seen":"2025-03-02T06:10:10.559841Z","times_seen":229342,"resource_available":false,"data":null}},"time_used":847,"timings":{"blocked":352,"dns":1,"connect":123,"send":0,"wait":121,"receive":0,"ssl":245},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"siemensbubbles.click/","fqdn":"siemensbubbles.click","domain":"siemensbubbles.click","tld":"click"},"ip":{"addr":"173.0.146.82","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-06T19:27:34.640Z","timestamp":1728242854640,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"siemensbubbles.click","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 04 Oct 2024 00:39:29 GMT","end":"Thu, 02 Jan 2025 00:39:28 GMT"},"fingerprint":{"sha1":"2A:A5:6D:24:8E:B3:61:4F:DB:A1:D7:1E:71:10:43:8D:9D:40:4C:4B","sha256":"90:52:64:DC:2C:36:38:79:69:BB:74:54:23:45:6D:F5:62:E2:05:1D:3D:78:D9:57:83:CA:74:60:AF:83:12:F6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: siemensbubbles.click\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 06 Oct 2024 19:27:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":20,"size_decoded":20,"mime_type":"text/html; charset=UTF-8","magic":"gzip compressed data, from Unix","md5":"7029066c27ac6f5ef18d660d5741979a","sha1":"46c6643f07aa7f6bfe7118de926b86defc5087c4","sha256":"59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2","sha512":"7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f","ssdeep":"","tlshash":"de70000000c03c30cc00003000000000000c30000000c00300000c3000030c000c003c","first_seen":"2023-04-09T15:32:38Z","last_seen":"2025-03-02T06:10:10.559841Z","times_seen":229342,"resource_available":false,"data":null}},"time_used":847,"timings":{"blocked":352,"dns":1,"connect":123,"send":0,"wait":121,"receive":0,"ssl":245},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"siemensbubbles.click/favicon.ico","fqdn":"siemensbubbles.click","domain":"siemensbubbles.click","tld":"click"},"ip":{"addr":"173.0.146.82","port":80,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://siemensbubbles.click/","date":"2024-10-06T19:27:35.594Z","timestamp":1728242855594,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: siemensbubbles.click\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://siemensbubbles.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 06 Oct 2024 19:27:35 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1406\r\nLast-Modified: Thu, 03 Oct 2024 13:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"66fe9a67-57e\"\r\nExpires: Mon, 07 Oct 2024 19:27:35 GMT\r\nCache-Control: max-age=86400\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":1406,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-04-06T09:33:11.386729Z","times_seen":19398,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-06","alert":"Sinkholed","trigger":"siemensbubbles.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}