{"report_id":"57782222-e1f4-4289-8d64-0b319613e429","version":6,"status":"done","tags":[],"date":"2025-05-11T03:30:22Z","url":{"schema":"http","addr":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","fqdn":"135769561-625210574381338575.preview.editmysite.com","domain":"editmysite.com","tld":"com"},"ip":{"addr":"74.115.51.1","port":0,"asn":27647,"as":"WEEBLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","fqdn":"135769561-625210574381338575.preview.editmysite.com","domain":"editmysite.com","tld":"com"},"title":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-20T03:30:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"135769561-625210574381338575.preview.editmysite.com","ip":{"addr":"74.115.51.1","port":443,"asn":27647,"as":"WEEBLY","country":"United States","country_code":"US"},"domain_registered":"1999-09-10","domain_rank":0,"first_seen":"2023-08-28T03:02:32Z","last_seen":"2025-05-08T00:21:00.041946Z","alert_count":1,"request_count":2,"received_data":367484,"sent_data":1283,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-11","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"135769561-625210574381338575.preview.editmysite.com/favicon.ico","fqdn":"135769561-625210574381338575.preview.editmysite.com","domain":"editmysite.com","tld":"com"},"ip":{"addr":"74.115.51.1","port":443,"asn":27647,"as":"WEEBLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","date":"2025-05-11T03:29:51.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"preview.editmysite.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Mar 2025 11:05:09 GMT","end":"Sun, 15 Jun 2025 11:05:08 GMT"},"fingerprint":{"sha1":"AD:C6:4F:D2:A1:04:DD:CF:54:A7:69:58:14:39:BB:39:F7:7E:26:EE","sha256":"C9:33:E8:4B:46:E3:20:E2:34:A1:CE:0A:53:F5:3C:97:92:81:F5:93:B9:B3:85:8C:CA:42:FB:AD:58:F0:14:36"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 135769561-625210574381338575.preview.editmysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt\r\nCookie: __cf_bm=AO3YN2_DYVuzEtmjt0uzFXJ0R5NFK8JA8NPP5PminZk-1746934190-1.0.1.1-5oOthnQUVWi87jCRgdXChwujcoIGSjY.d.3PFnMDWYl3dPVR3c1MlT_8k09oxBNw2.leiWQpiAodQSvWptqJtRezbrS6eQ0e3svFURz2Xxc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sun, 11 May 2025 03:29:51 GMT\r\ncontent-type: text/html\r\ncf-ray: 93de9825ff276de7-CPH\r\ncf-cache-status: DYNAMIC\r\nvary: Accept-Encoding\r\nx-host: blu30.sf2p.intern.weebly.net\r\nx-w-dc: SFO\r\nserver: cloudflare\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3739,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (368)","md5":"2eeb3e560ca8f369be20ceb5858a4701","sha1":"6c53e6b66c1bc6d0b93116e14fb79c30424bf36c","sha256":"ac2d9485acf7e9c29d94d31f19d3aedda958cd4f6119ddc888fbbde52d6078dd","sha512":"d00c2c8a52e8393a649f1700a7b1eda0a7f8ada9f313afedae8039dd94736b7004625853e9e7acbd85d8cbff5a1978ded22c09c4db2d02c42630b67a9dbf0d20","ssdeep":"","tlshash":"a37123658b4c082a5198004037f17bd62d8e4823e5c6cd9ffe768d61ddf18b483cd7a9","first_seen":"2023-04-05T11:21:22Z","last_seen":"2026-04-30T16:17:20.606948Z","times_seen":511,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","fqdn":"135769561-625210574381338575.preview.editmysite.com","domain":"editmysite.com","tld":"com"},"ip":{"addr":"74.115.51.1","port":443,"asn":27647,"as":"WEEBLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-11T03:29:49.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"preview.editmysite.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Mar 2025 11:05:09 GMT","end":"Sun, 15 Jun 2025 11:05:08 GMT"},"fingerprint":{"sha1":"AD:C6:4F:D2:A1:04:DD:CF:54:A7:69:58:14:39:BB:39:F7:7E:26:EE","sha256":"C9:33:E8:4B:46:E3:20:E2:34:A1:CE:0A:53:F5:3C:97:92:81:F5:93:B9:B3:85:8C:CA:42:FB:AD:58:F0:14:36"}}},"request":{"raw":"GET /uploads/1/3/5/7/135769561/121.txt HTTP/1.1\r\nHost: 135769561-625210574381338575.preview.editmysite.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 11 May 2025 03:29:50 GMT\r\ncontent-type: text/plain\r\ncf-ray: 93de981f4dbf6de7-CPH\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\netag: W/\"3ffaa61ffb37e5d7dcafc685de2ce5a8\"\r\nlast-modified: Sat, 14 Dec 2024 06:45:28 GMT\r\nvary: Accept-Encoding\r\nx-amz-id-2: aFciKyMNWU66DmLN7Woh1QBd4Dc/DD6UvZBf4GHdeTBUSwlE1XAKxgEE7PW/uJwQ/kxovil7+WA=\r\nx-amz-replication-status: COMPLETED\r\nx-amz-request-id: QQ9ZZ991THV40KAG\r\nx-amz-server-side-encryption: AES256\r\nx-amz-storage-class: INTELLIGENT_TIERING\r\nx-amz-version-id: ZDtj1WJwhFzZGPuoCVKCvpvu5CJOfpOz\r\nx-storage-bucket: z9c35\r\nx-storage-object: 9c35ef8cafe377c3b7e60537f528d58c3b652c69fd123cd1fe6897c3d79e80c3\r\nx-w-dc: SFO\r\nset-cookie: __cf_bm=AO3YN2_DYVuzEtmjt0uzFXJ0R5NFK8JA8NPP5PminZk-1746934190-1.0.1.1-5oOthnQUVWi87jCRgdXChwujcoIGSjY.d.3PFnMDWYl3dPVR3c1MlT_8k09oxBNw2.leiWQpiAodQSvWptqJtRezbrS6eQ0e3svFURz2Xxc; path=/; expires=Sun, 11-May-25 03:59:50 GMT; domain=.preview.editmysite.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":362401,"size_decoded":0,"mime_type":"text/plain","magic":"Unicode text, UTF-8 text, with very long lines (386), with CR line terminators","md5":"3ffaa61ffb37e5d7dcafc685de2ce5a8","sha1":"28f7a6099209f1d0df4d4e0eac9c0a485663a4a4","sha256":"9c35ef8cafe377c3b7e60537f528d58c3b652c69fd123cd1fe6897c3d79e80c3","sha512":"81ccafbcd067af7eeb70fde42858c9dc1f71aa77034f16c56e20ea8c8f4f8c36eccc07405f31a7486224bbc8bf52d9d8b59fb0bee477177eb2663cf757aebb09","ssdeep":"192:QV/YaKNAQTSBoEf9YY8OYMYpYVY9YaKNAQTSBXbhtnyEf9YY8OYMYpYVY9YaKNAP:N5gaUd","tlshash":"eb74112004a2d36d4ff664d2ecc66492326d474f17d948a8726c0e7deb98ffb47a84b4","first_seen":"2025-05-09T05:33:15.561384Z","last_seen":"2025-05-11T03:30:22.635393Z","times_seen":3,"resource_available":false,"data":null}},"time_used":889,"timings":{"blocked":74,"dns":0,"connect":26,"send":0,"wait":741,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-11","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"135769561-625210574381338575.preview.editmysite.com/uploads/1/3/5/7/135769561/121.txt","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}],"urlquery":null}}]}