{"report_id":"6a2cae91-c0e9-4685-94fe-5f7142409744","version":6,"status":"done","tags":[],"date":"2024-12-19T00:38:52Z","url":{"schema":"http","addr":"xbhlwld.xyz/images/text_data/MoreApps/safe.txt","fqdn":"xbhlwld.xyz","domain":"xbhlwld.xyz","tld":"xyz"},"ip":{"addr":"103.195.191.198","port":0,"asn":134677,"as":"Dromatics Systems Pte Ltd","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"http","addr":"xbhlwld.xyz/images/text_data/MoreApps/safe.txt","fqdn":"xbhlwld.xyz","domain":"xbhlwld.xyz","tld":"xyz"},"title":"xbhlwld.xyz/images/text_data/MoreApps/safe.txt"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-27T00:38:52Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"xbhlwld.xyz","ip":{"addr":"103.195.191.198","port":0,"asn":134677,"as":"Dromatics Systems Pte Ltd","country":"Singapore","country_code":"SG"},"domain_registered":"2024-08-19","domain_rank":0,"first_seen":"2024-11-16T00:20:29.091752Z","last_seen":"2024-11-16T00:20:29.091752Z","alert_count":3,"request_count":3,"received_data":36865,"sent_data":1045,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"xbhlwld.xyz/","fqdn":"xbhlwld.xyz","domain":"xbhlwld.xyz","tld":"xyz"},"ip":{"addr":"103.195.191.198","port":0,"asn":134677,"as":"Dromatics Systems Pte Ltd","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-12-19T00:38:31.134779411Z","timestamp":1734568711134,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xbhlwld.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nServer: Microsoft-IIS/10.0\r\nX-AspNetMvc-Version: 5.2\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 19 Dec 2024 00:38:30 GMT\r\nContent-Length: 1451\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1451,"size_decoded":1451,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"6a81ac9a1efb69c4886c128b5bd6b323","sha1":"8f9f2e8acc1921b2262046b9025c53f72cfbf254","sha256":"e042095c511255a325c616f0c6f69ff03ef67ece15539aa48b49ca4006a78288","sha512":"6f1a62ab3b1b59396d461379bad5cad093d31f871417e2373fe446e79e0386e7b7640f152729e3ca73ee099e698dd3c2bc0cf2ec329a8fee841e3dfe7a055a99","ssdeep":"","tlshash":"4b31fe36ad811c08637392bdada1a25cefa1b1034306491171ec23a73ff2f198d57a8c","first_seen":"2024-08-19T13:19:37.481693Z","last_seen":"2024-12-19T00:38:53.136165Z","times_seen":2,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xbhlwld.xyz/images/text_data/MoreApps/safe.txt","fqdn":"xbhlwld.xyz","domain":"xbhlwld.xyz","tld":"xyz"},"ip":{"addr":"103.195.191.198","port":0,"asn":134677,"as":"Dromatics Systems Pte Ltd","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-19T00:38:27.806Z","timestamp":1734568707806,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/text_data/MoreApps/safe.txt HTTP/1.1\r\nHost: xbhlwld.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nLast-Modified: Sun, 01 Sep 2024 04:52:48 GMT\r\nAccept-Ranges: bytes\r\nETag: \"a13bc7ca2afcda1:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 19 Dec 2024 00:38:31 GMT\r\nContent-Length: 2631\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2631,"size_decoded":2631,"mime_type":"","magic":"ASCII text, with CRLF line terminators","md5":"dfe84645f4ed0fa23fbb417a90957936","sha1":"26b64ec053bba58127a2d10a095cdc39dcac6a97","sha256":"ff96d7f3f09c91fc06c971c26ddd623bd87cdc22f3e3de3f3bc2b7f0fc30681d","sha512":"26f57572ecce983bc95ab3e18a9c4e0a3be04e7d62da66280ee5971c9e588f64a21e80354c73d82af208c45300adf06f1fc46d9544799231e6ccbbc90a24a483","ssdeep":"","tlshash":"ca5167d6e6ab4e37ae558261165f32d8844f4147f509dfa0e42ccd4c6cfbe83eab1850","first_seen":"2024-11-16T00:20:31.217156Z","last_seen":"2025-01-20T09:36:08.203712Z","times_seen":3,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"xbhlwld.xyz/favicon.ico","fqdn":"xbhlwld.xyz","domain":"xbhlwld.xyz","tld":"xyz"},"ip":{"addr":"103.195.191.198","port":80,"asn":134677,"as":"Dromatics Systems Pte Ltd","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xbhlwld.xyz/images/text_data/MoreApps/safe.txt","date":"2024-12-19T00:38:31.755Z","timestamp":1734568711755,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xbhlwld.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xbhlwld.xyz/images/text_data/MoreApps/safe.txt\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/x-icon\r\nLast-Modified: Thu, 07 Oct 2021 00:26:07 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80f976eb11bbd71:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 19 Dec 2024 00:38:31 GMT\r\nContent-Length: 32038\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32038,"size_decoded":32038,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"4859e39ae6c0f1f428f2126a6bb32bd9","sha1":"1c0c85678ae963bc96d0b7fbe1eb89074cf1fbe0","sha256":"a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d","sha512":"97541b40d8beac0dd8831ef8d2814efef10cfb185df316e05b4f3aef0a2d1839fb7a39d90f141f490e21b2955c32df9d690785cc4def97cdfce21acf9bbaa2c7","ssdeep":"384:9FMKxxje8gZryMDXe3ibKSo3MdXA1SPrQHg4M:bpr68gVy1i2SzdXA1wrQHg4M","tlshash":"d5e20cc260818580dd5efab87f3e9d510a2a7ee4d894462938fb79591773f638c3281f","first_seen":"2023-04-30T18:04:09Z","last_seen":"2026-06-13T11:29:26.310821Z","times_seen":11944,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":169,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-19","alert":"Sinkholed","trigger":"xbhlwld.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}