{"report_id":"6c5a8cc8-b712-4de7-8767-05bd0b513f00","version":6,"status":"done","tags":[],"date":"2025-09-03T04:19:28Z","url":{"schema":"http","addr":"b4mcx2ml.net/","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"ip":{"addr":"193.142.146.225","port":0,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"b4mcx2ml.net/","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"title":"b4mcx2ml.net/"},"submit":{"url":{"schema":"http","addr":"b4mcx2ml.net/","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"ip":{"addr":"193.142.146.225","port":0,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-08T04:19:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-03T04:19:06Z","timestamp":1756873146,"ip_dst":{"addr":"172.18.0.15","port":33528,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"193.142.146.225","port":443,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 43","source":"{\"timestamp\":\"2025-09-03T04:19:06.159283+0000\",\"flow_id\":1433719168220100,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"193.142.146.225\",\"src_port\":443,\"dest_ip\":\"172.18.0.15\",\"dest_port\":33528,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400042,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 43\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":54,\"start\":\"2025-09-03T04:19:06.113604+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-02","alert":"Sinkholed","trigger":"b4mcx2ml.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"b4mcx2ml.net","ip":{"addr":"193.142.146.225","port":443,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"domain_registered":"2025-03-02","domain_rank":588276,"first_seen":"2025-07-20T07:30:46.758607Z","last_seen":"2025-08-28T16:09:43.717574Z","alert_count":3,"request_count":3,"received_data":684,"sent_data":1227,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-03T04:19:06Z","timestamp":1756873146,"ip_dst":{"addr":"172.18.0.15","port":33528,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"193.142.146.225","port":443,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 43","source":"{\"timestamp\":\"2025-09-03T04:19:06.159283+0000\",\"flow_id\":1433719168220100,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"193.142.146.225\",\"src_port\":443,\"dest_ip\":\"172.18.0.15\",\"dest_port\":33528,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400042,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 43\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":54,\"start\":\"2025-09-03T04:19:06.113604+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"b4mcx2ml.net/","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"ip":{"addr":"193.142.146.225","port":443,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-03T04:19:06.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"b4mcx2ml.net","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 01:32:59 GMT","end":"Mon, 29 Sep 2025 01:32:58 GMT"},"fingerprint":{"sha1":"37:2C:E0:3A:42:AF:AB:21:8E:FE:4C:88:07:3E:6C:05:52:C6:EC:C7","sha256":"4D:0D:D9:1B:40:4F:60:2B:05:09:59:54:6F:D5:14:36:D6:92:C4:A3:76:2C:93:6B:9E:DF:5F:51:7F:CD:63:AD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: b4mcx2ml.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 03 Sep 2025 04:19:06 GMT\r\nContent-Type: text/plain\r\nContent-Length: 80\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"5af543de631fa0ef42d928ed85287d9c","sha1":"b049b63756402b65ecea9741f4c6a2d449fe2002","sha256":"898a1c0ec937aab4f7e65cf45bc69e027fbbcf7254d5161d83a6c13e84eff790","sha512":"490a53f2fb6d89002533678a84529c705485fb19bd14ae4b4bfe222de75e28d6184f48db76dc7c61df013c0e8ab6178f823baeac861540c28b543f47244d6ab2","ssdeep":"","tlshash":"12a0244f04d007015d0003cf33071c5f50c4f07f0d0c0041141c013d3145f5141f0431","first_seen":"2025-02-16T06:03:30.319067Z","last_seen":"2026-04-07T12:18:07.921Z","times_seen":40,"resource_available":true,"data":null}},"time_used":399,"timings":{"blocked":92,"dns":77,"connect":124,"send":0,"wait":47,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-02","alert":"Sinkholed","trigger":"b4mcx2ml.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"b4mcx2ml.net/","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"ip":{"addr":"193.142.146.225","port":80,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-03T04:19:06.537Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: b4mcx2ml.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 03 Sep 2025 04:19:06 GMT\r\nContent-Type: text/plain\r\nContent-Length: 80\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"5af543de631fa0ef42d928ed85287d9c","sha1":"b049b63756402b65ecea9741f4c6a2d449fe2002","sha256":"898a1c0ec937aab4f7e65cf45bc69e027fbbcf7254d5161d83a6c13e84eff790","sha512":"490a53f2fb6d89002533678a84529c705485fb19bd14ae4b4bfe222de75e28d6184f48db76dc7c61df013c0e8ab6178f823baeac861540c28b543f47244d6ab2","ssdeep":"","tlshash":"12a0244f04d007015d0003cf33071c5f50c4f07f0d0c0041141c013d3145f5141f0431","first_seen":"2025-02-16T06:03:30.319067Z","last_seen":"2026-04-07T12:18:07.921Z","times_seen":40,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":48,"dns":51,"connect":91,"send":116,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-02","alert":"Sinkholed","trigger":"b4mcx2ml.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"b4mcx2ml.net/favicon.ico","fqdn":"b4mcx2ml.net","domain":"b4mcx2ml.net","tld":"net"},"ip":{"addr":"193.142.146.225","port":80,"asn":208046,"as":"ColocationX Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://b4mcx2ml.net/","date":"2025-09-03T04:19:06.828Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: b4mcx2ml.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://b4mcx2ml.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Wed, 03 Sep 2025 04:19:06 GMT\r\nContent-Type: text/plain\r\nContent-Length: 80\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"5af543de631fa0ef42d928ed85287d9c","sha1":"b049b63756402b65ecea9741f4c6a2d449fe2002","sha256":"898a1c0ec937aab4f7e65cf45bc69e027fbbcf7254d5161d83a6c13e84eff790","sha512":"490a53f2fb6d89002533678a84529c705485fb19bd14ae4b4bfe222de75e28d6184f48db76dc7c61df013c0e8ab6178f823baeac861540c28b543f47244d6ab2","ssdeep":"","tlshash":"12a0244f04d007015d0003cf33071c5f50c4f07f0d0c0041141c013d3145f5141f0431","first_seen":"2025-02-16T06:03:30.319067Z","last_seen":"2026-04-07T12:18:07.921Z","times_seen":40,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-02","alert":"Sinkholed","trigger":"b4mcx2ml.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}