{"report_id":"6c685f86-c970-4d74-93b6-c57f94ec9a2a","version":6,"status":"done","tags":[],"date":"2024-01-27T17:42:38Z","url":{"schema":"http","addr":"eycee.000webhostapp.com/UPDATE/BIDA%20ANG%20SAYA.zip","fqdn":"eycee.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":0,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T01:45:17Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"eycee.000webhostapp.com","ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"domain_registered":"2016-05-11","domain_rank":0,"first_seen":"2023-05-03 22:14:06","last_seen":"2024-01-27 18:42:09","alert_count":1,"request_count":1,"received_data":267415,"sent_data":506,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b4aed8f1682e49009758195432dec8ee","sha1":"7be000861a7600d8975a841eebd85666d635a38e","sha256":"6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","sha512":"e4c901cd0833c6a77483cfdfc58ea396ca3425aaa5798e6b9fd48ccaeb5a0b1b7f0669f9bfbc85bde2ee90e7d3e9326c6dc1418d886d9a7886f9af9372425c77","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":267092,"url":{"schema":"https","addr":"eycee.000webhostapp.com/UPDATE/BIDA%20ANG%20SAYA.zip","fqdn":"eycee.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"archive":[{"path":"BIDA ANG SAYA.exe","filename":"BIDA ANG SAYA.exe","modified":"","Modified":"2023-01-05T12:52:54+08:00","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":363008,"md5":"0382cf1ee52c119e0478953e872a0a47","sha1":"43d78484324add5229f5d3741e60830156e9fbb9","sha256":"ea62a018ddc4b46398af5ba5d62ca655cb3c99bd3e2d98374c8b2d5b38259a51","sha512":"8feb6919338cf5d0fdcdb2391f8ac0cc355a976b4e1be7a205c08d093d1c43361f72f8e6499bf8d75eae715d5e4d2d66ea2f89f986179232f1a845c32bb184cf","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-09","alert":"Scan result 22/67","trigger":"ea62a018ddc4b46398af5ba5d62ca655cb3c99bd3e2d98374c8b2d5b38259a51","verdict":"malicious","severity":"","comment":"malicious - 22/67","link":"https://www.virustotal.com/gui/file/ea62a018ddc4b46398af5ba5d62ca655cb3c99bd3e2d98374c8b2d5b38259a51","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-27","alert":"Scan result 29/66","trigger":"6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","verdict":"malicious","severity":"","comment":"malicious - 29/66","link":"https://www.virustotal.com/gui/file/6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-01-27T17:42:13Z","timestamp":1706377333,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35088,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)","source":"{\"timestamp\":\"2024-01-27T17:42:13.666829+0000\",\"flow_id\":178353893354701,\"in_iface\":\"docker0\",\"event_type\":\"alert\",\"src_ip\":\"172.17.0.27\",\"src_port\":35088,\"dest_ip\":\"10.5.17.17\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026657,\"rev\":4,\"signature\":\"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)\",\"category\":\"Not Suspicious Traffic\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_03_16\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":39510,\"rrname\":\"eycee.000webhostapp.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":83,\"bytes_toclient\":0,\"start\":\"2024-01-27T17:42:13.666829+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-01-27T17:42:13Z","timestamp":1706377333,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":40472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)","source":"{\"timestamp\":\"2024-01-27T17:42:13.740478+0000\",\"flow_id\":649522543152254,\"in_iface\":\"docker0\",\"event_type\":\"alert\",\"src_ip\":\"172.17.0.27\",\"src_port\":40472,\"dest_ip\":\"10.5.17.17\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026657,\"rev\":4,\"signature\":\"ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)\",\"category\":\"Not Suspicious Traffic\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_03_16\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":46794,\"rrname\":\"eycee.000webhostapp.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":83,\"bytes_toclient\":0,\"start\":\"2024-01-27T17:42:13.740478+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"eycee.000webhostapp.com/UPDATE/BIDA%20ANG%20SAYA.zip","fqdn":"eycee.000webhostapp.com","domain":"000webhostapp.com","tld":"com"},"ip":{"addr":"145.14.145.134","port":443,"asn":204915,"as":"Hostinger International Limited","country":"Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-27T17:42:13.743Z","timestamp":1706377333743,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.000webhostapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 11 Jul 2023 00:00:00 GMT","end":"Sat, 10 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"B0:57:03:97:AE:15:06:79:FC:86:0E:E2:79:B6:B0:9D:37:04:A5:49","sha256":"DC:E0:EF:18:CB:FE:D1:75:E2:C0:0F:A9:B9:CE:33:ED:90:54:D3:74:A6:3D:47:1D:06:AB:B5:0F:CE:CE:51:C8"}}},"request":{"raw":"GET /UPDATE/BIDA%20ANG%20SAYA.zip HTTP/1.1\r\nHost: eycee.000webhostapp.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Jan 2024 17:42:13 GMT\r\ncontent-type: application/zip\r\ncontent-length: 267092\r\nlast-modified: Thu, 05 Jan 2023 04:54:07 GMT\r\naccept-ranges: bytes\r\nserver: awex\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-request-id: 7011cf4f4005d725b25c4db1461d90d0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":267092,"size_decoded":267092,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"b4aed8f1682e49009758195432dec8ee","sha1":"7be000861a7600d8975a841eebd85666d635a38e","sha256":"6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","sha512":"e4c901cd0833c6a77483cfdfc58ea396ca3425aaa5798e6b9fd48ccaeb5a0b1b7f0669f9bfbc85bde2ee90e7d3e9326c6dc1418d886d9a7886f9af9372425c77","ssdeep":"6144:OT2K7sw+yV8JCzFuLDR+GkTgHHIcHCI0js:Es7yV8JyEPgGsgIcsjs","tlshash":"1444231632780b4f7c08daab3160cb79ff207955bc45757d6322dc16b11abea4e39e88","first_seen":"2023-05-03T22:14:39Z","last_seen":"2024-08-20T10:53:29.633144Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1076,"timings":{"blocked":242,"dns":0,"connect":118,"send":0,"wait":118,"receive":471,"ssl":121},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-27","alert":"Scan result 29/66","trigger":"6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","verdict":"malicious","severity":"","comment":"malicious - 29/66","link":"https://www.virustotal.com/gui/file/6124952f0205a53a257918cabcb3a7239fd9973a8764b3874f31900f539a5dad","meta":null}],"urlquery":null}}]}