{"report_id":"748accff-d6dc-49e3-bc43-973b47d51a26","version":6,"status":"done","tags":[],"date":"2024-08-20T10:32:47Z","url":{"schema":"http","addr":"ipv4.appliwave.testdebit.info:81/5/5.exe","fqdn":"ipv4.appliwave.testdebit.info","domain":"testdebit.info","tld":"info"},"ip":{"addr":"45.85.134.187","port":0,"asn":200780,"as":"Appliwave SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T10:16:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-19 18:12:03","alert_count":0,"request_count":3,"received_data":2663,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-19 18:12:02","alert_count":0,"request_count":2,"received_data":1774,"sent_data":654,"comment":"","tags":null,"fingerprints":null},{"fqdn":"","ip":{"addr":"45.85.134.187","port":81,"asn":200780,"as":"Appliwave SAS","country":"France","country_code":"FR"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":1,"received_data":312,"sent_data":410,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-20T10:32:22Z","timestamp":1724149942,"ip_dst":{"addr":"45.85.134.187","port":81,"asn":200780,"as":"Appliwave SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":38320,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE Single char EXE direct download likely trojan (multiple families)","source":"{\"timestamp\":\"2024-08-20T10:32:22.799080+0000\",\"flow_id\":2007151777555581,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":38320,\"dest_ip\":\"45.85.134.187\",\"dest_port\":81,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018581,\"rev\":4,\"signature\":\"ET MALWARE Single char EXE direct download likely trojan (multiple families)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_06_18\"],\"updated_at\":[\"2020_08_17\"]}},\"http\":{\"hostname\":\"ipv4.appliwave.testdebit.info\",\"http_port\":81,\"url\":\"/5/5.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/x-msdos-program\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":684,\"bytes_toclient\":520,\"start\":\"2024-08-20T10:32:22.730237+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T10:32:22.254321372Z","timestamp":1724149942254,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C5FDDE15E0DC09E045C2DF21C77D2C87E6C7D4ABE86048426F468FCD696054E0\"\r\nLast-Modified: Sun, 18 Aug 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5987\r\nExpires: Tue, 20 Aug 2024 12:12:09 GMT\r\nDate: Tue, 20 Aug 2024 10:32:22 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18cce98073c1bf25df62a3ca026dedbf","sha1":"26ea37fc15ead14ac2047d074f6c4153d57775d0","sha256":"c5fdde15e0dc09e045c2df21c77d2c87e6c7d4abe86048426f468fcd696054e0","sha512":"77c11720b94e7dd2bd49d57d7116ec80ecb3f536d7541a09b212a4503f1942c327ae91713cd33f75b82902a55b85803c80d21f0581c6c79266910c65325dea9e","ssdeep":"","tlshash":"5ef0750704b2b9a036bd320327f7c821ea24e8b5186d889a29c041d15c51fd5fda401c","first_seen":"2024-08-18T23:48:14Z","last_seen":"2024-08-21T12:56:35.090265Z","times_seen":19240,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T10:32:22.255448108Z","timestamp":1724149942255,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EAABD011ED0722DEEEE97E566B8318B17D8E993D31DB4C2CC31CF0E3CD8191F5\"\r\nLast-Modified: Mon, 19 Aug 2024 12:55:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5298\r\nExpires: Tue, 20 Aug 2024 12:00:40 GMT\r\nDate: Tue, 20 Aug 2024 10:32:22 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50a89b39234eb6cc4eda70d7e27be17f","sha1":"306340eb26b6817fd8851a085563a88eed7e2b6b","sha256":"eaabd011ed0722deeee97e566b8318b17d8e993d31db4c2cc31cf0e3cd8191f5","sha512":"7d592199f85ced546368250c7f6e71bad2611144a4f9cf9d2346a20146b5969bb44c255d6f34f150491509120073feb4e9578bf92a6afb9e2cb493afeadcca3d","ssdeep":"","tlshash":"bef00e154c13ba61f761343f45dcf03f2431def8302a21e6989ca3d43cb17a9568080c","first_seen":"2024-08-19T15:50:19Z","last_seen":"2024-08-22T17:23:48.161724Z","times_seen":40825,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T10:32:22.606628403Z","timestamp":1724149942606,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"07BB496669AF2E33765F0AD730934DAD6F8AD79A628C6B21CD545505335471C6\"\r\nLast-Modified: Mon, 19 Aug 2024 21:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11229\r\nExpires: Tue, 20 Aug 2024 13:39:31 GMT\r\nDate: Tue, 20 Aug 2024 10:32:22 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5d0dd93e6a07253100201a9c8a3e15a5","sha1":"30adbd52887825ae2779d7fb12276bed8b1d8178","sha256":"07bb496669af2e33765f0ad730934dad6f8ad79a628c6b21cd545505335471c6","sha512":"cd4f007dd0abd0dd3e4dc49bb9e26bc44db873b90c5f910823dc692fb0a23dcb0a2d8499a04a2ca984ef20a3cd00ecc460fb79fb1fe92afc1ea3060936aaa909","ssdeep":"","tlshash":"00f0548a27ebb624bd740d4555a2f01baed3cda838f0d4e7b484c6e06d207c8db810ce","first_seen":"2024-08-20T02:39:08Z","last_seen":"2024-08-22T17:23:48.162993Z","times_seen":38938,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T10:32:22.691655714Z","timestamp":1724149942691,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A\"\r\nLast-Modified: Sun, 18 Aug 2024 15:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21545\r\nExpires: Tue, 20 Aug 2024 16:31:27 GMT\r\nDate: Tue, 20 Aug 2024 10:32:22 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18f75729f3e25e2eb7f12b70dfce3849","sha1":"479177b92dda7c4e8763c80a15cbc71c3386d06c","sha256":"0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a","sha512":"e66c720ca28beb0fbe2f36167471d00b84a0b62b82930af69daff98902f1307d0cf60aa29ad35c97ede418f7e3bff9a2008d9fc5767e563f16539636c6ce220c","ssdeep":"","tlshash":"aaf05c473c6e7523876219317779d4297b31fcf53415409370d803f269117c556c004c","first_seen":"2024-08-18T17:20:22Z","last_seen":"2024-08-21T10:22:51.030856Z","times_seen":40508,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ipv4.appliwave.testdebit.info:81/5/5.exe","fqdn":"","domain":"","tld":""},"ip":{"addr":"45.85.134.187","port":81,"asn":200780,"as":"Appliwave SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-20T10:32:22.734Z","timestamp":1724149942734,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /5/5.exe HTTP/1.1\r\nHost: ipv4.appliwave.testdebit.info:81\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 20 Aug 2024 10:32:22 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nLast-Modified: Thu, 30 Sep 2021 22:00:00 GMT\r\nETag: \"5-5cd3d916b9800\"\r\nAccept-Ranges: bytes\r\nContent-Length: 5\r\nKeep-Alive: timeout=2, max=100\r\nContent-Type: application/x-msdos-program\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5,"size_decoded":5,"mime_type":"application/x-msdos-program","magic":"ASCII text","md5":"0607547c0d12497a21ab8a0b53dd5bed","sha1":"5469710d18bddf794a4115484d1ab66ab525c227","sha256":"a2188fe64cb9d0b3309f78bf3559a1e40041cb419f8cb5cacdfc27a8ed1e200c","sha512":"e645d9d7c1f642b0bd6fe9ee903d75bc242ca6eccb3df3ca1a66061a3e1c19fd617d65ac6cc857c18429bb1724ed3d9ff6df6dfbce92693cb35d7ce072a7e241","ssdeep":"","tlshash":"2a3000000000000000000300000000000000000000000000000c000c00000000000000","first_seen":"2024-08-21T10:16:15.44875Z","last_seen":"2025-02-05T06:21:22.634798Z","times_seen":3,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":31,"dns":1,"connect":34,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T10:32:24.418343034Z","timestamp":1724149944418,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4872\r\nExpires: Tue, 20 Aug 2024 11:53:36 GMT\r\nDate: Tue, 20 Aug 2024 10:32:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}