{"report_id":"766d9dc9-e294-44cd-ab61-e17e65d3f51b","version":6,"status":"done","tags":[],"date":"2023-11-15T00:50:08Z","url":{"schema":"http","addr":"www.2023freerunshoesshop.co.uk/opencartok.zip","fqdn":"www.2023freerunshoesshop.co.uk","domain":"2023freerunshoesshop.co.uk","tld":"co.uk"},"ip":{"addr":"104.21.31.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T13:46:37Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.2023freerunshoesshop.co.uk","ip":{"addr":"172.67.179.158","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2022-12-02","domain_rank":0,"first_seen":"2023-02-01 11:13:47","last_seen":"2023-10-04 03:22:59","alert_count":1,"request_count":1,"received_data":20629008,"sent_data":501,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ead4db3326f28faea000b4616748fdec","sha1":"31498b39ccf4c844fe2027c4d3b24db1b4b30a9d","sha256":"f9a602e44787d21d0c5b17e50f430621919654ba91ef4af3ced310cc10274b13","sha512":"374389147578fd423e86b8bdea121107ac361cde39292d5ee22d5825e4740b5d0b87ed24452858123ec464b6c85fc66713f7dd3ab8d7215f9f7aea3eddb7cffc","magic":"Zip archive data, at least v2.0 to extract, compression method=store\\012- data","size":20628275,"url":{"schema":"https","addr":"www.2023freerunshoesshop.co.uk/opencartok.zip","fqdn":"www.2023freerunshoesshop.co.uk","domain":"2023freerunshoesshop.co.uk","tld":"co.uk"},"ip":{"addr":"172.67.179.158","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Phishing Kit YARA rules","scan_date":"2023-11-15","alert":"Phishing Kit impersonating Office 365","trigger":"www.2023freerunshoesshop.co.uk/opencartok.zip","verdict":"phishing","severity":"medium","comment":"","link":"https://github.com/t4d/PhishingKit-Yara-Rules","meta":{"author":"Thomas 'tAd' Damonneville","comment":"Phishing Kit - Office 365 - '+ Created by OVO-360+'","date":"2021-08-29","description":"Phishing Kit impersonating Office 365","licence":"GPL-3.0","reference":"","rule":"PK_O365_ovo"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Phishing Kit YARA rules","scan_date":"2023-11-15","alert":"Phishing Kit impersonating Office 365","trigger":"www.2023freerunshoesshop.co.uk/opencartok.zip","verdict":"phishing","severity":"medium","comment":"","link":"https://github.com/t4d/PhishingKit-Yara-Rules","meta":{"author":"Thomas 'tAd' Damonneville","comment":"Phishing Kit - Office 365 - '+ Created by OVO-360+'","date":"2021-08-29","description":"Phishing Kit impersonating Office 365","licence":"GPL-3.0","reference":"","rule":"PK_O365_ovo"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.2023freerunshoesshop.co.uk/opencartok.zip","fqdn":"www.2023freerunshoesshop.co.uk","domain":"2023freerunshoesshop.co.uk","tld":"co.uk"},"ip":{"addr":"172.67.179.158","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-15T00:49:47.860Z","timestamp":1700009387860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sni.cloudflaressl.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Mon, 30 Jan 2023 00:00:00 GMT","end":"Mon, 29 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"7F:DB:62:84:11:E6:60:8D:5B:58:74:2F:3E:6D:BB:C9:E9:FA:DA:C3","sha256":"90:4A:D0:44:0F:4E:86:C5:27:EB:B8:E3:42:89:8C:42:C4:82:D4:DD:A3:73:24:46:26:02:36:C9:D6:28:76:E2"}}},"request":{"raw":"GET /opencartok.zip HTTP/1.1\r\nHost: www.2023freerunshoesshop.co.uk\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Nov 2023 00:49:48 GMT\r\ncontent-type: application/zip\r\ncontent-length: 20628275\r\nlast-modified: Fri, 28 Apr 2023 12:19:08 GMT\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WGr%2BUoVb55sT3DnHV5wSKo5g%2FpwbsKBXwcvQ2AYOBfrp7V8xUgSfm7b3hrqmOTrh7c1cE%2FtQ95dBm7OLPmX2plfrw36z1mnBNG8Wjp5daBTfFFRA7w9EK29ctX66%2FQQCNViWGUOQNzHBhmB%2F3JimNQg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 82637f114f3a56ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20628275,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store\\012- data","md5":"ead4db3326f28faea000b4616748fdec","sha1":"31498b39ccf4c844fe2027c4d3b24db1b4b30a9d","sha256":"f9a602e44787d21d0c5b17e50f430621919654ba91ef4af3ced310cc10274b13","sha512":"374389147578fd423e86b8bdea121107ac361cde39292d5ee22d5825e4740b5d0b87ed24452858123ec464b6c85fc66713f7dd3ab8d7215f9f7aea3eddb7cffc","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"0001-01-01T00:00:00Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3246,"timings":{"blocked":17,"dns":0,"connect":2,"send":0,"wait":574,"receive":2637,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Phishing Kit YARA rules","scan_date":"2023-11-15","alert":"Phishing Kit impersonating Office 365","trigger":"www.2023freerunshoesshop.co.uk/opencartok.zip","verdict":"phishing","severity":"medium","comment":"","link":"https://github.com/t4d/PhishingKit-Yara-Rules","meta":{"author":"Thomas 'tAd' Damonneville","comment":"Phishing Kit - Office 365 - '+ Created by OVO-360+'","date":"2021-08-29","description":"Phishing Kit impersonating Office 365","licence":"GPL-3.0","reference":"","rule":"PK_O365_ovo"}}],"urlquery":null}}]}