{"report_id":"7af6d360-5305-41e7-af4a-e71e3cc3efee","version":6,"status":"done","tags":[],"date":"2025-05-09T06:58:43Z","url":{"schema":"http","addr":"my.billit.be/applications/billsync/billsyncautoupdaterservice.exe","fqdn":"my.billit.be","domain":"billit.be","tld":"be"},"ip":{"addr":"85.10.128.134","port":0,"asn":20857,"as":"Signet B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-18T06:58:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"my.billit.be","ip":{"addr":"85.10.128.134","port":443,"asn":20857,"as":"Signet B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2014-07-31","domain_rank":0,"first_seen":"2016-04-08T19:10:42Z","last_seen":"2025-04-24T09:16:17.892111Z","alert_count":1,"request_count":1,"received_data":17713,"sent_data":533,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"0fa6320012d47ae69d695ab791c35049","sha1":"85fe647e9682789097ac3d3c79d3b30168fb52a6","sha256":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","sha512":"ee4381cf833023b97a9cb7f9e80d9e796368e433ae20d2440a9c0f58da0e52a839dedff60408954f21037f636541af5467dc9b44c435098a940194467d3a9bf4","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":17408,"url":{"schema":"https","addr":"my.billit.be/applications/billsync/billsyncautoupdaterservice.exe","fqdn":"my.billit.be","domain":"billit.be","tld":"be"},"ip":{"addr":"85.10.128.134","port":443,"asn":20857,"as":"Signet B.V.","country":"The Netherlands","country_code":"NL"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 4/72","trigger":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0fa6320012d47ae69d695ab791c35049","sha1":"85fe647e9682789097ac3d3c79d3b30168fb52a6","sha256":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","sha512":"ee4381cf833023b97a9cb7f9e80d9e796368e433ae20d2440a9c0f58da0e52a839dedff60408954f21037f636541af5467dc9b44c435098a940194467d3a9bf4","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":17408,"url":{"schema":"https","addr":"my.billit.be/applications/billsync/billsyncautoupdaterservice.exe","fqdn":"my.billit.be","domain":"billit.be","tld":"be"},"ip":{"addr":"85.10.128.134","port":443,"asn":20857,"as":"Signet B.V.","country":"The Netherlands","country_code":"NL"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 4/72","trigger":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"my.billit.be/applications/billsync/billsyncautoupdaterservice.exe","fqdn":"my.billit.be","domain":"billit.be","tld":"be"},"ip":{"addr":"85.10.128.134","port":443,"asn":20857,"as":"Signet B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-09T06:58:11.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.billit.be","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Mar 2025 07:06:12 GMT","end":"Tue, 17 Jun 2025 07:06:11 GMT"},"fingerprint":{"sha1":"57:25:79:73:A5:ED:53:DE:99:5E:26:EA:3C:89:79:1B:0A:13:DA:0F","sha256":"D2:50:4C:8B:1D:B3:16:0E:2A:4D:58:06:D9:7F:9E:0F:45:78:6D:B1:9E:CA:04:BD:7B:BA:CF:50:4B:FD:C7:39"}}},"request":{"raw":"GET /applications/billsync/billsyncautoupdaterservice.exe HTTP/1.1\r\nHost: my.billit.be\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Thu, 25 Jan 2024 17:12:54 GMT\r\naccept-ranges: bytes\r\netag: \"66671abcb14fda1:0\"\r\nserver: Microsoft-IIS/10.0\r\nstrict-transport-security: max-age=31536000\r\ndate: Fri, 09 May 2025 06:58:11 GMT\r\ncontent-length: 17408\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17408,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"0fa6320012d47ae69d695ab791c35049","sha1":"85fe647e9682789097ac3d3c79d3b30168fb52a6","sha256":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","sha512":"ee4381cf833023b97a9cb7f9e80d9e796368e433ae20d2440a9c0f58da0e52a839dedff60408954f21037f636541af5467dc9b44c435098a940194467d3a9bf4","ssdeep":"384:ZNS1MwbwQcf+Wtanz4oMrtIKtlRcIiIHBptYcFOKc03K:YIiXMGal2WLtYcFOKc6K","tlshash":"6672285063d48772dabe02ba3c7246944731fe475816db6e3acc214e7f63a0c8aa37d1","first_seen":"2024-07-19T00:00:16Z","last_seen":"2026-03-31T11:26:43.611569Z","times_seen":18,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":75,"dns":17,"connect":24,"send":0,"wait":19,"receive":18,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 4/72","trigger":"c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/c2dc94ab106e2accdd74e67015a358a8a0285f2ef98f6ae2a2582b8971298365","meta":null}],"urlquery":null}}]}