{"report_id":"876e0c06-9872-499d-9984-bc3fa713497f","version":6,"status":"done","tags":["adobe","phishing","suspicious","telegram_bot"],"date":"2026-05-28T12:25:55Z","url":{"schema":"http","addr":"officework24.net/apc/index.php/falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"title":"ADOBE PDF","dom":{"size":7347,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1582e6aa6604694c9f8c86555410f10f","sha1":"2c8965c9356114de06f87fc16fd1da667b01106a","sha256":"e2d6144128b05e42d7c47e043aff5f1ab5b0aa98f0a631bcf0fb6df0c8daef10","sha512":"dc387117a59173a2ebfcae648718dc5724688ca45d4804726e84cdcc26f97f046bceea82a11fe8506a827d2fd3fd753ec44e69d53737db4b62cb4b81b04bcbea","ssdeep":"192:BrFA63OesW+8Cq689uJoTVgD3Am+aQbU59uAALNj:BrOCOdWjGQgoRgHYbOvAp","tlshash":"8ae1815b56b309511a53e0b53bebb1003122d00b2d09edaa7bed839c4f4ef1596b37d9","dom_hash":"domhashe3fb803ed3a8b8c7ef21707bfdb1b1b6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"officework24.net/apc/index.php/falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-02T12:25:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-28","alert":"Detects file containing Telegram Bot API","trigger":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"officework24.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Adobe","verdict":"phishing","severity":"medium","comment":"Associated with Adobe phishing","tags":["adobe","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"res-1.cdn.office.net","ip":{"addr":"23.36.76.90","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"1994-11-14","domain_rank":990,"first_seen":"2020-12-08T13:32:22Z","last_seen":"2026-05-22T03:05:09.181302Z","alert_count":0,"request_count":1,"received_data":2292,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"gyazo.com","ip":{"addr":"35.186.213.112","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2007-08-31","domain_rank":7474,"first_seen":"2012-05-20T19:22:57Z","last_seen":"2026-05-26T13:44:43.553744Z","alert_count":0,"request_count":1,"received_data":1475,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.31.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"officework24.net","ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"domain_registered":"2021-05-20","domain_rank":0,"first_seen":"2026-05-28T12:25:55.341581Z","last_seen":"2026-05-28T12:25:55.341581Z","alert_count":14,"request_count":3,"received_data":8774,"sent_data":1497,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"md5":"89f4827f5f91a30f3a0d9445bd32079f","sha1":"d00251cd5da5376ca6668284b86ee6a3e0087c4d","sha256":"d2e83fcd33f6077bb65bc0443a8c04eb2af162d84b898db4291707a665445d40","sha512":"7371d57c918306e27c585d31dc1fa98a2227292892b49904f5df9f73e23229637b33fc60f89c5f560dc55937885b62450d35a7c746ec5e25b76efcd9f9dc2cb7","size":4799,"token":"8660072654:AAHB8Z248vctJFGi3x6EdH0nSFCny7fTQcc","is_revoked":false,"bot":{"token":"8660072654:AAHB8Z248vctJFGi3x6EdH0nSFCny7fTQcc","user_id":"8660072654","username":"Ancestoral_bot","first_name":"Dushane_bot","last_name":"","chat":{"chat_id":"7203048811","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Adobe","verdict":"phishing","severity":"medium","comment":"Associated with Adobe phishing","tags":["adobe","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"89f4827f5f91a30f3a0d9445bd32079f","sha1":"d00251cd5da5376ca6668284b86ee6a3e0087c4d","sha256":"d2e83fcd33f6077bb65bc0443a8c04eb2af162d84b898db4291707a665445d40","sha512":"7371d57c918306e27c585d31dc1fa98a2227292892b49904f5df9f73e23229637b33fc60f89c5f560dc55937885b62450d35a7c746ec5e25b76efcd9f9dc2cb7","ssdeep":"96:FyHMW+01Cq689uf+AoTVgD3ev5mR0aQb0h5pxx/oePGAAu4i:UsW+8Cq689uJoTVgD3Am+aQbU59uAALi","tlshash":"d9a1215b1ab759600a63d0ba77dfb1002031e01b3d09edaaba9dc34c0f5ef2456b27d6","size":4799,"data":"","first_seen":"2026-05-28T12:25:58.000752Z","last_seen":"2026-05-29T23:58:39.756885Z","times_seen":11,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-28","alert":"Detects file containing Telegram Bot API","trigger":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"res-1.cdn.office.net/files/fabric-cdn-prod_20230524.001/assets/item-types/96/pdf.png","fqdn":"res-1.cdn.office.net","domain":"office.net","tld":"net"},"ip":{"addr":"23.36.76.90","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","date":"2026-05-28T12:25:34.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.public.cdn.office.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Mon, 11 May 2026 00:24:36 GMT","end":"Wed, 25 Nov 2026 00:24:36 GMT"},"fingerprint":{"sha1":"C2:60:C5:21:14:BE:DC:39:AB:31:57:C3:75:5C:85:F3:66:08:A3:C4","sha256":"14:E3:1B:C5:2C:FC:72:82:F5:9D:D6:FC:DA:65:B0:E6:A3:60:61:1C:B2:A1:F3:C2:08:E4:EC:05:6A:5D:DB:B8"}}},"request":{"raw":"GET /files/fabric-cdn-prod_20230524.001/assets/item-types/96/pdf.png HTTP/1.1\r\nHost: res-1.cdn.office.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://officework24.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 1071\r\ncontent-type: image/png\r\nlast-modified: Wed, 24 May 2023 22:01:26 GMT\r\nx-ms-request-id: e557eb6c-901e-0043-31ca-b419cb000000\r\ncache-control: public, max-age=630720000\r\ndate: Thu, 28 May 2026 12:25:34 GMT\r\nalt-svc: h3=\":443\"; ma=93600,h3-29=\":443\"; ma=93600\r\nakamai-request-bc: [a=23.36.76.172,b=115093487,c=g,n=NO__OSLO,o=20940]\r\nak-network: FF\r\nreport-to: {\"group\":\"NelM365CDNUpload1\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide\u0026DestinationEndpoint=OSLO\u0026ASN=20940\u0026Country=NO\u0026Region=\u0026RequestIdentifier=0.ac4c2417.1779971134.6dc2fef\u0026TotalRTCDNTime=0\u0026CompressionType=\u0026FileSize=1071\"}],\"include_subdomains \":true}\r\nnel: {\"report_to\":\"NelM365CDNUpload1\",\"max_age\":604800,\"include_subdomains\":true,\"failure_fraction\":1.0,\"success_fraction\":0.01}\r\nserver-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0\r\nakamai-cache-status: Hit from child\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-cdn-provider: Akamai\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1071,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"85d0f1cd17bf776cad27ecdcff25e32a","sha1":"89c5541bfe01bd24acb784b7cf502cdc58a3cdbf","sha256":"e94a2953f3ff2e8cc2ffe8f01d037311ec0798a316066c2107f2ef510018e581","sha512":"cef03242abe27a9718ffa10d115c199d5f246e57234295fc3e4490ecaf10787fc11cd43440909e89fe8c340090c42a09914cf46d83d106ebdf190a1073db75b8","ssdeep":"","tlshash":"ba11b692e074dd9be3c8c29d231bf55df267610f2c640314a3d484b0286558f92ba2b6","first_seen":"2024-03-05T18:30:32Z","last_seen":"2026-05-29T23:58:39.754569Z","times_seen":52,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":56,"dns":31,"connect":1,"send":0,"wait":3,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyazo.com/c03cd4aa4ec406839ebd2d81ee28777c?semt=ais_hybrid","fqdn":"gyazo.com","domain":"gyazo.com","tld":"com"},"ip":{"addr":"35.186.213.112","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","date":"2026-05-28T12:25:34.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gyazo.com","organization":""},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 09 Mar 2026 00:00:00 GMT","end":"Wed, 23 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B7:D2:47:22:B2:4B:6D:20:6F:4D:EB:B7:55:A2:FD:09:09:64:35:83","sha256":"FF:A8:57:9B:7E:B7:27:BF:45:82:1B:87:F7:DE:AE:08:66:C8:C4:13:67:7D:7D:C6:C7:93:19:F7:A6:43:58:1B"}}},"request":{"raw":"GET /c03cd4aa4ec406839ebd2d81ee28777c?semt=ais_hybrid HTTP/1.1\r\nHost: gyazo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://officework24.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.31.0\r\ndate: Thu, 28 May 2026 12:25:35 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\nset-cookie: Gyazo_session=_; path=/; expires=Thu, 15 Jun 2021 06:00:00 GMT; HttpOnly; secure\nGyazo_session=OTNoWTkvS3lPTloyNk13SllxYUFvTlB1OFJYUjEweGhqY2NaTjBhalZNNzY2aEt1enlLMzRPeXIxMHRGMzJaa2JqSWRBRlo1aVJya2ZmWkQybjg3SGZoTTNkNlZQeS9jWkczRlJlQmhwNGZJT01rMkFUYWhnTytqR3RGMkc3dmZhY0ZldjBwbkt4dTY5eTVyMk4zL1RKWnB1VmFzcjkxbzRzRnJ1MjNBN2tmUHB5c1JvdEgvYVQzbDBpaldGVFlhUXBrWEVUdDVPMERzUVUzNmNLVU5SWTFDY2NQaFpaa054c1lwUlJ2cWw4ZWVrZFhodFR2cHpseFZmOEFNaUU4NllGV2xBSWRUTTltOC9wYjhUVFIxT3ZGVlVzWjJVWjZPcmVLRlRYNzhGM2FwTzlzRHZObk9SOTdZSCtKeHdEeTNWa0FWVmUvNU4rWVlpZkx0R3BtNXpnPT0tLWtrVEE4Qnllcmx0K1JhZHFmU3lMbmc9PQ%3D%3D--74283443b5123345b1f6e2c7af52d3bb9c7a86e7; domain=.gyazo.com; path=/; expires=Sun, 28 May 2028 12:25:35 GMT; secure; HttpOnly; SameSite=None\nGCLB=CJvbrJSGiYyQWBAD; path=/; HttpOnly\r\ncache-tag: bbdc3d70ccc16d22\r\netag: W/\"548ca9e548a75385896acae9e9cc2476\"\r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: 9825a51e-c76b-427d-969f-f752ff3bd8da\r\nx-runtime: 0.028998\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.31.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T04:03:16.546927Z","times_seen":15899389,"resource_available":true,"data":null}},"time_used":328,"timings":{"blocked":-1,"dns":17,"connect":26,"send":0,"wait":183,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"officework24.net/apc/index.php/falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-28T12:25:33.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.officework24.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 11:48:49 GMT","end":"Sat, 27 Jun 2026 11:48:48 GMT"},"fingerprint":{"sha1":"D2:9A:32:E3:48:86:FC:CE:E2:F6:74:2F:AB:84:C0:B5:90:64:BF:A0","sha256":"B4:3E:DB:7D:DB:86:87:8F:88:0A:23:78:CC:2A:39:D5:16:F1:0C:19:0C:04:84:63:D5:C4:E4:19:3C:D6:C5:32"}}},"request":{"raw":"GET /apc/index.php/falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net HTTP/1.1\r\nHost: officework24.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 May 2026 12:25:34 GMT\r\nserver: nginx/1.25.5\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nrefresh: 0;url=https://officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T04:03:16.546927Z","times_seen":15899389,"resource_available":true,"data":null}},"time_used":1242,"timings":{"blocked":442,"dns":165,"connect":135,"send":0,"wait":358,"receive":0,"ssl":139},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"officework24.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Adobe","verdict":"phishing","severity":"medium","comment":"Associated with Adobe phishing","tags":["adobe","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-28T12:25:34.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.officework24.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 11:48:49 GMT","end":"Sat, 27 Jun 2026 11:48:48 GMT"},"fingerprint":{"sha1":"D2:9A:32:E3:48:86:FC:CE:E2:F6:74:2F:AB:84:C0:B5:90:64:BF:A0","sha256":"B4:3E:DB:7D:DB:86:87:8F:88:0A:23:78:CC:2A:39:D5:16:F1:0C:19:0C:04:84:63:D5:C4:E4:19:3C:D6:C5:32"}}},"request":{"raw":"GET /apa/pdfauto.html HTTP/1.1\r\nHost: officework24.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 May 2026 12:25:34 GMT\r\nserver: nginx/1.25.5\r\ncontent-type: text/html\r\ncontent-length: 3160\r\nlast-modified: Mon, 25 May 2026 21:31:52 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-server-cache: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7369,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"df82d1db0439956ef7c5292fdd577bee","sha1":"03deea43c93e5df535eb422cec264caf08b3019e","sha256":"91e6a27a4aa6dd07a78c02a23c81919289b7828af59ed6de6d8794f8d22170a8","sha512":"a2230988044377b2be390fbdba5429e55cd14802b717b964abb9c16f5e07b4c4f227d4f1e4246cff936680ee9244576a4a14bfb491367745000206b1a47c48be","ssdeep":"192:LFA63O3sW+8Cq689uJoTVgD3Am+aQbU59uAALr:LOCOcWjGQgoRgHYbOvAn","tlshash":"92e1835715b319511653e0b53bebb1003122d00b2e0aedaa7bed839c4f4ef1496b37d9","first_seen":"2026-05-28T12:25:57.997313Z","last_seen":"2026-05-29T23:58:39.751734Z","times_seen":11,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-28","alert":"Detects file containing Telegram Bot API","trigger":"officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"officework24.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Adobe","verdict":"phishing","severity":"medium","comment":"Associated with Adobe phishing","tags":["adobe","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"officework24.net/apa/style.css","fqdn":"officework24.net","domain":"officework24.net","tld":"net"},"ip":{"addr":"162.251.85.78","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://officework24.net/apa/pdfauto.html#falet@c060ec379367ae6febc7dc7cb3d80d75a66d.net","date":"2026-05-28T12:25:34.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.officework24.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 11:48:49 GMT","end":"Sat, 27 Jun 2026 11:48:48 GMT"},"fingerprint":{"sha1":"D2:9A:32:E3:48:86:FC:CE:E2:F6:74:2F:AB:84:C0:B5:90:64:BF:A0","sha256":"B4:3E:DB:7D:DB:86:87:8F:88:0A:23:78:CC:2A:39:D5:16:F1:0C:19:0C:04:84:63:D5:C4:E4:19:3C:D6:C5:32"}}},"request":{"raw":"GET /apa/style.css HTTP/1.1\r\nHost: officework24.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://officework24.net/apa/pdfauto.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nlast-modified: Tue, 15 Mar 2022 22:07:30 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 355\r\ncontent-type: text/html\r\ndate: Thu, 28 May 2026 12:25:34 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":583,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"59f6ae7c7f154ec74d418d4ed6fc5b0e","sha1":"674860108a41ab23ba5f73635749332bd8a46b7e","sha256":"50e0767f2731da7ddb56d719dc85a7f830c4a860d8f09d0f25401d3dc7097d7d","sha512":"501f35d5347bd1f20024a1c76172874e0026289f6dd60de6a1f83ef2deb0fff07cd75c45b4dcf693a7c2ff903528bedbd05c2b9f9bb439d294f5f904427173f7","ssdeep":"","tlshash":"fbf0eb671c62c4436521c68a33e1ee2c58983213d109ed6ab6de522ccb89bdc88d3a39","first_seen":"2023-03-10T19:53:58Z","last_seen":"2026-05-29T23:58:39.753138Z","times_seen":11047,"resource_available":true,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"officework24.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"officework24.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Adobe","verdict":"phishing","severity":"medium","comment":"Associated with Adobe phishing","tags":["adobe","phishing"],"meta":null}]}}]}