{"report_id":"903aa427-8dff-42e2-9f38-80b5d98e1e6f","version":6,"status":"done","tags":[],"date":"2024-11-29T17:39:15Z","url":{"schema":"http","addr":"support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394","fqdn":"support.silloway.net","domain":"silloway.net","tld":"net"},"ip":{"addr":"64.223.139.187","port":0,"asn":13977,"as":"CTELCO","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394","fqdn":"support.silloway.net","domain":"silloway.net","tld":"net"},"title":"support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T17:39:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"support.silloway.net","ip":{"addr":"64.223.139.187","port":443,"asn":13977,"as":"CTELCO","country":"United States","country_code":"US"},"domain_registered":"2001-11-19","domain_rank":0,"first_seen":"2017-05-13T20:30:24Z","last_seen":"2024-11-29T17:38:07.844433Z","alert_count":0,"request_count":2,"received_data":15862,"sent_data":1108,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T17:39:07Z","timestamp":1732901947,"ip_dst":{"addr":"172.18.0.22","port":55736,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"125.45.71.67","port":34996,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"severity":"high","alert":"ET POLICY Executable and linking format (ELF) file download","source":"{\"timestamp\":\"2024-11-29T17:39:07.510942+0000\",\"flow_id\":1080480552701447,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"125.45.71.67\",\"src_port\":34996,\"dest_ip\":\"172.18.0.22\",\"dest_port\":55736,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.ELFDownload\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2000418,\"rev\":17,\"signature\":\"ET POLICY Executable and linking format (ELF) file download\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2010_07_30\"],\"updated_at\":[\"2023_04_12\"]}},\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":584,\"bytes_toclient\":10616,\"start\":\"2024-11-29T17:36:07.183815+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394","fqdn":"support.silloway.net","domain":"silloway.net","tld":"net"},"ip":{"addr":"64.223.139.187","port":443,"asn":13977,"as":"CTELCO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T17:38:50.126Z","timestamp":1732901930126,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"support.silloway.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 14 Oct 2024 03:25:41 GMT","end":"Sun, 12 Jan 2025 03:25:40 GMT"},"fingerprint":{"sha1":"F6:2E:F8:68:EB:0D:25:38:78:3C:7F:C1:C4:F2:AC:3A:90:B6:0D:62","sha256":"82:B3:0B:3C:C5:B3:56:48:54:1B:55:30:EE:08:D6:7D:76:0F:8B:A4:2D:E6:42:7B:3D:93:B5:1F:27:84:FA:44"}}},"request":{"raw":"GET /access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394 HTTP/1.1\r\nHost: support.silloway.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 11\r\nLast-Modified: Wed, 16 Oct 2024 21:29:22 GMT\r\nCache-Control: private, must-revalidate\r\nPragma: private\r\nServer: SimpleHelp/SSuite-5-5-20241016-222143\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11,"size_decoded":11,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"7b57330d3988275c46942d07052a6346","sha1":"5b5dc2951afa1b2e4ebf3d352896c0789d1286af","sha256":"f7faa13496f5559feff2160a46442c26489aa8ed23bc1a10ba94619c885e8dcb","sha512":"208b4c86d9b181aa93b8dc23f91b6007c50ae2616e5ae9e91277a4ce3c806cc304e7bfae384a93841e71450645db0920e3e94ac7e2b886347ec99a03590cd78c","ssdeep":"","tlshash":"34500000cc0c330000030000003c03c00c0003c00030300003000c000003f000c00000","first_seen":"2024-11-04T20:09:11.4401Z","last_seen":"2025-03-04T12:32:38.429626Z","times_seen":14,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":445,"dns":0,"connect":99,"send":0,"wait":108,"receive":0,"ssl":342},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"support.silloway.net/favicon.ico","fqdn":"support.silloway.net","domain":"silloway.net","tld":"net"},"ip":{"addr":"64.223.139.187","port":443,"asn":13977,"as":"CTELCO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394","date":"2024-11-29T17:38:50.930Z","timestamp":1732901930930,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"support.silloway.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 14 Oct 2024 03:25:41 GMT","end":"Sun, 12 Jan 2025 03:25:40 GMT"},"fingerprint":{"sha1":"F6:2E:F8:68:EB:0D:25:38:78:3C:7F:C1:C4:F2:AC:3A:90:B6:0D:62","sha256":"82:B3:0B:3C:C5:B3:56:48:54:1B:55:30:EE:08:D6:7D:76:0F:8B:A4:2D:E6:42:7B:3D:93:B5:1F:27:84:FA:44"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: support.silloway.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://support.silloway.net/access/JWrapper-Remote%20Access-version.txt?platform=windows-intel-64\u0026osid=w6-1-7601\u0026guv=00110278394\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/vnd.microsoft.icon\r\nContent-Length: 15406\r\nLast-Modified: Tue, 23 Jul 2024 08:07:22 GMT\r\nCache-Control: private, must-revalidate\r\nPragma: private\r\nServer: SimpleHelp/SSuite-5-5-20241016-222143\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15406,"size_decoded":15406,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"39a349a4171759407f1aa76f9937b35f","sha1":"82e61919f09521f53cf34b21e4301be4cd8b67b9","sha256":"c88bccf1b1aa959f96e87d320a10550d9885f5ef5c71b8a9da039ca35d0d4501","sha512":"5bdd77bbc0639874c06c8057a99bb82186508d13fb0fb189cf4ab458f30908470d92aa589abf4714e0a4c40a195677f8bba7d14aef26216535678b395e801d6a","ssdeep":"192:FGx3s6X12NnhKotMi+TfF7f0JtiITt9wL9AWuuUiqraW:el6hHd+TfZfMx5+A3umu","tlshash":"b662e9517603df05ca680835544a0b91a9766d3b33999276a2a4b40a1fdfcc3cda73f5","first_seen":"2023-05-06T05:21:56Z","last_seen":"2026-04-10T14:57:59.209527Z","times_seen":1667,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":97,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}