{"report_id":"98902bc0-372a-4c54-a540-08f922156c00","version":6,"status":"done","tags":[],"date":"2025-02-27T17:29:26Z","url":{"schema":"http","addr":"api.camdriversupport.com/ffmpeg-tp.sh","fqdn":"api.camdriversupport.com","domain":"camdriversupport.com","tld":"com"},"ip":{"addr":"198.187.29.145","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-05-08T17:29:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"api.camdriversupport.com","ip":{"addr":"198.187.29.145","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2025-01-27","domain_rank":0,"first_seen":"2025-02-27T17:29:26.299232Z","last_seen":"2025-02-27T17:29:26.299232Z","alert_count":1,"request_count":1,"received_data":85990,"sent_data":503,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-27","alert":"Sinkholed","trigger":"camdriversupport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"api.camdriversupport.com/ffmpeg-tp.sh","fqdn":"api.camdriversupport.com","domain":"camdriversupport.com","tld":"com"},"ip":{"addr":"198.187.29.145","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-27T17:28:56.393Z","timestamp":1740677336393,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.camdriversupport.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Mon, 27 Jan 2025 00:00:00 GMT","end":"Tue, 27 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B2:1C:76:5B:09:CA:D0:BF:C1:A5:C5:AE:A3:1E:17:4B:51:0C:CA:56","sha256":"8A:8E:F9:D5:7D:AE:E3:9B:47:30:8E:64:7D:B2:CC:79:0B:CE:F5:27:30:00:7E:0D:5E:8E:2B:48:A2:2C:AA:07"}}},"request":{"raw":"GET /ffmpeg-tp.sh HTTP/1.1\r\nHost: api.camdriversupport.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-type: application/octet-stream\r\ncontent-disposition: attachment; filename=\"ffmpeg.sh\"\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Sat, 25 Jan 2025 11:12:17 GMT\r\netag: W/\"14e3c-1949d299a68\"\r\ncontent-length: 85564\r\ndate: Thu, 27 Feb 2025 17:28:57 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85564,"size_decoded":85564,"mime_type":"application/octet-stream","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3","md5":"a6296fa80cf09ac595a4304e2d07906f","sha1":"9e3ed0c7785c4fdb6c3bf3e2b22f829c12c38b0e","sha256":"a803c043e12a5dac467fae092b75aa08b461b8e9dd4c769cea375ff87287a361","sha512":"e584d76e93bcd2db0ae614c29016f1d4d4f5f081ed5f2f0f8699b85e983af127c0dc278e49755c60f7be94d4de8f24a31e808b21eef3e891a0233e6695261888","ssdeep":"1536:u47zTLVyk3qYfjagr5aEiZCvn9ibATAWjKT98cIckTKmxBNGpX5xkeGt:V9yFt057iYwkA5zc3U5V8","tlshash":"4c83123a0ee167e47126fe765cdcfa2eb4e413c6c89c106e27c599359000ea9fe42e5d","first_seen":"2025-01-20T22:05:35.304473Z","last_seen":"2025-03-21T19:09:32.263901Z","times_seen":11,"resource_available":false,"data":null}},"time_used":1791,"timings":{"blocked":632,"dns":30,"connect":163,"send":0,"wait":332,"receive":190,"ssl":441},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-27","alert":"Sinkholed","trigger":"camdriversupport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}