{"report_id":"a4811a54-1e6e-4a02-9584-ac8c617c382a","version":6,"status":"done","tags":["botpanel","malware"],"date":"2025-08-07T08:15:31Z","url":{"schema":"http","addr":"r.lr-ingest.com/","fqdn":"r.lr-ingest.com","domain":"lr-ingest.com","tld":"com"},"ip":{"addr":"104.198.23.205","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"r.lr-ingest.com/","fqdn":"r.lr-ingest.com","domain":"lr-ingest.com","tld":"com"},"title":"r.lr-ingest.com/"},"submit":{"url":{"schema":"http","addr":"r.lr-ingest.com/","fqdn":"r.lr-ingest.com","domain":"lr-ingest.com","tld":"com"},"ip":{"addr":"104.198.23.205","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-11T08:15:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null},{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"summary":[{"fqdn":"r.lr-ingest.com","ip":{"addr":"104.198.23.205","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2023-03-09","domain_rank":0,"first_seen":"2023-03-10T19:09:29Z","last_seen":"2025-08-03T05:21:59.297514Z","alert_count":2,"request_count":2,"received_data":1914,"sent_data":921,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"r.lr-ingest.com/","fqdn":"r.lr-ingest.com","domain":"lr-ingest.com","tld":"com"},"ip":{"addr":"104.198.23.205","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-07T08:15:09.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.logrocket.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Jun 2025 14:27:29 GMT","end":"Sat, 13 Sep 2025 14:27:28 GMT"},"fingerprint":{"sha1":"32:09:61:11:BB:97:DB:FE:B4:89:9E:3D:E0:3F:B3:C4:55:0A:74:5E","sha256":"1E:82:78:23:A0:0C:C5:78:F2:19:FE:CD:81:D4:79:8D:91:FA:D1:4D:09:86:E8:97:05:E1:E2:E5:2C:5F:D7:D9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: r.lr-ingest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 08:15:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 2\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-expose-headers: X-LogRocket-Upload-Max-Interval,X-LogRocket-Upload-Max-Size\r\netag: W/\"2-eoX0dku9ba8cNUXvu/DyeabcC+s\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-logrocket-upload-max-interval: 30000\r\nx-logrocket-upload-max-size: 50000000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version\r\naccess-control-max-age: 1728000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-04T12:48:20.291385Z","times_seen":390890,"resource_available":true,"data":null}},"time_used":717,"timings":{"blocked":297,"dns":42,"connect":121,"send":0,"wait":122,"receive":1,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"https","addr":"r.lr-ingest.com/favicon.ico","fqdn":"r.lr-ingest.com","domain":"lr-ingest.com","tld":"com"},"ip":{"addr":"104.198.23.205","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r.lr-ingest.com/","date":"2025-08-07T08:15:09.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.logrocket.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Jun 2025 14:27:29 GMT","end":"Sat, 13 Sep 2025 14:27:28 GMT"},"fingerprint":{"sha1":"32:09:61:11:BB:97:DB:FE:B4:89:9E:3D:E0:3F:B3:C4:55:0A:74:5E","sha256":"1E:82:78:23:A0:0C:C5:78:F2:19:FE:CD:81:D4:79:8D:91:FA:D1:4D:09:86:E8:97:05:E1:E2:E5:2C:5F:D7:D9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: r.lr-ingest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r.lr-ingest.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 07 Aug 2025 08:15:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-expose-headers: X-LogRocket-Upload-Max-Interval,X-LogRocket-Upload-Max-Size\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-logrocket-upload-max-interval: 30000\r\nx-logrocket-upload-max-size: 50000000\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version\r\naccess-control-max-age: 1728000\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"84241342d84ac29592a5d9516f8edf7f","sha1":"03c53980e18e17625f439c20e7d438f066202428","sha256":"6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c","sha512":"7509483335c7a30365f7f403098491ac0b44fffcc68a5cdacb86ec191f02dbda5b16a20a09e924b6a29ac938578d43bacb9a50115db5c5668ea27fe1811bd530","ssdeep":"","tlshash":"34c08c9e140012010b2087042ac1326464973b992de685006a87e027ece8a1ad987288","first_seen":"2023-04-05T13:59:49Z","last_seen":"2026-04-04T10:43:51.349978Z","times_seen":5509,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}}]}