{"report_id":"aa3b5716-9109-42c8-b8dc-729a424ed3b5","version":6,"status":"done","tags":[],"date":"2025-11-29T02:41:32Z","url":{"schema":"http","addr":"api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"ip":{"addr":"104.21.47.106","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"title":"404 - File or directory not found.","dom":{"size":1104,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"39bd4fcf8144ee07197576c962b22257","sha1":"bd799bfecd567733901088ede1cdbb020605a44b","sha256":"d797463c37d536bcae79155f4fda08538137d2ac208b4871a595ab5777d0ae3a","sha512":"a4d9480e3f970992e6fce7234c757eaba08d29fa1c8496d9a71bc1b636d3a498f81f9c2f0afa64c32a2f910bab1acb72eb052671c0078613fec88cc8e936c254","ssdeep":"","tlshash":"f011302bd3883014f6978080b2a237d63f068986e56f5a65a622f2a5f0d69e3c1d77c4","dom_hash":"domhashd534a4cf42c54ad24a4778187428a0c5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"ip":{"addr":"104.21.47.106","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-03T02:41:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"api.whbapi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"api.whbapi.com","ip":{"addr":"172.67.146.192","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-06-24","domain_rank":0,"first_seen":"2019-07-01T09:49:35Z","last_seen":"2025-11-04T09:03:38.716853Z","alert_count":3,"request_count":3,"received_data":8290,"sent_data":1448,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"ip":{"addr":"172.67.146.192","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-29T02:41:10.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whbapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 22 Nov 2025 09:07:34 GMT","end":"Fri, 20 Feb 2026 10:05:24 GMT"},"fingerprint":{"sha1":"F5:3E:9E:ED:6A:E9:F5:65:03:F3:3C:99:0A:62:DB:52:AF:22:37:0F","sha256":"FA:CA:13:30:51:46:99:D8:FC:81:68:57:E5:98:3B:D0:E6:BA:2B:B5:27:4C:CE:CA:DA:A7:7A:87:2B:34:E2:32"}}},"request":{"raw":"GET /softwareupdate/components/software/304/default/17063/followinglike4.exe HTTP/1.1\r\nHost: api.whbapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 29 Nov 2025 02:41:11 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nx-powered-by: ASP.NET\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GGp8O9LY0uTNj7em2g3iERnP658M6Ingdp0VCbb1RC7uCwBwL7ioVi0%2FVyzZ1grXCbiXdDriwzcURaugA3UUBdB7ioIFnBlK5jMM%2Brar\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9a5ebe99de371525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1245,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-04-03T16:40:41.171114Z","times_seen":53600,"resource_available":true,"data":null}},"time_used":791,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":747,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"api.whbapi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"ip":{"addr":"172.67.146.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-29T02:41:11.570Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /softwareupdate/components/software/304/default/17063/followinglike4.exe HTTP/1.1\r\nHost: api.whbapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 29 Nov 2025 02:41:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nAccess-Control-Allow-Origin: *\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS\r\nAccess-Control-Allow-Credentials: true\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAge: 0\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3RwpHUNvLvoqb7%2BlfMM8jwVaP5DBcjBjzQKw78nzgDmZq6K183I9IsBV01TB0AdVF%2FfPAtHrGoVkCxMq5Z9V%2BzatdV3RluY2qVzmaOP8\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 9a5ebe9f4d15dfec-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1245,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-04-03T16:40:41.171114Z","times_seen":53600,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"api.whbapi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"api.whbapi.com/favicon.ico","fqdn":"api.whbapi.com","domain":"whbapi.com","tld":"com"},"ip":{"addr":"172.67.146.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe","date":"2025-11-29T02:41:11.681Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: api.whbapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://api.whbapi.com/softwareupdate/components/software/304/default/17063/followinglike4.exe\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 29 Nov 2025 02:41:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private\r\nServer: cloudflare\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS\r\nAccess-Control-Allow-Credentials: true\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SKsJIg2YPW91q45Y9aNd8moblVrVP37OFgEbSEfObclRCwrVS5UDf0RBMtGOQAjznfY75%2FW7UvZrlmrJ%2FjKadzq34Zig%2FoDJ6%2FoEbArx\"}]}\r\ncf-cache-status: BYPASS\r\nVary: accept-encoding\r\nContent-Encoding: gzip\r\nCF-RAY: 9a5ebea00dd5dfec-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3427,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a20c55f06a99fb65959387729760fc9b","sha1":"02150310bcf3782695939ebcbca09d0185aa543e","sha256":"c8d26431d0fdfbfa32b86ec95fb894d3f701a9631a6f6903561f60dd9e7fb350","sha512":"9e748984963c983a9c25aa25cbf8ed0c4e2bb659012570fa80bae6886c9f0323dd3619149fad49979638fe74a4eb3faa4e8d014ac8915a31dac79667795c663c","ssdeep":"","tlshash":"1f61b622ce3c56a586b26869f603d648ef7a11cbe211d93178cd0a05dffa04552dbbcc","first_seen":"2025-10-21T22:10:54.499968Z","last_seen":"2025-12-01T23:37:14.269663Z","times_seen":4,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"api.whbapi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}