{"report_id":"b05c350a-ad43-4036-a76d-12b05a1d35c2","version":6,"status":"done","tags":[],"date":"2025-04-18T17:29:48Z","url":{"schema":"http","addr":"66.63.187.72:3000/login","fqdn":"66.63.187.72","domain":"66.63.187.72","tld":""},"ip":{"addr":"66.63.187.72","port":0,"asn":214943,"as":"Railnet LLC","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"66.63.187.72:3000/login","fqdn":"66.63.187.72","domain":"66.63.187.72","tld":""},"title":"Login"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-27T17:29:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"66.63.187.72","ip":{"addr":"66.63.187.72","port":3000,"asn":214943,"as":"Railnet LLC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":3219,"sent_data":771,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"66.63.187.72","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"66.63.187.72","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"66.63.187.72:3000/favicon.ico","fqdn":"66.63.187.72","domain":"66.63.187.72","tld":""},"ip":{"addr":"66.63.187.72","port":3000,"asn":214943,"as":"Railnet LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://66.63.187.72:3000/login","date":"2025-04-18T17:29:18.516Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 66.63.187.72:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://66.63.187.72:3000/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nRateLimit-Policy: 1000;w=900\r\nRateLimit-Limit: 1000\r\nRateLimit-Remaining: 998\r\nRateLimit-Reset: 900\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 150\r\nDate: Fri, 18 Apr 2025 17:29:17 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"84241342d84ac29592a5d9516f8edf7f","sha1":"03c53980e18e17625f439c20e7d438f066202428","sha256":"6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c","sha512":"7509483335c7a30365f7f403098491ac0b44fffcc68a5cdacb86ec191f02dbda5b16a20a09e924b6a29ac938578d43bacb9a50115db5c5668ea27fe1811bd530","ssdeep":"","tlshash":"34c08c9e140012010b2087042ac1326464973b992de685006a87e027ece8a1ad987288","first_seen":"2023-04-05T13:59:49Z","last_seen":"2026-04-05T14:02:47.078991Z","times_seen":5538,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"66.63.187.72","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"66.63.187.72:3000/login","fqdn":"66.63.187.72","domain":"66.63.187.72","tld":""},"ip":{"addr":"66.63.187.72","port":3000,"asn":214943,"as":"Railnet LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-18T17:29:17.515Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /login HTTP/1.1\r\nHost: 66.63.187.72:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":2061,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"https://www.mediafire.com/download_repair.php?flag=3\u0026dkey=knbimli9ifwgQiQVvUTAd0xZmRvrsrOZST0QOUiHxekAVx8aYCkIJeU1gmFCqMVi6XXMeQcxRcpPNx1w0%2D8iMwRJTctJMp3QYOkqhC%5F8wDALraSFHB9jR4pSlMgNsEihcnw7CQfHNyffp5jSNlSSSb2wZhac5xaT43MsMYtqXrIv2w\u0026qkey=ui6hljtm64nluya\u0026ip=91%2E90%2E42%2E154\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1025,\"startTime\":1744997372084,\"versions\":{\"fl\":\"2025.4.0-1-g37f21b1\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"9815a033-cdc4-42a1-8831-9243532f39b0\",\"location\":\"https://www.mediafire.com/file/ui6hljtm64nluya/%F0%9D%93%9B%40%F0%9D%93%89%F0%9D%91%92%F0%9D%93%88%F0%9D%90%AD%23%24%7E%F0%9D%90%B9%211%F0%9D%90%BF%F0%9D%90%9E-%F0%9D%90%B9%F0%9D%93%8A%F0%9D%93%811%F0%9D%90%BF-%F0%9D%90%92%F0%9D%91%92%F0%9D%93%893%F0%9D%93%8A%F0%9D%93%85%E2%9A%99%EF%B8%8F%F0%9D%90%B6%F0%9D%90%A82%F0%9D%90%B7%F0%9D%90%9E9-6632.zip\",\"nt\":\"navigate\",\"serverTimings\":[{\"name\":\"cfCacheStatus\",\"dur\":0,\"desc\":\"DYNAMIC\"},{\"name\":\"cfExtPri\",\"dur\":0,\"desc\":\"\"}],\"timingsV2\":{\"unloadEventStart\":326,\"unloadEventEnd\":340,\"domInteractive\":1016,\"domContentLoadedEventStart\":1372,\"domContentLoadedEventEnd\":1375,\"domComplete\":2219,\"loadEventStart\":2219,\"loadEventEnd\":2220,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h3\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":2,\"domainLookupStart\":2,\"domainLookupEnd\":2,\"connectStart\":2,\"connectEnd\":2,\"secureConnectionStart\":2,\"requestStart\":21,\"responseStart\":256,\"responseEnd\":260,\"transferSize\":23317,\"encodedBodySize\":22266,\"decodedBodySize\":100745,\"name\":\"https://www.mediafire.com/file/ui6hljtm64nluya/%F0%9D%93%9B%40%F0%9D%93%89%F0%9D%91%92%F0%9D%93%88%F0%9D%90%AD%23%24%7E%F0%9D%90%B9%211%F0%9D%90%BF%F0%9D%90%9E-%F0%9D%90%B9%F0%9D%93%8A%F0%9D%93%811%F0%9D%90%BF-%F0%9D%90%92%F0%9D%91%92%F0%9D%93%893%F0%9D%93%8A%F0%9D%93%85%E2%9A%99%EF%B8%8F%F0%9D%90%B6%F0%9D%90%A82%F0%9D%90%B7%F0%9D%90%9E9-6632.zip\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":2220},\"siteToken\":\"8e4f9484d8b840b28e4e0cc92b90ce0c\",\"st\":2}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nRateLimit-Policy: 1000;w=900\r\nRateLimit-Limit: 1000\r\nRateLimit-Remaining: 999\r\nRateLimit-Reset: 900\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2364\r\nETag: W/\"93c-TXuZj5/6+PFFGBeu6NBJljVIXUE\"\r\nDate: Fri, 18 Apr 2025 17:29:16 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2364,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"38193b3ab0938a1efe572f403d934cfe","sha1":"4d7b998f9ffaf8f1451817aee8d0499635485d41","sha256":"84ec45c0a8c06b1363b3a671a48210ce43476c241aee24eec4feaab87ef59126","sha512":"a5868707bd861f742536e2f14a914aeebc33187c6f56a9e6778bf2c76272298b5213bcb1963403aca68dfe663a9e302f20fdf29532d344cd8e315184ba31c4e6","ssdeep":"","tlshash":"6041c215d6880d467032d1b46ba38651fb9a94638301463d3edc33964fb965982a3bdc","first_seen":"2025-04-18T17:29:51.507833Z","last_seen":"2025-04-18T17:29:51.507833Z","times_seen":1,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":69,"dns":0,"connect":79,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"66.63.187.72","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}