{"report_id":"bd44e847-9d86-4c7c-8298-e9af29674281","version":6,"status":"done","tags":["microsoft","phishing","suspicious","telegram_bot"],"date":"2026-06-03T10:08:12Z","url":{"schema":"http","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"title":"Outlook","dom":{"size":40903,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10412)","md5":"4ccb4c660c5c79c67887182b020609f3","sha1":"9f9ed6b7e7f0babcbd81b4b7a9693ce61113ad0e","sha256":"2244c12ae8c95bb9e22e4bb5f97db009eba6a4aa06e6a7173bf5ba99c655f8f0","sha512":"13128d13515eb4ad846be911aded6f0bcba553424fb053900acd60a8021e9c922e54c4501ed8e3e405b0aa39dc98ced9595394224cef8ffd9918d272582b9a07","ssdeep":"768:QyDwSDkzdKV7aQblNoJmgK4e2FuzdotcRpKq:ZDEkF5F4nFumcRpKq","tlshash":"3d038e2f15a33d0a645a60d4f2e7ba013f1b80075c8fe97675bc271ccf85ea58162b9c","dom_hash":"domhashd7c27392217add443fa259524aa27d80","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T10:08:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"versadrones.net/wp-mail/owa.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"versadrones.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"mail.mofa.gov.kw","ip":{"addr":"45.66.0.67","port":443,"asn":208710,"as":"Ministry of Foreign Affairs","country":"Kuwait","country_code":"KW"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2014-03-05T08:04:30Z","last_seen":"2026-06-03T04:00:21.503178Z","alert_count":0,"request_count":1,"received_data":256,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}]},{"fqdn":"versadrones.net","ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2021-03-30","domain_rank":0,"first_seen":"2026-06-03T04:00:20.111474Z","last_seen":"2026-06-03T04:00:20.111474Z","alert_count":10,"request_count":4,"received_data":308744,"sent_data":2030,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Outlook Web App:15.1.2242","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Elementor:3.29.1","description":"Elementor is a website builder platform for professionals on WordPress.","website":"https://elementor.com","common_platform_enumeration":"","icon":"Elementor.svg","categories":["Page builders","WordPress plugins"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:27.2","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"md5":"dca45fd17a2be803380964c1c057dfeb","sha1":"4fc0b2605c39aa62c1a4e11ea051acd802e5def6","sha256":"02eef12253ca2de5d25072d7254c60f719dc18fc706ad2fdd9ae1b0191abc080","sha512":"484e7479098a976d7cd5ca41e00414c4e8fdfa3ece91d55431d65425da2cdbcb49f307052cfe1d7dbb2b528d5043cfaf49d7c5826504e72dfa8f4057654c24f2","size":4066,"token":"8123761157:AAF04oKHGSN_rw79_8fONpG47JfZngjlkP4","is_revoked":false,"bot":{"token":"8123761157:AAF04oKHGSN_rw79_8fONpG47JfZngjlkP4","user_id":"8123761157","username":"pb8180Bot","first_name":"2025 Logs","last_name":"","chat":{"chat_id":"","title":"","type":"","bot_is":"","total_users":0,"active_members":null,"admins":null},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3012703a3a5c709a38f2cba896e8e5e6","sha1":"d574b12ce7043b1ee47eb6934c39f19379fcf0ec","sha256":"2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc","sha512":"7ca0891d8d30781341b26e92353fda805a4383605a93bd41a402b1724c3712b345b0b354366952c5927de326e1e075f4198c50f82085127b36e07cc6dbf3cb8a","ssdeep":"","tlshash":"59c0486a6a4206a41ab6b65d32af22013b8280435b05f88cb87de1028b10a838878f8c","size":137,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-06T03:05:59.549403Z","times_seen":5221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"db8216e217de9a14420fa187142b00b5","sha1":"50f9fdaa34b7caa061db879baa23a7d75f048e9e","sha256":"ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed","sha512":"6f40947f7a23bee134b9d48603ae1350677e7a2017883aeb86173bb320e0b8ffc8a5755a216580fe60a93b6251baf0a5ed7dc31875d938143148818ed3c0e6a7","ssdeep":"","tlshash":"1ba0020c04af42510e1be93d2566cc4851535453a1a69715780c03469f418a485b1ad5","size":68,"data":"","first_seen":"2023-03-07T01:02:58Z","last_seen":"2026-06-06T03:05:59.55003Z","times_seen":3841,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dca45fd17a2be803380964c1c057dfeb","sha1":"4fc0b2605c39aa62c1a4e11ea051acd802e5def6","sha256":"02eef12253ca2de5d25072d7254c60f719dc18fc706ad2fdd9ae1b0191abc080","sha512":"484e7479098a976d7cd5ca41e00414c4e8fdfa3ece91d55431d65425da2cdbcb49f307052cfe1d7dbb2b528d5043cfaf49d7c5826504e72dfa8f4057654c24f2","ssdeep":"","tlshash":"be8133ae087a18286a77f272220bb7017126c1072d8eec6577ad43145f18b6bf9797dc","size":4066,"data":"","first_seen":"2026-06-03T04:00:25.304847Z","last_seen":"2026-06-03T10:08:14.315461Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"versadrones.net/wp-mail/owa.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mail.mofa.gov.kw/owa/auth/15.1.2242/themes/resources/favicon.ico","fqdn":"mail.mofa.gov.kw","domain":"mofa.gov.kw","tld":"gov.kw"},"ip":{"addr":"45.66.0.67","port":443,"asn":208710,"as":"Ministry of Foreign Affairs","country":"Kuwait","country_code":"KW"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://versadrones.net/wp-mail/owa.html","date":"2026-06-03T10:07:51.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.mofa.gov.kw","organization":"Ministry of Foreign Affairs"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Mon, 01 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"61:D0:A6:E0:B8:6D:83:B0:C3:94:6B:CB:F4:40:07:DC:A6:C5:49:C8","sha256":"4A:46:86:B1:C5:2A:D5:1D:66:F2:07:0D:F1:00:82:64:BA:CC:EF:CF:0A:2E:C4:D3:10:ED:48:75:A7:7D:E7:83"}}},"request":{"raw":"GET /owa/auth/15.1.2242/themes/resources/favicon.ico HTTP/1.1\r\nHost: mail.mofa.gov.kw\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://versadrones.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Microsoft-IIS/10.0\r\nrequest-id: eb7f573d-2cac-4f9b-b4b4-0c75291cd4f7\r\nX-Powered-By: ASP.NET\r\nDate: Wed, 03 Jun 2026 10:07:51 GMT\r\nContent-Length: 0\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T23:34:19.329047Z","times_seen":16224336,"resource_available":true,"data":null}},"time_used":1067,"timings":{"blocked":0,"dns":174,"connect":135,"send":0,"wait":140,"receive":0,"ssl":618},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"versadrones.net/wp-mail/owa.html","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T10:07:50.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.versadrones.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 23:07:15 GMT","end":"Fri, 14 Aug 2026 23:07:14 GMT"},"fingerprint":{"sha1":"3C:9A:55:58:9F:88:7A:DC:B5:A5:F5:A2:CF:86:0D:9A:41:05:9C:FA","sha256":"67:A9:19:00:A5:B1:55:E1:DE:AE:F7:DC:86:A6:64:75:55:E0:66:C4:F2:26:7C:6F:A3:AF:BF:14:4F:CD:87:A8"}}},"request":{"raw":"GET /wp-mail/owa.html HTTP/1.1\r\nHost: versadrones.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 01 Jun 2026 15:00:53 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Wed, 03 Jun 2026 10:07:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Outlook Web App:15.1.2242","description":"Outlook on the web is an information manager web app. It includes a web-based email client, a calendar tool, a contact manager, and a task manager.","website":"https://help.outlook.com","common_platform_enumeration":"cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*","icon":"Outlook.svg","categories":["Webmail"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":41116,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10412)","md5":"997da1aff48b5743ebcad0dc81ce50ca","sha1":"d39f193187bb13491152dc89a4d545710e3a6b38","sha256":"1e43521a884eb67e7896f47a0699196a7b264c46ff4764061e0f486a3323b98b","sha512":"a32e3240d9ae7343f41a1882cbb13fc63eca57fbeb080dd2ac15646047010789cfa9562ea3fb916912b93cdf93449f01c73ab3b517bb52c1e4f9a2e1f5708843","ssdeep":"768:syDw7akzdKV7aQblNoJmgK4e2FuztptcHpKE:MaEkF5F4nFuJcHpKE","tlshash":"5b038e2f16a33d0a645a60d4b2d7ba013f1bc0075c8fe97675bc2b1ccf85ea58162b9c","first_seen":"2026-06-03T04:00:25.29212Z","last_seen":"2026-06-03T10:08:14.303477Z","times_seen":2,"resource_available":true,"data":null}},"time_used":798,"timings":{"blocked":307,"dns":113,"connect":93,"send":0,"wait":184,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-03","alert":"Detects file containing Telegram Bot API","trigger":"versadrones.net/wp-mail/owa.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"versadrones.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"versadrones.net/wp-mail/signin.png","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://versadrones.net/wp-mail/owa.html","date":"2026-06-03T10:07:50.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.versadrones.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 23:07:15 GMT","end":"Fri, 14 Aug 2026 23:07:14 GMT"},"fingerprint":{"sha1":"3C:9A:55:58:9F:88:7A:DC:B5:A5:F5:A2:CF:86:0D:9A:41:05:9C:FA","sha256":"67:A9:19:00:A5:B1:55:E1:DE:AE:F7:DC:86:A6:64:75:55:E0:66:C4:F2:26:7C:6F:A3:AF:BF:14:4F:CD:87:A8"}}},"request":{"raw":"GET /wp-mail/signin.png HTTP/1.1\r\nHost: versadrones.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://versadrones.net/wp-mail/owa.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 01 Jun 2026 08:59:07 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2842\r\ncontent-type: image/png\r\ndate: Wed, 03 Jun 2026 10:07:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2842,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 124 x 32, 8-bit/color RGB, non-interlaced","md5":"6c739b8cc78ae466e421ba41d2456f19","sha1":"16f1c8d67baf14b27b8047f65e1fc014205f1eb4","sha256":"91b1a8bd68ad1f84bd1c14913239ef8da0edf7fe8171f9cd462c0b75c04faabe","sha512":"003d092044ce7cc9d63744b847e5954861d68b227f6738354041045a1df02fbdcf217fcfc47dfeffdb9531752d84f5d03af3260a03339d40619f9db29584abd8","ssdeep":"","tlshash":"ea516df71b9cfc7db7af645bbb39318aec5b4a589873458c72438e0c88605c858b4080","first_seen":"2026-06-03T04:00:25.296175Z","last_seen":"2026-06-03T10:08:14.307004Z","times_seen":2,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"versadrones.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"versadrones.net/owa/auth/15.1.2242/themes/resources/segoeui-regular.ttf","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://versadrones.net/wp-mail/owa.html","date":"2026-06-03T10:07:50.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.versadrones.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 23:07:15 GMT","end":"Fri, 14 Aug 2026 23:07:14 GMT"},"fingerprint":{"sha1":"3C:9A:55:58:9F:88:7A:DC:B5:A5:F5:A2:CF:86:0D:9A:41:05:9C:FA","sha256":"67:A9:19:00:A5:B1:55:E1:DE:AE:F7:DC:86:A6:64:75:55:E0:66:C4:F2:26:7C:6F:A3:AF:BF:14:4F:CD:87:A8"}}},"request":{"raw":"GET /owa/auth/15.1.2242/themes/resources/segoeui-regular.ttf HTTP/1.1\r\nHost: versadrones.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://versadrones.net/wp-mail/owa.html\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 03 Jun 2026 10:07:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Elementor:3.29.1","description":"Elementor is a website builder platform for professionals on WordPress.","website":"https://elementor.com","common_platform_enumeration":"","icon":"Elementor.svg","categories":["Page builders","WordPress plugins"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:27.2","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":131863,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (63067), with CRLF, LF line terminators","md5":"10160b7d99352988930bb293bf2031ce","sha1":"d9232ff40afe0c6a91c4cb7cafb9f7f6302f2609","sha256":"261e6dcbe351d3f20bd8a6a3dbe55b52ac54c1af43e96a0ad1d6553e1f12a575","sha512":"e334fd1ef650156bf88f5a4203db650a8bb5aa6ce5cbb29666876e4c4232fa789e212fe3a6901b05e8103e6d274859e7567961daf67f1d0903e0272f4bad1277","ssdeep":"768:4Uoc0NkTNDWKktXk7M7DWymMXwPYoY7r0kyGVf/wwaPMvJzZeZdqE9gXzQfnp5KM:p7WZXpugvypXtYRT1AyJMAr43","tlshash":"54d3e771b790257a2227037ef297f60464695923db0e63e6f4fe805c85c6ba324b361f","first_seen":"2026-06-03T04:00:25.298678Z","last_seen":"2026-06-03T10:08:14.309929Z","times_seen":2,"resource_available":false,"data":null}},"time_used":690,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"versadrones.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"versadrones.net/owa/auth/15.1.2242/themes/resources/segoeui-semilight.ttf","fqdn":"versadrones.net","domain":"versadrones.net","tld":"net"},"ip":{"addr":"192.185.136.211","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://versadrones.net/wp-mail/owa.html","date":"2026-06-03T10:07:50.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.versadrones.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 23:07:15 GMT","end":"Fri, 14 Aug 2026 23:07:14 GMT"},"fingerprint":{"sha1":"3C:9A:55:58:9F:88:7A:DC:B5:A5:F5:A2:CF:86:0D:9A:41:05:9C:FA","sha256":"67:A9:19:00:A5:B1:55:E1:DE:AE:F7:DC:86:A6:64:75:55:E0:66:C4:F2:26:7C:6F:A3:AF:BF:14:4F:CD:87:A8"}}},"request":{"raw":"GET /owa/auth/15.1.2242/themes/resources/segoeui-semilight.ttf HTTP/1.1\r\nHost: versadrones.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://versadrones.net/wp-mail/owa.html\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 03 Jun 2026 10:07:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Elementor:3.29.1","description":"Elementor is a website builder platform for professionals on WordPress.","website":"https://elementor.com","common_platform_enumeration":"","icon":"Elementor.svg","categories":["Page builders","WordPress plugins"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Yoast SEO:27.2","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}],"data":{"size":131863,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (63067), with CRLF, LF line terminators","md5":"10160b7d99352988930bb293bf2031ce","sha1":"d9232ff40afe0c6a91c4cb7cafb9f7f6302f2609","sha256":"261e6dcbe351d3f20bd8a6a3dbe55b52ac54c1af43e96a0ad1d6553e1f12a575","sha512":"e334fd1ef650156bf88f5a4203db650a8bb5aa6ce5cbb29666876e4c4232fa789e212fe3a6901b05e8103e6d274859e7567961daf67f1d0903e0272f4bad1277","ssdeep":"768:4Uoc0NkTNDWKktXk7M7DWymMXwPYoY7r0kyGVf/wwaPMvJzZeZdqE9gXzQfnp5KM:p7WZXpugvypXtYRT1AyJMAr43","tlshash":"54d3e771b790257a2227037ef297f60464695923db0e63e6f4fe805c85c6ba324b361f","first_seen":"2026-06-03T04:00:25.298678Z","last_seen":"2026-06-03T10:08:14.309929Z","times_seen":2,"resource_available":false,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-03","alert":"Sinkholed","trigger":"versadrones.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}