{"report_id":"c3db6b6f-ee23-494d-9390-b8b402462fb1","version":6,"status":"done","tags":[],"date":"2023-12-09T00:20:33Z","url":{"schema":"http","addr":"568758.myshoptet.com/user/documents/DP_FILES_pohoda/LEconfig.exe?20230114170740","fqdn":"568758.myshoptet.com","domain":"myshoptet.com","tld":"com"},"ip":{"addr":"185.64.219.37","port":0,"asn":43541,"as":"VSHosting s.r.o.","country":"Czechia","country_code":"CZ"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T08:27:33Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"status.rapidssl.com","ip":{"addr":"192.229.221.95","port":0,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"domain_registered":"2002-04-05","domain_rank":6946,"first_seen":"2018-06-15 22:49:00","last_seen":"2023-12-08 05:11:36","alert_count":0,"request_count":1,"received_data":735,"sent_data":343,"comment":"","tags":null,"fingerprints":null},{"fqdn":"568758.myshoptet.com","ip":{"addr":"185.64.219.37","port":443,"asn":43541,"as":"VSHosting s.r.o.","country":"Czechia","country_code":"CZ"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":4058728,"sent_data":545,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e3e2132326daab98ed78b89aa520a08f","sha1":"5ae6d938f60e20273e346bfea4dd08802f17ae51","sha256":"ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","sha512":"dcd8ffca81b12fb084e4a685c5c14d6644351e1fc87cfd721419fb0ee41e3f819c0ecd2d3d13f236a03a59aa09ad672741de76ec25a101af8547032ac0988520","magic":"PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows\\012- data","size":4058371,"url":{"schema":"https","addr":"568758.myshoptet.com/user/documents/DP_FILES_pohoda/LEconfig.exe?20230114170740","fqdn":"568758.myshoptet.com","domain":"myshoptet.com","tld":"com"},"ip":{"addr":"185.64.219.37","port":443,"asn":43541,"as":"VSHosting s.r.o.","country":"Czechia","country_code":"CZ"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-01-06","alert":"Scan result 1/66","trigger":"ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","verdict":"suspicious","severity":"","comment":"suspicious - 1/66","link":"https://www.virustotal.com/gui/file/ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"status.rapidssl.com/","fqdn":"status.rapidssl.com","domain":"rapidssl.com","tld":"com"},"ip":{"addr":"192.229.221.95","port":0,"asn":15133,"as":"EDGECAST","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-09T00:20:22.448385716Z","timestamp":1702081222448,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: status.rapidssl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAge: 1171\r\nCache-Control: max-age=7200\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 09 Dec 2023 00:20:15 GMT\r\nLast-Modified: Sat, 09 Dec 2023 00:00:44 GMT\r\nServer: ECAcc (amb/6B67)\r\nX-Cache: HIT\r\nContent-Length: 471\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"4031550026488cb5948165835a2f0b54","sha1":"9105eb2b6de555aa2160c47657e45c30aad8a720","sha256":"551c94ceea567b9c2b1df3996bedf5dfa6cfb2bf791e34f8042f49b4242cda56","sha512":"78f394ec42a0ec340898786f2ba54e6fc7170a85b789ba2c298fdfb3d5361c4d2c03cad9393b3d0f1c0bb13e73cedd0ced00f0c3ece53990fc915edf82b42a4d","ssdeep":"","tlshash":"56f0232240a6fe71e5524bce673846373d3548c919b3031aac7d0bcd9c24bbb282cbd0","first_seen":"2023-12-09T01:20:41Z","last_seen":"2023-12-09T01:20:41Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"568758.myshoptet.com/user/documents/DP_FILES_pohoda/LEconfig.exe?20230114170740","fqdn":"568758.myshoptet.com","domain":"myshoptet.com","tld":"com"},"ip":{"addr":"185.64.219.37","port":443,"asn":43541,"as":"VSHosting s.r.o.","country":"Czechia","country_code":"CZ"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-09T00:20:22.294Z","timestamp":1702081222294,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.myshoptet.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 05 Sep 2023 00:00:00 GMT","end":"Fri, 27 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"17:9F:B8:0A:1D:8A:01:41:BF:37:7D:9B:05:1B:CA:BB:2E:42:EC:57","sha256":"62:64:A7:CE:46:74:F8:33:E3:C8:AD:69:70:33:1B:D5:2B:0E:D2:A9:C7:37:E3:B8:D3:22:16:AA:4C:EE:3D:18"}}},"request":{"raw":"GET /user/documents/DP_FILES_pohoda/LEconfig.exe?20230114170740 HTTP/1.1\r\nHost: 568758.myshoptet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 09 Dec 2023 00:20:15 GMT\r\ncontent-type: application/x-msdos-program\r\ncontent-length: 4058371\r\nlast-modified: Sun, 27 Aug 2023 05:04:48 GMT\r\netag: \"3ded03-603e084588029\"\r\nx-content-type-options: nosniff\r\nexpires: Sat, 16 Dec 2023 00:20:15 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4058371,"size_decoded":0,"mime_type":"application/x-msdos-program","magic":"PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows\\012- data","md5":"e3e2132326daab98ed78b89aa520a08f","sha1":"5ae6d938f60e20273e346bfea4dd08802f17ae51","sha256":"ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","sha512":"dcd8ffca81b12fb084e4a685c5c14d6644351e1fc87cfd721419fb0ee41e3f819c0ecd2d3d13f236a03a59aa09ad672741de76ec25a101af8547032ac0988520","ssdeep":"49152:5t0dxPO1QbdQSa0tFt/42E33ZfPBin/kTgmPqRmpAiiRoLwZuDPCTHjSz5VkBZ//:5amibdjpPN4LpHBogiueuYOz5OV+rwT","tlshash":"5b166c54eb8754f5de072678849bf32f5b38be808822df97ea1c3d2add339522919311","first_seen":"2023-12-09T01:20:41Z","last_seen":"2024-08-20T16:18:57.875347Z","times_seen":5,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":155,"dns":2,"connect":34,"send":0,"wait":39,"receive":448,"ssl":114},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-01-06","alert":"Scan result 1/66","trigger":"ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","verdict":"suspicious","severity":"","comment":"suspicious - 1/66","link":"https://www.virustotal.com/gui/file/ab3a5d801ad49614d2fb48e680294a36a0d887508ef37f7132f29173975791f2","meta":null}],"urlquery":null}}]}