{"report_id":"c7635f82-8a3c-4a3c-93d2-eb8d50fb885f","version":0,"status":"done","tags":[],"date":"2026-06-30T17:17:36Z","url":{"schema":"http","addr":"207.56.226.75/Hjs7","fqdn":"207.56.226.75","domain":"207.56.226.75","tld":""},"ip":{"addr":"207.56.226.75","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"New Private Tab","dom":{"size":4247,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"935049a0437e7b8102ca179b78d89c03","sha1":"4eaa55c17731a916dd2a61e0be8e6e96671344f5","sha256":"626415376180fd071e17fe32f35e2c72bcdddb694ac6717ebd172e57081a759e","sha512":"b7ec7174fc24cb7dc052ceed6fe68818017a7424fbe43577b2d8e6705189b811074a5059bcbb869bb7f463a43c1bdaca8edf6d280e0dcfddee4a260fe69db6b0","ssdeep":"96:DJFs1Bx13gb61j1l0E7gx10UFZV4jl22D+i8kDNLeOl:H61rpYmULV4jM2D+z0sI","tlshash":"439153a544f5663b18a386a9e9d17f479f817607ce8d29817baf00e31f87d54886f20c","dom_hash":"domhashe55c5b0a9b0c37e90d2a11b31f2bc448","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"207.56.226.75/Hjs7","fqdn":"207.56.226.75","domain":"207.56.226.75","tld":""},"ip":{"addr":"207.56.226.75","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-04T17:17:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-06-30","alert":"Detects CobaltStrike payloads","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Avast Threat Intel Team","description":"Detects CobaltStrike payloads","reference":"https://github.com/avast/ioc","rule":"Cobaltbaltstrike_Beacon_XORed_x86"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-06-30","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Google GCTI YARA rules","description":"Google GCTI YARA rules","scan_date":"2026-06-30","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/chronicle/GCTI","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}}],"urlquery":null},"summary":[{"fqdn":"207.56.226.75","ip":{"addr":"207.56.226.75","port":80,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":1,"received_data":239870,"sent_data":402,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"207.56.226.75/Hjs7","fqdn":"207.56.226.75","domain":"207.56.226.75","tld":""},"ip":{"addr":"207.56.226.75","port":80,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-30T17:17:12.879Z","timestamp":1782839832879,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /Hjs7 HTTP/1.1\r\nHost: 207.56.226.75\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 30 Jun 2026 17:17:13 GMT\r\nServer: Microsoft-IIS/10.0\r\nContent-Length: 239698\r\nConnection: keep-alive\r\nContent-Type: application/octet-stream\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":239698,"size_decoded":172,"mime_type":"application/octet-stream","magic":"data","md5":"53931058aebe5006a61047f974414884","sha1":"1d0c421e0fd0b17f5b3c8ced78dad9851c32af9b","sha256":"f7e3fb516f1d4194ac660ae369119abdc6ec3ccb55f5774c45abed9ea276849a","sha512":"309c7b535105b2e1f9b7e5c906c2b4b618e19cf5ea6765203bbcb8a430cd831d0898da84671b47dbe57803e661d0ad4da6f71782ca2a6417ff396700cc50b40a","ssdeep":"3072:0QfUQHzKK7e3D3XCouHOwuMYtPLw9v/gabQ4bf8/upHzfixe4UpwrThkFu6Sc3/h:BCD3XUHHtfR/fQCk/upHzixzVuFOc3R3","tlshash":"ce34bcfea465374ad88a3b4dc2b63253ccfe76da5804d9cfadb075c94e185082e44e72","first_seen":"2026-06-16T17:05:57.416601Z","last_seen":"2026-06-30T17:17:39.939542Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1987,"timings":{"blocked":-1,"dns":0,"connect":1253,"send":0,"wait":249,"receive":1239,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-06-30","alert":"Detects CobaltStrike payloads","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Avast Threat Intel Team","description":"Detects CobaltStrike payloads","reference":"https://github.com/avast/ioc","rule":"Cobaltbaltstrike_Beacon_XORed_x86"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-06-30","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Google GCTI YARA rules","description":"Google GCTI YARA rules","scan_date":"2026-06-30","alert":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","trigger":"207.56.226.75/Hjs7","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/chronicle/GCTI","meta":{"author":"gssincla@google.com","date":"2022-11-18","description":"Cobalt Strike's resource/xor.bin signature for version 2.x through 4.x","hash":"211ccc5d28b480760ec997ed88ab2fbc5c19420a3d34c1df7991e65642638a6f","reference":"https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse","rule":"CobaltStrike_Resources_Xor_Bin_v2_x_to_v4_x"}}],"urlquery":null}}]}