{"report_id":"c7765bae-d8cf-4068-a4f5-88c6dd5d994e","version":6,"status":"done","tags":[],"date":"2024-11-21T23:05:09Z","url":{"schema":"http","addr":"admin.zip","fqdn":"admin.zip","domain":"admin.zip","tld":"zip"},"ip":{"addr":"81.169.234.184","port":0,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"admin.zip/","fqdn":"admin.zip","domain":"admin.zip","tld":"zip"},"title":"Frische Fische"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-30T23:05:09Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"admin.zip","ip":{"addr":"81.169.234.184","port":443,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"domain_registered":"2023-05-22","domain_rank":0,"first_seen":"2015-05-09T09:53:04Z","last_seen":"2024-11-10T05:17:16.859402Z","alert_count":2,"request_count":3,"received_data":2123,"sent_data":1255,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-21T23:04:44Z","timestamp":1732230284,"ip_dst":{"addr":"81.169.234.184","port":80,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.16","port":43194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-11-21T23:04:44.820341+0000\",\"flow_id\":2017826043635347,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":43194,\"dest_ip\":\"81.169.234.184\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"81.169.234.184\",\"port\":80},\"target\":{\"ip\":\"172.18.0.16\",\"port\":43194},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"admin.zip\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://admin.zip/\",\"length\":285},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":654,\"bytes_toclient\":730,\"start\":\"2024-11-21T23:04:44.763539+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"admin.zip/","fqdn":"admin.zip","domain":"admin.zip","tld":"zip"},"ip":{"addr":"81.169.234.184","port":443,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-21T23:04:46.066Z","timestamp":1732230286066,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"admin.zip","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 May 2023 10:48:33 GMT","end":"Mon, 21 Aug 2023 10:48:32 GMT"},"fingerprint":{"sha1":"C5:AB:5F:33:7A:FB:5C:95:19:52:24:BD:7E:EE:4C:3D:4C:4E:62:74","sha256":"4B:21:96:3D:33:93:29:B3:34:C3:88:F2:6A:26:29:76:C3:70:91:E0:E7:E5:A4:57:8F:8F:09:42:53:F4:DE:44"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: admin.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 21 Nov 2024 23:04:44 GMT\r\nServer: Apache\r\nLocation: https://admin.zip/\r\nContent-Length: 285\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":285,"size_decoded":285,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"4427d279e4877d7ae951cd176048580d","sha1":"43823dce96215eac714ec3a571de0851e8298f13","sha256":"c2438a05116983b6b62e0058867ccfe7244444784c02684f824026228eee4dbc","sha512":"33e39a82a617fb84f088937375c61e1c0377d57c669121e12ff0bef9fad306798c8c1e7bbba490a22b0165d6c5f238673f2df65fcd4d035132a42dd24a50b412","ssdeep":"","tlshash":"a0d0e7fc574131d158133f4054d314d0215410f8625d509d61df9443c5587728c9b0c9","first_seen":"2023-09-05T02:56:59Z","last_seen":"2025-02-23T17:07:05.436659Z","times_seen":47,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":63,"dns":1,"connect":28,"send":0,"wait":31,"receive":0,"ssl":34},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-21T23:04:44Z","timestamp":1732230284,"ip_dst":{"addr":"81.169.234.184","port":80,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.16","port":43194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-11-21T23:04:44.820341+0000\",\"flow_id\":2017826043635347,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":43194,\"dest_ip\":\"81.169.234.184\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"81.169.234.184\",\"port\":80},\"target\":{\"ip\":\"172.18.0.16\",\"port\":43194},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"admin.zip\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://admin.zip/\",\"length\":285},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":654,\"bytes_toclient\":730,\"start\":\"2024-11-21T23:04:44.763539+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"admin.zip/","fqdn":"admin.zip","domain":"admin.zip","tld":"zip"},"ip":{"addr":"81.169.234.184","port":443,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-21T23:04:46.066Z","timestamp":1732230286066,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"admin.zip","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 May 2023 10:48:33 GMT","end":"Mon, 21 Aug 2023 10:48:32 GMT"},"fingerprint":{"sha1":"C5:AB:5F:33:7A:FB:5C:95:19:52:24:BD:7E:EE:4C:3D:4C:4E:62:74","sha256":"4B:21:96:3D:33:93:29:B3:34:C3:88:F2:6A:26:29:76:C3:70:91:E0:E7:E5:A4:57:8F:8F:09:42:53:F4:DE:44"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: admin.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 21 Nov 2024 23:04:46 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 23 May 2023 11:52:22 GMT\r\nETag: \"c4-5fc5b0524af5e-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nX-Powered-By: PleskLin\r\nContent-Length: 154\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":154,"size_decoded":196,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"ee68a1179e9f7cde1c20b95efc86841d","sha1":"826d40ed8ea7ee3e82f7e46e7ad02d2ebe6e1615","sha256":"8d85c2aeeb3dc1cb647bab10b77d690cef95de228d55a59091c287d508e79cb0","sha512":"4389a7be3122a0d9e606f281fdc83b13b8b548506eceb0c261318f87bfd6ddf89dc93fdefed066b6f7191ec06adc154ae41e66c5815a9f8882d87dd45da7c36e","ssdeep":"","tlshash":"6dd080cd00f55141016485551fc77a951896731716c57e443ec6e375bdc4605c8d73dc","first_seen":"2023-07-09T09:05:22Z","last_seen":"2025-05-28T08:51:54.518712Z","times_seen":58,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":63,"dns":1,"connect":28,"send":0,"wait":31,"receive":0,"ssl":34},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-21T23:04:44Z","timestamp":1732230284,"ip_dst":{"addr":"81.169.234.184","port":80,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.16","port":43194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-11-21T23:04:44.820341+0000\",\"flow_id\":2017826043635347,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":43194,\"dest_ip\":\"81.169.234.184\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"81.169.234.184\",\"port\":80},\"target\":{\"ip\":\"172.18.0.16\",\"port\":43194},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"admin.zip\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://admin.zip/\",\"length\":285},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":654,\"bytes_toclient\":730,\"start\":\"2024-11-21T23:04:44.763539+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"admin.zip/favicon.ico","fqdn":"admin.zip","domain":"admin.zip","tld":"zip"},"ip":{"addr":"81.169.234.184","port":443,"asn":6724,"as":"Strato AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://admin.zip/","date":"2024-11-21T23:04:46.253Z","timestamp":1732230286253,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"admin.zip","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 May 2023 10:48:33 GMT","end":"Mon, 21 Aug 2023 10:48:32 GMT"},"fingerprint":{"sha1":"C5:AB:5F:33:7A:FB:5C:95:19:52:24:BD:7E:EE:4C:3D:4C:4E:62:74","sha256":"4B:21:96:3D:33:93:29:B3:34:C3:88:F2:6A:26:29:76:C3:70:91:E0:E7:E5:A4:57:8F:8F:09:42:53:F4:DE:44"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: admin.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://admin.zip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 21 Nov 2024 23:04:46 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 23 May 2023 11:46:14 GMT\r\nETag: \"328-5fc5aef3e3be3\"\r\nAccept-Ranges: bytes\r\nContent-Length: 808\r\nX-Powered-By: PleskLin\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":808,"size_decoded":808,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-18T04:57:59.704832Z","times_seen":35460,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}