{"report_id":"d98992a7-298f-4a71-9be8-df8e1c61d871","version":6,"status":"done","tags":[],"date":"2023-11-20T21:19:08Z","url":{"schema":"http","addr":"149.126.4.66/","fqdn":"149.126.4.66","domain":"149.126.4.66","tld":""},"ip":{"addr":"149.126.4.66","port":0,"asn":47302,"as":"cyon GmbH","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"http","addr":"149.126.4.66/","fqdn":"149.126.4.66","domain":"149.126.4.66","tld":"66"},"title":"Domain nicht eingerichtet"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T12:20:50Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"149.126.4.66","ip":{"addr":"149.126.4.66","port":80,"asn":47302,"as":"cyon GmbH","country":"Switzerland","country_code":"CH"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":5969,"sent_data":722,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-20","alert":"Sinkholed","trigger":"149.126.4.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-20","alert":"Sinkholed","trigger":"149.126.4.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"149.126.4.66/","fqdn":"149.126.4.66","domain":"149.126.4.66","tld":"66"},"ip":{"addr":"149.126.4.66","port":80,"asn":47302,"as":"cyon GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-20T21:18:53.095Z","timestamp":1700515133095,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 149.126.4.66\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 546\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Mon, 20 Nov 2023 21:18:51 GMT\r\nx-robots-tag: noindex, nofollow\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":546,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"2443f2af77c728b9aba50e0005662b24","sha1":"bd0d05bd26db59eb9170e822f7acc913652345a4","sha256":"5f86f352f29b893bf01963e9c763ad38b8c16c9f3d9a6071fd78232eec614fe4","sha512":"987a06250712cbef46540dbe56513729db1e80e21faca1d4a547d4f8d90a3bc36c4da790f59abcc1d5c18405b2fa2350f9c686af44058375597218dcd09d6c14","ssdeep":"","tlshash":"93112325c4a215169103b284e461e1603281c1a2a5cb4f19b38fb1b7f3cf0b3597b2dc","first_seen":"2023-11-20T22:19:15Z","last_seen":"2025-09-16T00:11:11.553649Z","times_seen":9,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":22,"dns":0,"connect":32,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-20","alert":"Sinkholed","trigger":"149.126.4.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"149.126.4.66/favicon.ico","fqdn":"149.126.4.66","domain":"149.126.4.66","tld":"66"},"ip":{"addr":"149.126.4.66","port":80,"asn":47302,"as":"cyon GmbH","country":"Switzerland","country_code":"CH"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://149.126.4.66/","date":"2023-11-20T21:18:53.301Z","timestamp":1700515133301,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 149.126.4.66\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://149.126.4.66/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ntransfer-encoding: chunked\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Mon, 20 Nov 2023 21:18:51 GMT\r\nx-robots-tag: noindex, nofollow\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":4922,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)","md5":"279760319398dfc282e380720633dc67","sha1":"357fdd6eb01771322e0565e5eff6241afbeb099b","sha256":"a6de60a60543118747004f2bd7cc69996a4ac32ad4306ac87e45841be8f90a16","sha512":"1dfe205c6a32387a970c987b0a14c0f75a818f71b5312234bbd554cc391b0a49785869084662e1a68eddbd3c8dd9fb60f258944f823f3d87f4aa9625348c3e48","ssdeep":"192:rlYHC0HNXGZkHQU7ydPJq5S2KqQVX/uTK3w3DK+tMy47R/Ga0kVhFuPwf8Pn93Jh:FVGaRF8I83I+1","tlshash":"ca22a5a71af3000b740760b967bb2211ab68b543d12fcd607f0db3a8cf869818d93b5d","first_seen":"2023-11-20T22:19:15Z","last_seen":"2023-11-20T22:19:15Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-20","alert":"Sinkholed","trigger":"149.126.4.66","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}