{"report_id":"e8788cba-b94f-47b5-b5a5-cb3729dddc49","version":6,"status":"done","tags":[],"date":"2025-05-04T21:52:03Z","url":{"schema":"http","addr":"onyxtrustmesh.de/Bin/Excel.ClientSetup.exe?e=Access\u0026y=Guest\u0026c=Hunterhfhx\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=","fqdn":"onyxtrustmesh.de","domain":"onyxtrustmesh.de","tld":"de"},"ip":{"addr":"104.21.25.126","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-13T21:52:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"onyxtrustmesh.de","ip":{"addr":"172.67.134.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-03-30T10:18:44.282116Z","last_seen":"2025-04-21T00:22:15.712748Z","alert_count":1,"request_count":1,"received_data":5900618,"sent_data":561,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"e8f0b0f66008df20589c2cdb4a722074","sha1":"7dad524a4dfc80bd682f8f0454d61057b1b998db","sha256":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","sha512":"f471377708ecc1e51c04cf2701f456877e6a6001bc4e02c8b49875e34db9e430000f6b16cce378ef1c8780cbd56065ecf8ec4c46c7957b63e36c2d25e2305d7f","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":5900272,"url":{"schema":"https","addr":"onyxtrustmesh.de/Bin/Excel.ClientSetup.exe?e=Access\u0026y=Guest\u0026c=Hunterhfhx\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=","fqdn":"onyxtrustmesh.de","domain":"onyxtrustmesh.de","tld":"de"},"ip":{"addr":"172.67.134.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-04","alert":"Scan result 14/72","trigger":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","verdict":"malicious","severity":"","comment":"malicious - 14/72","link":"https://www.virustotal.com/gui/file/9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e8f0b0f66008df20589c2cdb4a722074","sha1":"7dad524a4dfc80bd682f8f0454d61057b1b998db","sha256":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","sha512":"f471377708ecc1e51c04cf2701f456877e6a6001bc4e02c8b49875e34db9e430000f6b16cce378ef1c8780cbd56065ecf8ec4c46c7957b63e36c2d25e2305d7f","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":5900272,"url":{"schema":"https","addr":"onyxtrustmesh.de/Bin/Excel.ClientSetup.exe?e=Access\u0026y=Guest\u0026c=Hunterhfhx\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=","fqdn":"onyxtrustmesh.de","domain":"onyxtrustmesh.de","tld":"de"},"ip":{"addr":"172.67.134.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-04","alert":"Scan result 14/72","trigger":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","verdict":"malicious","severity":"","comment":"malicious - 14/72","link":"https://www.virustotal.com/gui/file/9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"onyxtrustmesh.de/Bin/Excel.ClientSetup.exe?e=Access\u0026y=Guest\u0026c=Hunterhfhx\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=","fqdn":"onyxtrustmesh.de","domain":"onyxtrustmesh.de","tld":"de"},"ip":{"addr":"172.67.134.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-04T21:51:30.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"onyxtrustmesh.de","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Mar 2025 19:29:35 GMT","end":"Fri, 27 Jun 2025 20:27:46 GMT"},"fingerprint":{"sha1":"9C:32:73:44:9B:B7:F3:55:B1:CE:62:58:3E:B9:AD:58:59:18:61:ED","sha256":"00:5C:BF:BF:4D:88:08:28:AF:B7:FE:17:38:DB:5C:CE:9F:27:6B:F8:CB:5F:6C:0E:6B:ED:BA:33:6D:16:EF:B1"}}},"request":{"raw":"GET /Bin/Excel.ClientSetup.exe?e=Access\u0026y=Guest\u0026c=Hunterhfhx\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c=\u0026c= HTTP/1.1\r\nHost: onyxtrustmesh.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 May 2025 21:51:31 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 5900272\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncache-control: private\r\nx-robots-tag: noindex\r\nx-content-type-options: nosniff\r\ncf-cache-status: BYPASS\r\ncf-ray: 93ab384a1ef6b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5900272,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"e8f0b0f66008df20589c2cdb4a722074","sha1":"7dad524a4dfc80bd682f8f0454d61057b1b998db","sha256":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","sha512":"f471377708ecc1e51c04cf2701f456877e6a6001bc4e02c8b49875e34db9e430000f6b16cce378ef1c8780cbd56065ecf8ec4c46c7957b63e36c2d25e2305d7f","ssdeep":"98304:szs6efPhFFNUhJFF3s+BoiGg1Gc977zbt:MfefPCFF3bBR1H9773","tlshash":"9856e002b3d695b6d4bf063cd87a42a95674bc044716cbff5790bd692d32bc08e323a6","first_seen":"2025-05-04T21:52:05.703068Z","last_seen":"2025-05-04T21:52:05.703068Z","times_seen":1,"resource_available":false,"data":null}},"time_used":981,"timings":{"blocked":20,"dns":0,"connect":1,"send":0,"wait":351,"receive":590,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-04","alert":"Scan result 14/72","trigger":"9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","verdict":"malicious","severity":"","comment":"malicious - 14/72","link":"https://www.virustotal.com/gui/file/9be06a1c91153412d022e1b4692dbddd4ca54ffa8b365d6a5b1794eeffcb452b","meta":null}],"urlquery":null}}]}