{"report_id":"ee877f5d-8405-4103-9c90-e8b579f4b875","version":6,"status":"done","tags":[],"date":"2024-12-18T09:45:30Z","url":{"schema":"http","addr":"bigwww.epfl.ch/thevenaz/differentials/src.zip","fqdn":"bigwww.epfl.ch","domain":"epfl.ch","tld":"ch"},"ip":{"addr":"128.178.218.103","port":0,"asn":559,"as":"SWITCH","country":"Switzerland","country_code":"CH"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-26T09:45:30Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"bigwww.epfl.ch","ip":{"addr":"128.178.218.103","port":443,"asn":559,"as":"SWITCH","country":"Switzerland","country_code":"CH"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2017-02-01T14:48:25Z","last_seen":"2024-12-18T09:45:18.885244Z","alert_count":0,"request_count":1,"received_data":4570,"sent_data":499,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"357e3bf2c06c43f75126c4a8d4181e11","sha1":"2a55475ef9dc0e0ac85850cb100c09918d7a6f52","sha256":"90e6c4ed377a95995d5bba41d129887d613d1077e89dccc47afcc7d83dc7e974","sha512":"9924679a7f5fe1ee086a087b0409d1640cccede9f8dc34cb97f49812306c9b5e4798c68f34deb1ae3b3faa8ccd79bf50a09de0595324515596f409878f1ac932","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":4226,"url":{"schema":"https","addr":"bigwww.epfl.ch/thevenaz/differentials/src.zip","fqdn":"bigwww.epfl.ch","domain":"epfl.ch","tld":"ch"},"ip":{"addr":"128.178.218.103","port":443,"asn":559,"as":"SWITCH","country":"Switzerland","country_code":"CH"},"archive":[{"path":"Differentials_.java","filename":"Differentials_.java","modified":"2024-09-30T16:05:01+02:00","Modified":"","magic":"ASCII text, with CR line terminators","size":21458,"md5":"d67f8ca516df8f551126a7e61b28e70d","sha1":"fa7a7a3008ad1feef184aac7cb1f87ff1f66796f","sha256":"a459531cfb378a6eeb3a5e12b6fc88bf6f306f5057197841270b690b58fd071e","sha512":"e6ce04ae5200df0a5ce2a8b15195df0985bd6093730c57348523f91670b6fa657ae047e1db18ca04658856b4efbeab2e10e745bc3208610c1e019096afeac42d","alerts":{"urlquery":null,"analyzer":null}},{"path":"__MACOSX/._Differentials_.java","filename":"._Differentials_.java","modified":"2024-09-30T16:05:01+02:00","Modified":"","magic":"AppleDouble encoded Macintosh file","size":163,"md5":"16d73ac8eb5789e8d555dc21004f96c0","sha1":"661a23ecd324e9639ac845e4c3a5586647fba80d","sha256":"f69dc3a6524961df8c6ff1d334ca2aa1a3ba0a76f3c155bd656c9c90b25b3d39","sha512":"2de9745e420419825fa0b56ab00d4be69328a1b9bcb43e9bc10c43d96c589846957795e311db996ea97bdf70b90674fed6657a516c787a879745650ab5dcfa82","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"357e3bf2c06c43f75126c4a8d4181e11","sha1":"2a55475ef9dc0e0ac85850cb100c09918d7a6f52","sha256":"90e6c4ed377a95995d5bba41d129887d613d1077e89dccc47afcc7d83dc7e974","sha512":"9924679a7f5fe1ee086a087b0409d1640cccede9f8dc34cb97f49812306c9b5e4798c68f34deb1ae3b3faa8ccd79bf50a09de0595324515596f409878f1ac932","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":4226,"url":{"schema":"https","addr":"bigwww.epfl.ch/thevenaz/differentials/src.zip","fqdn":"bigwww.epfl.ch","domain":"epfl.ch","tld":"ch"},"ip":{"addr":"128.178.218.103","port":443,"asn":559,"as":"SWITCH","country":"Switzerland","country_code":"CH"},"archive":[{"path":"Differentials_.java","filename":"Differentials_.java","modified":"2024-09-30T16:05:01+02:00","Modified":"","magic":"ASCII text, with CR line terminators","size":21458,"md5":"d67f8ca516df8f551126a7e61b28e70d","sha1":"fa7a7a3008ad1feef184aac7cb1f87ff1f66796f","sha256":"a459531cfb378a6eeb3a5e12b6fc88bf6f306f5057197841270b690b58fd071e","sha512":"e6ce04ae5200df0a5ce2a8b15195df0985bd6093730c57348523f91670b6fa657ae047e1db18ca04658856b4efbeab2e10e745bc3208610c1e019096afeac42d","alerts":{"urlquery":null,"analyzer":null}},{"path":"__MACOSX/._Differentials_.java","filename":"._Differentials_.java","modified":"2024-09-30T16:05:01+02:00","Modified":"","magic":"AppleDouble encoded Macintosh file","size":163,"md5":"16d73ac8eb5789e8d555dc21004f96c0","sha1":"661a23ecd324e9639ac845e4c3a5586647fba80d","sha256":"f69dc3a6524961df8c6ff1d334ca2aa1a3ba0a76f3c155bd656c9c90b25b3d39","sha512":"2de9745e420419825fa0b56ab00d4be69328a1b9bcb43e9bc10c43d96c589846957795e311db996ea97bdf70b90674fed6657a516c787a879745650ab5dcfa82","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-18T09:45:08Z","timestamp":1734515108,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.21","port":36732,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2024-12-18T09:45:08.596932+0000\",\"flow_id\":869789280696419,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":36732,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mtbank-01.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":456,\"bytes_toclient\":116,\"start\":\"2024-12-18T09:42:50.718947+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-18T09:45:19Z","timestamp":1734515119,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.21","port":36832,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2024-12-18T09:45:19.322170+0000\",\"flow_id\":735910855191217,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":36832,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mtbank-01.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":456,\"bytes_toclient\":116,\"start\":\"2024-12-18T09:42:52.862897+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bigwww.epfl.ch/thevenaz/differentials/src.zip","fqdn":"bigwww.epfl.ch","domain":"epfl.ch","tld":"ch"},"ip":{"addr":"128.178.218.103","port":443,"asn":559,"as":"SWITCH","country":"Switzerland","country_code":"CH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-18T09:45:05.442Z","timestamp":1734515105442,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bigwww.epfl.ch","organization":"École polytechnique fédérale de Lausanne"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 06 Mar 2024 00:00:00 GMT","end":"Wed, 05 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B5:D6:FD:36:1A:E6:E1:FB:D2:24:51:1F:C7:E7:0F:C3:9A:00:8A:8A","sha256":"94:87:C5:8F:65:8F:2A:C4:87:A1:0C:98:F2:B5:B0:36:DA:27:E8:B6:8C:3D:F7:91:2F:FA:AF:49:96:DC:4A:88"}}},"request":{"raw":"GET /thevenaz/differentials/src.zip HTTP/1.1\r\nHost: bigwww.epfl.ch\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Dec 2024 09:45:05 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nContent-Security-Policy: upgrade-insecure-requests;\r\nLast-Modified: Thu, 10 Oct 2024 14:56:37 GMT\r\nETag: \"1082-6242093c55340\"\r\nAccept-Ranges: bytes\r\nContent-Length: 4226\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4226,"size_decoded":4226,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"357e3bf2c06c43f75126c4a8d4181e11","sha1":"2a55475ef9dc0e0ac85850cb100c09918d7a6f52","sha256":"90e6c4ed377a95995d5bba41d129887d613d1077e89dccc47afcc7d83dc7e974","sha512":"9924679a7f5fe1ee086a087b0409d1640cccede9f8dc34cb97f49812306c9b5e4798c68f34deb1ae3b3faa8ccd79bf50a09de0595324515596f409878f1ac932","ssdeep":"96:QrUsKTtcFjWFKG2U0KOhe3OyiNKs0sF6hryXkSxzrA:QrUsKBfoNdKOhe3RwK56Km/lrA","tlshash":"7f914b1ec6ec8512c59ec6b59017831e34410d8e4ecaa30aeae865b54e503ebf635b53","first_seen":"2024-12-18T09:45:31.274776Z","last_seen":"2024-12-18T09:45:31.274776Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1006,"timings":{"blocked":482,"dns":2,"connect":47,"send":0,"wait":35,"receive":1,"ssl":433},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}