{"report_id":"f1af93b2-4c98-4707-a46e-ea97e45502a9","version":6,"status":"done","tags":[],"date":"2025-02-26T04:34:29Z","url":{"schema":"http","addr":"185.196.10.247/can30/4/1.jpg","fqdn":"185.196.10.247","domain":"185.196.10.247","tld":""},"ip":{"addr":"185.196.10.247","port":0,"asn":42624,"as":"Global-Data System IT Corporation","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"http","addr":"185.196.10.247/can30/4/1.jpg","fqdn":"185.196.10.247","domain":"185.196.10.247","tld":""},"title":"1.jpg (JPEG Image, 470 × 125 pixels)"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-05-07T04:34:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"185.196.10.247","ip":{"addr":"185.196.10.247","port":80,"asn":42624,"as":"Global-Data System IT Corporation","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2019-12-18T11:51:52Z","last_seen":"2020-02-28T14:06:58Z","alert_count":2,"request_count":2,"received_data":12955,"sent_data":774,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aus5.mozilla.org","ip":{"addr":"35.244.181.201","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"1998-01-24","domain_rank":2548,"first_seen":"2015-10-27T07:06:24Z","last_seen":"2025-02-26T02:17:01.183648Z","alert_count":0,"request_count":1,"received_data":1223,"sent_data":524,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-26T04:34:00Z","timestamp":1740544440,"ip_dst":{"addr":"185.196.10.247","port":443,"asn":42624,"as":"Simple Carrier LLC","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.16","port":33730,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox Cobalt Strike botnet C2 traffic (ip:port - confidence level: 100%)","source":"{\"timestamp\":\"2025-02-26T04:34:00.088933+0000\",\"flow_id\":2198265625336677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":33730,\"dest_ip\":\"185.196.10.247\",\"dest_port\":443,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91267409,\"rev\":1,\"signature\":\"ThreatFox Cobalt Strike botnet C2 traffic (ip:port - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"185.196.10.247\",\"port\":443},\"target\":{\"ip\":\"172.18.0.16\",\"port\":33730},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2024_05_06\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":74,\"bytes_toclient\":0,\"start\":\"2025-02-26T04:34:00.088933+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-26T04:34:00Z","timestamp":1740544440,"ip_dst":{"addr":"172.18.0.16","port":33730,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.196.10.247","port":443,"asn":42624,"as":"Simple Carrier LLC","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 32","source":"{\"timestamp\":\"2025-02-26T04:34:00.150552+0000\",\"flow_id\":2198265625336677,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.196.10.247\",\"src_port\":443,\"dest_ip\":\"172.18.0.16\",\"dest_port\":33730,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400031,\"rev\":4127,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 32\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2024_10_10\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":54,\"start\":\"2025-02-26T04:34:00.088933+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-26","alert":"Sinkholed","trigger":"185.196.10.247","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-26","alert":"Sinkholed","trigger":"185.196.10.247","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"185.196.10.247/can30/4/1.jpg","fqdn":"185.196.10.247","domain":"185.196.10.247","tld":""},"ip":{"addr":"185.196.10.247","port":80,"asn":42624,"as":"Global-Data System IT Corporation","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-26T04:34:00.237Z","timestamp":1740544440237,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /can30/4/1.jpg HTTP/1.1\r\nHost: 185.196.10.247\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Wed, 26 Feb 2025 04:34:00 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 12390\r\nLast-Modified: Tue, 25 Feb 2025 07:26:25 GMT\r\nConnection: keep-alive\r\nETag: \"67bd70a1-3066\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12390,"size_decoded":12390,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 118x118, segment length 16, progressive, precision 8, 470x125, components 3","md5":"a80796d8abade7532e087eb193365280","sha1":"5db423d691e6df5c9540a204b07bce5eef168e78","sha256":"3f709183a732b1ce0fa93985d89628081af96a6c9c8ad462a51df58664129d97","sha512":"592b1d689d426cdb0d7c94f944b0023f574b6a24a2e94bb460556e10dbe0ec517470c99c4ca9648b133462929c110a9e4a828aa0245304415dabf0487a1e55d6","ssdeep":"192:dvS+P64AqJkft+7JidA3Q94x9ubYJsPGZNc2uArkpNiJlhsafE4N:d6c64xJQskdAgK9oYJSGi2oifuaMg","tlshash":"f242cfcebb531311c526d7b3d80c6a79a3b4d9abbeb11e4ff610a950d3674f91840813","first_seen":"2025-02-26T04:34:30.10083Z","last_seen":"2025-02-26T04:34:30.10083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":45,"dns":0,"connect":49,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-26","alert":"Sinkholed","trigger":"185.196.10.247","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"185.196.10.247/favicon.ico","fqdn":"185.196.10.247","domain":"185.196.10.247","tld":""},"ip":{"addr":"185.196.10.247","port":80,"asn":42624,"as":"Global-Data System IT Corporation","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://185.196.10.247/can30/4/1.jpg","date":"2025-02-26T04:34:01.221Z","timestamp":1740544441221,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 185.196.10.247\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://185.196.10.247/can30/4/1.jpg\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Wed, 26 Feb 2025 04:34:01 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":123,"size_decoded":162,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-13T12:29:49.556862Z","times_seen":20154,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-26","alert":"Sinkholed","trigger":"185.196.10.247","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml","fqdn":"aus5.mozilla.org","domain":"mozilla.org","tld":"org"},"ip":{"addr":"35.244.181.201","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-26T04:34:19.207149619Z","timestamp":1740544459207,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1\r\nHost: aus5.mozilla.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\nrule-id: unknown\r\nrule-data-version: unknown\r\ncontent-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-04-10-18-02-02.chain; p384ecdsa=62sNlzSw_8jT6cFcGnkr-8Sie2pt_GJCF7Oo1HZmoO8Hu77TF-uausp2i-6R9OagUE98MhzpKm2bIEC874pdwpDlxVnjiR7PI8bXDn9DeE8E0nQMfDZVuQdjvqgqY8cR\r\nstrict-transport-security: max-age=31536000;\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'none'; frame-ancestors 'none'\r\nx-proxy-cache-status: EXPIRED\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ndate: Wed, 26 Feb 2025 04:34:05 GMT\r\ncontent-type: text/xml; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 444\r\nage: 14\r\ncache-control: public,max-age=90\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":444,"size_decoded":721,"mime_type":"text/xml; charset=utf-8","magic":"XML 1.0 document, ASCII text, with very long lines (332)","md5":"3b324dec137a87ef7e24a30a65b13dd0","sha1":"c0faa95b2f1018e264b3a14aaf50d1003e6c27b3","sha256":"6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463","sha512":"eee5d0a6354c5cfafdba69236359dbb38be1d7cbfd841230c07617fa3d8982751d8ddbe4f3b9c533a277e836b28a2f483d8ddc79aa09573ca9d49fc16341c061","ssdeep":"","tlshash":"54011069bdb5f89100860aa76626c8015a232287e1541888b8df5fc04f9b9b4536f09d","first_seen":"2023-10-13T18:17:52Z","last_seen":"2025-06-20T01:29:36.566077Z","times_seen":185315,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}