Possible IOC

Disposition

Recommended action: Do not treat this as clean. Review the listed indicators, source, sender, and file hash before release.

This disposition is based only on facts present in the CAPE JSON. It is not a guarantee that a file is safe.

How This Was Determined

Malicious Indicators

No malicious indicators were identified by this script.

Possible IOC / Review Indicators

CAPE signature: stealth_network - Network activity detected but not expressed in monitor API logs (severity 1, confidence 100%)
CAPE recorded network activity (210 network item(s)).

Lower-Risk Facts

CAPE malstatus is Clean.
CAPE malscore is low: 0.5.
No YARA hits were recorded.
No CAPE YARA hits were recorded.
No ClamAV detection was recorded.

Important Notes

No VirusTotal result was stored in the CAPE JSON.

VirusTotal

Stored CAPE result: No VirusTotal result was stored in the CAPE JSON.

Manual lookup: No SHA256 available

File Details

File name
File type
Size
MD5
SHA1
SHA256
VirusTotal lookup	No SHA256 available

Sandbox Run Details

Task ID	20
Started	2026-06-16 17:54:37
Ended	2026-06-16 17:55:21
Duration	44 seconds
Package	edge
Route	internet
Machine	cuckoo1
CAPE score	0.5
CAPE status	Clean

YARA / AV Indicators

Source	Rule / Detection	Description / Evidence
No YARA hits recorded.
No CAPE YARA hits recorded.
No ClamAV hits recorded.

CAPE Signatures

Severity	Confidence	Signature	Description
1	100%	stealth_network	Network activity detected but not expressed in monitor API logs

Behavior Summary

Executed commands / child processes	0
File writes	0
File deletes	0
Registry writes	0
Created services	0
Started services	0
CAPE payload-like items	0
CAPE extracted configs	0
Dropped/related files captured	0
Network indicators	210

Executed Commands / Child Processes

None recorded.

File Writes

None recorded.

Registry Writes

None recorded.

Created Services

None recorded.

Started Services

None recorded.

CAPE Extracted Items

Payload-like Items

None recorded.

Extracted Configs

None recorded.

Network Activity

Network activity was recorded.

{'ip': '104.17.24.24', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': 'static.hsappstatic.net', 'inaddrarpa': '', 'ports': [443]}

{'ip': '172.66.161.212', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': 'embed.tawk.to', 'inaddrarpa': '', 'ports': [443]}

{'ip': '104.16.107.254', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': 'js.hscollectedforms.net', 'inaddrarpa': '', 'ports': [443]}

{'ip': '104.18.40.240', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': 'js.hs-banner.com', 'inaddrarpa': '', 'ports': [443]}

{'ip': '104.16.160.168', 'country_name': 'unknown', 'asn': '', 'asn_name': '', 'hostname': 'js.hs-analytics.net', 'inaddrarpa': '', 'ports': [443]}

{'domain': 'edge-consumer-static.azureedge.net', 'ip': '13.107.226.51'}

{'domain': 'www.tranquilityproducts.com', 'ip': '104.193.142.21'}

{'domain': 'tranquilityproducts.com', 'ip': '104.193.142.21'}

{'domain': 'cdn-cfoco.nitrocdn.com', 'ip': '172.64.154.105'}

{'domain': 'js.hs-scripts.com', 'ip': '104.16.140.209'}

Generated 2026-06-16T17:56:01 from /opt/CAPEv2/storage/analyses/20/reports/report.json