{"report_id":"1fbc5905-8cdd-4a85-87f2-2ad92428c9a5","version":6,"status":"done","tags":[],"date":"2025-04-01T03:56:57Z","url":{"schema":"http","addr":"resource.ablemark.net/U210.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":0,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-10T03:56:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"resource.ablemark.net","ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"domain_registered":"2025-01-23","domain_rank":0,"first_seen":"2025-04-01T03:56:56.770988Z","last_seen":"2025-04-01T03:56:56.770988Z","alert_count":0,"request_count":1,"received_data":3952622,"sent_data":498,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"e8d28a0fbb0bd26c47eab227d5174f4c","sha1":"e10a01187c54e7f3039115fe927eaa31a899e40f","sha256":"406cba6b4564e43f1ff55702e01f4fc787438088220ecea6d02ba0f338e0d20a","sha512":"0ca0e8d92fa369b610e1d3edfd35a9ca95a9e03d9221f5d382584e43c2c0efafcdb2f6f06651cedfa77234c4ace68f1433c5828701c911cad9a751cc34789fa3","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":3951825,"url":{"schema":"https","addr":"resource.ablemark.net/U210.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"archive":[{"path":"AbleMark_U210_Printer_Driver.exe","filename":"AbleMark_U210_Printer_Driver.exe","modified":"2025-03-25T15:21:44+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":4027552,"md5":"0f571c177f61f1461fe38b7f7c7f2de9","sha1":"1e5f5626f33e319b0621a4733f95c26ffadb3671","sha256":"98d8adfe6a7431eab9405588e8a177506227ff51381e97690fbcf5ee41c2d59b","sha512":"d6d4564ea97c213da9a57cee318b6396481d76abbab6cff27e2cbf6c3db15e67b5e1892198a150e00bab1dd2f3bc1e1e3adf294978e09814bf453153a7df0d4b","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e8d28a0fbb0bd26c47eab227d5174f4c","sha1":"e10a01187c54e7f3039115fe927eaa31a899e40f","sha256":"406cba6b4564e43f1ff55702e01f4fc787438088220ecea6d02ba0f338e0d20a","sha512":"0ca0e8d92fa369b610e1d3edfd35a9ca95a9e03d9221f5d382584e43c2c0efafcdb2f6f06651cedfa77234c4ace68f1433c5828701c911cad9a751cc34789fa3","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":3951825,"url":{"schema":"https","addr":"resource.ablemark.net/U210.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"archive":[{"path":"AbleMark_U210_Printer_Driver.exe","filename":"AbleMark_U210_Printer_Driver.exe","modified":"2025-03-25T15:21:44+08:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":4027552,"md5":"0f571c177f61f1461fe38b7f7c7f2de9","sha1":"1e5f5626f33e319b0621a4733f95c26ffadb3671","sha256":"98d8adfe6a7431eab9405588e8a177506227ff51381e97690fbcf5ee41c2d59b","sha512":"d6d4564ea97c213da9a57cee318b6396481d76abbab6cff27e2cbf6c3db15e67b5e1892198a150e00bab1dd2f3bc1e1e3adf294978e09814bf453153a7df0d4b","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-01T03:56:35Z","timestamp":1743479795,"ip_dst":{"addr":"172.18.0.30","port":35206,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-04-01T03:56:35.287909+0000\",\"flow_id\":1320139332128612,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.198.201.12\",\"src_port\":443,\"dest_ip\":\"172.18.0.30\",\"dest_port\":35206,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.ablemark.net\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"1E:F8:E4:CD:4E:37:25:30:6D:95:A5:F8:72:E9:E2:3B\",\"fingerprint\":\"15:6d:37:64:32:aa:dc:d8:b4:8c:3a:0b:bb:72:a3:e7:9f:e5:97:80\",\"sni\":\"resource.ablemark.net\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-02-26T00:00:00\",\"notafter\":\"2025-05-27T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"0191d81a4ad7ee1a330a1e2c51d23ace\",\"string\":\"771,49195,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3577,\"start\":\"2025-04-01T03:56:34.986980+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"resource.ablemark.net/U210.zip","fqdn":"resource.ablemark.net","domain":"ablemark.net","tld":"net"},"ip":{"addr":"103.198.201.12","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Saudi Arabia","country_code":"SA"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-01T03:56:34.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.ablemark.net","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 26 Feb 2025 00:00:00 GMT","end":"Tue, 27 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"15:6D:37:64:32:AA:DC:D8:B4:8C:3A:0B:BB:72:A3:E7:9F:E5:97:80","sha256":"65:45:84:89:2C:86:F3:94:47:32:01:8B:62:61:4A:31:08:A7:16:26:87:91:F1:6C:99:1A:6A:29:D1:A7:57:51"}}},"request":{"raw":"GET /U210.zip HTTP/1.1\r\nHost: resource.ablemark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 01 Apr 2025 03:56:36 GMT\r\ncontent-type: application/x-zip-compressed\r\ncontent-length: 3951825\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"U210.zip\"; filename*=utf-8''U210.zip\r\ncontent-md5: 6NKKD7sL0mxH6rIn1RdPTA==\r\ncontent-transfer-encoding: binary\r\netag: \"FuEKARh8VOfzA5EV_pJ-qjGomeQP\"\r\nlast-modified: Mon, 31 Mar 2025 05:45:36 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:sa-jed-ecs-fusion1;QNM:sg164;SRCPROXY:sg169;SRC_148.153.188.134:211;SRCPROXY:211;QNM3:237;QNM3:834\r\nx-m-reqid: ru6ofdy2T\r\nx-qiniu-zone: na0\r\nx-qnm-cache: Miss\r\nx-reqid: 2j0AAADh5PyiFTIY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3951825,"size_decoded":0,"mime_type":"application/x-zip-compressed","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"e8d28a0fbb0bd26c47eab227d5174f4c","sha1":"e10a01187c54e7f3039115fe927eaa31a899e40f","sha256":"406cba6b4564e43f1ff55702e01f4fc787438088220ecea6d02ba0f338e0d20a","sha512":"0ca0e8d92fa369b610e1d3edfd35a9ca95a9e03d9221f5d382584e43c2c0efafcdb2f6f06651cedfa77234c4ace68f1433c5828701c911cad9a751cc34789fa3","ssdeep":"98304:ryydtULMsHQ7waMl5/bOzKlCE5SMhReS5hLRTD:r3dtULVQ7WDaX+h9TD","tlshash":"a30633ccb1e34b00733efdfd0b28d9972b84564574d074bd07aa8b5683567aae314a29","first_seen":"2025-04-01T03:56:59.164946Z","last_seen":"2025-04-01T03:56:59.164946Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2716,"timings":{"blocked":302,"dns":1,"connect":95,"send":0,"wait":1182,"receive":928,"ssl":197},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}