{"report_id":"2d39b90a-9b3e-45e6-8fea-eb6a3febe81e","version":6,"status":"done","tags":[],"date":"2023-12-30T22:10:51Z","url":{"schema":"http","addr":"www.3fwork.com/downfilelist2/gotb/gotb_r2.zip","fqdn":"www.3fwork.com","domain":"3fwork.com","tld":"com"},"ip":{"addr":"156.236.64.129","port":0,"asn":136970,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T05:55:51Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.3fwork.com","ip":{"addr":"156.236.64.129","port":80,"asn":136970,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"domain_registered":"2005-11-11","domain_rank":0,"first_seen":"2012-08-07 22:45:02","last_seen":"2023-12-29 04:18:10","alert_count":0,"request_count":1,"received_data":143695,"sent_data":427,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"7ee9d59c7ea5aadb825336a3d4ca3991","sha1":"fa15a3675b3d6766173b9f2a77985012b98da89d","sha256":"e9548c9df31358689a5e941b3e5b4791906fca678d9defa8b3864e0fce544741","sha512":"6abf47822d8dfbc7928b1002e37e770fc6e7418532caff276f4f020d7b1a51d5b06c061b41b17441c79e2055f5fd52c6f90669a36c5aa88697d041696191982e","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":143451,"url":{"schema":"http","addr":"www.3fwork.com/downfilelist2/gotb/gotb_r2.zip","fqdn":"www.3fwork.com","domain":"3fwork.com","tld":"com"},"ip":{"addr":"156.236.64.129","port":80,"asn":136970,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"archive":[{"path":"GoTB_r2.exe","filename":"GoTB_r2.exe","modified":"","Modified":"2011-11-20T13:02:36Z","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":548864,"md5":"60d0b1c912e59a459877e3152a5f52d7","sha1":"59c5f047289e096cc3efdb4429b7299ac7e110f0","sha256":"99ef5ff5df372282faa549a9b3f6714fd5b14494e53c4679f9a6d767af974786","sha512":"d18b1892f8b51520c71999e9ac2780b12df86f7f424cc8f0000e6043af3f63c047e48561ac0f75a2521551c1189f5e3f5b4b359adf1bdf7d44bb9d1183e4b662","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-07-24","alert":"Scan result 3/71","trigger":"99ef5ff5df372282faa549a9b3f6714fd5b14494e53c4679f9a6d767af974786","verdict":"suspicious","severity":"","comment":"suspicious - 3/71","link":"https://www.virustotal.com/gui/file/99ef5ff5df372282faa549a9b3f6714fd5b14494e53c4679f9a6d767af974786","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"www.3fwork.com/downfilelist2/gotb/gotb_r2.zip","fqdn":"www.3fwork.com","domain":"3fwork.com","tld":"com"},"ip":{"addr":"156.236.64.129","port":80,"asn":136970,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-30T22:10:24.864Z","timestamp":1703974224864,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /downfilelist2/gotb/gotb_r2.zip HTTP/1.1\r\nHost: www.3fwork.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/x-zip-compressed\r\nLast-Modified: Tue, 22 Nov 2011 01:54:53 GMT\r\nAccept-Ranges: bytes\r\nETag: \"4a6f3dbab9a8cc1:0\"\r\nServer: Microsoft-IIS/7.5\r\nDate: Sat, 30 Dec 2023 22:09:51 GMT\r\nContent-Length: 143451\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":143451,"size_decoded":143451,"mime_type":"application/x-zip-compressed","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"7ee9d59c7ea5aadb825336a3d4ca3991","sha1":"fa15a3675b3d6766173b9f2a77985012b98da89d","sha256":"e9548c9df31358689a5e941b3e5b4791906fca678d9defa8b3864e0fce544741","sha512":"6abf47822d8dfbc7928b1002e37e770fc6e7418532caff276f4f020d7b1a51d5b06c061b41b17441c79e2055f5fd52c6f90669a36c5aa88697d041696191982e","ssdeep":"3072:2I/3kcqEhD8zmBiaAQlOU3OejJL+3efRkrJj2DBodHpebvPjJ8wETi1:2y3xqEOmNAdqOe03SRyj2FoTeJ8jQ","tlshash":"22e31222af13fba8ae7b03becc9836105282f07164e56747159fab89b617cb4455f503","first_seen":"2023-06-19T12:37:28Z","last_seen":"2025-03-22T00:59:20.628943Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2048,"timings":{"blocked":256,"dns":1,"connect":256,"send":0,"wait":256,"receive":1279,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}