{"report_id":"6d495242-31ae-456e-8eb6-bd2fe77c23b6","version":6,"status":"done","tags":[],"date":"2024-11-29T22:27:59Z","url":{"schema":"http","addr":"media.codeweavers.com/pub/other/sourcescfont3.exe","fqdn":"media.codeweavers.com","domain":"codeweavers.com","tld":"com"},"ip":{"addr":"151.101.2.217","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T22:27:59Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"media.codeweavers.com","ip":{"addr":"151.101.194.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"1996-06-01","domain_rank":0,"first_seen":"2012-07-26T18:53:00Z","last_seen":"2024-11-27T10:51:33.951612Z","alert_count":1,"request_count":1,"received_data":34520973,"sent_data":503,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"b6fb31e3d4423f267df67f488a59e90f","sha1":"c8483d72b52268ec427e0ad517a2654ae5332abd","sha256":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","sha512":"80c2f80e9b27ddc070f2fe3b71b2eb0756dc4c443c3d8f8a182d33c2a35aca1bc0c14414ba1c803580c30c9215290ec83614519d92e7043d394bc42c0ede3802","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 14 sections","size":34520432,"url":{"schema":"https","addr":"media.codeweavers.com/pub/other/sourcescfont3.exe","fqdn":"media.codeweavers.com","domain":"codeweavers.com","tld":"com"},"ip":{"addr":"151.101.194.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-08","alert":"Scan result 27/71","trigger":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","verdict":"malicious","severity":"","comment":"malicious - 27/71","link":"https://www.virustotal.com/gui/file/5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b6fb31e3d4423f267df67f488a59e90f","sha1":"c8483d72b52268ec427e0ad517a2654ae5332abd","sha256":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","sha512":"80c2f80e9b27ddc070f2fe3b71b2eb0756dc4c443c3d8f8a182d33c2a35aca1bc0c14414ba1c803580c30c9215290ec83614519d92e7043d394bc42c0ede3802","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 14 sections","size":34520432,"url":{"schema":"https","addr":"media.codeweavers.com/pub/other/sourcescfont3.exe","fqdn":"media.codeweavers.com","domain":"codeweavers.com","tld":"com"},"ip":{"addr":"151.101.194.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-08","alert":"Scan result 27/71","trigger":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","verdict":"malicious","severity":"","comment":"malicious - 27/71","link":"https://www.virustotal.com/gui/file/5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"media.codeweavers.com/pub/other/sourcescfont3.exe","fqdn":"media.codeweavers.com","domain":"codeweavers.com","tld":"com"},"ip":{"addr":"151.101.194.217","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T22:27:34.045Z","timestamp":1732919254045,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"media.codeweavers.com","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2024 Q1","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 06 Mar 2024 21:52:00 GMT","end":"Mon, 07 Apr 2025 21:51:59 GMT"},"fingerprint":{"sha1":"64:54:D4:02:47:79:E2:D1:28:91:CA:F9:2E:99:6D:59:13:D5:AB:15","sha256":"6A:A1:49:6F:0B:9F:BB:08:9A:6A:FB:C6:DB:1B:77:A8:F2:72:FA:8E:F2:63:33:48:AA:89:24:7A:93:A5:68:D0"}}},"request":{"raw":"GET /pub/other/sourcescfont3.exe HTTP/1.1\r\nHost: media.codeweavers.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Apache\r\nstrict-transport-security: max-age=31536000\r\ncache-control: max-age=31536000\r\nlast-modified: Fri, 25 Nov 2022 15:13:18 GMT\r\netag: \"20ebd70-5ee4cf62de7ca\"\r\ncontent-type: application/x-msdos-program\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 72714\r\ndate: Fri, 29 Nov 2024 22:27:34 GMT\r\nx-served-by: cache-msp11847-MSP, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 15, 0\r\nx-timer: S1732919254.147441,VS0,VE1\r\naccess-control-allow-origin: *\r\ncontent-length: 34520432\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34520432,"size_decoded":34520432,"mime_type":"application/x-msdos-program","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 14 sections","md5":"b6fb31e3d4423f267df67f488a59e90f","sha1":"c8483d72b52268ec427e0ad517a2654ae5332abd","sha256":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","sha512":"80c2f80e9b27ddc070f2fe3b71b2eb0756dc4c443c3d8f8a182d33c2a35aca1bc0c14414ba1c803580c30c9215290ec83614519d92e7043d394bc42c0ede3802","ssdeep":"786432:jorl9UZ3LeOVXYsXBUazsV3dydeWi1yej6FmyjYruu0vCyL:8rlKZPVXVtsV3AI74FmOI4L","tlshash":"ea7733c484ea018be5278f32bae4fa46f59c74e2a9c159363790b991fed74931db4c03","first_seen":"2023-11-09T19:27:39Z","last_seen":"2025-02-06T19:46:50.08554Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2895,"timings":{"blocked":81,"dns":0,"connect":26,"send":0,"wait":28,"receive":2696,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-08","alert":"Scan result 27/71","trigger":"5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","verdict":"malicious","severity":"","comment":"malicious - 27/71","link":"https://www.virustotal.com/gui/file/5ff017f8321678514625f60e12cb9faf4de6fca12e7eb74d0891617069da74c5","meta":null}],"urlquery":null}}]}