{"report_id":"73f7ba64-2371-424c-884b-b4e20066186b","version":6,"status":"done","tags":[],"date":"2025-02-09T10:29:09Z","url":{"schema":"http","addr":"pkg-store.dl.mail.ru/packages/shop/0_2030528distrib4/NeedforDrive_Data/Managed/Assembly-CSharp.dll","fqdn":"pkg-store.dl.mail.ru","domain":"mail.ru","tld":"ru"},"ip":{"addr":"95.163.61.69","port":0,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-20T10:29:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pkg-store.dl.mail.ru","ip":{"addr":"95.163.61.69","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"domain_registered":"1997-09-27","domain_rank":0,"first_seen":"2020-05-26T20:50:12Z","last_seen":"2025-02-06T13:22:21.606619Z","alert_count":1,"request_count":1,"received_data":737525,"sent_data":564,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"205f177cf69944e4d649fa9435e23916","sha1":"ecb1303231f8050bfdc892cdc6a3cb58258cb497","sha256":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","sha512":"0b8a6c7a001c49bfb3f77d394c3a157bab58aaff4023b20aeb6e63a8482a6bb358fa834ed2e9bdbede31accc4646c4bb5d56c976013aa75cfb7a0c0c00008032","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":737280,"url":{"schema":"https","addr":"pkg-store.dl.mail.ru/packages/shop/0_2030528distrib4/NeedforDrive_Data/Managed/Assembly-CSharp.dll","fqdn":"pkg-store.dl.mail.ru","domain":"mail.ru","tld":"ru"},"ip":{"addr":"95.163.61.69","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-09","alert":"Scan result 1/71","trigger":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"205f177cf69944e4d649fa9435e23916","sha1":"ecb1303231f8050bfdc892cdc6a3cb58258cb497","sha256":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","sha512":"0b8a6c7a001c49bfb3f77d394c3a157bab58aaff4023b20aeb6e63a8482a6bb358fa834ed2e9bdbede31accc4646c4bb5d56c976013aa75cfb7a0c0c00008032","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":737280,"url":{"schema":"https","addr":"pkg-store.dl.mail.ru/packages/shop/0_2030528distrib4/NeedforDrive_Data/Managed/Assembly-CSharp.dll","fqdn":"pkg-store.dl.mail.ru","domain":"mail.ru","tld":"ru"},"ip":{"addr":"95.163.61.69","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-09","alert":"Scan result 1/71","trigger":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pkg-store.dl.mail.ru/packages/shop/0_2030528distrib4/NeedforDrive_Data/Managed/Assembly-CSharp.dll","fqdn":"pkg-store.dl.mail.ru","domain":"mail.ru","tld":"ru"},"ip":{"addr":"95.163.61.69","port":443,"asn":47764,"as":"LLC VK","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-09T10:28:38.836Z","timestamp":1739096918836,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dl.mail.ru","organization":"VK LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 07 Oct 2024 11:07:31 GMT","end":"Sat, 08 Nov 2025 11:07:30 GMT"},"fingerprint":{"sha1":"DB:F6:C6:B8:15:D9:95:90:21:7A:13:74:74:4B:BC:6F:25:5B:64:5B","sha256":"AA:4A:3F:57:B4:96:27:20:46:58:84:27:C9:47:52:12:A7:10:1F:B2:57:A6:CE:6C:F3:96:61:0B:ED:C6:9A:20"}}},"request":{"raw":"GET /packages/shop/0_2030528distrib4/NeedforDrive_Data/Managed/Assembly-CSharp.dll HTTP/1.1\r\nHost: pkg-store.dl.mail.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: kittenx\r\ndate: Sun, 09 Feb 2025 10:28:39 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 737280\r\nlast-modified: Tue, 29 Oct 2024 15:20:15 GMT\r\netag: \"6720fd2f-b4000\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":737280,"size_decoded":737280,"mime_type":"application/octet-stream","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"205f177cf69944e4d649fa9435e23916","sha1":"ecb1303231f8050bfdc892cdc6a3cb58258cb497","sha256":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","sha512":"0b8a6c7a001c49bfb3f77d394c3a157bab58aaff4023b20aeb6e63a8482a6bb358fa834ed2e9bdbede31accc4646c4bb5d56c976013aa75cfb7a0c0c00008032","ssdeep":"6144:3bEbku7UFNuLlnbivYuhtNJOpVBqu1GCgf1/mgu5g/3WiBjVx8Xs8C7KQodeG5zF:rEbkEUKFO7hto7Y/G5GxBjDkxC7NdG5","tlshash":"f3f44b6133f85a3be6bf1bbab472180443b1b4476655eb8e1dc2e0ed1ca3b508d453a7","first_seen":"2025-02-09T10:29:10.770356Z","last_seen":"2025-03-03T15:26:53.182177Z","times_seen":2,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":158,"dns":0,"connect":43,"send":0,"wait":92,"receive":187,"ssl":113},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-09","alert":"Scan result 1/71","trigger":"b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/b545d8ab106d8a16be4b281d9222ba7939ebe3653f8de65e4af4a526b3da9ed3","meta":null}],"urlquery":null}}]}