{"report_id":"9329c15d-d71d-4d3e-afc2-02a9008a4bb7","version":6,"status":"done","tags":[],"date":"2024-12-08T03:27:15Z","url":{"schema":"http","addr":"cdn.sellsn.io/5857d6e7-e08f-4254-a088-f419857ab97b.zip","fqdn":"cdn.sellsn.io","domain":"sellsn.io","tld":"io"},"ip":{"addr":"172.67.68.227","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-16T03:27:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cdn.sellsn.io","ip":{"addr":"104.26.15.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-03-10","domain_rank":0,"first_seen":"2024-05-11T15:34:04Z","last_seen":"2024-12-02T18:11:20.417648Z","alert_count":1,"request_count":1,"received_data":2446934,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"9a3f8044e7a9dce542e23b25d1b2030b","sha1":"5cffbbad368fc76c4e113712292709fcee797b4f","sha256":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","sha512":"729bc6993700d825387062f05c8abea890da01d350f2fe644c98664a8091e62f8bd67e324fcfdd6ab90ca34638a3ee071fb97639782c787bb66d47013e04d947","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2445740,"url":{"schema":"https","addr":"cdn.sellsn.io/5857d6e7-e08f-4254-a088-f419857ab97b.zip","fqdn":"cdn.sellsn.io","domain":"sellsn.io","tld":"io"},"ip":{"addr":"104.26.15.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"olduimatrix.exe","filename":"olduimatrix.exe","modified":"2024-10-28T06:13:06+07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":1772544,"md5":"37fbbf062f2bcbbb25c455fcbdfcf3d1","sha1":"b7f8afe523af13e5f5c751a417cafe655dbb8f3f","sha256":"a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","sha512":"bc7fe1208749ae097daaa30f1b970365657bef9f1448a9f4b05aeba063724dc8a614f2593a3f832d44af096ab817774a8d917442b506c6dbc3f1fbdcc10ce435","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-04","alert":"Scan result 32/72","trigger":"a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","verdict":"malicious","severity":"","comment":"malicious - 32/72","link":"https://www.virustotal.com/gui/file/a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","meta":null}]}},{"path":"newuimatrix.exe","filename":"newuimatrix.exe","modified":"2024-10-28T06:06:25+07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":2034688,"md5":"ff62a32b9095fb823e855b6efc38a17b","sha1":"2511622652edf163ab353c79e324343e7752b4c2","sha256":"82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","sha512":"1a81a7a972b96a2856ef39eb2a423ef53eec49d680ad56c9c7ca1ef03cb574529e71cc7cb9d089f7d505a2865dd877e4c6dbba80b5bc153fe16b0ed976e549c5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-10","alert":"Scan result 43/71","trigger":"82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","verdict":"malicious","severity":"","comment":"malicious - 43/71","link":"https://www.virustotal.com/gui/file/82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-10","alert":"Scan result 35/69","trigger":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","verdict":"malicious","severity":"","comment":"malicious - 35/69","link":"https://www.virustotal.com/gui/file/3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"9a3f8044e7a9dce542e23b25d1b2030b","sha1":"5cffbbad368fc76c4e113712292709fcee797b4f","sha256":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","sha512":"729bc6993700d825387062f05c8abea890da01d350f2fe644c98664a8091e62f8bd67e324fcfdd6ab90ca34638a3ee071fb97639782c787bb66d47013e04d947","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":2445740,"url":{"schema":"https","addr":"cdn.sellsn.io/5857d6e7-e08f-4254-a088-f419857ab97b.zip","fqdn":"cdn.sellsn.io","domain":"sellsn.io","tld":"io"},"ip":{"addr":"104.26.15.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"olduimatrix.exe","filename":"olduimatrix.exe","modified":"2024-10-28T06:13:06+07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":1772544,"md5":"37fbbf062f2bcbbb25c455fcbdfcf3d1","sha1":"b7f8afe523af13e5f5c751a417cafe655dbb8f3f","sha256":"a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","sha512":"bc7fe1208749ae097daaa30f1b970365657bef9f1448a9f4b05aeba063724dc8a614f2593a3f832d44af096ab817774a8d917442b506c6dbc3f1fbdcc10ce435","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-04","alert":"Scan result 32/72","trigger":"a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","verdict":"malicious","severity":"","comment":"malicious - 32/72","link":"https://www.virustotal.com/gui/file/a0cb721d1b712cb646162c8d21ee19d6eaf2f0d0d316ba98b37e0685cd13d6b5","meta":null}]}},{"path":"newuimatrix.exe","filename":"newuimatrix.exe","modified":"2024-10-28T06:06:25+07:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":2034688,"md5":"ff62a32b9095fb823e855b6efc38a17b","sha1":"2511622652edf163ab353c79e324343e7752b4c2","sha256":"82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","sha512":"1a81a7a972b96a2856ef39eb2a423ef53eec49d680ad56c9c7ca1ef03cb574529e71cc7cb9d089f7d505a2865dd877e4c6dbba80b5bc153fe16b0ed976e549c5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-10","alert":"Scan result 43/71","trigger":"82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","verdict":"malicious","severity":"","comment":"malicious - 43/71","link":"https://www.virustotal.com/gui/file/82d940da98f39de38a9ebd5a4ff6228f4247dfae78bfe751d640a491d96e4e6a","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-10","alert":"Scan result 35/69","trigger":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","verdict":"malicious","severity":"","comment":"malicious - 35/69","link":"https://www.virustotal.com/gui/file/3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.sellsn.io/5857d6e7-e08f-4254-a088-f419857ab97b.zip","fqdn":"cdn.sellsn.io","domain":"sellsn.io","tld":"io"},"ip":{"addr":"104.26.15.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-08T03:26:49.999Z","timestamp":1733628409999,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.sellsn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 28 Oct 2024 23:54:31 GMT","end":"Mon, 27 Jan 2025 00:54:20 GMT"},"fingerprint":{"sha1":"3B:EB:AF:8A:91:F7:87:6A:36:98:34:42:C3:75:5C:E4:55:DF:9F:0B","sha256":"02:60:75:A4:16:2F:B6:D2:62:BB:CB:1B:69:EF:5A:80:76:CD:3B:11:AD:C5:53:4B:01:07:B1:76:24:F9:23:FA"}}},"request":{"raw":"GET /5857d6e7-e08f-4254-a088-f419857ab97b.zip HTTP/1.1\r\nHost: cdn.sellsn.io\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 08 Dec 2024 03:26:50 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 2445740\r\netag: \"9a3f8044e7a9dce542e23b25d1b2030b\"\r\nlast-modified: Sat, 02 Nov 2024 17:19:35 GMT\r\nvary: Accept-Encoding\r\ncache-control: max-age=432000\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=bERCp%2BB0TMsP644D6r6UUopcto4fgNEsyBUu0e0CpBEw58HnDjXIJ79TfCByoEXeovy6OLDHnvyP7uevzouIV2ZyeLpzbreItXOIB51uQh1jZeVHxzX8MfAkcCL36Co%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 8ee9a7fa9ad656a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfCacheStatus;desc=\"HIT\", cfL4;desc=\"?proto=TCP\u0026rtt=5709\u0026min_rtt=459\u0026rtt_var=10483\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3259\u0026recv_bytes=1270\u0026delivery_rate=7375212\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=595ee9851c60250d\u0026ts=60\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2445740,"size_decoded":2445740,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"9a3f8044e7a9dce542e23b25d1b2030b","sha1":"5cffbbad368fc76c4e113712292709fcee797b4f","sha256":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","sha512":"729bc6993700d825387062f05c8abea890da01d350f2fe644c98664a8091e62f8bd67e324fcfdd6ab90ca34638a3ee071fb97639782c787bb66d47013e04d947","ssdeep":"49152:l41VXANNdtfyJhGGn8xcO/XLt5y5WfFXNztU0gO0KCEz5KjCYfrH:w9KG8xng4FZtULO0KpKjCwrH","tlshash":"4bb5336b1487ff5a0b95e0d123ba25a7846013672ad334adefdefb67f101b484b61234","first_seen":"2024-11-13T10:28:43.66605Z","last_seen":"2025-01-13T00:18:43.425636Z","times_seen":3,"resource_available":false,"data":null}},"time_used":344,"timings":{"blocked":18,"dns":0,"connect":1,"send":0,"wait":46,"receive":262,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-10","alert":"Scan result 35/69","trigger":"3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","verdict":"malicious","severity":"","comment":"malicious - 35/69","link":"https://www.virustotal.com/gui/file/3cc7840aa86187f1d28000e84ec91617db796b2395195ea11ecfbd5044d80f6e","meta":null}],"urlquery":null}}]}