{"report_id":"964cc4dd-7289-42a9-9652-8ffa2a799c74","version":6,"status":"done","tags":[],"date":"2023-09-27T08:39:07Z","url":{"schema":"http","addr":"ciogtc.tdb.org.cn/u/cms/ciogtc/202201/10015633hmga.docx","fqdn":"ciogtc.tdb.org.cn","domain":"tdb.org.cn","tld":"org.cn"},"ip":{"addr":"211.88.39.143","port":0,"asn":9306,"as":"RongHua Road No.11, Beijing Economy Technology Development Area, 100176","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T21:28:37Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"wotrus-ovca.ocsp-certum.com","ip":{"addr":"23.36.79.17","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2013-12-19","domain_rank":207050,"first_seen":"2018-06-05 05:01:24","last_seen":"2023-09-20 10:59:26","alert_count":0,"request_count":2,"received_data":3530,"sent_data":682,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ciogtc.tdb.org.cn","ip":{"addr":"211.88.39.143","port":80,"asn":9306,"as":"RongHua Road No.11, Beijing Economy Technology Development Area, 100176","country":"China","country_code":"CN"},"domain_registered":"2005-05-26","domain_rank":0,"first_seen":"2013-02-07 13:30:40","last_seen":"2023-07-20 08:09:55","alert_count":1,"request_count":1,"received_data":86479,"sent_data":427,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d0ebe0d454796147d836c633dda281cd","sha1":"2424699b6a29a8f250481f1dca214a8bf60b2cf8","sha256":"22262d533cb73904b9af430258a0412c9753780ead9c464ca3dc5f13e4f7f216","sha512":"32022c9f20a4f7c27a1e664c16e7b66603cb3186d3a610849d936396edbfaf7cb4372028b35d9d95ba109aba593eb63052a119f5cbd3a370868b5d26f3a101ef","magic":"Microsoft Word 2007+\\012-  Zip archive data, at least v2.0\\012-  to extract, compression method=deflate\\012- data","size":86172,"url":{"schema":"http","addr":"ciogtc.tdb.org.cn/u/cms/ciogtc/202201/10015633hmga.docx","fqdn":"ciogtc.tdb.org.cn","domain":"tdb.org.cn","tld":"org.cn"},"ip":{"addr":"211.88.39.143","port":80,"asn":9306,"as":"RongHua Road No.11, Beijing Economy Technology Development Area, 100176","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-27","alert":"Sinkholed","trigger":"tdb.org.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"wotrus-ovca.ocsp-certum.com/","fqdn":"wotrus-ovca.ocsp-certum.com","domain":"ocsp-certum.com","tld":"com"},"ip":{"addr":"23.36.79.17","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-27T08:38:51.591904766Z","timestamp":1695803931591,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: wotrus-ovca.ocsp-certum.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nContent-Length: 1501\r\nX-Cached: STALE\r\nStrict-Transport-Security: max-age=63072000,includeSubDomains,preload\r\nCache-Control: max-age=900\r\nDate: Wed, 27 Sep 2023 08:38:51 GMT\r\nConnection: keep-alive\r\nX-N: S\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1501,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"4664eb211513adaa6ced3376c549c31a","sha1":"6e8f9715af5258d5ecba1e49bdc6681f3b444413","sha256":"d04765282d23ca2167339691ee165179e637e6abcf7020b0d05efe7a04dc92da","sha512":"a03e2c332a62548c371eff4f45e244302dac9c611c9eda9ac18fe8600410f1664f864bac802dcf92b60de96bad290d5333821b1a7f54a604f1ba31bea51aca22","ssdeep":"","tlshash":"2731f985afb8bd426b050f5b6dbac0313dfcb3d07094002a649dc156d988ff10a48a2e","first_seen":"2023-09-27T10:39:09Z","last_seen":"2023-09-27T10:39:09Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wotrus-ovca.ocsp-certum.com/","fqdn":"wotrus-ovca.ocsp-certum.com","domain":"ocsp-certum.com","tld":"com"},"ip":{"addr":"23.36.79.17","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-27T08:38:51.611028075Z","timestamp":1695803931611,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: wotrus-ovca.ocsp-certum.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nContent-Length: 1501\r\nX-Cached: HIT\r\nStrict-Transport-Security: max-age=63072000,includeSubDomains,preload\r\nCache-Control: max-age=900\r\nDate: Wed, 27 Sep 2023 08:38:51 GMT\r\nConnection: keep-alive\r\nX-N: S\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1501,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"eca752ca2319bcc13cb5386870bece76","sha1":"dece00fe1bac013c2d291637468d69ca0fa48755","sha256":"f9c1b0d99d9ca1e5745bdbd331467c5602c81661c32c3e3651cca8cf99b77935","sha512":"7e00eda0c1336992bde3597943c5c001de4820a47485ff4afc5f5fa05d35f27acb3cde6fc31a34d924ac4225524419ce4a2227a644893a5076e56519bc6baa21","ssdeep":"","tlshash":"0d31f9d099b67d406b521f5b4df5c8393ff867d03090143a60dc8196dac0bb50ec951c","first_seen":"2023-09-27T10:39:09Z","last_seen":"2023-09-27T10:39:09Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ciogtc.tdb.org.cn/u/cms/ciogtc/202201/10015633hmga.docx","fqdn":"ciogtc.tdb.org.cn","domain":"tdb.org.cn","tld":"org.cn"},"ip":{"addr":"211.88.39.143","port":80,"asn":9306,"as":"RongHua Road No.11, Beijing Economy Technology Development Area, 100176","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-27T08:38:51.606Z","timestamp":1695803931606,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /u/cms/ciogtc/202201/10015633hmga.docx HTTP/1.1\r\nHost: ciogtc.tdb.org.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx/1.24.0\r\nDate: Wed, 27 Sep 2023 08:38:51 GMT\r\nContent-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document\r\nContent-Length: 86172\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: W/\"86172-1641797793000\"\r\nLast-Modified: Mon, 10 Jan 2022 06:56:33 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":86172,"size_decoded":0,"mime_type":"application/vnd.openxmlformats-officedocument.wordprocessingml.document","magic":"Microsoft Word 2007+\\012-  Zip archive data, at least v2.0\\012-  to extract, compression method=deflate\\012- data","md5":"d0ebe0d454796147d836c633dda281cd","sha1":"2424699b6a29a8f250481f1dca214a8bf60b2cf8","sha256":"22262d533cb73904b9af430258a0412c9753780ead9c464ca3dc5f13e4f7f216","sha512":"32022c9f20a4f7c27a1e664c16e7b66603cb3186d3a610849d936396edbfaf7cb4372028b35d9d95ba109aba593eb63052a119f5cbd3a370868b5d26f3a101ef","ssdeep":"1536:TS2gZNg9ZAkDVpqzykOYReaY9qDuSquL6GZ3Oq4mEIxRje3SHydZW:OJZNwAbzy+ktZc6+OcEU0xK","tlshash":"e68302b4d22cb52df29c16b8ecb441e355b62c02e500aa3f7054f1495665e9f4fcb6cc","first_seen":"2023-09-27T10:39:09Z","last_seen":"2023-09-27T10:39:09Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1594,"timings":{"blocked":263,"dns":1,"connect":265,"send":0,"wait":267,"receive":797,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-27","alert":"Sinkholed","trigger":"tdb.org.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}