{"report_id":"c50b3835-5c3f-4a45-8527-d3a309555bf0","version":6,"status":"done","tags":[],"date":"2023-09-17T02:53:56Z","url":{"schema":"http","addr":"azw.downkuai.com/azwfile/app/pxw_165915.apk","fqdn":"azw.downkuai.com","domain":"downkuai.com","tld":"com"},"ip":{"addr":"113.219.238.120","port":0,"asn":63835,"as":"No.293,Wanbao Avenue","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T07:11:26Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ocsp.trust-provider.cn","ip":{"addr":"117.27.246.96","port":0,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"domain_registered":"2015-04-09","domain_rank":0,"first_seen":"2022-02-10 09:18:30","last_seen":"2023-09-16 19:14:57","alert_count":0,"request_count":2,"received_data":2963,"sent_data":672,"comment":"","tags":null,"fingerprints":null},{"fqdn":"azw.downkuai.com","ip":{"addr":"113.219.238.120","port":0,"asn":63835,"as":"No.293,Wanbao Avenue","country":"China","country_code":"CN"},"domain_registered":"2013-10-17","domain_rank":0,"first_seen":"2023-05-22 05:28:53","last_seen":"2023-09-10 04:32:45","alert_count":1,"request_count":2,"received_data":5356547,"sent_data":768,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"ef61f078fb1dc995259f398c0dfd63cd","sha1":"7fee26ef7f3b97f7f63237f1e6d15f50c9a3d582","sha256":"c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","sha512":"4ecfde2b0edeef56eb540c6dc039bcfd845a4b8cb94c9490ef256c88adecc372886cfb869e6f30346091b49cb6719899cdd6a279bc453d2cb8ff5c29fe4a83fc","magic":"Zip archive data, at least v0.0 to extract, compression method=deflate\\012- data","size":5355802,"url":{"schema":"https","addr":"azw.downkuai.com/azwfile/app/pxw_165915.apk","fqdn":"azw.downkuai.com","domain":"downkuai.com","tld":"com"},"ip":{"addr":"113.219.238.120","port":443,"asn":63835,"as":"No.293,Wanbao Avenue","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-12-12","alert":"Scan result 8/66","trigger":"c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","verdict":"suspicious","severity":"","comment":"suspicious - 8/66","link":"https://www.virustotal.com/gui/file/c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"ocsp.trust-provider.cn/","fqdn":"ocsp.trust-provider.cn","domain":"trust-provider.cn","tld":"cn"},"ip":{"addr":"117.27.246.96","port":0,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-17T02:53:38.920785251Z","timestamp":1694919218920,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: ocsp.trust-provider.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/ocsp-response\r\nContent-Length: 600\r\nConnection: keep-alive\r\nDate: Sun, 17 Sep 2023 02:53:38 GMT\r\nAccept-Ranges: bytes\r\nAge: 1\r\nCF-Cache-Status: EXPIRED\r\nCF-RAY: 80728652bffc096a-HKG\r\nETag: \"6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e\"\r\nExpires: Fri, 22 Sep 2023 16:57:27 GMT\r\nLast-Modified: Fri, 15 Sep 2023 16:57:28 GMT\r\nWS-Cache-Status: 0\r\nX-CCACDN-Proxy-ID: mcdpinlb2\r\nX-Frame-Options: SAMEORIGIN\r\nX-Via: 1.1 PSxgHKG8vw115:7 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:2 (Cdn Cache Server V2.0), 1.1 PS-JJN-01pX761:1 (Cdn Cache Server V2.0)\r\nX-Ws-Request-Id: 65066a32_PS-JJN-01B7x62_15826-18578\r\nvia: n172-013-215.fzmp.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 169491921814c824aac6b7dc75b7c77c517967847b\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=10, edge;dur=0\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":600,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"2887a9c01dd976ed780b26e5602c4d76","sha1":"6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e","sha256":"dcc1704f28ed81a586e4392ed19caba3abac9fc77b0de739b6beaff5ee33e16a","sha512":"9f1cb8a7becb44b92ea0891d89dad3ec5cd99701c7355b78d9a39bbc70ac8d9bd4954d9aea08446036bdce59af1062f672bae7029cfc4a75040e3d805044d3fc","ssdeep":"","tlshash":"b1f047244f9828a38d450e71816cf791684401d16ddd348e783c15b31f657744735855","first_seen":"2023-09-17T04:53:59Z","last_seen":"2023-09-17T04:53:59Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.trust-provider.cn/","fqdn":"ocsp.trust-provider.cn","domain":"trust-provider.cn","tld":"cn"},"ip":{"addr":"117.27.246.96","port":0,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-17T02:53:39.070815753Z","timestamp":1694919219070,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: ocsp.trust-provider.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/ocsp-response\r\nContent-Length: 600\r\nConnection: keep-alive\r\nDate: Sun, 17 Sep 2023 02:53:38 GMT\r\nAccept-Ranges: bytes\r\nCF-Cache-Status: EXPIRED\r\nCF-RAY: 80728652bffc096a-HKG\r\nETag: \"6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e\"\r\nExpires: Fri, 22 Sep 2023 16:57:27 GMT\r\nLast-Modified: Fri, 15 Sep 2023 16:57:28 GMT\r\nWS-Cache-Status: 0\r\nX-CCACDN-Proxy-ID: mcdpinlb2\r\nX-Frame-Options: SAMEORIGIN\r\nX-Via: 1.1 PSxgHKG8vw115:7 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:2 (Cdn Cache Server V2.0), 1.1 PS-JJN-01pX761:1 (Cdn Cache Server V2.0)\r\nX-Ws-Request-Id: 65066a32_PS-JJN-01B7x62_15760-61533\r\nvia: n172-013-214.fzmp.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1694919218c86f8449be709de140d364a19cb877e2\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=9, edge;dur=0\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":600,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"2887a9c01dd976ed780b26e5602c4d76","sha1":"6b0b4ef0eb5da9a5eae1fdad1745b2830ca79f8e","sha256":"dcc1704f28ed81a586e4392ed19caba3abac9fc77b0de739b6beaff5ee33e16a","sha512":"9f1cb8a7becb44b92ea0891d89dad3ec5cd99701c7355b78d9a39bbc70ac8d9bd4954d9aea08446036bdce59af1062f672bae7029cfc4a75040e3d805044d3fc","ssdeep":"","tlshash":"b1f047244f9828a38d450e71816cf791684401d16ddd348e783c15b31f657744735855","first_seen":"2023-09-17T04:53:59Z","last_seen":"2023-09-17T04:53:59Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"azw.downkuai.com/","fqdn":"azw.downkuai.com","domain":"downkuai.com","tld":"com"},"ip":{"addr":"113.219.238.120","port":0,"asn":63835,"as":"No.293,Wanbao Avenue","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-17T02:53:41.131162213Z","timestamp":1694919221131,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: azw.downkuai.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Sun, 17 Sep 2023 02:53:05 GMT\r\nConnection: close\r\nContent-Length: 315\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF line terminators","md5":"67932d4b695e1d6b19dfc2e3610761ff","sha1":"a66898b36c94c53766e66c1a7aaeb149447ec083","sha256":"ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0","sha512":"97408b30995b72417494daca4c67488b77e3121a9db8bb3c2f204b49944457caa1af4b75730511b39fc9babcca5e1440168c3dbf3377b072866295bd490710fe","ssdeep":"","tlshash":"8be07d6d9856aac542a0f4bc75d193b48115038fd4e547d90051b21714891bcc1f0dcf","first_seen":"2023-04-05T14:02:50Z","last_seen":"2026-05-08T07:36:29.644235Z","times_seen":2261,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"azw.downkuai.com/azwfile/app/pxw_165915.apk","fqdn":"azw.downkuai.com","domain":"downkuai.com","tld":"com"},"ip":{"addr":"113.219.238.120","port":443,"asn":63835,"as":"No.293,Wanbao Avenue","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-17T02:53:37.673Z","timestamp":1694919217673,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.downkuai.com","organization":""},"issuer":{"commonName":"TrustAsia RSA DV TLS CA G2","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 01 Dec 2022 00:00:00 GMT","end":"Sat, 02 Dec 2023 23:59:59 GMT"},"fingerprint":{"sha1":"FC:A7:9C:F3:4D:56:13:21:04:85:CE:A8:BF:4C:CB:02:89:D1:36:2F","sha256":"14:24:0C:1C:6B:52:B7:F3:19:3C:28:6A:70:7C:22:75:94:DB:58:6B:1E:7A:C4:2F:20:EA:7C:C7:1B:C6:35:12"}}},"request":{"raw":"GET /azwfile/app/pxw_165915.apk HTTP/1.1\r\nHost: azw.downkuai.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/vnd.android.package-archive\r\nLast-Modified: Thu, 07 Sep 2023 10:40:10 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0a1c3ac77e1d91:0\"\r\nServer: Microsoft-IIS/8.5\r\nDate: Sun, 17 Sep 2023 02:53:05 GMT\r\nContent-Length: 5355802\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5355802,"size_decoded":0,"mime_type":"application/vnd.android.package-archive","magic":"Zip archive data, at least v0.0 to extract, compression method=deflate\\012- data","md5":"ef61f078fb1dc995259f398c0dfd63cd","sha1":"7fee26ef7f3b97f7f63237f1e6d15f50c9a3d582","sha256":"c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","sha512":"4ecfde2b0edeef56eb540c6dc039bcfd845a4b8cb94c9490ef256c88adecc372886cfb869e6f30346091b49cb6719899cdd6a279bc453d2cb8ff5c29fe4a83fc","ssdeep":"98304:r4zl4BupYS/zYbPPJxWhVCPfESM72m4mKqCF2nIPfhKsxlVXG0CQBuNR:r454gpN7C3JwC0SMjK8nGfvVW0CNR","tlshash":"96462345e34ae523e1b7943787b60b2665890c484a4ad7530a59b37c7efbec04f89fc8","first_seen":"2023-09-17T04:53:59Z","last_seen":"2023-09-17T04:53:59Z","times_seen":1,"resource_available":false,"data":null}},"time_used":12495,"timings":{"blocked":1247,"dns":1,"connect":294,"send":0,"wait":2232,"receive":7764,"ssl":951},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-12-12","alert":"Scan result 8/66","trigger":"c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","verdict":"suspicious","severity":"","comment":"suspicious - 8/66","link":"https://www.virustotal.com/gui/file/c42409048a69103bfe2e6715d625c79a2dd910cdd3433ff82f2e81f8de11a41e","meta":null}],"urlquery":null}}]}