{"report_id":"cda405b7-2882-400c-812e-707cc58cb494","version":6,"status":"done","tags":[],"date":"2024-05-21T04:12:25Z","url":{"schema":"http","addr":"down10d.zol.com.cn/zoldownload/61/lexmark_cs410dn_ad2_win_32_ps_27004082_447197.exe","fqdn":"down10d.zol.com.cn","domain":"zol.com.cn","tld":"com.cn"},"ip":{"addr":"122.143.2.98","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:11:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"down10d.zol.com.cn","ip":{"addr":"122.143.2.98","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"1999-03-01","domain_rank":0,"first_seen":"2016-08-16 18:41:38","last_seen":"2022-08-09 09:32:46","alert_count":1,"request_count":1,"received_data":668337,"sent_data":537,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"31549917cdc6e3f9d40a48ea5998493f","sha1":"c0f7e826645b1ba2ba1fed866992beb9de7a31df","sha256":"73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","sha512":"709737c36ef4fe96e99dcac210854a760cbbcff7af428620a0a83f16a5db09af4dbe2b52ccd4cff08fe0d5d4e544ddd9474c7c45005938a32705960c3581dad1","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":668064,"url":{"schema":"https","addr":"down10d.zol.com.cn/zoldownload/61/lexmark_cs410dn_ad2_win_32_ps_27004082_447197.exe","fqdn":"down10d.zol.com.cn","domain":"zol.com.cn","tld":"com.cn"},"ip":{"addr":"122.143.2.98","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-25","alert":"Scan result 59/70","trigger":"73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","verdict":"malicious","severity":"","comment":"malicious - 59/70","link":"https://www.virustotal.com/gui/file/73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"down10d.zol.com.cn/zoldownload/61/lexmark_cs410dn_ad2_win_32_ps_27004082_447197.exe","fqdn":"down10d.zol.com.cn","domain":"zol.com.cn","tld":"com.cn"},"ip":{"addr":"122.143.2.98","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-21T04:11:59.626Z","timestamp":1716264719626,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.zol.com.cn","organization":"Beijing Zhixing Ruijing Technology Co., Ltd"},"issuer":{"commonName":"GeoTrust CN RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 04 Jan 2024 00:00:00 GMT","end":"Mon, 03 Feb 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A5:A6:D1:C6:86:BA:AC:95:BC:1C:88:04:58:1C:0F:BA:43:B9:3F:82","sha256":"6F:64:BB:D7:EE:DD:A7:28:87:23:BD:BF:65:A4:DB:23:A5:59:5E:6B:5B:8B:A9:8D:35:6E:70:63:51:42:9E:52"}}},"request":{"raw":"GET /zoldownload/61/lexmark_cs410dn_ad2_win_32_ps_27004082_447197.exe HTTP/1.1\r\nHost: down10d.zol.com.cn\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: ngx_openresty/1.2.8.6\r\nDate: Tue, 21 May 2024 04:12:01 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 668064\r\nConnection: keep-alive\r\nLast-Modified: Mon, 07 Mar 2022 01:26:09 GMT\r\nZ-download: download-jl181:891\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":668064,"size_decoded":668064,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","md5":"31549917cdc6e3f9d40a48ea5998493f","sha1":"c0f7e826645b1ba2ba1fed866992beb9de7a31df","sha256":"73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","sha512":"709737c36ef4fe96e99dcac210854a760cbbcff7af428620a0a83f16a5db09af4dbe2b52ccd4cff08fe0d5d4e544ddd9474c7c45005938a32705960c3581dad1","ssdeep":"12288:pC6wyk1nvfBP0FQoOd/566f81qjbravk7o3xLWAB8TMfo+aqwFtaif8dHOqPNspj:pC6wp1vfhboOb66Uyavk8hdo+g8BOONu","tlshash":"78e42231eaa94801f21bcd367951c6b22878fc44d3d1920b63dcbf67abba711513876e","first_seen":"2023-04-21T08:02:49Z","last_seen":"2026-05-09T22:36:22.3904Z","times_seen":50008,"resource_available":true,"data":null}},"time_used":5648,"timings":{"blocked":1444,"dns":1,"connect":274,"send":0,"wait":275,"receive":2479,"ssl":1171},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-25","alert":"Scan result 59/70","trigger":"73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","verdict":"malicious","severity":"","comment":"malicious - 59/70","link":"https://www.virustotal.com/gui/file/73f03b369e9df60c2dc97baefcdc4ba920da3a2126c873a4654e1a83510d3b87","meta":null}],"urlquery":null}}]}