{"report_id":"ea7d8ff1-b87b-4c46-93be-4261ccd7173c","version":0,"status":"done","tags":[],"date":"2026-06-26T15:19:53Z","url":{"schema":"http","addr":"nvidiadriver.net/verv1432/winpatch-xd7d.win","fqdn":"nvidiadriver.net","domain":"nvidiadriver.net","tld":"net"},"ip":{"addr":"95.216.92.207","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"New Private Tab","dom":{"size":4247,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"12a9766130d03f9b65672b3d3cbcbf80","sha1":"7e2fc709f9a5f29c9fc2b32b63e8b1c14b37819a","sha256":"f62846eaa996b677966e71aedc1676b18d27ce01c47c03df099ec3ecc3c99f9d","sha512":"cf02911d53bf0bc5941485383903e4086ed4745122ad537862a31d08fc12a0ecc49c496367d629252110f558ef78a6b30c96eb196b5b8a1b821979c6d001c4cf","ssdeep":"96:DJFs1Bx13gb61j1l017gx10UFZV4jl22D+i8kDNLeOl:H61rpdmULV4jM2D+z0sI","tlshash":"039162a544f5663b18a386a9e9d17f47af817607ce8d29807baf40e31f87d54c86f20c","dom_hash":"domhashe55c5b0a9b0c37e90d2a11b31f2bc448","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"nvidiadriver.net/verv1432/winpatch-xd7d.win","fqdn":"nvidiadriver.net","domain":"nvidiadriver.net","tld":"net"},"ip":{"addr":"95.216.92.207","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-31T15:19:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"nvidiadriver.net","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-04-09","domain_rank":0,"first_seen":"2026-06-25T19:56:06.160505Z","last_seen":"2026-06-25T19:56:06.160505Z","alert_count":6,"request_count":2,"received_data":30748297,"sent_data":938,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"bcf0248791b754ffe7fa534707a347ea","sha1":"3d37d3258c6458383b3fcc826c9da134fee1e20b","sha256":"98a92040eaa839761d0082735a47529fabbe0963d86f1355790be431ae0a1848","sha512":"2bee79ae03e816d6bc7f4f83b083c83a0b705a684d530617859bcaca384eb96403a7b18ef788cab590e2754789838ec11201cf856671cf98aa69ff515fbf9110","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":30747195,"url":{"schema":"http","addr":"nvidiadriver.net/verv1432/winpatch-xd7d.win","fqdn":"nvidiadriver.net","domain":"nvidiadriver.net","tld":"net"},"ip":{"addr":"95.216.92.207","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"nvidiadriver.net/verv1432/winpatch-xd7d.win","fqdn":"nvidiadriver.net","domain":"nvidiadriver.net","tld":"net"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T15:19:27.598Z","timestamp":1782487167598,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /verv1432/winpatch-xd7d.win HTTP/1.1\r\nHost: nvidiadriver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-27T00:34:36.803858Z","times_seen":16747081,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"nvidiadriver.net/verv1432/winpatch-xd7d.win","fqdn":"nvidiadriver.net","domain":"nvidiadriver.net","tld":"net"},"ip":{"addr":"95.216.92.207","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T15:19:27.865Z","timestamp":1782487167865,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /verv1432/winpatch-xd7d.win HTTP/1.1\r\nHost: nvidiadriver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nvary: Origin\r\ncontent-disposition: attachment; filename=\"win-driver-xd7d.zip\"\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 23 Apr 2026 12:00:18 GMT\r\netag: W/\"1d52a3b-19dba365e08\"\r\ncontent-type: application/zip\r\ncontent-length: 30747195\r\ndate: Fri, 26 Jun 2026 15:19:27 GMT\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":30747195,"size_decoded":1102,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"bcf0248791b754ffe7fa534707a347ea","sha1":"3d37d3258c6458383b3fcc826c9da134fee1e20b","sha256":"98a92040eaa839761d0082735a47529fabbe0963d86f1355790be431ae0a1848","sha512":"2bee79ae03e816d6bc7f4f83b083c83a0b705a684d530617859bcaca384eb96403a7b18ef788cab590e2754789838ec11201cf856671cf98aa69ff515fbf9110","ssdeep":"24576:nf8EOOZRn8m8gKbJQRa06l6uM4q5Lzf4+dn+GSUBLQsS7c0yXGjGe:XsP9QRa065MNRzg+vRGYfVe","tlshash":"d125334dbbca9422b970076a522f67c8a5b2103528d3cc9cde5f2dd876789e23522738","first_seen":"2026-06-26T15:19:55.604005Z","last_seen":"2026-06-26T15:19:55.604005Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1276,"timings":{"blocked":-1,"dns":28,"connect":14,"send":0,"wait":34,"receive":1200,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"nvidiadriver.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}