{"report_id":"eff2959a-48d2-4df1-b1b6-b9e5ce212019","version":6,"status":"done","tags":[],"date":"2024-12-28T23:27:15Z","url":{"schema":"http","addr":"attachments.f95zone.to/2024/03/3503008_d3d9.zip","fqdn":"attachments.f95zone.to","domain":"f95zone.to","tld":"to"},"ip":{"addr":"209.237.141.109","port":0,"asn":36231,"as":"TEMPEST-HOSTING","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-08T23:27:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"attachments.f95zone.to","ip":{"addr":"195.160.222.99","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":278445,"first_seen":"2019-03-18T09:01:26Z","last_seen":"2024-12-23T05:35:16.368814Z","alert_count":0,"request_count":1,"received_data":277186,"sent_data":501,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"0305455cbf5ab6eded12603a7942f69e","sha1":"90f0c745c547a738b5000bc5023ae4257070fd95","sha256":"e84725ae6da3e610c5bba2857fd9de1f2857c6c6781c6c591fe722dd032c1075","sha512":"b31eb21205366a8157945d962dd6f8f86155e09f6f5f961c6aa06873e782e364ba4422bbf3415a21d3b877cdec5d791dee9205137dda108d90e95f2ba92cae99","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":276768,"url":{"schema":"https","addr":"attachments.f95zone.to/2024/03/3503008_d3d9.zip","fqdn":"attachments.f95zone.to","domain":"f95zone.to","tld":"to"},"ip":{"addr":"195.160.222.99","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"The Netherlands","country_code":"NL"},"archive":[{"path":"d3d9.dll","filename":"d3d9.dll","modified":"2023-12-04T23:34:24Z","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 3 sections","size":284672,"md5":"5e4b88c8e07728ad303cf44ed19eff76","sha1":"cc2a2f7f850a0eb47ec776c639e447c7258dc36e","sha256":"7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","sha512":"123b371df336953bc2a2d1ea25928f08deb3301d5f62ba6e47d698761ea9d3b9f135cdde0f377826ac5b07349b772ad5d45dd9bcf7081a59f734fda93e10bdee","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-08","alert":"Scan result 2/72","trigger":"7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"0305455cbf5ab6eded12603a7942f69e","sha1":"90f0c745c547a738b5000bc5023ae4257070fd95","sha256":"e84725ae6da3e610c5bba2857fd9de1f2857c6c6781c6c591fe722dd032c1075","sha512":"b31eb21205366a8157945d962dd6f8f86155e09f6f5f961c6aa06873e782e364ba4422bbf3415a21d3b877cdec5d791dee9205137dda108d90e95f2ba92cae99","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":276768,"url":{"schema":"https","addr":"attachments.f95zone.to/2024/03/3503008_d3d9.zip","fqdn":"attachments.f95zone.to","domain":"f95zone.to","tld":"to"},"ip":{"addr":"195.160.222.99","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"The Netherlands","country_code":"NL"},"archive":[{"path":"d3d9.dll","filename":"d3d9.dll","modified":"2023-12-04T23:34:24Z","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 3 sections","size":284672,"md5":"5e4b88c8e07728ad303cf44ed19eff76","sha1":"cc2a2f7f850a0eb47ec776c639e447c7258dc36e","sha256":"7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","sha512":"123b371df336953bc2a2d1ea25928f08deb3301d5f62ba6e47d698761ea9d3b9f135cdde0f377826ac5b07349b772ad5d45dd9bcf7081a59f734fda93e10bdee","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-08","alert":"Scan result 2/72","trigger":"7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/7e6117b83a2fbf4f45a9be54ddd6257860526a4bc88efbbd9bc241b8976eb0a9","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"attachments.f95zone.to/2024/03/3503008_d3d9.zip","fqdn":"attachments.f95zone.to","domain":"f95zone.to","tld":"to"},"ip":{"addr":"195.160.222.99","port":443,"asn":43641,"as":"SOLLUTIUM EU Sp z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-28T23:26:50.178Z","timestamp":1735428410178,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"attachments.f95zone.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Dec 2024 21:15:51 GMT","end":"Sun, 02 Mar 2025 21:15:50 GMT"},"fingerprint":{"sha1":"4F:AC:68:6F:6E:32:3B:8A:A5:1E:4A:C7:12:4E:4C:4A:72:A0:26:63","sha256":"00:19:E6:FE:85:04:AE:9A:90:33:CB:AB:DF:EA:97:22:64:48:5B:AE:5F:EE:26:39:A5:FB:6E:43:38:1F:A4:FA"}}},"request":{"raw":"GET /2024/03/3503008_d3d9.zip HTTP/1.1\r\nHost: attachments.f95zone.to\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 28 Dec 2024 23:26:50 GMT\r\nContent-Type: application/x-zip\r\nContent-Length: 276768\r\nConnection: keep-alive\r\nx-wasabi-cm-reference-id: 1735428406872 130.117.252.108 ConID:767268044/EngineConID:7365224/Core:56\r\nExpires: Sun, 28 Dec 2025 23:26:50 GMT\r\nCache-Control: max-age=31536000\r\nX-Backend-Cache: HIT\r\nContent-Disposition: inline; filename=\"d3d9.zip\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":276768,"size_decoded":276768,"mime_type":"application/x-zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"0305455cbf5ab6eded12603a7942f69e","sha1":"90f0c745c547a738b5000bc5023ae4257070fd95","sha256":"e84725ae6da3e610c5bba2857fd9de1f2857c6c6781c6c591fe722dd032c1075","sha512":"b31eb21205366a8157945d962dd6f8f86155e09f6f5f961c6aa06873e782e364ba4422bbf3415a21d3b877cdec5d791dee9205137dda108d90e95f2ba92cae99","ssdeep":"6144:qxvHpbeBp0FIQsa8O6PfyKq7fZfKpY5LH99K6ehhbvG0j:iYzra6H4BfK65LdRGhbvGw","tlshash":"5b4423e0973eb50b8e8bd125e7684e8257905983bcd0e656ad31bfb3dbdd0223638513","first_seen":"2024-12-28T23:27:17.267607Z","last_seen":"2024-12-28T23:27:17.267607Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":88,"dns":37,"connect":23,"send":0,"wait":34,"receive":63,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}