{"report_id":"f2ae80e6-dc43-40b4-bfde-9723c96400f5","version":6,"status":"done","tags":[],"date":"2024-09-23T09:12:06Z","url":{"schema":"http","addr":"media.st.dl.eccdnx.com/client/installer/SteamSetup.exe","fqdn":"media.st.dl.eccdnx.com","domain":"eccdnx.com","tld":"com"},"ip":{"addr":"61.170.98.10","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-07T08:19:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"media.st.dl.eccdnx.com","ip":{"addr":"61.170.98.10","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2019-07-31","domain_rank":0,"first_seen":"2020-02-12 08:31:02","last_seen":"2024-09-21 18:44:54","alert_count":1,"request_count":1,"received_data":2381314,"sent_data":508,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-23 01:14:04","alert_count":0,"request_count":4,"received_data":3550,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-23 01:14:05","alert_count":0,"request_count":3,"received_data":2661,"sent_data":981,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"1b54b70beef8eb240db31718e8f7eb5d","sha1":"da5995070737ec655824c92622333c489eb6bce4","sha256":"7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","sha512":"fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":2380800,"url":{"schema":"https","addr":"media.st.dl.eccdnx.com/client/installer/SteamSetup.exe","fqdn":"media.st.dl.eccdnx.com","domain":"eccdnx.com","tld":"com"},"ip":{"addr":"61.170.98.10","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-23","alert":"Scan result 1/73","trigger":"7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:40.426152313Z","timestamp":1727082700426,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BAEDAEF0911C559969639D4507C6734A6070A9EF16362D10193A5C9585A96020\"\r\nLast-Modified: Sun, 22 Sep 2024 23:25:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3227\r\nExpires: Mon, 23 Sep 2024 10:05:27 GMT\r\nDate: Mon, 23 Sep 2024 09:11:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"6ad448ffeb9327d98bb295e584990658","sha1":"ffb460f5a32ca92b7cd6b81c330a3822598dea00","sha256":"baedaef0911c559969639d4507c6734a6070a9ef16362d10193a5c9585a96020","sha512":"78f3e47e064df05de992105952fb1a57ef134e8a860af9cd57bdbd6feecded7ec70c7dd0ab8c498cde95c22900bf07b0960386c9a0b1a3c4cf5901e44d3b7425","ssdeep":"","tlshash":"b4f0057714e6f5e16a780b12a9f5ab293f30549d740185f16c410ed7e910bfc9e40448","first_seen":"2024-09-23T06:55:00Z","last_seen":"2024-09-28T08:21:46.142031Z","times_seen":4890,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:40.440513002Z","timestamp":1727082700440,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A4DFB633C3D6C80962FE436220800F7F6FAC707A55806BFC1757D4FA49AF8CDC\"\r\nLast-Modified: Fri, 20 Sep 2024 21:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14413\r\nExpires: Mon, 23 Sep 2024 13:11:53 GMT\r\nDate: Mon, 23 Sep 2024 09:11:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d53da2de4fc4634a067495f858d15c81","sha1":"be0d08371e49c3ff6bb6eb6760b0142bb5e49181","sha256":"a4dfb633c3d6c80962fe436220800f7f6fac707a55806bfc1757d4fa49af8cdc","sha512":"36fb5e34eaac7cdb0c6176f32af647962bc35b21052b5877e4f9300d32db6ac1fd228b23a6d1673ea8a0e3e0d788dd3d296911534f1582831cf2c04a8bb9bcca","ssdeep":"","tlshash":"faf0c9bd09907ae5aa34980239bfc03d6b358dec3158eac0a89200d6ab26bf855c0408","first_seen":"2024-09-21T02:08:03Z","last_seen":"2024-09-28T08:49:28.524549Z","times_seen":32142,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:40.744937923Z","timestamp":1727082700744,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"B299E84F35CC7722BBD1F7046CFB1D5C5BE6460946551D5A55D90BB3E7DD556D\"\r\nLast-Modified: Sun, 22 Sep 2024 22:26:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6014\r\nExpires: Mon, 23 Sep 2024 10:51:54 GMT\r\nDate: Mon, 23 Sep 2024 09:11:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b3e9dbf48fb15b7ebe030820e496a4a2","sha1":"a0afffcc59e40c53dc7aef18623c759d63eb794e","sha256":"b299e84f35cc7722bbd1f7046cfb1d5c5be6460946551d5a55d90bb3e7dd556d","sha512":"4b777608e0f5e2840d54dbbea3c922f728985c101cff47a71b6cbf00c0e882681e226684053ef34e7b3414e8b788d1e6816c1801095e7fbb779ef049e408c2b7","ssdeep":"","tlshash":"d4f075b141617f30d31c2e213878f4022d21fcdb180812f044d401f1f9117fc1e4010d","first_seen":"2024-09-23T01:13:58Z","last_seen":"2024-09-28T08:25:08.690848Z","times_seen":10140,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:41.035245082Z","timestamp":1727082701035,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E7A9DAD00082D68D7BC93DECE534965DAF1D2B92D670B46298A3B836A35946F2\"\r\nLast-Modified: Sat, 21 Sep 2024 15:06:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14890\r\nExpires: Mon, 23 Sep 2024 13:19:51 GMT\r\nDate: Mon, 23 Sep 2024 09:11:41 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e8a790b0f3e0ce35d79c653b1c5f3eeb","sha1":"57eed52d02a286b3a5a496ee0712ae4a223a875a","sha256":"e7a9dad00082d68d7bc93dece534965daf1d2b92d670b46298a3b836a35946f2","sha512":"38577102a69c532079e4457da8b69d896252ace6171827ca39247a5c742aff1d24ca0838047243eb91a22e2445cb53157542c695bd7bb37c29f670c7a4b18767","ssdeep":"","tlshash":"42f0051f36e0f510a77046a16dfdd12dad10afd9305479e21ce001e16613b985fc410d","first_seen":"2024-09-21T22:16:21Z","last_seen":"2024-09-28T08:42:46.309939Z","times_seen":13533,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:42.539283345Z","timestamp":1727082702539,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2825\r\nExpires: Mon, 23 Sep 2024 09:58:47 GMT\r\nDate: Mon, 23 Sep 2024 09:11:42 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:42.540310792Z","timestamp":1727082702540,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2825\r\nExpires: Mon, 23 Sep 2024 09:58:47 GMT\r\nDate: Mon, 23 Sep 2024 09:11:42 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-23T09:11:42.541237582Z","timestamp":1727082702541,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2825\r\nExpires: Mon, 23 Sep 2024 09:58:47 GMT\r\nDate: Mon, 23 Sep 2024 09:11:42 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"media.st.dl.eccdnx.com/client/installer/SteamSetup.exe","fqdn":"media.st.dl.eccdnx.com","domain":"eccdnx.com","tld":"com"},"ip":{"addr":"61.170.98.10","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-23T09:11:41.039Z","timestamp":1727082701039,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.st.dl.eccdnx.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 12 Jan 2024 00:00:00 GMT","end":"Mon, 10 Feb 2025 23:59:59 GMT"},"fingerprint":{"sha1":"CF:CA:27:00:79:5F:46:C8:6B:30:E5:2D:D1:A7:78:07:64:2B:79:D6","sha256":"6B:FE:0A:2E:11:9E:1C:6C:8B:75:67:E2:F9:F6:22:5E:09:4E:FB:01:9A:C7:EC:88:C6:AF:9C:F1:8C:23:41:8D"}}},"request":{"raw":"GET /client/installer/SteamSetup.exe HTTP/1.1\r\nHost: media.st.dl.eccdnx.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 23 Sep 2024 09:11:41 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2380800\r\nConnection: keep-alive\r\nExpires: Mon, 23 Sep 2024 09:14:23 GMT\r\nLast-Modified: Mon, 20 May 2024 22:23:49 GMT\r\nETag: \"664bcd75-245400\"\r\nServer: nginx\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=829\r\nAge: 667\r\nX-Ser: BC131_yd-guangdong-jiangmen-13-cache-1, BC211_dx-lt-yd-jiangsu-huaian-8-cache-2, BC12_dx-jiangsu-yancheng-24-cache-1, BC36_dx-shanghai-shanghai-35-cache-2\r\nX-Cache: HIT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2380800,"size_decoded":2380800,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"1b54b70beef8eb240db31718e8f7eb5d","sha1":"da5995070737ec655824c92622333c489eb6bce4","sha256":"7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","sha512":"fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb","ssdeep":"49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk","tlshash":"1fb533116fb8d076dae20f71e0fa86f79536fc15962a4f4b3a807b2f7835110a5047b9","first_seen":"2024-06-10T06:07:38Z","last_seen":"2025-06-25T11:53:51.955218Z","times_seen":11,"resource_available":false,"data":null}},"time_used":3113,"timings":{"blocked":710,"dns":1,"connect":234,"send":0,"wait":241,"receive":1451,"ssl":472},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-23","alert":"Scan result 1/73","trigger":"7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","verdict":"suspicious","severity":"","comment":"suspicious - 1/73","link":"https://www.virustotal.com/gui/file/7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","meta":null}],"urlquery":null}}]}