{"report_id":"acd8b5c5-e8c4-4ed7-ad2c-b81497c9782b","version":6,"status":"done","tags":[],"date":"2024-01-10T01:19:44Z","url":{"schema":"http","addr":"cdn.sign.utcsoft.com/es/3503/UTC_ESeal_Middle_10.0.2.155.3503.exe","fqdn":"cdn.sign.utcsoft.com","domain":"utcsoft.com","tld":"com"},"ip":{"addr":"182.131.21.252","port":0,"asn":38283,"as":"CHINANET SiChuan Telecom Internet Data Center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T04:26:34Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ocsp.trust-provider.cn","ip":{"addr":"36.248.38.100","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2015-04-09","domain_rank":0,"first_seen":"2022-02-10 09:18:30","last_seen":"2024-01-09 05:21:58","alert_count":0,"request_count":2,"received_data":2945,"sent_data":692,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.sign.utcsoft.com","ip":{"addr":"124.236.103.55","port":443,"asn":134760,"as":"Shijiazhuang IDC network, CHINANET Hebei province","country":"China","country_code":"CN"},"domain_registered":"2004-01-09","domain_rank":0,"first_seen":"2020-11-03 05:07:52","last_seen":"2023-09-10 07:47:26","alert_count":1,"request_count":1,"received_data":5703303,"sent_data":531,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"734d0025abe88cd42685a88753c61e60","sha1":"edc0548d07c7ab874ca9143277627882073de087","sha256":"2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","sha512":"e15121662b8c82016bb8a9eaa47843b7b982dfea3b27a52f5323200ee4157059055385f12b43c1f3a86c2b01e960e6073fe1581d9a80d75034f3f861383178ba","magic":"PE32 executable (GUI) Intel 80386, for MS Windows","size":5702504,"url":{"schema":"https","addr":"cdn.sign.utcsoft.com/es/3503/UTC_ESeal_Middle_10.0.2.155.3503.exe","fqdn":"cdn.sign.utcsoft.com","domain":"utcsoft.com","tld":"com"},"ip":{"addr":"124.236.103.55","port":443,"asn":134760,"as":"Shijiazhuang IDC network, CHINANET Hebei province","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-12-25","alert":"Scan result 8/72","trigger":"2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"ocsp.trust-provider.cn/","fqdn":"ocsp.trust-provider.cn","domain":"trust-provider.cn","tld":"cn"},"ip":{"addr":"36.248.38.100","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-10T01:19:20.164830297Z","timestamp":1704849560164,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: ocsp.trust-provider.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/ocsp-response\r\nContent-Length: 600\r\nConnection: keep-alive\r\nDate: Wed, 10 Jan 2024 01:19:19 GMT\r\nAccept-Ranges: bytes\r\nCF-Cache-Status: MISS\r\nCF-RAY: 841ad8a6bfca2398-HKG\r\nETag: \"842ad16f47461aa0a26ae57658fee49ebfe1b0d8\"\r\nExpires: Sat, 13 Jan 2024 14:44:59 GMT\r\nLast-Modified: Sat, 06 Jan 2024 14:45:00 GMT\r\nWS-Cache-Status: 2\r\nX-CCACDN-Proxy-ID: mcdpinlb4\r\nX-Frame-Options: SAMEORIGIN\r\nX-Via: 1.1 dianxun108:13 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:1 (Cdn Cache Server V2.0), 1.1 PS-SWA-01WCA24:2 (Cdn Cache Server V2.0)\r\nX-Ws-Request-Id: 659df097_PS-SWA-01WCA24_18245-55738\r\nvia: n172-013-216.fzmp.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 170484955914adf26fe423cb63b8e645098b8b8bc5\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=54, edge;dur=0\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":600,"size_decoded":600,"mime_type":"application/octet-stream","magic":"data","md5":"9a5706f58c1d2b0ac20cdac47b114395","sha1":"842ad16f47461aa0a26ae57658fee49ebfe1b0d8","sha256":"19b97422f5151b34359cbee8d4a410636f1bf0306c2486e67d4c54146982cd4e","sha512":"a996fa3ffd61762f26c0b21633c7e96c8c548c38b53b351a5b3243e66f81a0c1fbe3b95499be7a06f2a3c08a3af9c31e0911985bdca0446f1caa4bdad7da1c4d","ssdeep":"","tlshash":"a9f002d22cdd63609938c1f51328507a694014d221c13587343dc7b53e80a16ef38d54","first_seen":"2024-08-20T12:45:33.147746Z","last_seen":"2024-08-20T12:45:33.147746Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.trust-provider.cn/","fqdn":"ocsp.trust-provider.cn","domain":"trust-provider.cn","tld":"cn"},"ip":{"addr":"36.248.38.100","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-01-10T01:19:20.16934099Z","timestamp":1704849560169,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: ocsp.trust-provider.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/ocsp-response\r\nContent-Length: 600\r\nConnection: keep-alive\r\nDate: Wed, 10 Jan 2024 01:19:19 GMT\r\nAccept-Ranges: bytes\r\nCF-Cache-Status: MISS\r\nCF-RAY: 841ad8a6bfca2398-HKG\r\nETag: \"842ad16f47461aa0a26ae57658fee49ebfe1b0d8\"\r\nExpires: Sat, 13 Jan 2024 14:44:59 GMT\r\nLast-Modified: Sat, 06 Jan 2024 14:45:00 GMT\r\nWS-Cache-Status: 2\r\nX-CCACDN-Proxy-ID: mcdpinlb4\r\nX-Frame-Options: SAMEORIGIN\r\nX-Via: 1.1 dianxun108:13 (Cdn Cache Server V2.0), 1.1 CS-000-01VaE187:1 (Cdn Cache Server V2.0), 1.1 PS-SWA-01WCA24:2 (Cdn Cache Server V2.0)\r\nX-Ws-Request-Id: 659df097_PS-SWA-01WCA24_18358-6494\r\nvia: n172-013-216.fzmp.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1704849559ebbb3e6b0a0f6a66c0fe63977e4d629d\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=52, edge;dur=0\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":600,"size_decoded":600,"mime_type":"application/octet-stream","magic":"data","md5":"9a5706f58c1d2b0ac20cdac47b114395","sha1":"842ad16f47461aa0a26ae57658fee49ebfe1b0d8","sha256":"19b97422f5151b34359cbee8d4a410636f1bf0306c2486e67d4c54146982cd4e","sha512":"a996fa3ffd61762f26c0b21633c7e96c8c548c38b53b351a5b3243e66f81a0c1fbe3b95499be7a06f2a3c08a3af9c31e0911985bdca0446f1caa4bdad7da1c4d","ssdeep":"","tlshash":"a9f002d22cdd63609938c1f51328507a694014d221c13587343dc7b53e80a16ef38d54","first_seen":"2024-08-20T12:45:33.147746Z","last_seen":"2024-08-20T12:45:33.147746Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.sign.utcsoft.com/es/3503/UTC_ESeal_Middle_10.0.2.155.3503.exe","fqdn":"cdn.sign.utcsoft.com","domain":"utcsoft.com","tld":"com"},"ip":{"addr":"124.236.103.55","port":443,"asn":134760,"as":"Shijiazhuang IDC network, CHINANET Hebei province","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-10T01:19:18.308Z","timestamp":1704849558308,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cdn.sign.utcsoft.com","organization":""},"issuer":{"commonName":"TrustAsia RSA DV TLS CA G3","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 20 Oct 2023 00:00:00 GMT","end":"Sat, 19 Oct 2024 23:59:59 GMT"},"fingerprint":{"sha1":"BE:8D:71:A9:1C:B9:0E:98:FC:42:6F:AA:B6:72:9B:1B:56:33:FD:B1","sha256":"B4:97:2C:57:78:30:A9:B7:4E:26:15:CE:E6:1D:D4:78:D7:D0:3B:4E:CB:F5:D1:8C:3E:5F:D3:EA:0A:D7:5B:C3"}}},"request":{"raw":"GET /es/3503/UTC_ESeal_Middle_10.0.2.155.3503.exe HTTP/1.1\r\nHost: cdn.sign.utcsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Wed, 10 Jan 2024 01:19:20 GMT\r\nContent-Type: application/x-msdownload\r\nContent-Length: 5702504\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Expose-Headers: X-Log, X-Reqid\r\nAccess-Control-Max-Age: 2592000\r\nAge: 4368667\r\nCache-Control: public, max-age=31536000\r\nContent-Disposition: inline; filename=\"UTC_ESeal_Middle_10.0.2.155.3503.exe\"; filename*=utf-8''UTC_ESeal_Middle_10.0.2.155.3503.exe\r\nContent-Md5: c00AJavojNQmhaiHU8YeYA==\r\nContent-Transfer-Encoding: binary\r\nEtag: \"lncAD1BWrpB7XPzL2GFE9iNx8UJr\"\r\nLast-Modified: Mon, 23 Oct 2023 11:24:17 GMT\r\nX-Log: X-Log\r\nX-M-Log: QNM:cdn-cache-dls-hbsjz-sjz-10;QNM3:1\r\nX-M-Reqid: xkGkthLE0\r\nX-Qiniu-Zone: 2\r\nX-Qnm-Cache: Hit\r\nX-Reqid: XP8AAABYB_9cUpkX\r\nX-Svr: IO\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5702504,"size_decoded":5702504,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386, for MS Windows","md5":"734d0025abe88cd42685a88753c61e60","sha1":"edc0548d07c7ab874ca9143277627882073de087","sha256":"2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","sha512":"e15121662b8c82016bb8a9eaa47843b7b982dfea3b27a52f5323200ee4157059055385f12b43c1f3a86c2b01e960e6073fe1581d9a80d75034f3f861383178ba","ssdeep":"98304:2kLglmfp5eOcx2fEQJi17w5ntBPLvgJaJwjFIiNCsmynRRejbUIS:BORrQJiZw5nfLYJaJwjFRN1n","tlshash":"da46013ba268613fc57a4a310572b250bb77ba51e81a8c1e07f0d45fff368601e3a657","first_seen":"2024-08-20T12:45:33.148834Z","last_seen":"2024-08-20T12:45:33.148834Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6429,"timings":{"blocked":1601,"dns":1,"connect":298,"send":0,"wait":296,"receive":2931,"ssl":1298},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-12-25","alert":"Scan result 8/72","trigger":"2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/2658fc1e9f47d29cb6613f469341f80817aaec1834e47cbef1afb616c74ba47b","meta":null}],"urlquery":null}}]}