{"report_id":"06b226b8-6dcc-42ff-8e5a-12a6359db632","version":6,"status":"done","tags":[],"date":"2024-05-21T04:11:24Z","url":{"schema":"http","addr":"the.earth.li/~sgtatham/putty/latest/w32/putty.exe","fqdn":"the.earth.li","domain":"earth.li","tld":"li"},"ip":{"addr":"93.93.131.124","port":0,"asn":44684,"as":"Mythic Beasts Ltd","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:11:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"the.earth.li","ip":{"addr":"93.93.131.124","port":443,"asn":44684,"as":"Mythic Beasts Ltd","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":249742,"first_seen":"2012-10-27 15:46:20","last_seen":"2024-05-14 08:31:34","alert_count":1,"request_count":2,"received_data":1491063,"sent_data":1004,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f43852a976edcab5a7c82d248ce242d2","sha1":"446ac2bb76e472c185f56b2b1246910a4438246d","sha256":"4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","sha512":"3b4ab06664cb4c228ef0e85cc38d4035d4d2c0b4febd7fa410da65bbcc7b4eafbec924e8d14f02432125fa3d9fb22e50a87707b1c1028ad5d3f0bfbcd4b4075e","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":1490208,"url":{"schema":"https","addr":"the.earth.li/~sgtatham/putty/0.81/w32/putty.exe","fqdn":"the.earth.li","domain":"earth.li","tld":"li"},"ip":{"addr":"93.93.131.124","port":443,"asn":44684,"as":"Mythic Beasts Ltd","country":"United Kingdom","country_code":"GB"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-20","alert":"Scan result 2/73","trigger":"4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"the.earth.li/~sgtatham/putty/latest/w32/putty.exe","fqdn":"the.earth.li","domain":"earth.li","tld":"li"},"ip":{"addr":"93.93.131.124","port":443,"asn":44684,"as":"Mythic Beasts Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-21T04:10:58.579Z","timestamp":1716264658579,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"the.earth.li","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 May 2024 00:15:29 GMT","end":"Fri, 09 Aug 2024 00:15:28 GMT"},"fingerprint":{"sha1":"26:6B:2E:4D:1B:BD:32:10:95:9E:07:2B:27:EA:42:32:37:F8:F7:80","sha256":"82:7C:46:D3:3D:89:00:9C:58:67:F5:1D:DF:30:E0:AD:80:AA:59:74:10:BE:FC:CF:E3:FB:0C:CB:42:84:FE:8A"}}},"request":{"raw":"GET /~sgtatham/putty/latest/w32/putty.exe HTTP/1.1\r\nHost: the.earth.li\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Tue, 21 May 2024 04:10:58 GMT\r\nServer: Apache\r\nLocation: https://the.earth.li/~sgtatham/putty/0.81/w32/putty.exe\r\nContent-Length: 302\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":302,"size_decoded":302,"mime_type":"application/x-msdos-program","magic":"HTML document, ASCII text","md5":"0c1d9a5b4d3ac21811c6709bb81c0681","sha1":"92127b7274036e57f05cd74b2b27add946ffaf35","sha256":"67d56ca172e6f4e47a27d285706c698b961959a4e8ca3d187cc84ab9343a74df","sha512":"26f824096cc66a4d37b579343b83fb74565a37a06068cae4c6b3de8bc3958385d4651439cbcf7a8b59110c5efef1982daa2a486997a34576fd81b3af63072236","ssdeep":"","tlshash":"4fe072fe314326a108a33a10588220c922c2a0f26848a5d83acab44782b86349c8e29b","first_seen":"2024-04-18T06:02:58Z","last_seen":"2024-11-27T10:37:04.472041Z","times_seen":350,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":154,"dns":1,"connect":18,"send":0,"wait":18,"receive":0,"ssl":134},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"the.earth.li/~sgtatham/putty/0.81/w32/putty.exe","fqdn":"the.earth.li","domain":"earth.li","tld":"li"},"ip":{"addr":"93.93.131.124","port":443,"asn":44684,"as":"Mythic Beasts Ltd","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-21T04:10:58.765Z","timestamp":1716264658765,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"the.earth.li","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 May 2024 00:15:29 GMT","end":"Fri, 09 Aug 2024 00:15:28 GMT"},"fingerprint":{"sha1":"26:6B:2E:4D:1B:BD:32:10:95:9E:07:2B:27:EA:42:32:37:F8:F7:80","sha256":"82:7C:46:D3:3D:89:00:9C:58:67:F5:1D:DF:30:E0:AD:80:AA:59:74:10:BE:FC:CF:E3:FB:0C:CB:42:84:FE:8A"}}},"request":{"raw":"GET /~sgtatham/putty/0.81/w32/putty.exe HTTP/1.1\r\nHost: the.earth.li\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 21 May 2024 04:10:58 GMT\r\nServer: Apache\r\nLast-Modified: Sat, 06 Apr 2024 09:54:25 GMT\r\nETag: \"16bd20-6156a8ebb3b1a\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1490208\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: application/x-msdos-program\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1490208,"size_decoded":1490208,"mime_type":"application/x-msdos-program","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","md5":"f43852a976edcab5a7c82d248ce242d2","sha1":"446ac2bb76e472c185f56b2b1246910a4438246d","sha256":"4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","sha512":"3b4ab06664cb4c228ef0e85cc38d4035d4d2c0b4febd7fa410da65bbcc7b4eafbec924e8d14f02432125fa3d9fb22e50a87707b1c1028ad5d3f0bfbcd4b4075e","ssdeep":"24576:VWzNpYIUzAcFZPVUw1L9ub0VsfMzXGk1GUzwgBaPIJdTaKIe0MStS/o6ui2OXK0:gc3vpJSMwgkk8KIeVSc/zuiV","tlshash":"2f65bf52b6d244b1f48205b506abe73fbe39b1416721cac7d7e0d8181d522e2ea3f35e","first_seen":"2024-04-18T06:02:58Z","last_seen":"2025-04-29T08:03:57.731659Z","times_seen":397,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":174,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-20","alert":"Scan result 2/73","trigger":"4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/4a38db0744930e1f5bfc0a82f63c907f7dc94270b930a3950e6a0abbc903c47f","meta":null}],"urlquery":null}}]}