{"report_id":"0820f6f9-1236-4f51-ba4b-f6d9661529f1","version":6,"status":"done","tags":[],"date":"2024-12-13T14:10:05Z","url":{"schema":"http","addr":"downloads.auslogics.com/en/duplicate-file-finder/auslogics-duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":0,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-21T14:10:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"downloads.auslogics.com","ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2005-05-11","domain_rank":0,"first_seen":"2012-05-21T13:42:55Z","last_seen":"2024-12-11T00:23:39.987913Z","alert_count":1,"request_count":1,"received_data":17832517,"sent_data":544,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"a4a9a726093bcdc7c7b4223632e30363","sha1":"a2c50654f3aa640c7b97fcfba969fc2341f53d84","sha256":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","sha512":"ec13879405ad705e66b91f5407fe24c74ebfac9c6ea5444f224d63d22c6f5c50bd88e376255c1f317ba17c80efe1aaf4e4c4c24d2cc4ee4e2a9b2c246363b651","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":17832096,"url":{"schema":"https","addr":"downloads.auslogics.com/en/duplicate-file-finder/auslogics-duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-13","alert":"Scan result 5/72","trigger":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","verdict":"suspicious","severity":"","comment":"suspicious - 5/72","link":"https://www.virustotal.com/gui/file/4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"a4a9a726093bcdc7c7b4223632e30363","sha1":"a2c50654f3aa640c7b97fcfba969fc2341f53d84","sha256":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","sha512":"ec13879405ad705e66b91f5407fe24c74ebfac9c6ea5444f224d63d22c6f5c50bd88e376255c1f317ba17c80efe1aaf4e4c4c24d2cc4ee4e2a9b2c246363b651","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":17832096,"url":{"schema":"https","addr":"downloads.auslogics.com/en/duplicate-file-finder/auslogics-duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-13","alert":"Scan result 5/72","trigger":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","verdict":"suspicious","severity":"","comment":"suspicious - 5/72","link":"https://www.virustotal.com/gui/file/4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"downloads.auslogics.com/en/duplicate-file-finder/auslogics-duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-13T14:09:39.290Z","timestamp":1734098979290,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"downloads.auslogics.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 Nov 2024 10:33:46 GMT","end":"Sun, 23 Feb 2025 10:33:45 GMT"},"fingerprint":{"sha1":"4E:F8:53:EF:4F:97:A8:EF:BB:49:40:4F:1D:38:B7:4C:8C:85:92:41","sha256":"A8:13:8F:79:BB:C4:77:FB:5E:7D:16:46:CB:2B:94:BB:5C:84:AB:BA:39:40:C7:0B:D0:05:40:D3:45:B5:18:24"}}},"request":{"raw":"GET /en/duplicate-file-finder/auslogics-duplicate-file-finder-setup.exe HTTP/1.1\r\nHost: downloads.auslogics.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.10.3\r\nDate: Fri, 13 Dec 2024 14:09:39 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 17832096\r\nLast-Modified: Wed, 03 Jul 2024 16:15:45 GMT\r\nConnection: keep-alive\r\nETag: \"66857931-11018a0\"\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nCache-Control: max-age=315360000\r\nContent-Disposition: attachment; filename=\"auslogics-duplicate-file-finder-setup.exe\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17832096,"size_decoded":17832096,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","md5":"a4a9a726093bcdc7c7b4223632e30363","sha1":"a2c50654f3aa640c7b97fcfba969fc2341f53d84","sha256":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","sha512":"ec13879405ad705e66b91f5407fe24c74ebfac9c6ea5444f224d63d22c6f5c50bd88e376255c1f317ba17c80efe1aaf4e4c4c24d2cc4ee4e2a9b2c246363b651","ssdeep":"393216:U2CznofNBq5VkyD/uzx1vok4n53ik6gSlNCgMzCMvNF:8LofNhKuzzzPySlN3teNF","tlshash":"83073351740400fdf06a58bac6b47c59ddae3d0f01d184a82d98f70e39f8f89ad766ba","first_seen":"2024-07-04T02:23:22Z","last_seen":"2025-01-21T00:07:45.511071Z","times_seen":537,"resource_available":false,"data":null}},"time_used":2745,"timings":{"blocked":282,"dns":1,"connect":93,"send":0,"wait":248,"receive":1925,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-13","alert":"Scan result 5/72","trigger":"4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","verdict":"suspicious","severity":"","comment":"suspicious - 5/72","link":"https://www.virustotal.com/gui/file/4f8fc16384f41371c23b22aaf735440b839aa10a3c29220424871928554758e8","meta":null}],"urlquery":null}}]}