{"report_id":"0f324a4a-4b96-478c-bdad-0ba185bb5f27","version":6,"status":"done","tags":[],"date":"2025-03-22T09:59:25Z","url":{"schema":"http","addr":"nopaystation.com/vita/npsReleases/NPS_Browser_0.94.exe","fqdn":"nopaystation.com","domain":"nopaystation.com","tld":"com"},"ip":{"addr":"104.21.80.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-31T09:59:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"nopaystation.com","ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-09-22","domain_rank":0,"first_seen":"2017-11-23T15:00:17Z","last_seen":"2025-03-14T12:22:31.102087Z","alert_count":1,"request_count":1,"received_data":1342881,"sent_data":522,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"b25b12699f60449c8b3ff853c54a70da","sha1":"6e94ca482002a8c5e538132cf83fb7a058eddb41","sha256":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","sha512":"080e948c24f1d3310bac18baf66cc840c5c974d9d2a699bd8bfcd5b891f67b6783a978281072e1a33a3bb973831ec3088022136e3c4408d4b837be608aeabfe5","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":1341952,"url":{"schema":"https","addr":"nopaystation.com/vita/npsReleases/NPS_Browser_0.94.exe","fqdn":"nopaystation.com","domain":"nopaystation.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-22","alert":"Scan result 2/73","trigger":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b25b12699f60449c8b3ff853c54a70da","sha1":"6e94ca482002a8c5e538132cf83fb7a058eddb41","sha256":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","sha512":"080e948c24f1d3310bac18baf66cc840c5c974d9d2a699bd8bfcd5b891f67b6783a978281072e1a33a3bb973831ec3088022136e3c4408d4b837be608aeabfe5","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":1341952,"url":{"schema":"https","addr":"nopaystation.com/vita/npsReleases/NPS_Browser_0.94.exe","fqdn":"nopaystation.com","domain":"nopaystation.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-22","alert":"Scan result 2/73","trigger":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"nopaystation.com/vita/npsReleases/NPS_Browser_0.94.exe","fqdn":"nopaystation.com","domain":"nopaystation.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-22T09:59:02.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nopaystation.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Feb 2025 16:37:17 GMT","end":"Sun, 04 May 2025 17:35:38 GMT"},"fingerprint":{"sha1":"CF:AE:97:89:32:6D:BE:DC:33:A8:81:60:1F:0C:0B:6C:C1:33:CF:D0","sha256":"6A:BA:93:FA:7B:50:4A:56:0E:E1:5A:68:72:3C:2C:08:D7:9F:D8:5D:BA:23:9B:1D:47:1C:90:7D:41:FD:92:C6"}}},"request":{"raw":"GET /vita/npsReleases/NPS_Browser_0.94.exe HTTP/1.1\r\nHost: nopaystation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 22 Mar 2025 09:59:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 1341952\r\nlast-modified: Mon, 16 Dec 2019 08:23:25 GMT\r\netag: \"5df73efd-147a00\"\r\ncache-control: max-age=1800\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=FPNHa3FSuOB4cMFTx8xMLDBcoKr%2F6LmFTg4sG8JcwhDQLJ9vl%2BwjgciBJqQf18zlVY3UQ8aDv3803ygIDOk%2FwqrfuefMBzYO5bMQKDHZsDDtPruOzYee9HTQRe5R8t%2FoBkVK\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9244d580debae4e7-RIX\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=23249\u0026min_rtt=17743\u0026rtt_var=13078\u0026sent=9\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3237\u0026recv_bytes=1202\u0026delivery_rate=244291\u0026cwnd=246\u0026unsent_bytes=0\u0026cid=91c9e3519fa90945\u0026ts=108\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1341952,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"b25b12699f60449c8b3ff853c54a70da","sha1":"6e94ca482002a8c5e538132cf83fb7a058eddb41","sha256":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","sha512":"080e948c24f1d3310bac18baf66cc840c5c974d9d2a699bd8bfcd5b891f67b6783a978281072e1a33a3bb973831ec3088022136e3c4408d4b837be608aeabfe5","ssdeep":"6144:eu5e9UTzPGYbSTgmimDWeP+/xP+/mw+/:F3+MmD7mJmuv","tlshash":"dc55862ba50fde41d43031f10e2906ebbf540e9678a2ea54a5f5b7e5b0b0963cda4c3d","first_seen":"2023-05-03T02:21:20Z","last_seen":"2025-05-28T17:15:50.682634Z","times_seen":84,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":58,"dns":2,"connect":18,"send":0,"wait":83,"receive":193,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-22","alert":"Scan result 2/73","trigger":"0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/0f20b22dee3d5f2942f3a8b3395786c8f42ffc705f8abd2e2d551154d11df678","meta":null}],"urlquery":null}}]}