{"report_id":"10237042-4797-4f3a-8334-417ea6aead66","version":6,"status":"done","tags":[],"date":"2024-08-28T16:22:50Z","url":{"schema":"http","addr":"asandesk.ir/rustdesk-1.3.0-x86_64-host=rd.asandesk.ir,key=joRoqzc0SDOHe61V9WrRORk4PqBVzBntfGtzveM3h8M=.exe","fqdn":"asandesk.ir","domain":"asandesk.ir","tld":"ir"},"ip":{"addr":"80.249.115.135","port":0,"asn":212216,"as":"Netafraz Iranian Ltd.","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T17:26:44Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-27 18:12:09","alert_count":0,"request_count":3,"received_data":2664,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-27 18:12:12","alert_count":0,"request_count":3,"received_data":2663,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"e5.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:39:25","last_seen":"2024-08-27 18:12:47","alert_count":0,"request_count":1,"received_data":729,"sent_data":326,"comment":"","tags":null,"fingerprints":null},{"fqdn":"asandesk.ir","ip":{"addr":"80.249.115.135","port":443,"asn":212216,"as":"Netafraz Iranian Ltd.","country":"Iran","country_code":"IR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-07-22 10:10:04","last_seen":"2023-09-26 22:55:07","alert_count":1,"request_count":1,"received_data":21642103,"sent_data":560,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4290817cfd87a61d6a560eec2bc45a2f","sha1":"c78fef619951fa9d782552c0b48a880c065428d0","sha256":"79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","sha512":"0bc8fea192ed101598cc3532d43b03d7ac559095b74fc9ecc38198decfdfa8eff1b3fc7a2c3552ace516451ee02afc4b6da42b4d46028ca8e7d871dcc138f2ba","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":21641856,"url":{"schema":"https","addr":"asandesk.ir/rustdesk-1.3.0-x86_64-host=rd.asandesk.ir,key=joRoqzc0SDOHe61V9WrRORk4PqBVzBntfGtzveM3h8M=.exe","fqdn":"asandesk.ir","domain":"asandesk.ir","tld":"ir"},"ip":{"addr":"80.249.115.135","port":443,"asn":212216,"as":"Netafraz Iranian Ltd.","country":"Iran","country_code":"IR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-28","alert":"Scan result 1/75","trigger":"79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","verdict":"suspicious","severity":"","comment":"suspicious - 1/75","link":"https://www.virustotal.com/gui/file/79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:24.411675921Z","timestamp":1724862144411,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2E6610A974CEFD8ED9BAB356E7E166E41B4E4955F4DA39F5D400CDEEB286F88C\"\r\nLast-Modified: Mon, 26 Aug 2024 02:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11719\r\nExpires: Wed, 28 Aug 2024 19:37:43 GMT\r\nDate: Wed, 28 Aug 2024 16:22:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"306aab38a2968d69d5d5dbc017f4277a","sha1":"b32d9d7854e04d53418b56571cafb87065e3556f","sha256":"2e6610a974cefd8ed9bab356e7e166e41b4e4955f4da39f5d400cdeeb286f88c","sha512":"d3be3959b93f1874cee87bf50b8086ac3cc5acb076f7bbf04433ea744f2882961eee72a676b73fb513110e32273cd72c3b9c012394536dde5918399b9f36a359","ssdeep":"","tlshash":"0af095275565b4521f6c15755dcdc06b2e35f1db29885adf5f1c53d63c813cdb144204","first_seen":"2024-08-26T09:36:13Z","last_seen":"2024-08-29T17:45:45.462157Z","times_seen":23756,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:24.447684214Z","timestamp":1724862144447,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5A2F5A87F6408BBC11020231759DB8EEB24C28C0890DA8F3EE2565D87B0E1E4C\"\r\nLast-Modified: Mon, 26 Aug 2024 02:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6904\r\nExpires: Wed, 28 Aug 2024 18:17:28 GMT\r\nDate: Wed, 28 Aug 2024 16:22:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"35888f142e8c995a2a992b24009a2cee","sha1":"8315b1d92f868af492e04ea1d0846ee9fc0328e7","sha256":"5a2f5a87f6408bbc11020231759db8eeb24c28c0890da8f3ee2565d87b0e1e4c","sha512":"520246d8e18bc326605766a6e5f3d8161db171271712caaa258d25258dbb6c7e57f07bb1b0c92d3d3134eb1111e6154c7ddce67caa8bafd3d25f38fdb7032517","ssdeep":"","tlshash":"86f0059236e17961ed9d321579edd25339208aa9905094c5748447b254602dd47c9909","first_seen":"2024-08-26T09:37:37Z","last_seen":"2024-08-29T17:45:45.462962Z","times_seen":20149,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:24.79654309Z","timestamp":1724862144796,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5385C52F0502864E92DA08547AEFA7CE05EC21FF081C7413CE54723F3AB73303\"\r\nLast-Modified: Mon, 26 Aug 2024 02:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10057\r\nExpires: Wed, 28 Aug 2024 19:10:01 GMT\r\nDate: Wed, 28 Aug 2024 16:22:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"3c415be21fd13680f4c76a79399af82e","sha1":"cc6afc7d2b2fd8451b793b01435087409e677f4c","sha256":"5385c52f0502864e92da08547aefa7ce05ec21ff081c7413ce54723f3ab73303","sha512":"6a5214d6c24e419707d52fc7b946b42f557519a25557e16a0ab0937a1a318df8a32ae13d51980b7fc9beff4cf0f34ffc064743e1b64fc9bb6af29f7bc8648400","ssdeep":"","tlshash":"8bf00e9b4af5fc819bbed6222975e511be35fce92828089b60c842e1a910768e741248","first_seen":"2024-08-26T09:09:51Z","last_seen":"2024-08-29T17:46:07.367395Z","times_seen":17376,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:24.950856612Z","timestamp":1724862144950,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"441E957BCA9AFB4A865DF5362C94CC68DF8071610EF8C8B49EC682BF57D81B4E\"\r\nLast-Modified: Wed, 28 Aug 2024 14:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18351\r\nExpires: Wed, 28 Aug 2024 21:28:15 GMT\r\nDate: Wed, 28 Aug 2024 16:22:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41d99bdb0bce7036541a169e82b157fd","sha1":"448d08018f9868e2a7ccda7a3bdc81242cfdb412","sha256":"441e957bca9afb4a865df5362c94cc68df8071610ef8c8b49ec682bf57d81b4e","sha512":"7896b6ae1bde62511109d88df24a259f23be8a1ba5254d15096fffa49eb32d780b185494b4e174af3522430d5a4b15afccb9748a6202cb363922780365589bc3","ssdeep":"","tlshash":"06f00ec513a57d84bff192117feac24b6e136db83d3084d168c460e2e5c0be85e98488","first_seen":"2024-08-28T17:54:43Z","last_seen":"2024-08-31T08:36:18.055778Z","times_seen":16532,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"e5.o.lencr.org/","fqdn":"e5.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:25.466647612Z","timestamp":1724862145466,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: e5.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 345\r\nETag: \"C498315251A5D4ADC696E7840217A21B645C95EF793AED0832A2EE8B49D5CEFC\"\r\nLast-Modified: Mon, 26 Aug 2024 04:49:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21600\r\nExpires: Wed, 28 Aug 2024 22:22:25 GMT\r\nDate: Wed, 28 Aug 2024 16:22:25 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":345,"size_decoded":345,"mime_type":"application/octet-stream","magic":"data","md5":"a2b159ef8f78f92e2b85835c8830490e","sha1":"c323affa97a66f5383d0698956b3d8b198e37cbb","sha256":"c498315251a5d4adc696e7840217a21b645c95ef793aed0832a2ee8b49d5cefc","sha512":"d4e77edcc71073e3450e06b4bcd468328e1603ddb4f9456e18ddff6023ea66913e5bb1a4e87aab9f13e8cd3082cd0fd06433b8f1c209198d031b9bf80f2e57c4","ssdeep":"","tlshash":"b1e026be1714b8a29679a5706fd0c557fa3281ae2e942a945960c1d1fc03b3c8d4640c","first_seen":"2024-08-29T17:26:44.702927Z","last_seen":"2024-08-29T17:26:44.702927Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:26.65246212Z","timestamp":1724862146652,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10626\r\nExpires: Wed, 28 Aug 2024 19:19:32 GMT\r\nDate: Wed, 28 Aug 2024 16:22:26 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T16:22:26.656845199Z","timestamp":1724862146656,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10626\r\nExpires: Wed, 28 Aug 2024 19:19:32 GMT\r\nDate: Wed, 28 Aug 2024 16:22:26 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"asandesk.ir/rustdesk-1.3.0-x86_64-host=rd.asandesk.ir,key=joRoqzc0SDOHe61V9WrRORk4PqBVzBntfGtzveM3h8M=.exe","fqdn":"asandesk.ir","domain":"asandesk.ir","tld":"ir"},"ip":{"addr":"80.249.115.135","port":443,"asn":212216,"as":"Netafraz Iranian Ltd.","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-28T16:22:24.977Z","timestamp":1724862144977,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asandesk.ir","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jul 2024 19:54:43 GMT","end":"Wed, 23 Oct 2024 19:54:42 GMT"},"fingerprint":{"sha1":"1C:DB:B1:8B:C7:27:E7:E3:E8:20:3B:22:52:E0:01:F3:70:DE:96:C0","sha256":"BB:2B:F7:21:59:76:93:C6:9D:22:D3:83:A1:32:56:D1:1C:4F:56:29:2D:CE:0A:40:23:22:75:54:29:E3:D1:51"}}},"request":{"raw":"GET /rustdesk-1.3.0-x86_64-host=rd.asandesk.ir,key=joRoqzc0SDOHe61V9WrRORk4PqBVzBntfGtzveM3h8M=.exe HTTP/1.1\r\nHost: asandesk.ir\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 28 Aug 2024 16:22:25 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 21641856\r\nlast-modified: Fri, 23 Aug 2024 16:10:50 GMT\r\netag: \"66c8b48a-14a3a80\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21641856,"size_decoded":21641856,"mime_type":"application/octet-stream","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","md5":"4290817cfd87a61d6a560eec2bc45a2f","sha1":"c78fef619951fa9d782552c0b48a880c065428d0","sha256":"79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","sha512":"0bc8fea192ed101598cc3532d43b03d7ac559095b74fc9ecc38198decfdfa8eff1b3fc7a2c3552ace516451ee02afc4b6da42b4d46028ca8e7d871dcc138f2ba","ssdeep":"393216:jEOlHuCU7O5olEbV/YtPrlo+0IzbJX+Km0/zy5LgPkeSs:nHuCU7+oamtTloyXLVa+D5","tlshash":"09273319f345096ce01bc03082618a73e537bcb85733a5eb51a4b6252f756e09f3ebad","first_seen":"2024-08-19T12:34:08.40607Z","last_seen":"2025-05-01T01:47:17.711939Z","times_seen":33,"resource_available":false,"data":null}},"time_used":4343,"timings":{"blocked":494,"dns":0,"connect":108,"send":0,"wait":105,"receive":3250,"ssl":364},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-28","alert":"Scan result 1/75","trigger":"79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","verdict":"suspicious","severity":"","comment":"suspicious - 1/75","link":"https://www.virustotal.com/gui/file/79da93dcd5f2977ec43742d79c2cab9a3c1a54229ca2552130d208dea74f5221","meta":null}],"urlquery":null}}]}