{"report_id":"15f2f434-d84e-465d-9c16-254a9e0e9aeb","version":6,"status":"done","tags":[],"date":"2024-04-22T08:42:58Z","url":{"schema":"http","addr":"forums.ivanti.com/s/sfsites/c/sfc/servlet.shepherd/document/download/0694O00000J7sVOQAZ","fqdn":"forums.ivanti.com","domain":"ivanti.com","tld":"com"},"ip":{"addr":"104.17.112.136","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T19:43:04Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"forums.ivanti.com","ip":{"addr":"104.18.111.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2002-11-10","domain_rank":396336,"first_seen":"2019-01-21 16:43:36","last_seen":"2024-02-06 17:26:52","alert_count":1,"request_count":1,"received_data":43867,"sent_data":541,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d6c408d0738a80dfac210e0f577f3837","sha1":"570c3140f363df521c887b38bc107d53e98e9ae1","sha256":"79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","sha512":"3894daae9c12daef58f662a8fa9fc895d4a2482cc37750b4111dff0083ce02fa11184629ad24d5d3340a8b58f36e12030e5832e37e2cbb6ade342a8b8ab31cdf","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":43008,"url":{"schema":"https","addr":"forums.ivanti.com/s/sfsites/c/sfc/servlet.shepherd/document/download/0694O00000J7sVOQAZ","fqdn":"forums.ivanti.com","domain":"ivanti.com","tld":"com"},"ip":{"addr":"104.18.111.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-10","alert":"Scan result 5/70","trigger":"79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","verdict":"suspicious","severity":"","comment":"suspicious - 5/70","link":"https://www.virustotal.com/gui/file/79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"forums.ivanti.com/s/sfsites/c/sfc/servlet.shepherd/document/download/0694O00000J7sVOQAZ","fqdn":"forums.ivanti.com","domain":"ivanti.com","tld":"com"},"ip":{"addr":"104.18.111.241","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-04-22T08:42:33.133Z","timestamp":1713775353133,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ivanti.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 01 Apr 2024 03:31:39 GMT","end":"Sun, 30 Jun 2024 03:31:38 GMT"},"fingerprint":{"sha1":"3A:55:C8:CE:72:FC:D4:D8:39:89:A1:74:50:C8:2C:ED:FE:80:A0:B8","sha256":"6C:0A:FC:C2:A4:30:34:38:BA:ED:46:36:47:75:83:AA:62:B4:80:63:96:DA:A6:5D:20:04:D5:46:83:DD:51:8F"}}},"request":{"raw":"GET /s/sfsites/c/sfc/servlet.shepherd/document/download/0694O00000J7sVOQAZ HTTP/1.1\r\nHost: forums.ivanti.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Apr 2024 08:42:34 GMT\r\ncontent-type: application/octet-stream; charset=UTF-8\r\ncontent-length: 43008\r\nx-sfdc-request-check: 2\r\ncontent-disposition: attachment; filename=\"EPMUninstallConsole.exe\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncache-control: no-cache,must-revalidate,max-age=0,no-store,private\r\nreferrer-policy: origin-when-cross-origin\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nset-cookie: CookieConsentPolicy=0:1; path=/; expires=Tue, 22-Apr-2025 08:42:33 GMT; Max-Age=31536000; secure; SameSite=None\nLSKey-c$CookieConsentPolicy=0:1; path=/; expires=Tue, 22-Apr-2025 08:42:33 GMT; Max-Age=31536000; secure; SameSite=None\r\nx-sfdc-request-id: 071a96e8bc8035aac2f627f073d25555\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 878452352c9c56c5-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43008,"size_decoded":43008,"mime_type":"application/octet-stream; charset=UTF-8","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"d6c408d0738a80dfac210e0f577f3837","sha1":"570c3140f363df521c887b38bc107d53e98e9ae1","sha256":"79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","sha512":"3894daae9c12daef58f662a8fa9fc895d4a2482cc37750b4111dff0083ce02fa11184629ad24d5d3340a8b58f36e12030e5832e37e2cbb6ade342a8b8ab31cdf","ssdeep":"768:B8pCgMufFwUfWM41v1rbpCONnFmA4JJ4DxGaiLVT7t62Rt6YhO84m/prW:B8jFWHMONnFz4LTZzrJ7vBrW","tlshash":"5b13b3397ae9801ef17fdfb43ed429e58abaf3726505e9571881074b4e42b00de1163e","first_seen":"2024-08-20T03:23:31.830212Z","last_seen":"2024-08-20T03:23:31.830212Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1109,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":1059,"receive":10,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-10","alert":"Scan result 5/70","trigger":"79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","verdict":"suspicious","severity":"","comment":"suspicious - 5/70","link":"https://www.virustotal.com/gui/file/79ca0354b606b59c066447bf49743c6c15db95f23f519186e7ef9dd2ecb0f492","meta":null}],"urlquery":null}}]}