{"report_id":"806a6f93-b572-4bba-81bc-78321c98d139","version":6,"status":"done","tags":[],"date":"2025-01-21T07:05:16Z","url":{"schema":"http","addr":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","fqdn":"download.piaproxy.com","domain":"piaproxy.com","tld":"com"},"ip":{"addr":"104.26.14.22","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-01T07:05:16Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"download.piaproxy.com","ip":{"addr":"104.26.15.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-07-21","domain_rank":0,"first_seen":"2022-07-22T04:03:57Z","last_seen":"2024-11-30T04:03:00.134315Z","alert_count":2,"request_count":1,"received_data":19647154,"sent_data":519,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"fbfa3d5f4a99e680e3d75ff54efbab65","sha1":"467e12bfb480baa4eae59cdec6eb8ddbc497939f","sha256":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","sha512":"ed21a5e51fd96f8c3e301238a2436de1af108dddca6c73dcd26df0e3d0a7443c1ae6dd6ad7804af12d5a9205aed807dbbbc5d08c6296a940cf71ed8819781877","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":19646176,"url":{"schema":"https","addr":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","fqdn":"download.piaproxy.com","domain":"piaproxy.com","tld":"com"},"ip":{"addr":"104.26.15.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-21","alert":"Detects an SFX archive with automatic script execution","trigger":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/68","trigger":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"fbfa3d5f4a99e680e3d75ff54efbab65","sha1":"467e12bfb480baa4eae59cdec6eb8ddbc497939f","sha256":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","sha512":"ed21a5e51fd96f8c3e301238a2436de1af108dddca6c73dcd26df0e3d0a7443c1ae6dd6ad7804af12d5a9205aed807dbbbc5d08c6296a940cf71ed8819781877","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":19646176,"url":{"schema":"https","addr":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","fqdn":"download.piaproxy.com","domain":"piaproxy.com","tld":"com"},"ip":{"addr":"104.26.15.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-21","alert":"Detects an SFX archive with automatic script execution","trigger":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/68","trigger":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-21","alert":"Detects an SFX archive with automatic script execution","trigger":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","fqdn":"download.piaproxy.com","domain":"piaproxy.com","tld":"com"},"ip":{"addr":"104.26.15.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-21T07:04:49.309Z","timestamp":1737443089309,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"piaproxy.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Jan 2025 21:15:57 GMT","end":"Thu, 10 Apr 2025 21:15:56 GMT"},"fingerprint":{"sha1":"F8:F4:66:B2:7B:DE:E3:55:D9:E7:09:E3:A5:FC:9B:F5:A4:E9:9A:04","sha256":"6D:E5:63:C5:89:3A:7E:38:B1:D4:85:61:55:D8:6A:C0:B9:94:AE:FE:82:6A:7B:79:3E:43:20:09:E3:44:EB:E3"}}},"request":{"raw":"GET /file/pc/PiaProxy_2.2.1_202501141420_Cus.exe HTTP/1.1\r\nHost: download.piaproxy.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Jan 2025 07:04:49 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 19646176\r\nlast-modified: Wed, 15 Jan 2025 06:44:49 GMT\r\netag: \"67875961-12bc6e0\"\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=UR60VWosSFyFSVIx4K2kvheeKODKy0Fwmc5YM%2F1%2FetRyqqjeUQmhdVA2C9sWrw2vZMcWD2dgZRXUNfMdJIeXoiAVPGlkWv%2F6NIqCuomZQR37GAj05oyZbmOg0jQKXyaHb0uaKMrymgw%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 905573cc7841568e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfCacheStatus;desc=\"REVALIDATED\", cfL4;desc=\"?proto=TCP\u0026rtt=6946\u0026min_rtt=592\u0026rtt_var=12525\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=1\u0026sent_bytes=2936\u0026recv_bytes=1337\u0026delivery_rate=4724306\u0026cwnd=255\u0026unsent_bytes=0\u0026cid=2d9967a6e901bb13\u0026ts=480\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19646176,"size_decoded":19646176,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","md5":"fbfa3d5f4a99e680e3d75ff54efbab65","sha1":"467e12bfb480baa4eae59cdec6eb8ddbc497939f","sha256":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","sha512":"ed21a5e51fd96f8c3e301238a2436de1af108dddca6c73dcd26df0e3d0a7443c1ae6dd6ad7804af12d5a9205aed807dbbbc5d08c6296a940cf71ed8819781877","ssdeep":"393216:2xbjH3TZgsmK0ntiV6l4WRgMP6/gzTzNFuCG5NJ1gbu4j7AveD8TOWO:21m3xiIlBNPz3jG5NPga4boI","tlshash":"19173342d76186e3d651ed3a662c8601e235fd2a3e8ce26e2381f89cc4776137577b23","first_seen":"2025-01-21T07:05:19.640127Z","last_seen":"2025-01-21T07:05:19.640127Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1838,"timings":{"blocked":47,"dns":8,"connect":1,"send":0,"wait":457,"receive":1289,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-21","alert":"Detects an SFX archive with automatic script execution","trigger":"download.piaproxy.com/file/pc/PiaProxy_2.2.1_202501141420_Cus.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/68","trigger":"7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","verdict":"suspicious","severity":"","comment":"suspicious - 1/68","link":"https://www.virustotal.com/gui/file/7a23996efdcb1cc7c1a616dd202767b3233e3489eff839e8500588d1783e8e93","meta":null}],"urlquery":null}}]}