{"report_id":"a8a4b57a-47b6-45a0-9c8a-28b5457d0931","version":6,"status":"done","tags":[],"date":"2024-10-31T02:18:46Z","url":{"schema":"http","addr":"www.alvas.net/Download/Alvas.ShapeForms.zip","fqdn":"www.alvas.net","domain":"alvas.net","tld":"net"},"ip":{"addr":"172.67.206.163","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-01-09T02:18:46Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.alvas.net","ip":{"addr":"104.21.22.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2001-02-06","domain_rank":0,"first_seen":"2012-06-18T13:29:30Z","last_seen":"2024-02-22T18:13:08Z","alert_count":1,"request_count":1,"received_data":225661,"sent_data":497,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"dea602fad28cbbf40b9ae90665792087","sha1":"d6a41391b73371c107c36a4f6e25c9af2670a002","sha256":"428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","sha512":"c717277bfbbf35e5e9e29e48ccb1eca31dc30f9f662d59d61457612a7901739dd9bf53ca4447a95a13db4c3a7711f766165160c4f91acad390d3def21ee573c0","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":224735,"url":{"schema":"https","addr":"www.alvas.net/Download/Alvas.ShapeForms.zip","fqdn":"www.alvas.net","domain":"alvas.net","tld":"net"},"ip":{"addr":"104.21.22.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Readme.rtf","filename":"Readme.rtf","modified":"","Modified":"2006-11-21T12:05:00Z","magic":"Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049","size":4094,"md5":"7f47903d4262b45743871ecb978dd85a","sha1":"a80943f94509c41c637ee63618a05f353cc1b2a8","sha256":"b0502b508a3382e1e75fc0bd5aca218599d9f0501b998f96ffeb79c75eeff29f","sha512":"9770a2abdc9926b133288451eb3daa50287c57ba2f8279280cac9ef2c792c0146e01f02674bd898e5fbbe5a73af700b4d73d4a9cb552ee222cfb2f750601ddce","alerts":{"urlquery":null,"analyzer":null}},{"path":"Setup.exe","filename":"Setup.exe","modified":"","Modified":"2007-09-05T10:15:02Z","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":201624,"md5":"83f4621d89292903bdac70808644a7c5","sha1":"99295be65c48fca93e4a7c194f9b2070a98682f7","sha256":"30372e9e0d750edf70793bb58f847ea197da222062f7960257f817b07f913673","sha512":"311c81daf586858c7841ccc696f424f617b6825ca2c0df5a345d0558d71e9a8ed45156c18934b68013c0dc8ec5cb7ccf9a8f7b65fc76e2e10e3e449e9f837ed6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-11-27","alert":"Scan result 3/70","trigger":"30372e9e0d750edf70793bb58f847ea197da222062f7960257f817b07f913673","verdict":"suspicious","severity":"","comment":"suspicious - 3/70","link":"https://www.virustotal.com/gui/file/30372e9e0d750edf70793bb58f847ea197da222062f7960257f817b07f913673","meta":null}]}},{"path":"Alvas.ShapeForms.Single.zip","filename":"Alvas.ShapeForms.Single.zip","modified":"","Modified":"2006-03-15T07:07:44Z","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":35382,"md5":"b11aa7eac6962f8a38a00daa3875f4e4","sha1":"167926301b79b423a3a7ed0fcc4b76435baefdb2","sha256":"d64fc00a3e0b46a5f536ebccf3c33fa5ab238aac03eacbdc5acdafc88381d9bf","sha512":"37e575dc33ba5503e2b4e58d3a8fa4e44df122448284b9f889be8aa43b4b30d20e7bf31167674feef06db282ab7568ad5d9611e276540ff9b9f8d54edf0224ca","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-01","alert":"Scan result 1/52","trigger":"428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","verdict":"suspicious","severity":"","comment":"suspicious - 1/52","link":"https://www.virustotal.com/gui/file/428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.alvas.net/Download/Alvas.ShapeForms.zip","fqdn":"www.alvas.net","domain":"alvas.net","tld":"net"},"ip":{"addr":"104.21.22.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-31T02:18:21.570Z","timestamp":1730341101570,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alvas.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 27 Oct 2024 08:44:32 GMT","end":"Sat, 25 Jan 2025 08:44:31 GMT"},"fingerprint":{"sha1":"8F:CA:1E:99:B6:7B:DA:B1:F5:AB:AC:03:31:17:C9:4C:24:3C:87:57","sha256":"F5:0D:D4:EA:91:81:77:63:6A:B2:F0:0A:10:48:24:7B:B2:9F:DB:08:A2:9A:90:3A:FF:CA:61:0A:82:39:68:D7"}}},"request":{"raw":"GET /Download/Alvas.ShapeForms.zip HTTP/1.1\r\nHost: www.alvas.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 31 Oct 2024 02:18:22 GMT\r\ncontent-type: application/x-zip-compressed\r\ncontent-length: 224735\r\nlast-modified: Sun, 29 May 2011 03:34:24 GMT\r\netag: \"060e24db11dcc1:0\"\r\nx-powered-by: ASP.NET\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=M%2FrKcRPnqZhqWrpiv7Z2kB4MZ%2FIVhMgo0Tm%2Fu5mNdwDUD41CEjCF5KN8%2Bvi0%2Bh019iIAXmGQg4s0Nl2fVg1E6fhcPzG5LREyqV6YFQeBycHb6iIPm2yHZMfkn0F105Sb\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8db0276d38bc5693-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22469\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3267\u0026recv_bytes=1263\u0026delivery_rate=261356\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=4942b73d293b8347\u0026ts=889\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":224735,"size_decoded":224735,"mime_type":"application/x-zip-compressed","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"dea602fad28cbbf40b9ae90665792087","sha1":"d6a41391b73371c107c36a4f6e25c9af2670a002","sha256":"428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","sha512":"c717277bfbbf35e5e9e29e48ccb1eca31dc30f9f662d59d61457612a7901739dd9bf53ca4447a95a13db4c3a7711f766165160c4f91acad390d3def21ee573c0","ssdeep":"3072:f9dZF2tiGf/YjZmE7XRquHBKEkSkZDu3nVKj9e7ekTZLDUjJ8/lxW3o3ul0dnZga:ldcfmt4uhLnWuXQwikTpsq3GYQ0Lbr6i","tlshash":"5f241263559b63f990a0637060e4743f2f2e819aa6fbd39b4205e5343cd329ac395e1f","first_seen":"2024-10-31T02:18:51.487581Z","last_seen":"2024-10-31T02:18:51.487581Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1586,"timings":{"blocked":66,"dns":17,"connect":17,"send":0,"wait":876,"receive":578,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-01","alert":"Scan result 1/52","trigger":"428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","verdict":"suspicious","severity":"","comment":"suspicious - 1/52","link":"https://www.virustotal.com/gui/file/428644d2ec82fa1912b4df2db6400b155edec3e3748d05349fe40f9ac53d8925","meta":null}],"urlquery":null}}]}