{"report_id":"c2ea58ad-b74d-49d0-8124-8be581eb865f","version":6,"status":"done","tags":[],"date":"2024-05-15T16:03:16Z","url":{"schema":"http","addr":"downloads.auslogics.com/en/duplicate-file-finder/duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":0,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:50:54Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"downloads.auslogics.com","ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2005-05-11","domain_rank":0,"first_seen":"2012-05-21 15:42:55","last_seen":"2024-04-17 13:24:04","alert_count":1,"request_count":1,"received_data":17764221,"sent_data":534,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d1415509e92b7c4a841bcfb2773b2858","sha1":"6345bc23e4b8732629db484e91ae4a2ada0ccd80","sha256":"66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","sha512":"46d25c3be0436e6a183c130a48c1c03d32c766463f1c65d2275727f5a83562a173ea38ec4f9fbcacf141e5b85b48999ed8122c48cfde8330ca559e05e4af381c","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":17763800,"url":{"schema":"https","addr":"downloads.auslogics.com/en/duplicate-file-finder/duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-15","alert":"Scan result 6/72","trigger":"66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","verdict":"suspicious","severity":"","comment":"suspicious - 6/72","link":"https://www.virustotal.com/gui/file/66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"downloads.auslogics.com/en/duplicate-file-finder/duplicate-file-finder-setup.exe","fqdn":"downloads.auslogics.com","domain":"auslogics.com","tld":"com"},"ip":{"addr":"51.79.116.215","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-15T16:02:49.492Z","timestamp":1715788969492,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"downloads.auslogics.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Mar 2024 10:32:07 GMT","end":"Fri, 28 Jun 2024 10:32:06 GMT"},"fingerprint":{"sha1":"43:48:F4:01:81:59:E9:AE:26:D1:D9:DE:50:FF:43:FF:22:49:B8:28","sha256":"DB:E4:6D:B5:8B:8C:F1:97:41:A7:77:58:4B:2C:2B:79:EF:81:A9:4A:0C:AF:87:7E:48:38:3E:8F:B9:CF:45:A4"}}},"request":{"raw":"GET /en/duplicate-file-finder/duplicate-file-finder-setup.exe HTTP/1.1\r\nHost: downloads.auslogics.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.10.3\r\nDate: Wed, 15 May 2024 16:02:49 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 17763800\r\nLast-Modified: Wed, 01 May 2024 11:46:16 GMT\r\nConnection: keep-alive\r\nETag: \"66322b88-10f0dd8\"\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nCache-Control: max-age=315360000\r\nContent-Disposition: attachment; filename=\"auslogics-duplicate-file-finder-setup.exe\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17763800,"size_decoded":17763800,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","md5":"d1415509e92b7c4a841bcfb2773b2858","sha1":"6345bc23e4b8732629db484e91ae4a2ada0ccd80","sha256":"66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","sha512":"46d25c3be0436e6a183c130a48c1c03d32c766463f1c65d2275727f5a83562a173ea38ec4f9fbcacf141e5b85b48999ed8122c48cfde8330ca559e05e4af381c","ssdeep":"393216:FuicVr54ZyAQzHNYWulrmizYB1BxjtT6MHx9R:xcVr5jJHsJm/7B5t2CR","tlshash":"95073350748000f9f1aa59bbc2a47899cd7d3e1f01d184682da9f34d79f8fc9ad326ad","first_seen":"2024-05-02T02:16:32Z","last_seen":"2024-08-20T01:20:52.492939Z","times_seen":508,"resource_available":false,"data":null}},"time_used":3010,"timings":{"blocked":299,"dns":6,"connect":94,"send":0,"wait":252,"receive":2158,"ssl":198},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-15","alert":"Scan result 6/72","trigger":"66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","verdict":"suspicious","severity":"","comment":"suspicious - 6/72","link":"https://www.virustotal.com/gui/file/66a36cb98c37fe472a219439a3d809488c19964d5f77ba6f71956bc8c8027c41","meta":null}],"urlquery":null}}]}