{"report_id":"d04a7ab0-d25f-4ca8-97e1-323c9dbdca9b","version":6,"status":"done","tags":[],"date":"2024-04-03T01:02:47Z","url":{"schema":"http","addr":"downloads.applian.com/RCATSetup.exe?","fqdn":"downloads.applian.com","domain":"applian.com","tld":"com"},"ip":{"addr":"52.219.100.96","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T20:46:02Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"downloads.applian.com","ip":{"addr":"52.219.97.202","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"1997-07-31","domain_rank":0,"first_seen":"2012-05-25 22:48:08","last_seen":"2024-01-02 20:48:59","alert_count":1,"request_count":1,"received_data":56635858,"sent_data":406,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4cd8ae37177101a23cc12a65f2ef1f31","sha1":"b38ae06e5f9143515b0afbb7a3c1efbb36b57445","sha256":"f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","sha512":"bc1b42d1b8e4f85bb83ba7dededbff5a7930c750fc22c7d3ef506c496c89169d61894259f8f112754ac418b1b9d67eb0d352f5dd6cfbb1cd8ee481a5d3721876","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":56635392,"url":{"schema":"http","addr":"downloads.applian.com/RCATSetup.exe?","fqdn":"downloads.applian.com","domain":"applian.com","tld":"com"},"ip":{"addr":"52.219.97.202","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-25","alert":"Scan result 2/67","trigger":"f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","verdict":"suspicious","severity":"","comment":"suspicious - 2/67","link":"https://www.virustotal.com/gui/file/f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"downloads.applian.com/RCATSetup.exe?","fqdn":"downloads.applian.com","domain":"applian.com","tld":"com"},"ip":{"addr":"52.219.97.202","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-04-03T01:02:22.610Z","timestamp":1712106142610,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /RCATSetup.exe? HTTP/1.1\r\nHost: downloads.applian.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: Fv7XPOtL9HA0r5X3tavD60/lhD6XnyQKjFJlSohIbQKEEwh/PSlD3XRQ2R9KBKINnZXorWQVYcE=\r\nx-amz-request-id: J7VPEMVNQEB509Z7\r\nDate: Wed, 03 Apr 2024 01:02:23 GMT\r\nLast-Modified: Tue, 19 Mar 2024 01:10:19 GMT\r\nETag: \"cb9a926b8dfd39dbe29ce479d442ab82-4\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: xT4hZNSHqNTYqjGbLUDOtma72QEcv6wv\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nServer: AmazonS3\r\nContent-Length: 56635392\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56635392,"size_decoded":56635392,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"4cd8ae37177101a23cc12a65f2ef1f31","sha1":"b38ae06e5f9143515b0afbb7a3c1efbb36b57445","sha256":"f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","sha512":"bc1b42d1b8e4f85bb83ba7dededbff5a7930c750fc22c7d3ef506c496c89169d61894259f8f112754ac418b1b9d67eb0d352f5dd6cfbb1cd8ee481a5d3721876","ssdeep":"1572864:fcD7RhjCnAC+ehEC+1Dn+A9Vle0tjZp/ZLTLs/:w7GnACfhT+1Dn+A9TtnxTLk","tlshash":"c0c7335287751c83fbad2ebd5cd85a7332518201386521c2bc88bb6534b0fef79dab25","first_seen":"2024-03-19T09:05:09Z","last_seen":"2024-08-20T07:39:42.718212Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9280,"timings":{"blocked":104,"dns":2,"connect":102,"send":0,"wait":127,"receive":8945,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-25","alert":"Scan result 2/67","trigger":"f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","verdict":"suspicious","severity":"","comment":"suspicious - 2/67","link":"https://www.virustotal.com/gui/file/f191e534cb73123ba3947f624a4acd6306327564d183650dd3efa7aea61c61e1","meta":null}],"urlquery":null}}]}