{"report_id":"ea8c596e-eb44-4f70-959c-34f12158b0ca","version":6,"status":"done","tags":[],"date":"2023-12-05T18:55:47Z","url":{"schema":"http","addr":"windowstechies.com/go/fortect.repairtool.dl/","fqdn":"windowstechies.com","domain":"windowstechies.com","tld":"com"},"ip":{"addr":"143.204.55.77","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T08:57:23Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"windowstechies.com","ip":{"addr":"143.204.55.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2012-05-11","domain_rank":98364,"first_seen":"2012-10-10 08:16:11","last_seen":"2023-11-10 22:50:27","alert_count":0,"request_count":1,"received_data":901,"sent_data":510,"comment":"","tags":null,"fingerprints":null},{"fqdn":"util.fortect.com","ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2022-01-21","domain_rank":0,"first_seen":"2022-07-28 01:22:51","last_seen":"2023-12-04 02:22:17","alert_count":1,"request_count":1,"received_data":755387,"sent_data":749,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.fortect.com","ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2022-01-21","domain_rank":0,"first_seen":"2022-04-04 16:49:19","last_seen":"2023-11-29 10:14:17","alert_count":1,"request_count":1,"received_data":752186,"sent_data":555,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cloud.fortect.com","ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2022-01-21","domain_rank":0,"first_seen":"2022-04-04 16:49:46","last_seen":"2023-12-04 18:26:05","alert_count":2,"request_count":1,"received_data":751663,"sent_data":906,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"dc341e5967d92bd2bd7662a9e7994287","sha1":"54dc4efe3e76a5463c5fa695b1b8b1974e82aa3e","sha256":"cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","sha512":"2f3c4695893f5a9f8e3aee7d9756725b110f6d8955f4a34d780fc39c56e0877fd3782cc73745a8e6fde705ee0383f9b0a98be6d25339e92e33b0e57c58e93ec5","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\\012- data","size":750824,"url":{"schema":"https","addr":"cloud.fortect.com/app/installation/downloader/6005/Fortect.exe","fqdn":"cloud.fortect.com","domain":"fortect.com","tld":"com"},"ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-12-05","alert":"Scan result 2/72","trigger":"cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34081,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.279058+0000\",\"flow_id\":1939544721539602,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":34081,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":10496,\"rrname\":\"www.fortect.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":86,\"bytes_toclient\":0,\"start\":\"2023-12-05T18:55:35.279058+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":39870,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.279218+0000\",\"flow_id\":450522509689522,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":39870,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":11175,\"rrname\":\"www.fortect.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":86,\"bytes_toclient\":0,\"start\":\"2023-12-05T18:55:35.279218+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":40600,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)","source":"{\"timestamp\":\"2023-12-05T18:55:35.302100+0000\",\"flow_id\":2053503088819259,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":40600,\"dest_ip\":\"104.26.3.16\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048948,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"tls\":{\"sni\":\"www.fortect.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":917,\"bytes_toclient\":5653,\"start\":\"2023-12-05T18:55:35.293947+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43452,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.569748+0000\",\"flow_id\":683174445691284,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":43452,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56790,\"rrname\":\"util.fortect.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-12-05T18:55:35.569748+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34506,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.570826+0000\",\"flow_id\":313255353781851,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":34506,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8330,\"rrname\":\"util.fortect.com\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":172,\"bytes_toclient\":113,\"start\":\"2023-12-05T18:55:18.462427+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"104.26.2.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55506,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)","source":"{\"timestamp\":\"2023-12-05T18:55:35.583216+0000\",\"flow_id\":1347992433444810,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":55506,\"dest_ip\":\"104.26.2.16\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048948,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"tls\":{\"sni\":\"util.fortect.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":5578,\"start\":\"2023-12-05T18:55:35.575434+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44745,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.854921+0000\",\"flow_id\":1611673360599945,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":44745,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":14870,\"rrname\":\"cloud.fortect.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":88,\"bytes_toclient\":0,\"start\":\"2023-12-05T18:55:35.854921+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53763,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)","source":"{\"timestamp\":\"2023-12-05T18:55:35.855076+0000\",\"flow_id\":1537808513043492,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":53763,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048947,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed DNS Query to PC Optimizer Software Domain (fortect .com)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"ADWARE_PUP\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":47439,\"rrname\":\"cloud.fortect.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":88,\"bytes_toclient\":0,\"start\":\"2023-12-05T18:55:35.855076+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T18:55:35Z","timestamp":1701802535,"ip_dst":{"addr":"104.26.2.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55520,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)","source":"{\"timestamp\":\"2023-12-05T18:55:35.867643+0000\",\"flow_id\":2049856661561119,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.5\",\"src_port\":55520,\"dest_ip\":\"104.26.2.16\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048948,\"rev\":1,\"signature\":\"ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)\",\"category\":\"Possibly Unwanted Program Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_10_30\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"PUP\"],\"reviewed_at\":[\"2023_10_30\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_30\"]}},\"tls\":{\"sni\":\"cloud.fortect.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":919,\"bytes_toclient\":3168,\"start\":\"2023-12-05T18:55:35.859935+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null}]},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"windowstechies.com/go/fortect.repairtool.dl/","fqdn":"windowstechies.com","domain":"windowstechies.com","tld":"com"},"ip":{"addr":"143.204.55.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T18:55:34.947Z","timestamp":1701802534947,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"windowstechies.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 26 Jan 2023 00:00:00 GMT","end":"Fri, 23 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"AB:F3:5F:5C:34:42:14:E2:E2:21:A7:10:6F:17:7A:57:BC:1B:D5:E8","sha256":"1D:86:93:2F:A0:86:4B:BE:49:BE:01:B2:DB:82:D1:E9:71:F0:B3:80:64:64:C3:D7:2D:C5:4B:74:EB:C7:14:61"}}},"request":{"raw":"GET /go/fortect.repairtool.dl/ HTTP/1.1\r\nHost: windowstechies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nlocation: https://www.fortect.com/go/route-wt.php?channel=wt\u0026d=t\u0026banner=WTEN\u0026gclid=\u0026adgroup=expandable-v1\r\nset-cookie: _sp_id.a181=05180c41-e2bb-4179-8617-cc03c4e75a75.1701802529.1.1701802529.1701802529.c671b66c-1c93-465c-ac21-c6949cd67db7; expires=Wed, 18-May-2033 03:33:20 GMT; Max-Age=298197471; path=/; domain=.windowstechies.com\n_sp_ses.a181=*; expires=Tue, 05-Dec-2023 19:25:29 GMT; Max-Age=1800; path=/; domain=.windowstechies.com\n_sp_app=WindowsTechies; expires=Tue, 05-Dec-2023 19:25:29 GMT; Max-Age=1800; path=/; domain=.windowstechies.com\r\ndate: Tue, 05 Dec 2023 18:55:29 GMT\r\nserver: LiteSpeed\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: QFlWX15IpKmxT36aOqmEnYA7v8Pzp181Nz-EtYT2EJIjN68pZwbo0A==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T12:55:59.554947Z","times_seen":13662418,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":1,"dns":1,"connect":1,"send":0,"wait":315,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"util.fortect.com/tk-6695/tk-6908.php?channel=wt\u0026campaign=WTEN\u0026adgroup=expandable-v1\u0026ads_name=direct\u0026keyword=direct\u0026d=t\u0026productid=1\u0026gclid=","fqdn":"util.fortect.com","domain":"fortect.com","tld":"com"},"ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T18:55:35.571Z","timestamp":1701802535571,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortect.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Thu, 16 Nov 2023 12:52:50 GMT","end":"Wed, 14 Feb 2024 12:52:49 GMT"},"fingerprint":{"sha1":"F7:E7:28:BD:54:FF:FC:BC:69:D6:F8:9C:2F:6C:42:A7:72:51:A4:12","sha256":"6C:5B:4D:16:7C:1A:C9:E6:10:6F:C7:AB:0F:9D:CA:23:56:68:44:75:91:B6:22:5A:31:09:6E:D1:D0:93:EB:36"}}},"request":{"raw":"GET /tk-6695/tk-6908.php?channel=wt\u0026campaign=WTEN\u0026adgroup=expandable-v1\u0026ads_name=direct\u0026keyword=direct\u0026d=t\u0026productid=1\u0026gclid= HTTP/1.1\r\nHost: util.fortect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _source=%2Fgo%2Froute-wt.php%3Fchannel%3Dwt%26d%3Dt%26banner%3DWTEN%26gclid%3D%26adgroup%3Dexpandable-v1; _testcookie=test\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Tue, 05 Dec 2023 18:55:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://cloud.fortect.com/app/installation/downloader/6005/Fortect.exe\r\np3p: CP=\"CAO DSP AND SO ON\" policyref=\"/w3c/p3p.xml\"\r\ncache-control: no-store, no-cache, must-revalidate\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\naccept-ch: Sec-Ch-Ua,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version\r\nset-cookie: PHPSESSID=hahvqpe047imfmjqvpvrk769d8; path=/\n_refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_trackid=4945078; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_trackid_4945078=4945078; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_tracking=wt; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_tracking_wt=wt; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_campaign=WTEN; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_campaign_WTEN=WTEN; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_adgroup=expandable-v1; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_adgroup_expandable-v1=expandable-v1; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_keyword=direct; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_keyword_direct=direct; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_ads=direct; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_ads_direct=direct; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_browser=Firefox; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_browser_Firefox=Firefox; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_country=Norway; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\n_country_Norway=Norway; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\ngui_6003_6005=68123; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\nABtestDataTestID=16; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\nABtestDataTestVersion=3; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\nABtestDataTestName=gui_6003_6005; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\ngui_6003_6005=3; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\nABtestDataTestID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\nABtestDataTestVersion=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\nABtestDataTestName=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fC4lUQ3T%2BQpWkG38By%2F7VnYwVPelPNCJrjnaaM4cHRct4qatbemNJNVGIDMvQa3yayRMVeScD93zeyuN0n5mpq2AX6wifo2XBP7Drw6XIj93wFrObEwH5SvqkgiLvbPgY1w%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 830e80f24f28b509-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":750831,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"f08e5ac940c047b08c88551200f3a3ef","sha1":"9f58e36448ef763e1d7f3474e0fe2c9b6039a306","sha256":"ea12d0b7a0f95154a488cc816e5972d141514c3d7386293d4db9de30a2e93c9b","sha512":"14deda295af2fcae331c30823c367f792623b0c39f1d55e414cf6cead96e99212e9383fc52faa3f03d0dc48ea7625a3809020c95956cca3e1d1510cb8eb0c709","ssdeep":"6144:qYa6u2R2bkSGPsI4CQFFCTExsxAvbqgIMwET/wcZz0G0HSzQxZs9bwFKa3ayJInE:qYgqAoPtvYFb9pIPMnMSkxZshgKgqE","tlshash":"08f4afb3e60c94d9c04e43bf9761c37a95587d4da7e780c2ea41aaad043214cff785ba","first_seen":"2023-12-05T19:55:48Z","last_seen":"2023-12-05T19:55:48Z","times_seen":1,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.fortect.com/go/route-wt.php?channel=wt\u0026d=t\u0026banner=WTEN\u0026gclid=\u0026adgroup=expandable-v1","fqdn":"www.fortect.com","domain":"fortect.com","tld":"com"},"ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T18:55:35.280Z","timestamp":1701802535280,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortect.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Thu, 16 Nov 2023 12:52:50 GMT","end":"Wed, 14 Feb 2024 12:52:49 GMT"},"fingerprint":{"sha1":"F7:E7:28:BD:54:FF:FC:BC:69:D6:F8:9C:2F:6C:42:A7:72:51:A4:12","sha256":"6C:5B:4D:16:7C:1A:C9:E6:10:6F:C7:AB:0F:9D:CA:23:56:68:44:75:91:B6:22:5A:31:09:6E:D1:D0:93:EB:36"}}},"request":{"raw":"GET /go/route-wt.php?channel=wt\u0026d=t\u0026banner=WTEN\u0026gclid=\u0026adgroup=expandable-v1 HTTP/1.1\r\nHost: www.fortect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 05 Dec 2023 18:55:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://util.fortect.com/tk-6695/tk-6908.php?channel=wt\u0026campaign=WTEN\u0026adgroup=expandable-v1\u0026ads_name=direct\u0026keyword=direct\u0026d=t\u0026productid=1\u0026gclid=\r\ncache-control: no-cache, must-revalidate\r\nexpires: Sat, 26 Jul 1997 05:00:00 GMT\r\nset-cookie: _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com\n_source=%2Fgo%2Froute-wt.php%3Fchannel%3Dwt%26d%3Dt%26banner%3DWTEN%26gclid%3D%26adgroup%3Dexpandable-v1; expires=Sat, 03-Feb-2024 18:55:29 GMT; Max-Age=5184000; path=/; domain=fortect.com\n_testcookie=test; expires=Tue, 05-Dec-2023 19:01:29 GMT; Max-Age=360; path=/; domain=fortect.com\nmarketnetwork_subid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com\r\naccept-ch: Sec-Ch-Ua,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=EwtSMBQBGeCYEo%2FJTmZ7%2BCpYtGGXViXHbQ7L3S9nhupZUwB6B0OUHiO%2B8Qmkojg6i3sloB6Rcdl0e33a995EBvZGaQft4Tz5Tei0MNGtJ4q0Ip78UNmdTSKxk3LsIzs5Og%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 830e80f0ad5bb509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":750824,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T12:55:59.554947Z","times_seen":13662418,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":39,"dns":13,"connect":1,"send":0,"wait":232,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cloud.fortect.com/app/installation/downloader/6005/Fortect.exe","fqdn":"cloud.fortect.com","domain":"fortect.com","tld":"com"},"ip":{"addr":"104.26.3.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T18:55:35.855Z","timestamp":1701802535855,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fortect.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Thu, 16 Nov 2023 12:52:50 GMT","end":"Wed, 14 Feb 2024 12:52:49 GMT"},"fingerprint":{"sha1":"F7:E7:28:BD:54:FF:FC:BC:69:D6:F8:9C:2F:6C:42:A7:72:51:A4:12","sha256":"6C:5B:4D:16:7C:1A:C9:E6:10:6F:C7:AB:0F:9D:CA:23:56:68:44:75:91:B6:22:5A:31:09:6E:D1:D0:93:EB:36"}}},"request":{"raw":"GET /app/installation/downloader/6005/Fortect.exe HTTP/1.1\r\nHost: cloud.fortect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _testcookie=test; _trackid=4945078; _trackid_4945078=4945078; _tracking=wt; _tracking_wt=wt; _campaign=WTEN; _campaign_WTEN=WTEN; _adgroup=expandable-v1; _adgroup_expandable-v1=expandable-v1; _keyword=direct; _keyword_direct=direct; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; gui_6003_6005=3\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 Dec 2023 18:55:29 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 750824\r\nx-amz-id-2: zSzCyzdIHaWPylaO6LNHnrduFRXAR3TZWc2X7f+JVDy9NF7L/mBUsCsm1tMDQnvNTQhQfc60ruY=\r\nx-amz-request-id: 0B62H53Y9XK0596W\r\nlast-modified: Thu, 30 Nov 2023 09:46:46 GMT\r\netag: \"dc341e5967d92bd2bd7662a9e7994287\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 4147\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=tokCydrSFUz3%2F26TBGaCFAQvb3fA6dT%2Bm2O2Wi2uEA1oA%2BFLzi4Iw0U3zq%2BAdo7l%2BGP1t69GToNMZ%2B7afSpugZQpnGGLzho4nXU9UFT04bxWzx342MZJPhikF3xMwq35ZhCu\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 830e80f40a03b509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":750824,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\\012- data","md5":"dc341e5967d92bd2bd7662a9e7994287","sha1":"54dc4efe3e76a5463c5fa695b1b8b1974e82aa3e","sha256":"cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","sha512":"2f3c4695893f5a9f8e3aee7d9756725b110f6d8955f4a34d780fc39c56e0877fd3782cc73745a8e6fde705ee0383f9b0a98be6d25339e92e33b0e57c58e93ec5","ssdeep":"6144:dYa6u2R2bkSGPsI4CQFFCTExsxAvbqgIMwET/wcZz0G0HSzQxZs9bwFKa3ayJInE:dYgqAoPtvYFb9pIPMnMSkxZshgKgqE","tlshash":"f5f4afb3e60c94d9c04e43bf9761c37a95587d4da7e780c2ea41aaad043214cff785ba","first_seen":"2023-12-04T14:58:46Z","last_seen":"2024-08-20T16:49:11.701659Z","times_seen":11,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":11,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2023-12-05","alert":"Sinkholed","trigger":"fortect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-12-05","alert":"Scan result 2/72","trigger":"cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/cfd61eaa260919f24d52b61df0f1c9f392f0e1c1bad2a5658cc8207dfb6bdb21","meta":null}],"urlquery":null}}]}