{"report_id":"f3c632d1-4dec-45d9-a77b-79d169c2ac5f","version":6,"status":"done","tags":[],"date":"2023-10-16T16:24:35Z","url":{"schema":"http","addr":"vpn.freecityvpn.com/downloads/Setup.exe","fqdn":"vpn.freecityvpn.com","domain":"freecityvpn.com","tld":"com"},"ip":{"addr":"5.75.245.115","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T19:41:44Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vpn.freecityvpn.com","ip":{"addr":"5.75.245.115","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":10834703,"sent_data":495,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"8ee2c20ade412379bfa719de5ab70b5d","sha1":"79bd6aa13da83cfa74ba3342fead66cece86e50f","sha256":"d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","sha512":"31621db5e5f9cf90e8e0658cf590f4ff090237f1600cf6044819a41e9f1ff0676ad1aa239ca1f77df8e1f8d9d8d53dd28fab4a9f1692ea116c7568d7a1ca447b","magic":"PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows\\012- data","size":10834432,"url":{"schema":"https","addr":"vpn.freecityvpn.com/downloads/Setup.exe","fqdn":"vpn.freecityvpn.com","domain":"freecityvpn.com","tld":"com"},"ip":{"addr":"5.75.245.115","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-09-09","alert":"Scan result 2/71","trigger":"d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"vpn.freecityvpn.com/downloads/Setup.exe","fqdn":"vpn.freecityvpn.com","domain":"freecityvpn.com","tld":"com"},"ip":{"addr":"5.75.245.115","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-10-16T16:24:17.861Z","timestamp":1697473457861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vpn.freecityvpn.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 Sep 2023 06:54:41 GMT","end":"Wed, 20 Dec 2023 06:54:40 GMT"},"fingerprint":{"sha1":"A4:C8:88:03:1C:A6:5D:7D:AA:35:D9:BA:70:EC:7B:87:88:63:81:76","sha256":"49:B7:A9:9C:AB:61:EC:C5:92:67:50:22:B3:1D:DE:7C:19:76:67:99:52:25:72:5C:DD:B5:19:E5:25:D8:25:00"}}},"request":{"raw":"GET /downloads/Setup.exe HTTP/1.1\r\nHost: vpn.freecityvpn.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 07 Aug 2023 12:27:11 GMT\r\netag: \"a55200-602545d9dd685\"\r\naccept-ranges: bytes\r\ncontent-length: 10834432\r\ncontent-type: application/x-msdos-program\r\ndate: Mon, 16 Oct 2023 16:24:17 GMT\r\nserver: Apache/2.4.54 (Debian)\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10834432,"size_decoded":0,"mime_type":"application/x-msdos-program","magic":"PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows\\012- data","md5":"8ee2c20ade412379bfa719de5ab70b5d","sha1":"79bd6aa13da83cfa74ba3342fead66cece86e50f","sha256":"d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","sha512":"31621db5e5f9cf90e8e0658cf590f4ff090237f1600cf6044819a41e9f1ff0676ad1aa239ca1f77df8e1f8d9d8d53dd28fab4a9f1692ea116c7568d7a1ca447b","ssdeep":"98304:mc3/qOD50+vXq3udidZE6eGfMSm1xHQRDppOG7ZE78:msdxdl4BRRDXOG7ZE78","tlshash":"83b60883bc604394cc9986fcc5e281b26a717c5c0ba197f73630f66b2ab27dc5976b50","first_seen":"2023-10-16T18:24:45Z","last_seen":"2023-10-16T18:24:45Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1989,"timings":{"blocked":312,"dns":0,"connect":44,"send":0,"wait":44,"receive":1318,"ssl":268},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2023-09-09","alert":"Scan result 2/71","trigger":"d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/d15d342d6c2aba98d3928aa94fdc96848480e247dc6b6b4a45a4eb509ed2a245","meta":null}],"urlquery":null}}]}