{"report_id":"03bf8232-7afb-41f5-abfb-522d0653a992","version":6,"status":"done","tags":[],"date":"2024-09-19T18:20:53Z","url":{"schema":"http","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":""},"ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"title":"Direct IP access not allowed | Cloudflare"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T19:32:21Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-19 18:12:24","alert_count":0,"request_count":4,"received_data":3552,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"104.26.6.166","ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2018-12-12 10:15:48","last_seen":"2024-09-02 15:19:31","alert_count":3,"request_count":3,"received_data":11488,"sent_data":1060,"comment":"","tags":null,"fingerprints":null},{"fqdn":"performance.radar.cloudflare.com","ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":0,"first_seen":"2022-06-29 12:44:51","last_seen":"2024-09-18 21:11:46","alert_count":0,"request_count":1,"received_data":5933,"sent_data":381,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-19 18:13:06","alert_count":0,"request_count":3,"received_data":2661,"sent_data":981,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T15:20:42.416165Z","times_seen":15223586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"34ad0a116707d3b794129a6720af92d7","sha1":"424de9dbb8bc774e2a2d4ade100d90f5ac0ecbf4","sha256":"d011a9449a990f2086894be870adc6fbb53595dc593b410a83e45e40bfbc7262","sha512":"4d7cca00f0d83452fe3513c0c07c97ca5318dfcda0937df40626e49c9e15ef9a4287e6aa98da4c873d46248a20418b0ef793704c6619efad43c8b338a515cb37","ssdeep":"","tlshash":"43e0226b3b45293456f7aab3337fe37c3a22e0969cc015201968cd5ccd2bac042352c4","size":393,"data":"","first_seen":"2023-04-05T04:39:40Z","last_seen":"2025-03-02T06:13:46.994369Z","times_seen":143291,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T15:20:42.416165Z","times_seen":15223586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f328be327ccbbc07e5ab1384b0ec51d","sha1":"d994dd1570a24f33b3856cd8063ba5ca47f5a57e","sha256":"0279a109b5b9a20e6a587b8ba396e2307c30ddf5398bda76ef7653892fd1ab53","sha512":"11163b5019b1ddad7c346309d691f0605594f0c146d95fec5c609456b998cde99f24d2a629a95a464285c594950109d6410eb11c849b9d96e5aa43032b998693","ssdeep":"192:834d1an1U1Kf88Kvmv1IygAVAWb97RJoIFHYdzPTUxjFHYvhJ45HYRGK:ey1an1U1Kf88KOvCytOIF4tPTSjF4vhX","tlshash":"0c020977bb40c642c986085914bafe7f3411f04a07c256ad750ecd2ab2a4df2b6f2366","size":7994,"data":"","first_seen":"2024-09-19T19:32:24.754727Z","last_seen":"2024-09-19T19:32:24.754727Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:28.114046141Z","timestamp":1726770028114,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"48DDF84345FB7C618DD7E3AB12B5F393CC02D5854E392B617EA7D751C8C957B0\"\r\nLast-Modified: Wed, 18 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14361\r\nExpires: Thu, 19 Sep 2024 22:19:49 GMT\r\nDate: Thu, 19 Sep 2024 18:20:28 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7f94384c88afd251a59fa1bd27d01a3d","sha1":"4702ce94766111cd58b4a6e0a642ee2380a51013","sha256":"48ddf84345fb7c618dd7e3ab12b5f393cc02d5854e392b617ea7d751c8c957b0","sha512":"3472f9434e3b7d8cc648d9237ea6f22bf0e8e71706a491c4203937ceea8d5943abd4bd565b7d0ffeca5e06688b3e8981450b11a31004012d00c8fc97c728ce8e","ssdeep":"","tlshash":"19f0056632c57cd4deb496196eaedd30451478fdb0c097d2e058c19724517b450c605c","first_seen":"2024-09-18T15:23:11Z","last_seen":"2024-09-21T08:06:55.699541Z","times_seen":25500,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:28.135871533Z","timestamp":1726770028135,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"413ADCBC92AD4ADA2720B8C7A0385501D48E3EEC5CF1C8833792B3E565C0A51B\"\r\nLast-Modified: Thu, 19 Sep 2024 12:52:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12225\r\nExpires: Thu, 19 Sep 2024 21:44:13 GMT\r\nDate: Thu, 19 Sep 2024 18:20:28 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0f9757cb982e022e57ae0b157b0af7b7","sha1":"90769501ea6239546cff766263e45cf29f25b99f","sha256":"413adcbc92ad4ada2720b8c7a0385501d48e3eec5cf1c8833792b3e565c0a51b","sha512":"5541c94ed4008eb36d10b46c975cfc2d5e8258e8b1640cfff00288af38a33ce6a86795aaface39ba715638cbd601f23662c2436446419d1b1c1601a3c7e22813","ssdeep":"","tlshash":"02f00e7038a07932b7b798112ed4df212c20f9bf7c8541825674cfe2ae117f68e48a0e","first_seen":"2024-09-19T17:44:42Z","last_seen":"2024-09-20T21:41:37.279619Z","times_seen":2285,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:28.563507692Z","timestamp":1726770028563,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F772E410F6D95169A72A7473BF8FF96F7C642B0E8CD820C34B9DEBDFC367C44E\"\r\nLast-Modified: Tue, 17 Sep 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10695\r\nExpires: Thu, 19 Sep 2024 21:18:43 GMT\r\nDate: Thu, 19 Sep 2024 18:20:28 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"946bd983da8ed3f6d5c12abcab5273e0","sha1":"eaf94210f1202240080722b9f0a78aa64b6cc1b3","sha256":"f772e410f6d95169a72a7473bf8ff96f7c642b0e8cd820c34b9debdfc367c44e","sha512":"466f63510f6343a74f36f87c7805d027aec56c3f65ab9db9a5b9586a01c280181799438cf63b934afb58ff55e009d98da1814dcbf2a4bc223a7f0c9118bc0305","ssdeep":"","tlshash":"4cf005a93da0fc559b728c11dc5cf41d0d015aba2d30a2c2598242e11ab1becc6c504d","first_seen":"2024-09-17T21:48:13Z","last_seen":"2024-09-20T21:41:37.801858Z","times_seen":14595,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"104.26.6.166/","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-19T18:20:28.684Z","timestamp":1726770028684,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 104.26.6.166\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Thu, 19 Sep 2024 18:20:28 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: same-origin\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8c5b970768a956a5-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":2100,"size_decoded":5893,"mime_type":"","magic":"HTML document, ASCII text, with very long lines (501)","md5":"47353a5525d75cdb01ebbc10a7b8d10f","sha1":"d294fcba1c5fd388b68037c45477d94e6030b806","sha256":"d1de29d6b34180debf228715abf691dc41d2c9ede26a30fb5c5d1d149fb5d7db","sha512":"0425fdfd9a416ebb23c3ba7c97cc122646f14b4dff6a30c1948f3bd1c9af6f62b4d4069720591434ce39bfac3753a05fc3efc94a9b1db61442487983407a7dc0","ssdeep":"96:1j9jwIjYj0DK/D6laa+hXOlQUpp8HZywoNwovjdJgPUwftvZU0mTrR79PaQxJbGD:1j9jhjYjoK/kaaFlVKyzNzLfgPlL0Tr4","tlshash":"e7c19663f5f8157a1093c2a331a9a71979f48123dea704d1baadc4721f8df85fe07181","first_seen":"2024-09-19T19:32:24.751169Z","last_seen":"2024-09-19T19:32:24.751169Z","times_seen":1,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":5,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"104.26.6.166/cdn-cgi/styles/main.css","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://104.26.6.166/","date":"2024-09-19T18:20:29.017Z","timestamp":1726770029017,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/styles/main.css HTTP/1.1\r\nHost: 104.26.6.166\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://104.26.6.166/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 19 Sep 2024 18:20:29 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 16 Sep 2024 09:31:40 GMT\r\nETag: W/\"66e7fafc-1f4d\"\r\nServer: cloudflare\r\nCF-RAY: 8c5b97094983b4ee-OSL\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nVary: Accept-Encoding\r\nExpires: Thu, 19 Sep 2024 20:20:29 GMT\r\nCache-Control: max-age=7200, public\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2176,"size_decoded":8013,"mime_type":"text/css","magic":"ASCII text, with very long lines (8012)","md5":"ff26f59e28a5fe6ea4ab23586415696b","sha1":"4182675484d175e363cd34b43041b7b1af93d0cd","sha256":"d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74","sha512":"92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4","ssdeep":"96:1jMh3JNJinvaE5TQRGxfldudududEtCbnaimpSpIplDO6bU6b16bE6bb6bNdkd94:1jMFJiva655dimwqjlP0/mGTZxRbC","tlshash":"75f1851bbf49104e3023886ae2c5a78d912dd282ee535bfff7173561cbc52fa1552b24","first_seen":"2023-04-05T04:39:40Z","last_seen":"2026-05-15T14:26:39.635952Z","times_seen":82226,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:29.038303336Z","timestamp":1726770029038,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"116549023FD841D0418E44C97968A7F84C98B643B76CE6B9A94CA70446DE13F1\"\r\nLast-Modified: Tue, 17 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14614\r\nExpires: Thu, 19 Sep 2024 22:24:03 GMT\r\nDate: Thu, 19 Sep 2024 18:20:29 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a31eb23bb83183cf82d06967d5e3f31e","sha1":"803053eed17ab1e4d902c93d5f20ae6e930c89e4","sha256":"116549023fd841d0418e44c97968a7f84c98b643b76ce6b9a94ca70446de13f1","sha512":"002448e23ac7cc829db47aa547c366310f05fea1e31b4b56424332ce7c8c09c6f6844c8fa127839762b4b7b7d921a51c5dbb4d61e8f36c0d120716694161199c","ssdeep":"","tlshash":"23f05cf235d17e11f1e401183e55d15d7f15d67c240110f5566083d6f4157fd47c0449","first_seen":"2024-09-17T17:56:41Z","last_seen":"2024-09-20T21:41:37.280795Z","times_seen":12012,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://104.26.6.166/","date":"2024-09-19T18:20:29.020Z","timestamp":1726770029020,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Aug 2024 18:36:35 GMT","end":"Tue, 26 Nov 2024 19:35:09 GMT"},"fingerprint":{"sha1":"9F:1E:96:97:32:94:99:DE:29:D8:8E:F8:71:05:BC:08:EB:23:1B:09","sha256":"F4:2C:60:DF:3E:20:0C:84:A3:07:B1:3C:48:57:54:1D:4D:C0:15:20:41:7F:02:2A:7E:27:83:C3:5F:8F:46:37"}}},"request":{"raw":"GET /beacon.js HTTP/1.1\r\nHost: performance.radar.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 19 Sep 2024 18:20:29 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: no-store, max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreferrer-policy: no-referrer\r\ntiming-allow-origin: *\r\nset-cookie: __cf_bm=lgrK7KLgvpZZzTL2ryIaebqFcX.gPd9o3i6lV7EJCxM-1726770029-1.0.1.1-GbYmYknJCYlhwqHx6yrkoFqM9vj_FWGRfwnWTNtDu_xU2uCyQeCXTt5wNPk9RAD9lRZOF2Oky79FzAg2CMMzSA; path=/; expires=Thu, 19-Sep-24 18:50:29 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 8c5b97098c6c0b69-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5157,"size_decoded":7994,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (7993)","md5":"4f328be327ccbbc07e5ab1384b0ec51d","sha1":"d994dd1570a24f33b3856cd8063ba5ca47f5a57e","sha256":"0279a109b5b9a20e6a587b8ba396e2307c30ddf5398bda76ef7653892fd1ab53","sha512":"11163b5019b1ddad7c346309d691f0605594f0c146d95fec5c609456b998cde99f24d2a629a95a464285c594950109d6410eb11c849b9d96e5aa43032b998693","ssdeep":"192:834d1an1U1Kf88Kvmv1IygAVAWb97RJoIFHYdzPTUxjFHYvhJ45HYRGK:ey1an1U1Kf88KOvCytOIF4tPTSjF4vhX","tlshash":"0c020977bb40c642c986085914bafe7f3411f04a07c256ad750ecd2ab2a4df2b6f2366","first_seen":"2024-09-19T19:32:24.754727Z","last_seen":"2024-09-19T19:32:24.754727Z","times_seen":1,"resource_available":true,"data":null}},"time_used":394,"timings":{"blocked":30,"dns":7,"connect":1,"send":0,"wait":328,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:30.962070379Z","timestamp":1726770030962,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238\"\r\nLast-Modified: Tue, 17 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6847\r\nExpires: Thu, 19 Sep 2024 20:14:37 GMT\r\nDate: Thu, 19 Sep 2024 18:20:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"45c440d4cead985bd4f1f69f84162f7b","sha1":"1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b","sha256":"91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238","sha512":"3e88a049c8907ddd726b1db55b4266b10de51a73bb662545bfc1bdfd18fa541a249628f37cf4b595af06618521c2a7dcdfb8df09496932cc7abc696a80876909","ssdeep":"","tlshash":"dcf005263929ba305d680c1edce5d5bf0b2059bd388054f1595963c16605bef1590008","first_seen":"2024-09-18T02:27:16Z","last_seen":"2024-09-20T21:41:36.76444Z","times_seen":12325,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:30.965460316Z","timestamp":1726770030965,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238\"\r\nLast-Modified: Tue, 17 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6847\r\nExpires: Thu, 19 Sep 2024 20:14:37 GMT\r\nDate: Thu, 19 Sep 2024 18:20:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"45c440d4cead985bd4f1f69f84162f7b","sha1":"1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b","sha256":"91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238","sha512":"3e88a049c8907ddd726b1db55b4266b10de51a73bb662545bfc1bdfd18fa541a249628f37cf4b595af06618521c2a7dcdfb8df09496932cc7abc696a80876909","ssdeep":"","tlshash":"dcf005263929ba305d680c1edce5d5bf0b2059bd388054f1595963c16605bef1590008","first_seen":"2024-09-18T02:27:16Z","last_seen":"2024-09-20T21:41:36.76444Z","times_seen":12325,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-19T18:20:30.96652223Z","timestamp":1726770030966,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238\"\r\nLast-Modified: Tue, 17 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6847\r\nExpires: Thu, 19 Sep 2024 20:14:37 GMT\r\nDate: Thu, 19 Sep 2024 18:20:30 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"45c440d4cead985bd4f1f69f84162f7b","sha1":"1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b","sha256":"91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238","sha512":"3e88a049c8907ddd726b1db55b4266b10de51a73bb662545bfc1bdfd18fa541a249628f37cf4b595af06618521c2a7dcdfb8df09496932cc7abc696a80876909","ssdeep":"","tlshash":"dcf005263929ba305d680c1edce5d5bf0b2059bd388054f1595963c16605bef1590008","first_seen":"2024-09-18T02:27:16Z","last_seen":"2024-09-20T21:41:36.76444Z","times_seen":12325,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"104.26.6.166/favicon.ico","fqdn":"104.26.6.166","domain":"104.26.6.166","tld":"166"},"ip":{"addr":"104.26.6.166","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://104.26.6.166/","date":"2024-09-19T18:20:29.507Z","timestamp":1726770029507,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 104.26.6.166\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://104.26.6.166/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Thu, 19 Sep 2024 18:20:29 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: same-origin\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8c5b970c6f59b4ee-OSL\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":5893,"size_decoded":5893,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (6192), with no line terminators","md5":"38698c64a125215af38bdfc072995c06","sha1":"0d1eeeb6188de8bccfa63dce6eabbded06f7a7b9","sha256":"479a69874ac84ac6e6cf8b6c4d8ee47e2c33e51ef4ff3ef64b859545d8bf1051","sha512":"31684ee3cab500ac5916879fa395111ecf25af9a9416c370fc09c99926343a6e6336f9b293af5e7a80951d27e8f4d8f5b15d46227a0c17ab8fdf11f765e7612e","ssdeep":"96:UE+XDahwhsqYiHVWwouwoA53ImYFrsIrT9Ffy:d+Xmn4WzuzoIvrsIrT90","tlshash":"76d17567b8ec513a215385e3327a773d3c69b101de6700d536dcc03a5b8aed0be57291","first_seen":"2024-09-19T19:32:24.757472Z","last_seen":"2024-09-19T19:32:24.757472Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-19","alert":"Sinkholed","trigger":"104.26.6.166","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}