{"report_id":"209f02ff-fc9c-41c3-8a17-4eebc20aa2c7","version":6,"status":"done","tags":[],"date":"2024-10-05T11:43:39Z","url":{"schema":"http","addr":"222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","fqdn":"222.71.180.226","domain":"222.71.180.226","tld":""},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"title":"Keyman/CANoe.DiVa_V12.0.zip at master - Keyman - Gitea: Git with a cup of tea"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-15T09:22:24Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-10-03 18:12:15","alert_count":0,"request_count":1,"received_data":888,"sent_data":327,"comment":"","tags":null,"fingerprints":null},{"fqdn":"222.71.180.226:3000","ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":7,"request_count":7,"received_data":507124,"sent_data":3173,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"2d74558b1f17b0dd5536408bfe863331","sha1":"0eb6296605b50475f860a8f98910fa1c02ca3730","sha256":"ee956b4340e02fc97a3f3e6b7d278d2224504c403d27e042e146965fe58bb79e","sha512":"c79d10988da69d9286cd54978e943723ece478f46372b3bd2e4b1fc1a1930ce976d6e8976850575c1676f1fe9c03bd0930474b58f4e78b80617ac8050114ae90","ssdeep":"","tlshash":"ebe02064342cd11cd8652ce501717e35e10f443d33d66509e7bef9d156a1130eaebc5c","size":325,"data":"","first_seen":"2024-10-06T09:22:29.195012Z","last_seen":"2024-12-03T15:35:27.840501Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"c064dd1dcc78d0c0667b0e18241ea29f","sha1":"fa119f8790fd5b0b6bd3bdb055d8db89f506555a","sha256":"255b46a8a436b8db925b340cbc22933e03c048f31f4a4f5c2c214934f90ee025","sha512":"79555110d246538cb64e3d926a1a0ccddc803f8383057a5089ab10d9afd1c9ce49084ed55e0e7679842f49fe25fb8f282ae7cede342079e98b353510af081d6d","ssdeep":"","tlshash":"ff1161462a1c60bb05206c0e7f0f6182a29a3701cffc01d07ad69f657e26d03ad10a52","size":1010,"data":"","first_seen":"2024-10-06T09:22:29.43217Z","last_seen":"2024-10-06T09:22:29.43217Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc20e552b62535895aa539be128b9a8f","sha1":"189107d3df3a5d882c4057989dea9d155c6fb67a","sha256":"ea79162252fc8800bedfb2c07a825eca47627917e4478915a85f95591e2e8070","sha512":"6fd7a4e8ec114d6964078a54058bfcb8e5657285e8f633f0b25929c9dd748215d2d0f17540e4c56dcc1c9af3bc4982bbf2df82b6b6e764010f74f074418c5cb7","ssdeep":"6144:kk026bSKIs/p2QKy4uKGvMXMWMnNYtf3IxxK71Hqo46sUJ5k1K6X76BH/+4IdF/X:102m2/tkCf3BRsWa7xYMxUnoYfTsWaV","tlshash":"20054cacb29038561baf20f0786f6d47b17a0894548c8524b63ed4ea2f7c985e177f3d","size":837233,"data":"","first_seen":"2024-10-06T09:22:29.191084Z","last_seen":"2024-10-06T09:22:29.826601Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"8b41dadafb04370d354fe6f61433f2d1","sha1":"217c4d70f7cf32aaf0db7e1f23162a39b024baba","sha256":"910927033122f3c2063dd80a99c887d314e56551ddb047673d046bb308d45894","sha512":"8a006326a7b1d34b794150ecfd44f205662139c95a7af6e70b586ae348cd9e4becbb1998d86eb8281053165635dbffc0586dfe19e9b374532c6e63fb248fc96a","ssdeep":"192:D8u6mhAhgv1HHHAneHEZHrThsjHY4zVlHHqfHHAn7EUH/runZ89gT:DPhygvJHHAeHkHnhIHY4H0HHA7hHi","tlshash":"ad02cc33111df97de80fec2656766d74e32e942930a861b0e57edea481636b0e79f00e","size":8325,"data":"","first_seen":"2024-10-06T09:22:29.434341Z","last_seen":"2024-10-06T09:22:29.434341Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-05T11:43:13.618981578Z","timestamp":1728128593619,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"85AD693617BFD03634246D0C9E3EE02C6D21D9824D25459E5E63BC51B646CC00\"\r\nLast-Modified: Fri, 04 Oct 2024 14:08:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17523\r\nExpires: Sat, 05 Oct 2024 16:35:16 GMT\r\nDate: Sat, 05 Oct 2024 11:43:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"3edd7e02dd93d4fa92970165e37ea200","sha1":"fdb009fd9b963ab8cc365829be152f0a424e0933","sha256":"85ad693617bfd03634246d0c9e3ee02c6d21d9824d25459e5e63bc51b646cc00","sha512":"2fb7c539c1ae8d21ca3cf4dd626bd1b73869cd301c4a5d671b77dcd755808b82987375cff9eb342192adf191fab2123282a83c09c2d7f4fcbbed3cdf37c73c19","ssdeep":"","tlshash":"9cf07ecc08f536011be24486bba8890bec008eaf3cc02dc878e10be22b027f13b80c0c","first_seen":"2024-10-04T18:28:19Z","last_seen":"2024-10-06T23:34:52.362775Z","times_seen":16823,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-05T11:43:14.892793878Z","timestamp":1728128594892,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nSet-Cookie: i_like_gitea=d963a56e9760dfa6; Path=/; HttpOnly; SameSite=Lax\n_csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA; Path=/; Expires=Sun, 06 Oct 2024 11:43:10 GMT; HttpOnly; SameSite=Lax\nmacaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax\r\nX-Frame-Options: SAMEORIGIN\r\nDate: Sat, 05 Oct 2024 11:43:11 GMT\r\nTransfer-Encoding: chunked\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":33374,"size_decoded":33374,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1423)","md5":"0b72c7337ba6afa3089dc6c0b6eadd9d","sha1":"aaff9fb213a3a1871b079fc0e4da05576dd14973","sha256":"3fff5f0ae9bdab1d4bcd772671aaa9fec370e05ee908255fc5ab049b672f1dab","sha512":"f69060138662049ceb9b70f68dc64f858e0b6d704481fd1c578d7ce6916dbdb1dff3468378f0c93a716d32dfc8dcbad66311311e9a2719dd914399edcd068d76","ssdeep":"384:7chSjccvzMjh6vzxOLRLzEMt9hMqwaxAQ1ERAJeJpk2AH6IJuCL2A9EwqEDNrhbE:7chSjc0SNRLlvIchMihCwqYNa5q2","tlshash":"23e29570025c2daf140b51aaa63152a4e3afed79b2bc90f072bfe6f44593cd0db6b415","first_seen":"2024-10-06T09:22:29.428268Z","last_seen":"2024-10-06T09:22:29.428268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/css/theme-auto.css?v=f706969c070b7f4de847f972aedcc989","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":3000,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","date":"2024-10-05T11:43:14.600Z","timestamp":1728128594600,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/css/theme-auto.css?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Encoding: gzip\r\nContent-Type: text/css; charset=utf-8\r\nEtag: \"MTM5MDh0aGVtZS1hdXRvLmNzc1dlZCwgMjAgSnVsIDIwMjIgMDY6MzY6MDYgR01U\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:11 GMT\r\nTransfer-Encoding: chunked\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3420,"size_decoded":13908,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (13907)","md5":"2d8dc746a96cde3c5ec1f2b1d95fe658","sha1":"32e57c6a65db88c4c9c54c8b01138e512afe5dce","sha256":"16bf2101993322bd44628b9ffca3ff1fd3eb291bc0ee2aa08db7cd3f5bf4cef8","sha512":"34af9f6919012f1184413a9e215e6c9798ced1ca1cbca66ca53d9cfb43273c8c17ff3988304509437a3760863325573eac09f2393be32b17e40e48223f691f90","ssdeep":"192:Is1TIS2UAnMeluB/lFmISmoGp+LNMUiwfkQcocapFp:/vAnMeluB/lMURLwcXapFp","tlshash":"1252024af044685f3213893d2588fde9331862d0ad455f73bb2971aa26c588b3cbbb55","first_seen":"2023-11-19T06:10:02Z","last_seen":"2025-10-16T22:27:42.01298Z","times_seen":8,"resource_available":false,"data":null}},"time_used":760,"timings":{"blocked":249,"dns":0,"connect":255,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/css/index.css?v=f706969c070b7f4de847f972aedcc989","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":3000,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","date":"2024-10-05T11:43:14.598Z","timestamp":1728128594598,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/css/index.css?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Encoding: gzip\r\nContent-Type: text/css; charset=utf-8\r\nEtag: \"ODY1MjMyaW5kZXguY3NzV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ=\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:11 GMT\r\nTransfer-Encoding: chunked\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":132229,"size_decoded":865232,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ab4906db5cd40889b4e62d3d115b3e0d","sha1":"5cbc1cac8c351eb83fe6ca602b46f92816fd925f","sha256":"772ada1dace6cbb6f7178330e9a55ef292c125935b4c89ae45639327ba692cf2","sha512":"909c4809f052b0cf53d770044be44f3c477a40ddfc25cff490ca706ff859afef56d335a6c2c6d60fd092bfeb3b369b58f997e397b5dc957dbe0be3b6dfa63fa5","ssdeep":"6144:9kId0Z49exmS22gvfCf/fvgGg2gf8y8S8m8S8q8vS5gkgStE9:jd0Z49AmS2xSStE9","tlshash":"4805c6a9d24424c95723c0c7abc476d87719f091e861cfb7f01774984bda9db2cb2b2a","first_seen":"2024-10-06T09:22:29.188616Z","last_seen":"2024-10-06T09:22:29.819504Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1994,"timings":{"blocked":245,"dns":0,"connect":247,"send":0,"wait":251,"receive":1251,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/js/index.js?v=f706969c070b7f4de847f972aedcc989","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-05T11:43:16.718192587Z","timestamp":1728128596718,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/js/index.js?v=f706969c070b7f4de847f972aedcc989 HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Encoding: gzip\r\nContent-Type: text/javascript; charset=utf-8\r\nEtag: \"ODM3MjMzaW5kZXguanNXZWQsIDIwIEp1bCAyMDIyIDA2OjM2OjA2IEdNVA==\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:11 GMT\r\nTransfer-Encoding: chunked\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":254220,"size_decoded":837233,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cc20e552b62535895aa539be128b9a8f","sha1":"189107d3df3a5d882c4057989dea9d155c6fb67a","sha256":"ea79162252fc8800bedfb2c07a825eca47627917e4478915a85f95591e2e8070","sha512":"6fd7a4e8ec114d6964078a54058bfcb8e5657285e8f633f0b25929c9dd748215d2d0f17540e4c56dcc1c9af3bc4982bbf2df82b6b6e764010f74f074418c5cb7","ssdeep":"6144:kk026bSKIs/p2QKy4uKGvMXMWMnNYtf3IxxK71Hqo46sUJ5k1K6X76BH/+4IdF/X:102m2/tkCf3BRsWa7xYMxUnoYfTsWaV","tlshash":"20054cacb29038561baf20f0786f6d47b17a0894548c8524b63ed4ea2f7c985e177f3d","first_seen":"2024-10-06T09:22:29.191084Z","last_seen":"2024-10-06T09:22:29.826601Z","times_seen":4,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/img/logo.svg","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":3000,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://222.71.180.226:3000/KaiRo/Keyman/src/branch/master/CANoe.DiVa_V12.0.zip","date":"2024-10-05T11:43:14.602Z","timestamp":1728128594602,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/img/logo.svg HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Encoding: gzip\r\nContent-Type: image/svg+xml\r\nEtag: \"MjIwN2xvZ28uc3ZnV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ=\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:13 GMT\r\nContent-Length: 1078\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1078,"size_decoded":2207,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"040de3d1e9bbfb70fd0287dac0214106","sha1":"576426b10f7441422977eed04e199112110e4dfa","sha256":"e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100","sha512":"1eedb8003e0f7ad23a9cabaa3c295befeb0d4b311a0f71d72147dcae72eb89dc9528de2dd9ad699ad2fa6b7e3658929f5a7c8dabb7312eba7275742d10b69ff2","ssdeep":"","tlshash":"3b41d035c351e3b4eca383b49a3230f0785f816dd1d693a9c77885b8b6458e8a59d8dc","first_seen":"2023-05-21T01:42:11Z","last_seen":"2026-05-03T19:45:02.348518Z","times_seen":89,"resource_available":false,"data":null}},"time_used":2002,"timings":{"blocked":1743,"dns":0,"connect":0,"send":0,"wait":258,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/fonts/icons.woff2","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-05T11:43:16.836353045Z","timestamp":1728128596836,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/fonts/icons.woff2 HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://222.71.180.226:3000/assets/css/index.css?v=f706969c070b7f4de847f972aedcc989\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Length: 79444\r\nContent-Type: font/woff2\r\nEtag: \"Nzk0NDRpY29ucy53b2ZmMldlZCwgMjAgSnVsIDIwMjIgMDY6MzY6MDYgR01U\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:13 GMT\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":79444,"size_decoded":79444,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 79444, version 331.524","md5":"b15db15f746f29ffa02638cb455b8ec0","sha1":"75a88815c47a249eadb5f0edc1675957f860cca7","sha256":"7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7","sha512":"84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f","ssdeep":"1536:ogXevisOzyu5r4HjEIe9vyJFdiTCHnegAZ64RPmF17k+GbpJ0VxZrtbz:oTvissyu5eb0ciORAZ64Qrk+0Mzbz","tlshash":"6b7302c68d4ae504c87e0daa36b5a96651be9fc5720e4df6e8700cbcf1f12dc0266d19","first_seen":"2023-04-05T14:18:50Z","last_seen":"2026-05-06T14:50:44.966044Z","times_seen":22369,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"222.71.180.226:3000/assets/img/favicon.svg","fqdn":"222.71.180.226:3000","domain":"222.71.180.226","tld":"226:3000"},"ip":{"addr":"222.71.180.226","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-05T11:43:17.110040718Z","timestamp":1728128597110,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/img/favicon.svg HTTP/1.1\r\nHost: 222.71.180.226:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: i_like_gitea=d963a56e9760dfa6; _csrf=RJnN0ymG8WuLKo-Xu_czPfHcW1U6MTcyODEyODU5MDg1MTYzOTgwMA\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: private, max-age=21600\r\nContent-Encoding: gzip\r\nContent-Type: image/svg+xml\r\nEtag: \"MjIwN2Zhdmljb24uc3ZnV2VkLCAyMCBKdWwgMjAyMiAwNjozNjowNiBHTVQ=\"\r\nLast-Modified: Wed, 20 Jul 2022 06:36:06 GMT\r\nDate: Sat, 05 Oct 2024 11:43:13 GMT\r\nContent-Length: 1078\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1078,"size_decoded":2207,"mime_type":"text/plain; charset=utf-8","magic":"SVG Scalable Vector Graphics image","md5":"040de3d1e9bbfb70fd0287dac0214106","sha1":"576426b10f7441422977eed04e199112110e4dfa","sha256":"e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100","sha512":"1eedb8003e0f7ad23a9cabaa3c295befeb0d4b311a0f71d72147dcae72eb89dc9528de2dd9ad699ad2fa6b7e3658929f5a7c8dabb7312eba7275742d10b69ff2","ssdeep":"","tlshash":"3b41d035c351e3b4eca383b49a3230f0785f816dd1d693a9c77885b8b6458e8a59d8dc","first_seen":"2023-05-21T01:42:11Z","last_seen":"2026-05-03T19:45:02.348518Z","times_seen":89,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-10-05","alert":"Sinkholed","trigger":"222.71.180.226","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}