{"report_id":"21dafd9d-d12e-4bb7-b22c-1ab4fc0bcc38","version":6,"status":"done","tags":[],"date":"2024-10-08T16:31:02Z","url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"xmsecu.com","domain":"xmsecu.com","tld":"com"},"ip":{"addr":"49.4.84.205","port":0,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-20T08:48:25Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-10-07 19:37:44","alert_count":0,"request_count":4,"received_data":3550,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-10-07 19:37:45","alert_count":0,"request_count":4,"received_data":3552,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"","ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":1,"request_count":1,"received_data":5069254,"sent_data":403,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"48646c40120925c774754e5de36c33cc","sha1":"35b7cf02001365714a75861809ba59c462e253d8","sha256":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","sha512":"be32a77b95ff16593412d08f01940d96aea2c14e3840e0fae51643c6e493092f9ba69f0af48ed47f812daa2abf48ad25c61a2afa67394d22822b050b17c1a228","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":5069003,"url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"","domain":"","tld":""},"ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-01","alert":"Scan result 2/72","trigger":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:36.382017505Z","timestamp":1728405036382,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"14FFC94E6280A14388FDA9745042B01144374FD782CF089B48025A1316ECBD24\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6215\r\nExpires: Tue, 08 Oct 2024 18:14:11 GMT\r\nDate: Tue, 08 Oct 2024 16:30:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"92a230cb5218879a64fe719acf75881c","sha1":"7f7635dedaaca6b4b4ecb370b51df9538d7a7d0d","sha256":"14ffc94e6280a14388fda9745042b01144374fd782cf089b48025a1316ecbd24","sha512":"e8b2de291b4f320972ab8697f136fb4340867c6d07e3a10197ed03f1df5ba22e193fbac09408898ad04f62391af3bd13dd2d44c4e594e6585c3404c077e6f71b","ssdeep":"","tlshash":"d4f005611d91fc49df534505399ed317c6233dbf6610c3c431b45dd6ad5179c69a2018","first_seen":"2024-10-08T15:40:24Z","last_seen":"2024-10-11T08:49:57.33154Z","times_seen":12496,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:36.417243207Z","timestamp":1728405036417,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"50B50DC294C0C33B05390BD82AD7A823A64B8C24A0DE5B92B770E8CFD4E5259F\"\r\nLast-Modified: Tue, 08 Oct 2024 04:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13435\r\nExpires: Tue, 08 Oct 2024 20:14:31 GMT\r\nDate: Tue, 08 Oct 2024 16:30:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7338853386defad2f045b3bee05dd9c8","sha1":"6aaf1269eb3b9e16629c1b20652ee2dbd12c7182","sha256":"50b50dc294c0c33b05390bd82ad7a823a64b8c24a0de5b92b770e8cfd4e5259f","sha512":"d929c304b49666818efd3a32ab1dfc92a898ced7f68a57dc719cb3bd9f60cdaf0effcb2a95a7a66554168ebffc3b644666a2e240a119faa5a441dea260f78350","ssdeep":"","tlshash":"30f005790d927940abb1482e6c58e62ace4f1d5a2c0153e132f00be374215fc058048c","first_seen":"2024-10-08T16:15:46Z","last_seen":"2024-10-11T08:49:30.412601Z","times_seen":15845,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:36.850065108Z","timestamp":1728405036850,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"B6DB380F5EEB73AA56ABF90AFA43B52CC9F51B01F33AD1EEFECCC473A41FFB86\"\r\nLast-Modified: Tue, 08 Oct 2024 11:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3145\r\nExpires: Tue, 08 Oct 2024 17:23:01 GMT\r\nDate: Tue, 08 Oct 2024 16:30:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"33985775df7b619cb33f4050d88c5fb9","sha1":"cf0b2ff92cd2f7e12ce788a164a73d75dea5da83","sha256":"b6db380f5eeb73aa56abf90afa43b52cc9f51b01f33ad1eefeccc473a41ffb86","sha512":"6bc0e873177bc8082b9b3d8fdb3e1c3d3b2adf2d27c0053919c540d80bdfffa7a6f41b0ea381ef7e077c08bbd371ab5a9cbae5cea92e4752c766d8ff25ddb8f5","ssdeep":"","tlshash":"81f07551c5b13da01bb01629d9a89003dd10cdfa14c05be451f443e23c02bfc468054c","first_seen":"2024-10-08T16:14:32Z","last_seen":"2024-10-11T08:49:31.751651Z","times_seen":5844,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:37.149072985Z","timestamp":1728405037149,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"663061E811010828ED222146CBB81114A49BA635F6C6547F3601AE0C3DE1409D\"\r\nLast-Modified: Tue, 08 Oct 2024 04:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18739\r\nExpires: Tue, 08 Oct 2024 21:42:56 GMT\r\nDate: Tue, 08 Oct 2024 16:30:37 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"31fc782bf1efb76a7251d3e45007b986","sha1":"7cfef07644e0e4aad99bfa3dd10cf975f7c06f89","sha256":"663061e811010828ed222146cbb81114a49ba635f6c6547f3601ae0c3de1409d","sha512":"0d4e3c7e528425efe4d2ee831311297f1323cfb952fa85081699e7db96563652834bada73d810ccf7ec01f3593ad97bcbc9984fd196874750a70296c6a31d712","ssdeep":"","tlshash":"8af00e523fa4f404eef39807342bc68e9d15ea57362607c335a40398fc02bfe4a4588c","first_seen":"2024-10-08T14:10:12Z","last_seen":"2024-10-11T08:50:56.892073Z","times_seen":10006,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:39.14657426Z","timestamp":1728405039146,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13314\r\nExpires: Tue, 08 Oct 2024 20:12:33 GMT\r\nDate: Tue, 08 Oct 2024 16:30:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:39.148078876Z","timestamp":1728405039148,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13314\r\nExpires: Tue, 08 Oct 2024 20:12:33 GMT\r\nDate: Tue, 08 Oct 2024 16:30:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:39.149129378Z","timestamp":1728405039149,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13314\r\nExpires: Tue, 08 Oct 2024 20:12:33 GMT\r\nDate: Tue, 08 Oct 2024 16:30:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-10-08T16:30:39.153003335Z","timestamp":1728405039153,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7\"\r\nLast-Modified: Tue, 08 Oct 2024 04:17:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13314\r\nExpires: Tue, 08 Oct 2024 20:12:33 GMT\r\nDate: Tue, 08 Oct 2024 16:30:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aa746f2452828a39148ef2ed129c14f6","sha1":"aab2904047696ac367e2bfc0ffb1ba44c9c84256","sha256":"5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7","sha512":"4c74b97bc4bd38e0b7f46de86629b399a71d4aa41e536362ded439aaf69c5bf690dc1fc66cb583193bd8ead6f7e982da960c0490f1ba4620f650a2117b8efe19","ssdeep":"","tlshash":"23f005913f15b8e00f746485e87584235d7b4dd5bc00e69a53a8a7d467543fd15d050c","first_seen":"2024-10-08T11:30:21Z","last_seen":"2024-10-11T08:52:19.931081Z","times_seen":8574,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xmsecu.com:8080/ocx/NewActive.exe","fqdn":"","domain":"","tld":""},"ip":{"addr":"49.4.84.205","port":8080,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-08T16:30:37.011Z","timestamp":1728405037011,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /ocx/NewActive.exe HTTP/1.1\r\nHost: xmsecu.com:8080\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 08 Oct 2024 16:30:37 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 5069003\r\nLast-Modified: Mon, 13 Feb 2023 12:57:37 GMT\r\nConnection: keep-alive\r\nETag: \"63ea33c1-4d58cb\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5069003,"size_decoded":5069003,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"48646c40120925c774754e5de36c33cc","sha1":"35b7cf02001365714a75861809ba59c462e253d8","sha256":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","sha512":"be32a77b95ff16593412d08f01940d96aea2c14e3840e0fae51643c6e493092f9ba69f0af48ed47f812daa2abf48ad25c61a2afa67394d22822b050b17c1a228","ssdeep":"98304:O06FOznLo0+Dd6uxcr1N5njt2hlTziny/MzEm3B2+4VmDb55d:O3F6n80W6uGrth4Jz/OEG4eb1","tlshash":"4e362347f283d4b1d5a601b408669b724a756c3283bad5e76fd0396e9e303d0eb3364b","first_seen":"2023-06-13T04:18:19Z","last_seen":"2024-10-21T04:17:35.813752Z","times_seen":82,"resource_available":false,"data":null}},"time_used":3768,"timings":{"blocked":209,"dns":2,"connect":217,"send":0,"wait":218,"receive":3122,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-10-01","alert":"Scan result 2/72","trigger":"d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/d2c3e10aaca5234fb3feecc01e5637170f1b60f02dc676fe5ea7c54f1b97b7ad","meta":null}],"urlquery":null}}]}