{"report_id":"374bc431-9b8d-4309-b2ce-e2d6c2eb3a97","version":6,"status":"done","tags":[],"date":"2024-08-18T20:59:26Z","url":{"schema":"http","addr":"k25.offliberty.com/f-oH1TT27xw.mp4","fqdn":"k25.offliberty.com","domain":"offliberty.com","tld":"com"},"ip":{"addr":"198.27.69.23","port":0,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T12:48:30Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":6,"received_data":5322,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"k25.offliberty.com","ip":{"addr":"198.27.69.23","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":1,"received_data":15783650,"sent_data":404,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-18T20:58:59Z","timestamp":1724014739,"ip_dst":{"addr":"Client IP","port":38416,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.27.69.23","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"high","alert":"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)","source":"{\"timestamp\":\"2024-08-18T20:58:59.338161+0000\",\"flow_id\":1502872954165129,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"198.27.69.23\",\"src_port\":443,\"dest_ip\":\"172.18.0.2\",\"dest_port\":38416,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013659,\"rev\":6,\"signature\":\"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2011_09_15\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"SSL_Malicious_Cert\"],\"updated_at\":[\"2022_03_23\"]}},\"tls\":{\"subject\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ns514410, Email=root@ns514410\",\"issuerdn\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ns514410, Email=root@ns514410\",\"serial\":\"7C:5B\",\"fingerprint\":\"3b:02:5c:b0:29:c9:36:60:2c:74:cd:52:6f:70:08:eb:03:ce:36:2d\",\"sni\":\"k25.offliberty.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2021-05-02T22:58:44\",\"notafter\":\"2022-05-02T22:58:44\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"303951d4c50efb2e991652225a6f02b1\",\"string\":\"771,49199,65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1275,\"bytes_toclient\":1769,\"start\":\"2024-08-18T20:58:59.022409+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-08-18T20:58:59Z","timestamp":1724014739,"ip_dst":{"addr":"Client IP","port":38424,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.27.69.23","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"high","alert":"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)","source":"{\"timestamp\":\"2024-08-18T20:58:59.564049+0000\",\"flow_id\":1046476844420126,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"198.27.69.23\",\"src_port\":443,\"dest_ip\":\"172.18.0.2\",\"dest_port\":38424,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2013659,\"rev\":6,\"signature\":\"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2011_09_15\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"SSL_Malicious_Cert\"],\"updated_at\":[\"2022_03_23\"]}},\"tls\":{\"subject\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ns514410, Email=root@ns514410\",\"issuerdn\":\"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=ns514410, Email=root@ns514410\",\"serial\":\"7C:5B\",\"fingerprint\":\"3b:02:5c:b0:29:c9:36:60:2c:74:cd:52:6f:70:08:eb:03:ce:36:2d\",\"sni\":\"k25.offliberty.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2021-05-02T22:58:44\",\"notafter\":\"2022-05-02T22:58:44\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"303951d4c50efb2e991652225a6f02b1\",\"string\":\"771,49199,65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1144,\"bytes_toclient\":1769,\"start\":\"2024-08-18T20:58:59.248862+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:58:58.433125025Z","timestamp":1724014738433,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21\"\r\nLast-Modified: Sat, 17 Aug 2024 00:55:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3792\r\nExpires: Sun, 18 Aug 2024 22:02:10 GMT\r\nDate: Sun, 18 Aug 2024 20:58:58 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"219f59137337a0ee601729cab5ec83f6","sha1":"85f2e3496820405559fd526b44b9a915e0009a4f","sha256":"f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21","sha512":"48cb90218f551a6614c443e782e85b534b376bba08b83a7695a2e18760f0b03be107ea85844f800c0ac2461d1168ddcaa9f87af0f55638f4a5f865e68bbf9909","ssdeep":"","tlshash":"c9f0051005de79446b1596364cafe2b30561e8cf3ad62349ea9013f4e426bfca14800c","first_seen":"2024-08-17T07:45:32Z","last_seen":"2024-08-21T10:22:51.029727Z","times_seen":36548,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:58:58.47905855Z","timestamp":1724014738479,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"08AFCF8F1AD63CFD72B781CF4C69900E3FD266EE46389DE3918570CF5D682F30\"\r\nLast-Modified: Fri, 16 Aug 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5125\r\nExpires: Sun, 18 Aug 2024 22:24:23 GMT\r\nDate: Sun, 18 Aug 2024 20:58:58 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9fca859eba50e585d7c1550a61d33bc3","sha1":"a33940f9c83807660f212e5ff511fe28e0413c0d","sha256":"08afcf8f1ad63cfd72b781cf4c69900e3fd266ee46389de3918570cf5d682f30","sha512":"d004b6fbbc74c5fa139b926b61158f174970b301bf3a89a599e388262632de7d2ab3db03df9b824cd574a04c0db2dcdb3a007b90d1115a8e54543d7ca709b076","ssdeep":"","tlshash":"daf075661349743027f42a19abdff5102c13bef6203433d02c044bc2bc40b49e2c4544","first_seen":"2024-08-16T15:19:07Z","last_seen":"2024-08-19T13:07:01.840565Z","times_seen":24530,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:58:58.807796071Z","timestamp":1724014738807,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897\"\r\nLast-Modified: Sat, 17 Aug 2024 09:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4406\r\nExpires: Sun, 18 Aug 2024 22:12:24 GMT\r\nDate: Sun, 18 Aug 2024 20:58:58 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"69a9603269726ce602d708bf57058c4c","sha1":"8689e9ea81ea9636e7b08c3ed42650553a0c4e3b","sha256":"1a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897","sha512":"86f62cfb5bcb4647c21515d059f28f29bd48bb68e64438163f59215c37f566c1728b6b162b0535281a94b251052e038c25e8473f8b2398d19faaf029e831c1b8","ssdeep":"","tlshash":"25f05482516af9c6fbe218535958ec1aa860fcfd5b3496d7b5e483d3b4417bcc384a08","first_seen":"2024-08-17T17:11:19Z","last_seen":"2024-08-21T10:22:51.030315Z","times_seen":37163,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:58:58.994855837Z","timestamp":1724014738994,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A\"\r\nLast-Modified: Sun, 18 Aug 2024 15:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20704\r\nExpires: Mon, 19 Aug 2024 02:44:02 GMT\r\nDate: Sun, 18 Aug 2024 20:58:58 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18f75729f3e25e2eb7f12b70dfce3849","sha1":"479177b92dda7c4e8763c80a15cbc71c3386d06c","sha256":"0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a","sha512":"e66c720ca28beb0fbe2f36167471d00b84a0b62b82930af69daff98902f1307d0cf60aa29ad35c97ede418f7e3bff9a2008d9fc5767e563f16539636c6ce220c","ssdeep":"","tlshash":"aaf05c473c6e7523876219317779d4297b31fcf53415409370d803f269117c556c004c","first_seen":"2024-08-18T17:20:22Z","last_seen":"2024-08-21T10:22:51.030856Z","times_seen":40508,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:59:01.158961903Z","timestamp":1724014741158,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4066\r\nExpires: Sun, 18 Aug 2024 22:06:47 GMT\r\nDate: Sun, 18 Aug 2024 20:59:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:59:01.162201687Z","timestamp":1724014741162,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4066\r\nExpires: Sun, 18 Aug 2024 22:06:47 GMT\r\nDate: Sun, 18 Aug 2024 20:59:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:59:01.163927391Z","timestamp":1724014741163,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4066\r\nExpires: Sun, 18 Aug 2024 22:06:47 GMT\r\nDate: Sun, 18 Aug 2024 20:59:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:59:01.16584616Z","timestamp":1724014741165,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4066\r\nExpires: Sun, 18 Aug 2024 22:06:47 GMT\r\nDate: Sun, 18 Aug 2024 20:59:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-18T20:59:01.167469362Z","timestamp":1724014741167,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4066\r\nExpires: Sun, 18 Aug 2024 22:06:47 GMT\r\nDate: Sun, 18 Aug 2024 20:59:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"k25.offliberty.com/f-oH1TT27xw.mp4","fqdn":"k25.offliberty.com","domain":"offliberty.com","tld":"com"},"ip":{"addr":"198.27.69.23","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-18T20:58:59.486Z","timestamp":1724014739486,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /f-oH1TT27xw.mp4 HTTP/1.1\r\nHost: k25.offliberty.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 18 Aug 2024 20:58:59 GMT\r\nServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nContent-Disposition: attachment; filename=\"ガンプラが品薄で困っていますゆっくり解説 - from YouTube.mp4\"\r\nLast-Modified: Sun, 18 Aug 2024 20:58:21 GMT\r\nETag: \"f0d503-61ffb73de9785\"\r\nContent-Length: 15783171\r\nContent-Type: video/mp4\r\nVia: 1.1 k25.offliberty.com\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15783171,"size_decoded":15783171,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"7483b50e03463cca9c11d492f1daa732","sha1":"1b5c8db62703d3488043178618d3e71c23c540ce","sha256":"8ddfd70f0a4eb78b323acde27435b05423c3c811dc17d431cf069068d2c0da9b","sha512":"b03bfdcd885d98055652c1057564db9692d7a1f1f13330837127d2a124c275f3774d84ea8b77c44a2596a81961919ff98bf57c6456af35543e2e7a73a829ca8b","ssdeep":"393216:itb/ypOiJcAMZLYajkZSQIfHZRXC4oa0CWuYszPx:OqOiqjqqkoQIfnS4oa0bePx","tlshash":"b5f6235fbbe7d221dc315c3bd46a430017efe9754ad487c7e9dca026690682e2e6d8c8","first_seen":"2024-08-19T12:48:30.956137Z","last_seen":"2024-08-19T12:48:30.956137Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3289,"timings":{"blocked":97,"dns":3,"connect":94,"send":0,"wait":1170,"receive":1925,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}