{"report_id":"39ca3a1e-9e9d-4abc-af8d-8165eebac873","version":6,"status":"done","tags":[],"date":"2024-09-30T17:02:27Z","url":{"schema":"http","addr":"mrauthtool.com/Tools/Mr_Auth_Tool_2.2.zip","fqdn":"mrauthtool.com","domain":"mrauthtool.com","tld":"com"},"ip":{"addr":"104.21.47.149","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-13T10:58:00Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-29 18:13:43","alert_count":0,"request_count":4,"received_data":3549,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mrauthtool.com","ip":{"addr":"104.21.47.149","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-11-27","domain_rank":0,"first_seen":"2022-11-27 11:26:12","last_seen":"2024-04-12 16:53:47","alert_count":1,"request_count":1,"received_data":3185336,"sent_data":495,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-29 18:12:51","alert_count":0,"request_count":5,"received_data":4435,"sent_data":1635,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"5f9b6e9c4f8541fdacf90a1a2371dc96","sha1":"c552d6c4e9786b0839d85151724b87f1c2483a5d","sha256":"2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","sha512":"133284cd619e0f4ad4ea221db0cc84ea68076a129878c7fe1f2750ea75955449f643842181cd8d1488f7b18d086113d1077c686f342f5ee6fd8e472d73283310","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":3184518,"url":{"schema":"https","addr":"mrauthtool.com/Tools/Mr_Auth_Tool_2.2.zip","fqdn":"mrauthtool.com","domain":"mrauthtool.com","tld":"com"},"ip":{"addr":"104.21.47.149","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Mr_Auth_Tool_2.2.exe","filename":"Mr_Auth_Tool_2.2.exe","modified":"","Modified":"2024-05-24T14:14:21+06:30","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections","size":3311116,"md5":"4551680e3af8fd2812de96b5de533b37","sha1":"3b65b72aedd861f129b59de191c9efced1b5f7b7","sha256":"f3043597e5be833ee9131722db74949529843b38cecca535d68babb8f02ed399","sha512":"a375c8dae16f996fad7df4444cfc1e437c48324f558e88de5920587e60a672c162a412cd27c9dfb05e8de272f1f29f9105c405f7e9bca0be4cd1c2d1b89b5824","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-30","alert":"Detects an SFX archive with automatic script execution","trigger":"Mr_Auth_Tool_2.2.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-06-22","alert":"Scan result 57/73","trigger":"f3043597e5be833ee9131722db74949529843b38cecca535d68babb8f02ed399","verdict":"malicious","severity":"","comment":"malicious - 57/73","link":"https://www.virustotal.com/gui/file/f3043597e5be833ee9131722db74949529843b38cecca535d68babb8f02ed399","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-09-30","alert":"Detects an SFX archive with automatic script execution","trigger":"Mr_Auth_Tool_2.2.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Xavier Mertens","date":"2023-05-17","description":"Detects an SFX archive with automatic script execution","rule":"SelfExtractingRAR","yarahub_author_email":"xmertens@isc.sans.edu","yarahub_author_twitter":"@xme","yarahub_license":"CC0 1.0","yarahub_reference_link":"https://isc.sans.edu/diary/rss/29852","yarahub_reference_md5":"7792250c87624329163817277531a5ef","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"bcc4ceab-0249-43af-8d2a-8a04d5c65c70"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-25","alert":"Scan result 48/69","trigger":"2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","verdict":"malicious","severity":"","comment":"malicious - 48/69","link":"https://www.virustotal.com/gui/file/2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:01.310877981Z","timestamp":1727715721310,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C0C02E7516B5C8F47116E156FFEC5318764A2A60D1D0692F4C92FAECE747B6E8\"\r\nLast-Modified: Mon, 30 Sep 2024 11:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6834\r\nExpires: Mon, 30 Sep 2024 18:55:55 GMT\r\nDate: Mon, 30 Sep 2024 17:02:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4de9df2391ebcb20b98d8f713f87a5bf","sha1":"20f1dc2e6e7040b3804d4ee3ec82acea14621f61","sha256":"c0c02e7516b5c8f47116e156ffec5318764a2a60d1d0692f4c92faece747b6e8","sha512":"e1bcd01cd802b63535fd9e2d3d88c45f7d627a19f21e0058fd7cc5130487cfd2f82b4b4ac859eb36a28d1063dfe4d0e0a1545d0a93bb8467eab4f74757494faa","ssdeep":"","tlshash":"42f0c06621c6794592b504011978cf346f251edf389809da186017e2b850f9f2744049","first_seen":"2024-09-30T14:58:39Z","last_seen":"2024-10-04T11:00:10.202745Z","times_seen":3033,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:01.389145118Z","timestamp":1727715721389,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4868FAF0CF6C4F9BD0D7DB49DCDE0B7358890C362D5281A233AB666A702E1741\"\r\nLast-Modified: Sat, 28 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6911\r\nExpires: Mon, 30 Sep 2024 18:57:12 GMT\r\nDate: Mon, 30 Sep 2024 17:02:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d070dea5a1c30c330443d09132734e63","sha1":"3ca8c0f7cd2afd3a26da8bbe3f8a47c5995294f4","sha256":"4868faf0cf6c4f9bd0d7db49dcde0b7358890c362d5281a233ab666a702e1741","sha512":"1d47570d932cd437b5c1e807b6fe33e353730c9766d6a331819009c38d52f7ce69e3e7c6afb9831c9b670336052c61b543fcb3496cfdc5f32dac08c63a091cff","ssdeep":"","tlshash":"dcf00e723fba3500fa742f0678d5cc651e65aaf8700892d022d09252bd10bd815de01c","first_seen":"2024-09-28T14:22:13Z","last_seen":"2024-10-04T11:26:59.888878Z","times_seen":24632,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:01.653349238Z","timestamp":1727715721653,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F36F32272995A27C5E8BECD123957F0185C784ED591102043179DAE02676B3C7\"\r\nLast-Modified: Mon, 30 Sep 2024 02:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12028\r\nExpires: Mon, 30 Sep 2024 20:22:29 GMT\r\nDate: Mon, 30 Sep 2024 17:02:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aae837b7f2ef5de4d66d438798369bcd","sha1":"fcfbcb8dcd8faf9af9ea780440bc18762f060780","sha256":"f36f32272995a27c5e8becd123957f0185c784ed591102043179dae02676b3c7","sha512":"62e185a20c599c70850dc2d111c46c0ba310b364d9a89730c1db34772eff5b2688d8627fcee64946acd01e545ab497842800e26288351e7007f9fd53f3b89ef7","ssdeep":"","tlshash":"5cf0c0d117adfe11ab7608221c38e15f1c14be5b1450129159e042b2a510fe9475448c","first_seen":"2024-09-30T07:22:40Z","last_seen":"2024-10-04T11:03:55.77307Z","times_seen":4065,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:01.824515468Z","timestamp":1727715721824,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"92A694D29FA63C8DA404B537D0EAAC859796CF351325DE5B9CB23010089797CC\"\r\nLast-Modified: Mon, 30 Sep 2024 05:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9777\r\nExpires: Mon, 30 Sep 2024 19:44:58 GMT\r\nDate: Mon, 30 Sep 2024 17:02:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"58904a4fbcfb57844d0914da3af1d8c7","sha1":"469367b4264860d89f0d683cde706e74b21ec66f","sha256":"92a694d29fa63c8da404b537d0eaac859796cf351325de5b9cb23010089797cc","sha512":"47a44b76c8d127431d474333d79bc1e4d83d31c2f176d44e91630e8baa98a14bef2767f9c44b1248e10d66fc9b1b87a1cf796bb4383d98578213f781d7449b54","ssdeep":"","tlshash":"33f0050717c76850e9190d451cbad4383951699f3d2808e925b011e5ad31fed0984e0c","first_seen":"2024-09-30T10:21:28Z","last_seen":"2024-10-04T11:02:39.933328Z","times_seen":4205,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrauthtool.com/Tools/Mr_Auth_Tool_2.2.zip","fqdn":"mrauthtool.com","domain":"mrauthtool.com","tld":"com"},"ip":{"addr":"104.21.47.149","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-30T17:02:01.893Z","timestamp":1727715721893,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mrauthtool.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 15 Aug 2024 10:14:42 GMT","end":"Wed, 13 Nov 2024 10:14:41 GMT"},"fingerprint":{"sha1":"4E:B5:8F:EB:99:B3:DB:61:2C:F3:59:83:D3:C7:DF:59:74:8D:C1:20","sha256":"D3:54:94:A9:E6:EE:31:06:98:D4:2C:B3:8A:2C:68:F8:B2:E5:D0:1C:2A:B3:7F:88:9F:08:21:BE:C1:F2:D3:E7"}}},"request":{"raw":"GET /Tools/Mr_Auth_Tool_2.2.zip HTTP/1.1\r\nHost: mrauthtool.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Sep 2024 17:02:02 GMT\r\ncontent-type: application/zip\r\ncontent-length: 3184518\r\nlast-modified: Thu, 22 Aug 2024 02:33:03 GMT\r\netag: \"309786-66c6a35f-bdde87c9a962d68;;;\"\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yakuckhitopzpI1khq7JnP4QQJs%2BFZSQZRDzfLrGP%2FpL%2BtikfycCGHgO%2FK12%2FIThTNJsrDMaMIyCKXT1A9hvSVuupPFRLBcFG%2FF8Z9M4YSwQMCNpqSwLAajUEoAoI9r4EQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8cb5c73e5e4c0eb4-AMS\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3184518,"size_decoded":3184518,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"5f9b6e9c4f8541fdacf90a1a2371dc96","sha1":"c552d6c4e9786b0839d85151724b87f1c2483a5d","sha256":"2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","sha512":"133284cd619e0f4ad4ea221db0cc84ea68076a129878c7fe1f2750ea75955449f643842181cd8d1488f7b18d086113d1077c686f342f5ee6fd8e472d73283310","ssdeep":"49152:AzxY8WNCwTH9IVbiykyI4hVgsmZXyjn4FqReYxRp4MrRMYumV:AzVwT6AykCVjmZXQ4FqRrxAeaU","tlshash":"21e53342d7947f9a412ab523bd90a33777dea21cff14f423e3960f86284329376e9944","first_seen":"2024-07-11T06:48:42Z","last_seen":"2025-05-02T07:22:11.813011Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1470,"timings":{"blocked":65,"dns":0,"connect":20,"send":0,"wait":572,"receive":767,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-25","alert":"Scan result 48/69","trigger":"2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","verdict":"malicious","severity":"","comment":"malicious - 48/69","link":"https://www.virustotal.com/gui/file/2ffb33002878834e8cf08b31339d34d94adb9946d839b614c2abece863e57efb","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:03.848766742Z","timestamp":1727715723848,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859\"\r\nLast-Modified: Mon, 30 Sep 2024 12:13:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9481\r\nExpires: Mon, 30 Sep 2024 19:40:04 GMT\r\nDate: Mon, 30 Sep 2024 17:02:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d192ec04f2d316363a9a18fa6060462","sha1":"3fbd851b538e3ae156719d6a8b5b80e22f1fb688","sha256":"1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859","sha512":"951a094443f33cee11f0ed3a9c40defb874b4f7964587fb3c4fd97d2bf7b60c43e6595341147852b32f18432237b7b6de1b4ac31ea66787abd2bc16d5ab372c9","ssdeep":"","tlshash":"95f00e0702eaac689bb6807ebae4c0160d702dee3e8501e74674d5f07c24bbe6442e58","first_seen":"2024-09-30T15:40:01Z","last_seen":"2024-10-04T10:59:40.67613Z","times_seen":2084,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:03.84980797Z","timestamp":1727715723849,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859\"\r\nLast-Modified: Mon, 30 Sep 2024 12:13:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9389\r\nExpires: Mon, 30 Sep 2024 19:38:32 GMT\r\nDate: Mon, 30 Sep 2024 17:02:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d192ec04f2d316363a9a18fa6060462","sha1":"3fbd851b538e3ae156719d6a8b5b80e22f1fb688","sha256":"1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859","sha512":"951a094443f33cee11f0ed3a9c40defb874b4f7964587fb3c4fd97d2bf7b60c43e6595341147852b32f18432237b7b6de1b4ac31ea66787abd2bc16d5ab372c9","ssdeep":"","tlshash":"95f00e0702eaac689bb6807ebae4c0160d702dee3e8501e74674d5f07c24bbe6442e58","first_seen":"2024-09-30T15:40:01Z","last_seen":"2024-10-04T10:59:40.67613Z","times_seen":2084,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:03.850494134Z","timestamp":1727715723850,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859\"\r\nLast-Modified: Mon, 30 Sep 2024 12:13:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9389\r\nExpires: Mon, 30 Sep 2024 19:38:32 GMT\r\nDate: Mon, 30 Sep 2024 17:02:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d192ec04f2d316363a9a18fa6060462","sha1":"3fbd851b538e3ae156719d6a8b5b80e22f1fb688","sha256":"1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859","sha512":"951a094443f33cee11f0ed3a9c40defb874b4f7964587fb3c4fd97d2bf7b60c43e6595341147852b32f18432237b7b6de1b4ac31ea66787abd2bc16d5ab372c9","ssdeep":"","tlshash":"95f00e0702eaac689bb6807ebae4c0160d702dee3e8501e74674d5f07c24bbe6442e58","first_seen":"2024-09-30T15:40:01Z","last_seen":"2024-10-04T10:59:40.67613Z","times_seen":2084,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:03.85108095Z","timestamp":1727715723851,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859\"\r\nLast-Modified: Mon, 30 Sep 2024 12:13:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9389\r\nExpires: Mon, 30 Sep 2024 19:38:32 GMT\r\nDate: Mon, 30 Sep 2024 17:02:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d192ec04f2d316363a9a18fa6060462","sha1":"3fbd851b538e3ae156719d6a8b5b80e22f1fb688","sha256":"1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859","sha512":"951a094443f33cee11f0ed3a9c40defb874b4f7964587fb3c4fd97d2bf7b60c43e6595341147852b32f18432237b7b6de1b4ac31ea66787abd2bc16d5ab372c9","ssdeep":"","tlshash":"95f00e0702eaac689bb6807ebae4c0160d702dee3e8501e74674d5f07c24bbe6442e58","first_seen":"2024-09-30T15:40:01Z","last_seen":"2024-10-04T10:59:40.67613Z","times_seen":2084,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-30T17:02:03.852629836Z","timestamp":1727715723852,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859\"\r\nLast-Modified: Mon, 30 Sep 2024 12:13:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9481\r\nExpires: Mon, 30 Sep 2024 19:40:04 GMT\r\nDate: Mon, 30 Sep 2024 17:02:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d192ec04f2d316363a9a18fa6060462","sha1":"3fbd851b538e3ae156719d6a8b5b80e22f1fb688","sha256":"1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859","sha512":"951a094443f33cee11f0ed3a9c40defb874b4f7964587fb3c4fd97d2bf7b60c43e6595341147852b32f18432237b7b6de1b4ac31ea66787abd2bc16d5ab372c9","ssdeep":"","tlshash":"95f00e0702eaac689bb6807ebae4c0160d702dee3e8501e74674d5f07c24bbe6442e58","first_seen":"2024-09-30T15:40:01Z","last_seen":"2024-10-04T10:59:40.67613Z","times_seen":2084,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}