{"report_id":"74f9d8d3-70cd-4158-be71-570f2544a799","version":6,"status":"done","tags":[],"date":"2024-09-29T17:34:57Z","url":{"schema":"http","addr":"181.78.27.128:8000/play/a05t/index.m3u8","fqdn":"181.78.27.128","domain":"181.78.27.128","tld":""},"ip":{"addr":"181.78.27.128","port":0,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Paraguay","country_code":"PY"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-13T11:09:23Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-28 18:12:41","alert_count":0,"request_count":4,"received_data":3552,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"181.78.27.128:8000","ip":{"addr":"181.78.27.128","port":8000,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Paraguay","country_code":"PY"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":419,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-28 18:12:10","alert_count":0,"request_count":2,"received_data":1774,"sent_data":654,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-29","alert":"Sinkholed","trigger":"181.78.27.128","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:31.818661865Z","timestamp":1727631271818,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4868FAF0CF6C4F9BD0D7DB49DCDE0B7358890C362D5281A233AB666A702E1741\"\r\nLast-Modified: Sat, 28 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13535\r\nExpires: Sun, 29 Sep 2024 21:20:06 GMT\r\nDate: Sun, 29 Sep 2024 17:34:31 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d070dea5a1c30c330443d09132734e63","sha1":"3ca8c0f7cd2afd3a26da8bbe3f8a47c5995294f4","sha256":"4868faf0cf6c4f9bd0d7db49dcde0b7358890c362d5281a233ab666a702e1741","sha512":"1d47570d932cd437b5c1e807b6fe33e353730c9766d6a331819009c38d52f7ce69e3e7c6afb9831c9b670336052c61b543fcb3496cfdc5f32dac08c63a091cff","ssdeep":"","tlshash":"dcf00e723fba3500fa742f0678d5cc651e65aaf8700892d022d09252bd10bd815de01c","first_seen":"2024-09-28T14:22:13Z","last_seen":"2024-10-04T11:26:59.888878Z","times_seen":24632,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:31.863113437Z","timestamp":1727631271863,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DCD0A39D2797B3578C25899FD889C37FF54980F9DBC1888DCE17D6512539E9F0\"\r\nLast-Modified: Sun, 29 Sep 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13573\r\nExpires: Sun, 29 Sep 2024 21:20:44 GMT\r\nDate: Sun, 29 Sep 2024 17:34:31 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"dbde5c5adbbd6a8e97882b8268361ce9","sha1":"d8857cca329a8ee2f9f6af7d4e534e394d9d59f1","sha256":"dcd0a39d2797b3578c25899fd889c37ff54980f9dbc1888dce17d6512539e9f0","sha512":"e49c546a26a4320729243fa8b3e54625764350a29a33b3dc8977a6576ed3478908ea4fcccf9ea0c8aebc6fd93f2a32b5fdcfe1fc831a67d42a1557192946be69","ssdeep":"","tlshash":"3ff005ed1166fdd1b75144063c61db643d3068fe3c754492bde4cbd26551b98094875c","first_seen":"2024-09-29T14:20:01Z","last_seen":"2024-10-04T11:12:24.118754Z","times_seen":9259,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:32.192844639Z","timestamp":1727631272192,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"ACA60B59444DA84471FDCAA5EE39B4F93B50EC54CC3C4056646A89B4B632BF3E\"\r\nLast-Modified: Sat, 28 Sep 2024 18:50:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18695\r\nExpires: Sun, 29 Sep 2024 22:46:07 GMT\r\nDate: Sun, 29 Sep 2024 17:34:32 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"beb9514dd5039f056420be97de2e8462","sha1":"84d707ea13f9ebd73282b46ca1907bf273e8b441","sha256":"aca60b59444da84471fdcaa5ee39b4f93b50ec54cc3c4056646a89b4b632bf3e","sha512":"cd974c8383efaef948e46da4f1a26c3883635efad8be795bced86fdc3f778706329829f799c2680eb523873aa3b46a13ac0a98f15d01cc2307a5b9a18c176b90","ssdeep":"","tlshash":"02f00e8643f77d41fbb01d2a68baf61029547ffc78109ed4328403a2a524ba8078868c","first_seen":"2024-09-29T04:23:26Z","last_seen":"2024-10-04T11:16:47.806134Z","times_seen":7228,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:32.513717714Z","timestamp":1727631272513,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BA294DAA7E0CB6DC5779CC4E80BD489E705AD3A3D9C8EAADE953DC3F1A10FCFB\"\r\nLast-Modified: Sun, 29 Sep 2024 06:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12877\r\nExpires: Sun, 29 Sep 2024 21:09:09 GMT\r\nDate: Sun, 29 Sep 2024 17:34:32 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0022a313549913e03a094e19581464e7","sha1":"518165fb7850f5048e1524c19193aba831562d90","sha256":"ba294daa7e0cb6dc5779cc4e80bd489e705ad3a3d9c8eaade953dc3f1a10fcfb","sha512":"04504cb210613d7e35997dd4a45f0c5b32a238ba8141bf706aba03e490905935af7e17e040f5ab0d256ad5ab42de25d6ce99ee6a86d9e1bd0b476247073f150a","ssdeep":"","tlshash":"f6f0c0940ab7f602c7b64dc03964c176af605abd380409e155a043d1b062fec53c444c","first_seen":"2024-09-29T11:07:23Z","last_seen":"2024-10-04T11:13:57.720542Z","times_seen":7974,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"181.78.27.128:8000/play/a05t/index.m3u8","fqdn":"181.78.27.128:8000","domain":"181.78.27.128","tld":"128:8000"},"ip":{"addr":"181.78.27.128","port":8000,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Paraguay","country_code":"PY"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-29T17:34:32.249Z","timestamp":1727631272249,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /play/a05t/index.m3u8 HTTP/1.1\r\nHost: 181.78.27.128:8000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Astra\r\nDate: Sun, 29 Sep 2024 17:34:32 GMT\r\nCache-Control: no-cache\r\nContent-Length: 133\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET\r\nAccess-Control-Allow-Credentials: true\r\nContent-Type: application/vnd.apple.mpegURL\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":133,"size_decoded":133,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"741f50207fa62502704b4d17925fb9b4","sha1":"6926fd3ca2a093771831f8ff8b2ea378ffdd909a","sha256":"b9c87f1d55565c24a6620d60da17c27c0560fd75c5c0d723accdd20d2c3d3383","sha512":"6ea1a828cc84030d3a65afa10fecf5c4cda55abec4ff82371849e1128684be73cd5e14000a7f9259d62671e437cb30fbc7279bdb2005358d1692c55ffeada655","ssdeep":"","tlshash":"9bc02bc4731dc6c0108884c042882023fc2a38d038910d24a3eb448044d2c40695440c","first_seen":"2024-10-04T11:09:26.295791Z","last_seen":"2024-10-04T11:09:26.295791Z","times_seen":1,"resource_available":false,"data":null}},"time_used":706,"timings":{"blocked":233,"dns":0,"connect":236,"send":0,"wait":236,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-29","alert":"Sinkholed","trigger":"181.78.27.128","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:34.43030641Z","timestamp":1727631274430,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D9AC18F65CD9E42C677C8607BFDC0811B73E6C711804F4B5AE78AC30A59C71A4\"\r\nLast-Modified: Fri, 27 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2686\r\nExpires: Sun, 29 Sep 2024 18:19:20 GMT\r\nDate: Sun, 29 Sep 2024 17:34:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"dfedf5b10ed23db78cab4d0e5943dbbb","sha1":"6e0d497c63bd73836ac42bb2fe0b859cdbfd1a5f","sha256":"d9ac18f65cd9e42c677c8607bfdc0811b73e6c711804f4b5ae78ac30a59c71a4","sha512":"d5e1fb40e8cc6be852de5bb45d3e15f6d8b8445c49b36c81a0d0557ddf60daf37135ed50fba2cc9ef2d1a1b2ef9ff1b5190487c4d325f156374a488bbc7294a2","ssdeep":"","tlshash":"0ff0c06034a1de600f341924ececd53f2664ace82c4421f1d48e53a178647bd524504c","first_seen":"2024-09-27T17:26:02Z","last_seen":"2024-10-04T11:25:56.726592Z","times_seen":11965,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T17:34:34.432016333Z","timestamp":1727631274432,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D9AC18F65CD9E42C677C8607BFDC0811B73E6C711804F4B5AE78AC30A59C71A4\"\r\nLast-Modified: Fri, 27 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2653\r\nExpires: Sun, 29 Sep 2024 18:18:47 GMT\r\nDate: Sun, 29 Sep 2024 17:34:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"dfedf5b10ed23db78cab4d0e5943dbbb","sha1":"6e0d497c63bd73836ac42bb2fe0b859cdbfd1a5f","sha256":"d9ac18f65cd9e42c677c8607bfdc0811b73e6c711804f4b5ae78ac30a59c71a4","sha512":"d5e1fb40e8cc6be852de5bb45d3e15f6d8b8445c49b36c81a0d0557ddf60daf37135ed50fba2cc9ef2d1a1b2ef9ff1b5190487c4d325f156374a488bbc7294a2","ssdeep":"","tlshash":"0ff0c06034a1de600f341924ececd53f2664ace82c4421f1d48e53a178647bd524504c","first_seen":"2024-09-27T17:26:02Z","last_seen":"2024-10-04T11:25:56.726592Z","times_seen":11965,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}