{"report_id":"846e535b-16e9-434a-bc28-9f286f2558f3","version":6,"status":"done","tags":[],"date":"2024-07-09T09:39:28Z","url":{"schema":"http","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.2.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"title":"Sign in to your account"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T10:24:07Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"forstmannleff.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-05-13","domain_rank":0,"first_seen":"2023-07-11 19:30:57","last_seen":"2024-03-14 07:17:32","alert_count":1,"request_count":1,"received_data":0,"sent_data":494,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-08 18:12:20","alert_count":0,"request_count":7,"received_data":6212,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":141926,"sent_data":995,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aadcdn.msftauth.net","ip":{"addr":"152.199.21.175","port":443,"asn":15133,"as":"EDGECAST","country":"Germany","country_code":"DE"},"domain_registered":"2018-10-25","domain_rank":1455,"first_seen":"2018-11-19 11:50:32","last_seen":"2024-07-08 18:12:19","alert_count":0,"request_count":2,"received_data":3667,"sent_data":1067,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21 19:28:02","last_seen":"2024-07-08 23:03:08","alert_count":0,"request_count":1,"received_data":30660,"sent_data":437,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aadcdn.msauth.net","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2018-10-25","domain_rank":1421,"first_seen":"2018-11-19 11:50:03","last_seen":"2024-07-08 18:12:38","alert_count":0,"request_count":2,"received_data":2480,"sent_data":1032,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aus5.mozilla.org","ip":{"addr":"35.244.181.201","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"1998-01-24","domain_rank":2548,"first_seen":"2015-10-27 08:06:24","last_seen":"2024-07-08 18:14:40","alert_count":0,"request_count":1,"received_data":1221,"sent_data":512,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2024-07-08","alert":"Office365","trigger":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","verdict":"phishing","severity":"medium","comment":"Office365","link":"https://openphish.com","meta":null}]},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":[{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-06-08","alert":"Other","trigger":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}]},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-09","alert":"Sinkholed","trigger":"forstmannleff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4daecef7089ef904ad9dd0dba254db18","sha1":"c7ad9c593e699d0451ee94da83aa89f2afe7e317","sha256":"ed8332e6b78a7acaa8003e24fd6f73fdffa7111c2b44fb12c49f39c6276a9dd8","sha512":"82a37b4fc36095e7aa0ac04e344d29eab36ee6302ed8b6843a73c63a802c4b0a3b24d4697892dd9fb02d7b375783dc812ca5172d0dc7ba5be1ba7e189fcc303a","ssdeep":"","tlshash":"ac513182f36c765330761078942f25c92b2e68f379008f73fc7456a85a60e1bb83ad24","size":2898,"data":"","first_seen":"2024-06-24T11:19:58Z","last_seen":"2024-08-19T19:03:01.78291Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"398d45527ac0f5c79f262839f98ec3f1","sha1":"960b8b802581eead9fa02ff4483a85d2b7cf939a","sha256":"76da592798ee5b41a444eebf66d08d461bc826db30df367fd21c85862ca82db0","sha512":"4f0673fd82e75fde270a4f037f33e1a1ff5b8f10ff0aeef6ac273f88d134fd2f8c3faa353dcc2701fc7c9a748828ca45ab792e5f883a8601dc63ef5f7c1f70b0","ssdeep":"","tlshash":"42d0235775d1597445ff773e2347c2443d7140b174183e5124484e314c30d545766a41","size":217,"data":"","first_seen":"2023-03-07T01:18:27Z","last_seen":"2026-03-23T09:16:11.72635Z","times_seen":2676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86709,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-04T04:59:22.476111Z","times_seen":138361,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:01.712053648Z","timestamp":1720517941712,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"41E6A348AAC9E9DB44BFA14B3AA29D411F4489B375AE1F1BE6B0D280AF98541D\"\r\nLast-Modified: Mon, 08 Jul 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5412\r\nExpires: Tue, 09 Jul 2024 11:09:13 GMT\r\nDate: Tue, 09 Jul 2024 09:39:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b34ca6af54e2b9fea57d418f5d1928f7","sha1":"510b69f4470789a573217726d6f1a3d6ee765460","sha256":"41e6a348aac9e9db44bfa14b3aa29d411f4489b375ae1f1be6b0d280af98541d","sha512":"56fc288af1ca048d6ad95019c5fe4a6be829ae0e6d834e51d920e79cb96aa3de97763b94d41b4c691f461b7a46ef961dd157b791947e0463310e5d0abd1422c8","ssdeep":"","tlshash":"def0055627d5a6016a710a911de5d31a1e2058fb305018f223d451e33923bbe1ec8446","first_seen":"2024-07-08T05:19:45Z","last_seen":"2024-08-19T17:39:41.553406Z","times_seen":34939,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:01.911749897Z","timestamp":1720517941911,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED\"\r\nLast-Modified: Sun, 07 Jul 2024 03:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18805\r\nExpires: Tue, 09 Jul 2024 14:52:26 GMT\r\nDate: Tue, 09 Jul 2024 09:39:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"abec3934929082bd707108b7042796da","sha1":"4f200b04ad1c6fcac9833107c492a59ebf36dc6e","sha256":"8e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed","sha512":"cab860d7ad427afe6f633e714c3c41da9055d0ff75b7366e2df1866a99077e350b7ac25f40c0675b0d830748b0725c07a4bdf934cb09f6085fb02f27c1a1610b","ssdeep":"","tlshash":"c4f00e82427c39147ae03e2b2bf9d12a1f34adf815611df5645013937453fed01c8e4b","first_seen":"2024-07-07T10:17:04Z","last_seen":"2024-08-19T17:44:50.422556Z","times_seen":23660,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:02.278537413Z","timestamp":1720517942278,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F\"\r\nLast-Modified: Sun, 07 Jul 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5501\r\nExpires: Tue, 09 Jul 2024 11:10:43 GMT\r\nDate: Tue, 09 Jul 2024 09:39:02 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41036a4c62e61466443bce27a927e029","sha1":"39a2a8a258c5feaf020246696135700b0c30740d","sha256":"e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f","sha512":"50f9d880f413719b46b17c5f9633a79d3f2f4b41d3d415f05206c6c628277fe0acbc56cacdd931ec59b7a4fdcebb3b252b0bc80578bd35ee05112d2723a6fae3","ssdeep":"","tlshash":"2cf0c0aa29d5f88076711a24b864ea246b205e6a7810daf614d082fbf8057a6450844e","first_seen":"2024-07-07T14:27:09Z","last_seen":"2024-08-19T17:43:40.432277Z","times_seen":38887,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:02.568022161Z","timestamp":1720517942568,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"74180138E5609F4047B5A20BC58BFD360DEA9BBA200ACF14FD43FC2D6B5DA34B\"\r\nLast-Modified: Sun, 07 Jul 2024 04:18:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14683\r\nExpires: Tue, 09 Jul 2024 13:43:45 GMT\r\nDate: Tue, 09 Jul 2024 09:39:02 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c1f3573a71cfe2a8f30b3fbc7d2d3453","sha1":"101371f5030c41e4dad4e1e6ac102342db020318","sha256":"74180138e5609f4047b5a20bc58bfd360dea9bba200acf14fd43fc2d6b5da34b","sha512":"820baf1cd85b3df20be2ec47b112a3dbce7acb3ed6d5c1ed348669e7a45315b1c544dd62618ed8db4156d1b1703f043f697e8152e403a7db396c55879a936c10","ssdeep":"","tlshash":"5af00e650690bd027672462794d8c42d1f24a6f9344130e2a86011daac21feb9eac00b","first_seen":"2024-07-07T11:38:19Z","last_seen":"2024-08-19T17:44:28.537533Z","times_seen":17242,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:02.752134102Z","timestamp":1720517942752,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D7BEF717510DAB7C3BB629FA40AA089C8A430858EC3317AE58704EA5F7594504\"\r\nLast-Modified: Mon, 08 Jul 2024 20:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12444\r\nExpires: Tue, 09 Jul 2024 13:06:26 GMT\r\nDate: Tue, 09 Jul 2024 09:39:02 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e4399bc07052d0e83cade5fa20225368","sha1":"fc3d948b013a94e85416031bdc004da4959a6e78","sha256":"d7bef717510dab7c3bb629fa40aa089c8a430858ec3317ae58704ea5f7594504","sha512":"d2ea077fad55b9a0a4e153a204a8e60e4d4447e97af197d5e5669191291742972c72a6dc43a7c9e919cf2764b13c699e114683de926c2353af9bca2317fc09f2","ssdeep":"","tlshash":"68f00e8f21d3fb883af114182bddd35f35103fa82c10b0a114f806efbc527b15880489","first_seen":"2024-07-09T00:44:52Z","last_seen":"2024-08-19T17:33:22.810443Z","times_seen":682,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-09T09:39:02.357Z","timestamp":1720517942357,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Jun 2024 14:44:39 GMT","end":"Sun, 01 Sep 2024 14:44:38 GMT"},"fingerprint":{"sha1":"00:AA:40:3F:3E:AE:B0:85:C2:A1:9B:9E:8B:A4:F4:21:D4:DE:DD:AC","sha256":"13:ED:54:7B:A6:19:38:44:7C:FC:30:0F:AA:EE:02:A6:C2:BF:14:FD:56:BB:32:AC:DF:B0:CB:59:D8:62:77:99"}}},"request":{"raw":"GET /auth.html HTTP/1.1\r\nHost: pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 09 Jul 2024 09:39:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 114260\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"77fc4441b795575209772acb8d7619a7\"\r\nLast-Modified: Thu, 14 Mar 2024 17:34:08 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8a075833fe56568e-OSL\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114260,"size_decoded":114260,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (65131), with CRLF line terminators","md5":"77fc4441b795575209772acb8d7619a7","sha1":"f0b1d22c59ca179e67284936500c16d63851a24a","sha256":"b8c882e9b99067942eadf2ccc5ea3d769f37de1f3f744176baba576bdeeab74b","sha512":"b2fa62c755e0f115b4f711570791c28f6c571241f55f4e2825e337fdad6126d76017e04bbd2f12b2bed8467ca1a90ec87f68ef6a57dd4000aac2a4fbbc60540a","ssdeep":"1536:DxoBMCgKy+U5KazA/PWrF7qvEAFiQcpm2CkMgpC490vS67+xUkbjqM:loBgp449076","tlshash":"a2b3d8906914392a9027c73671d1bd8b62251433e737aeb7f6752cb8cf896c70f32a49","first_seen":"2024-06-24T11:19:58Z","last_seen":"2024-08-19T19:03:01.775722Z","times_seen":4,"resource_available":false,"data":null}},"time_used":604,"timings":{"blocked":35,"dns":1,"connect":1,"send":0,"wait":527,"receive":6,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2024-07-08","alert":"Office365","trigger":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","verdict":"phishing","severity":"medium","comment":"Office365","link":"https://openphish.com","meta":null},{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-06-08","alert":"Other","trigger":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"152.199.21.175","port":443,"asn":15133,"as":"EDGECAST","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.209Z","timestamp":1720517943209,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Sat, 25 May 2024 00:00:00 GMT","end":"Sun, 25 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B1:17:F7:9C:C3:3B:5F:54:73:D7:58:28:5F:C7:CE:E9:AC:39:CD:8F","sha256":"2C:99:6E:B7:25:3D:6C:83:43:C5:09:43:2A:9D:9B:4A:F9:30:50:CC:3A:1E:7A:31:29:CE:50:E4:8A:F1:D9:03"}}},"request":{"raw":"GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\nage: 8998316\r\ncache-control: public, max-age=31536000\r\ncontent-md5: nzaLxFgP7ZB3dfMcaybWzw==\r\ncontent-type: image/svg+xml\r\ndate: Tue, 09 Jul 2024 09:39:03 GMT\r\netag: 0x8D79A1B9F5E121A\r\nlast-modified: Thu, 16 Jan 2020 00:32:52 GMT\r\nserver: ECAcc (ska/F76D)\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: a1e45449-701e-0068-210c-804015000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 1435\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1435,"size_decoded":3651,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ee5c8d9fb6248c938fd0dc19370e90bd","sha1":"d01a22720918b781338b5bbf9202b241a5f99ee4","sha256":"04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a","sha512":"c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58","ssdeep":"","tlshash":"6371117b132887dae9d4a78c2e997b8d377095c4b1b24290874328a5bc086f7f038d60","first_seen":"2023-04-06T08:44:24Z","last_seen":"2026-04-04T05:31:13.24361Z","times_seen":122135,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":59,"dns":36,"connect":10,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.206Z","timestamp":1720517943206,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Jun 2024 00:00:00 GMT","end":"Wed, 25 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"CD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5","sha256":"AB:77:AE:8B:01:C3:97:E7:80:17:A2:C0:A0:8D:8A:BE:C9:8A:77:1C:06:8C:B9:64:E1:7B:E5:9F:3B:E7:EC:FA"}}},"request":{"raw":"GET /jquery-3.1.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-152b5\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 09 Jul 2024 09:39:03 GMT\r\nage: 4247586\r\nx-served-by: cache-lga21947-LGA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 118, 37355\r\nx-timer: S1720517943.281534,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30070\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30070,"size_decoded":86709,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32030)","md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-04T04:59:22.476111Z","times_seen":138361,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":71,"dns":30,"connect":13,"send":0,"wait":13,"receive":5,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.212Z","timestamp":1720517943212,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Tue, 30 Apr 2024 00:00:00 GMT","end":"Wed, 30 Apr 2025 23:59:59 GMT"},"fingerprint":{"sha1":"6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD","sha256":"D1:97:1B:C2:0B:1F:EB:FD:E2:87:C1:FF:57:86:B6:39:C8:7F:8C:08:C2:B5:09:8B:A1:BE:2F:B1:05:3B:5C:53"}}},"request":{"raw":"GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 09 Jul 2024 09:39:03 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 276\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Fri, 17 Jan 2020 19:28:34 GMT\r\netag: 0x8D79B8371B97A82\r\nx-ms-request-id: 6016550d-401e-0037-10b9-d011fa000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20240709T093903Z-17d85d5877c2zbkky1193mbh4s00000008dg000000001kx9\r\nx-fd-int-roxy-purgeid: 4554691\r\nx-cache: TCP_HIT\r\nx-cache-info: L1_T2\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":276,"size_decoded":513,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a9cc2824ef3517b6c4160dcf8ff7d410","sha1":"8db9aebad84ca6e4225bfdd2458ff3821cc4f064","sha256":"34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58","sha512":"aa3ddab0a1cff9533f9a668aba4fb5e3d75ed9f8aff8a1caa4c29f9126d85ff4529e82712c0119d2e81035d1ce1cc491ff9473384d211317d4d00e0e234ad97f","ssdeep":"","tlshash":"29f0598a41c8fb142ce08050dff8ea28540270c3fb4e5008b1922b18e2ef383f6406f5","first_seen":"2023-04-19T20:10:52Z","last_seen":"2026-04-03T21:19:12.209768Z","times_seen":29641,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":147,"dns":103,"connect":21,"send":0,"wait":23,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.214Z","timestamp":1720517943214,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Tue, 30 Apr 2024 00:00:00 GMT","end":"Wed, 30 Apr 2025 23:59:59 GMT"},"fingerprint":{"sha1":"6A:6B:06:6C:38:1D:81:38:3D:3B:76:61:6D:C7:02:CD:B4:A1:F5:AD","sha256":"D1:97:1B:C2:0B:1F:EB:FD:E2:87:C1:FF:57:86:B6:39:C8:7F:8C:08:C2:B5:09:8B:A1:BE:2F:B1:05:3B:5C:53"}}},"request":{"raw":"GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 09 Jul 2024 09:39:03 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 621\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 10 Nov 2020 03:41:24 GMT\r\netag: 0x8D8852A7FA6B761\r\nx-ms-request-id: 951ca6bc-d01e-0027-7cbe-d0a5a3000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20240709T093903Z-17d85d5877c2zbkky1193mbh4s00000008dg000000001kxa\r\nx-fd-int-roxy-purgeid: 4554691\r\nx-cache: TCP_HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":621,"size_decoded":1592,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e48046ce74f4b89d45037c90576bfac","sha1":"4a41b3b51ed787f7b33294202da72220c7cd2c32","sha256":"8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93","sha512":"b2bba2a68edaa1a08cfa31ed058afb5e6a3150aabb9a78db9f5ccc2364186d44a015986a57707b57e2cc855fa7da57861ad19fc4e7006c2c239c98063fe903cf","ssdeep":"","tlshash":"b931787f43b45ae7239017741760626c13f4ee917169d0b4dba30c9a8d4bd33327843a","first_seen":"2023-04-14T20:16:11Z","last_seen":"2026-04-04T05:31:13.236919Z","times_seen":71692,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":146,"dns":102,"connect":21,"send":0,"wait":22,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg","fqdn":"aadcdn.msftauth.net","domain":"msftauth.net","tld":"net"},"ip":{"addr":"152.199.21.175","port":443,"asn":15133,"as":"EDGECAST","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.483Z","timestamp":1720517943483,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msftauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert SHA2 Secure Server CA","organization":"DigiCert Inc"},"validity":{"start":"Sat, 25 May 2024 00:00:00 GMT","end":"Sun, 25 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"B1:17:F7:9C:C3:3B:5F:54:73:D7:58:28:5F:C7:CE:E9:AC:39:CD:8F","sha256":"2C:99:6E:B7:25:3D:6C:83:43:C5:09:43:2A:9D:9B:4A:F9:30:50:CC:3A:1E:7A:31:29:CE:50:E4:8A:F1:D9:03"}}},"request":{"raw":"GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1\r\nHost: aadcdn.msftauth.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\nage: 9183952\r\ncache-control: public, max-age=31536000\r\ncontent-md5: DhdidjYrlCeaRJJRG/y9mA==\r\ncontent-type: image/svg+xml\r\ndate: Tue, 09 Jul 2024 09:39:03 GMT\r\netag: 0x8D7B007297AE131\r\nlast-modified: Wed, 12 Feb 2020 22:01:50 GMT\r\nserver: ECAcc (ska/F732)\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-ms-blob-type: BlockBlob\r\nx-ms-lease-status: unlocked\r\nx-ms-request-id: 52d23733-f01e-004c-3a5c-7e7d2e000000\r\nx-ms-version: 2009-09-19\r\ncontent-length: 673\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":673,"size_decoded":1864,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc3d32a696895f78c19df6c717586a5d","sha1":"9191cb156a30a3ed79c44c0a16c95159e8ff689d","sha256":"0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68","sha512":"8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64","ssdeep":"","tlshash":"4e310059c51d3566ec04c3aceae1d468315e71efa8a581c961849b3f95b0dce0eccb70","first_seen":"2023-04-12T23:20:27Z","last_seen":"2026-04-03T21:19:12.211025Z","times_seen":102165,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/favicon.ico","fqdn":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","domain":"pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.3.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.501Z","timestamp":1720517943501,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Jun 2024 14:44:39 GMT","end":"Sun, 01 Sep 2024 14:44:38 GMT"},"fingerprint":{"sha1":"00:AA:40:3F:3E:AE:B0:85:C2:A1:9B:9E:8B:A4:F4:21:D4:DE:DD:AC","sha256":"13:ED:54:7B:A6:19:38:44:7C:FC:30:0F:AA:EE:02:A6:C2:BF:14:FD:56:BB:32:AC:DF:B0:CB:59:D8:62:77:99"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 09 Jul 2024 09:39:03 GMT\r\nContent-Type: text/html\r\nContent-Length: 27150\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8a07583adbd6568e-OSL\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":27150,"size_decoded":27150,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-04T05:19:32.375562Z","times_seen":30078,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":125,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:04.038974669Z","timestamp":1720517944038,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6850\r\nExpires: Tue, 09 Jul 2024 11:33:14 GMT\r\nDate: Tue, 09 Jul 2024 09:39:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:04.041077184Z","timestamp":1720517944041,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"317F60A1498C7B52833955E8A54A0BA66B5B8DC9E9862C2AC262B874D491FCE2\"\r\nLast-Modified: Mon, 08 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6850\r\nExpires: Tue, 09 Jul 2024 11:33:14 GMT\r\nDate: Tue, 09 Jul 2024 09:39:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d7b2c37e4b6c062d80ad32046f42d3d8","sha1":"131cd5c2ca2a258c3cf11746f94cfd43a6a4f04c","sha256":"317f60a1498c7b52833955e8a54a0ba66b5b8dc9e9862c2ac262b874d491fce2","sha512":"e8d8acac8c0eb8cc7d365eca9121ee37756ccf1d8b77d6177f316593c50a660d3af8ab40f67f47a8fd9fe0fe75f51070e6cf3c69b49f57aed1b4afc155ca5cd3","ssdeep":"","tlshash":"02f00e023df7bd80b3e944911ebde63bf8107aa7305075e630c0828328b87a74744c9a","first_seen":"2024-07-08T09:56:38Z","last_seen":"2024-08-19T17:38:29.907666Z","times_seen":36963,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml","fqdn":"aus5.mozilla.org","domain":"mozilla.org","tld":"org"},"ip":{"addr":"35.244.181.201","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-09T09:39:21.297325645Z","timestamp":1720517961297,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1\r\nHost: aus5.mozilla.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\nrule-id: unknown\r\nrule-data-version: unknown\r\ncontent-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-08-13-18-26-52.chain; p384ecdsa=Vo9uSXJpf4TmtP316Oc9ITZriBvqXcQxm8LR-Q3VZC_wpO9mcvc000rjwE_ImEggdhoAeaYNCcjUMoJZGoA6oVN6QQz6P4Ijzk5klypZwRi9pSN_ZyvV4bhjkAwK9fKU\r\nstrict-transport-security: max-age=31536000;\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'none'; frame-ancestors 'none'\r\nx-proxy-cache-status: EXPIRED\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ndate: Tue, 09 Jul 2024 09:38:19 GMT\r\ncontent-type: text/xml; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 444\r\nage: 62\r\ncache-control: public,max-age=90\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":444,"size_decoded":721,"mime_type":"text/xml; charset=utf-8","magic":"XML 1.0 document, ASCII text, with very long lines (332)","md5":"3b324dec137a87ef7e24a30a65b13dd0","sha1":"c0faa95b2f1018e264b3a14aaf50d1003e6c27b3","sha256":"6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463","sha512":"eee5d0a6354c5cfafdba69236359dbb38be1d7cbfd841230c07617fa3d8982751d8ddbe4f3b9c533a277e836b28a2f483d8ddc79aa09573ca9d49fc16341c061","ssdeep":"","tlshash":"54011069bdb5f89100860aa76626c8015a232287e1541888b8df5fc04f9b9b4536f09d","first_seen":"2023-10-13T18:17:52Z","last_seen":"2025-06-20T01:29:36.566077Z","times_seen":185315,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"forstmannleff.com/chng/prv.php.id","fqdn":"forstmannleff.com","domain":"forstmannleff.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/auth.html","date":"2024-07-09T09:39:03.511Z","timestamp":1720517943511,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /chng/prv.php.id HTTP/1.1\r\nHost: forstmannleff.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-042beab565ca415f95ad4dc390bd6f1a.r2.dev/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T05:45:54.968102Z","times_seen":13318572,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-09","alert":"Sinkholed","trigger":"forstmannleff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}