{"report_id":"878345f4-ebaa-449a-a16f-a960c2026d57","version":6,"status":"done","tags":[],"date":"2024-08-28T08:58:34Z","url":{"schema":"http","addr":"www.estk.me/wp-content/uploads/2024/08/ESTKme-T002V01-T002V06.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T17:29:41Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-27 18:12:09","alert_count":0,"request_count":5,"received_data":4439,"sent_data":1635,"comment":"","tags":null,"fingerprints":null},{"fqdn":"e6.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 08:35:09","last_seen":"2024-08-27 18:24:26","alert_count":0,"request_count":1,"received_data":729,"sent_data":326,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.estk.me","ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"domain_registered":"2023-09-08","domain_rank":0,"first_seen":"2023-11-08 10:35:37","last_seen":"2023-11-08 10:35:37","alert_count":1,"request_count":1,"received_data":118402,"sent_data":519,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-27 18:12:12","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"dbee732bc007b65dad97198905b786c2","sha1":"1f615b976695e21751ae91375006e4dc760afc4e","sha256":"ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","sha512":"ed082348b0366d44f9dfa147005ef8be5c79102c45c19ce611b7668006c26ae5124aef8c5df5848be55cfa1ac9510f03d44cbee80a99e7c4e779ca0c25779fe3","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":118108,"url":{"schema":"https","addr":"www.estk.me/wp-content/uploads/2024/08/ESTKme-T002V01-T002V06.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"archive":[{"path":"estkme.app.bin","filename":"estkme.app.bin","modified":"","Modified":"2024-08-21T12:55:22+08:00","magic":"data","size":16488,"md5":"a0d73386f368d4bd4b9b166530454a47","sha1":"9cbf2f5cd01758598020450056cba522babb830a","sha256":"6094585e692a72738e549ece5ac13bbdc831630c4d66f308ce04560f1a9389e1","sha512":"e1dcb0279438ebd46eefcd8347a06f6bd710cb7d9db81f59b901cc6485814cd54c1177686aa486e8adeb3cfcc2bb0291d1272332320701b8277ca469716095a2","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.c","filename":"fwupd.c","modified":"","Modified":"2024-08-20T22:09:30+08:00","magic":"C source, ASCII text","size":10008,"md5":"87f3d9d39fadf825114b3dad21b4a2c3","sha1":"0386e94d1f29b805fa41cd0daaeb30cd0f681c59","sha256":"0f6cee5ce88bd48d0e904874409fbd165488681eeb01106910ba1c68660de873","sha512":"c877309de3d864185feb265d0884fa5c80a4bda88f4bef10158f78a15b091ec68f51e23092e048090a67c36cec4c8ca33d884a6337a36923ee29f8dfd470b68c","alerts":{"urlquery":null,"analyzer":null}},{"path":"fwupd.exe","filename":"fwupd.exe","modified":"","Modified":"2024-08-21T12:56:28+08:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 17 sections","size":238112,"md5":"548b2114b7cf330cd4257b9120e879f3","sha1":"6161fd52a314559a5449fff0d8674347261d24c7","sha256":"8772150f4ae4f17a0e879bff4790269fed1d00dbd55eefda082caa582b0023af","sha512":"993904bd1938b4c9de9e1fcb885a23f9ccfb8beabd33d943465d2aded950c536fc00861bd77f2d555c89feb9125318e19fb0d205e97da0464fa179161d4ced8f","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-28","alert":"Scan result 3/69","trigger":"ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","verdict":"suspicious","severity":"","comment":"suspicious - 3/69","link":"https://www.virustotal.com/gui/file/ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:08.015069132Z","timestamp":1724835488015,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5A2F5A87F6408BBC11020231759DB8EEB24C28C0890DA8F3EE2565D87B0E1E4C\"\r\nLast-Modified: Mon, 26 Aug 2024 02:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3410\r\nExpires: Wed, 28 Aug 2024 09:54:58 GMT\r\nDate: Wed, 28 Aug 2024 08:58:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"35888f142e8c995a2a992b24009a2cee","sha1":"8315b1d92f868af492e04ea1d0846ee9fc0328e7","sha256":"5a2f5a87f6408bbc11020231759db8eeb24c28c0890da8f3ee2565d87b0e1e4c","sha512":"520246d8e18bc326605766a6e5f3d8161db171271712caaa258d25258dbb6c7e57f07bb1b0c92d3d3134eb1111e6154c7ddce67caa8bafd3d25f38fdb7032517","ssdeep":"","tlshash":"86f0059236e17961ed9d321579edd25339208aa9905094c5748447b254602dd47c9909","first_seen":"2024-08-26T09:37:37Z","last_seen":"2024-08-29T17:45:45.462962Z","times_seen":20149,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:08.021857181Z","timestamp":1724835488021,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8D2071964C9D8A7E8E5E0C36BC5D82199123CE55059A79FFEDE86B59A9CB8DB5\"\r\nLast-Modified: Mon, 26 Aug 2024 02:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5829\r\nExpires: Wed, 28 Aug 2024 10:35:17 GMT\r\nDate: Wed, 28 Aug 2024 08:58:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a5c8e602d1c34dad6d2bf031b1922353","sha1":"5326666dceb77fd224fb1b5d8ab3eeeee07cea4d","sha256":"8d2071964c9d8a7e8e5e0c36bc5d82199123ce55059a79ffede86b59a9cb8db5","sha512":"14af0c1bf4201ac4fb6286d5e00f43901439eb5482f0c35b9e6f9691951f8c421b6cdb19e1386a951c33f88da9dd584ce2100ec690715654bad0141e15194328","ssdeep":"","tlshash":"08f09e661929b5d10a6c6878cfe4f0611e1e9dab28c40a9ab8ac93e56d467ac799200c","first_seen":"2024-08-26T09:37:06Z","last_seen":"2024-08-29T17:45:43.183391Z","times_seen":13234,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:08.322572785Z","timestamp":1724835488322,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0E7A047F2A11F5DB27830E9B2B2F9AC4578F8BC34E2A5AC00E194F0AC5E3E4FB\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17117\r\nExpires: Wed, 28 Aug 2024 13:43:25 GMT\r\nDate: Wed, 28 Aug 2024 08:58:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f7c4be8bd45166d9a6c01c9002cb0b35","sha1":"e057803eec2aa279d12d5a361903b66e7eccbb86","sha256":"0e7a047f2a11f5db27830e9b2b2f9ac4578f8bc34e2a5ac00e194f0ac5e3e4fb","sha512":"5906d92951ab9fcf937aa78576f11485319b5aa43b501c105ea213b5ffe3c4ebd99821f394f56b25504bec0c3ce15a856051827881e2e700375ec8a049842e77","ssdeep":"","tlshash":"54f0054510adb811ba5c5e3727b7c12e3e719af9342001db145442d52c10f7257c5804","first_seen":"2024-08-26T13:28:34Z","last_seen":"2024-08-29T17:44:10.113879Z","times_seen":19628,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:08.556436695Z","timestamp":1724835488556,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"73DD3E76893C7D3E9789FAA480774DFADA70BAD4E7F2EE0E2F05DD03E37167C8\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2678\r\nExpires: Wed, 28 Aug 2024 09:42:46 GMT\r\nDate: Wed, 28 Aug 2024 08:58:08 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5816ac10e25df6aba223283feef4fcc4","sha1":"341fac36b46eefae0d822171e880f6dc52392a3f","sha256":"73dd3e76893c7d3e9789faa480774dfada70bad4e7f2ee0e2f05dd03e37167c8","sha512":"8a35425bd60ec413bffdf952890669308ebec9e4ccf688b4bd57dffc7bfc17887246098c5f4ec742c2865fd9072a040d825e7b4b5d00cd57b6ddd9804857093c","ssdeep":"","tlshash":"0cf00ea225bf68102b7c09284ddac11dbf21fa8d380041f07ca046fa6ca1bec62d984b","first_seen":"2024-08-26T09:03:22Z","last_seen":"2024-08-29T17:46:07.367972Z","times_seen":11646,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"e6.o.lencr.org/","fqdn":"e6.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:09.174999371Z","timestamp":1724835489175,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: e6.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 345\r\nETag: \"42999461D9C74CB24E447D53E29FCAA3956B4EA16324503DD54DFC6E273336E3\"\r\nLast-Modified: Mon, 26 Aug 2024 03:20:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21545\r\nExpires: Wed, 28 Aug 2024 14:57:14 GMT\r\nDate: Wed, 28 Aug 2024 08:58:09 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":345,"size_decoded":345,"mime_type":"application/octet-stream","magic":"data","md5":"f705911d4e3834bb98d2995d1318f3ea","sha1":"9eab98077ed28decf2c9e5f97e95efcd22e8825f","sha256":"42999461d9c74cb24e447d53e29fcaa3956b4ea16324503dd54dfc6e273336e3","sha512":"95883acdf64281fddc02e6f913994dfc9a679cdc097251808d39c23708f7b9300d3238fccf6d9baf2fecac7ace690b0d3176cf26a07f5558f9dfd64e48da28ab","ssdeep":"","tlshash":"92e0c66427c87c754b30286737b6c01b2bb0109a2e00daaa0800cbc3bc02308578260e","first_seen":"2024-08-29T17:29:42.194923Z","last_seen":"2024-08-29T17:29:42.368569Z","times_seen":6,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:10.116830083Z","timestamp":1724835490116,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E8FB27375025282B1D0A0FCCB0798D24AB6FC72473FF03F195F311D61BDA6D47\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16447\r\nExpires: Wed, 28 Aug 2024 13:32:17 GMT\r\nDate: Wed, 28 Aug 2024 08:58:10 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d4dd734ee3b332b0befeb0ba13e21f5f","sha1":"8651bbd15f2e760d1145b1b6cb83d73cee9a0170","sha256":"e8fb27375025282b1d0a0fccb0798d24ab6fc72473ff03f195f311d61bda6d47","sha512":"3b0e70c62f86bd41ee1e63b6a5ec7021e780b7439ba3508982b355ffcb2dda8397f24c87849145ab8c73b7b30b7fd02f13301f7de4b7810ec370261c9ffd902a","ssdeep":"","tlshash":"4df00e8b22baa909de2c483c95c0c02227323ca93082b0b9652873c168153fb42c047d","first_seen":"2024-08-26T07:21:24Z","last_seen":"2024-08-29T17:46:40.071201Z","times_seen":21803,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:10.118076754Z","timestamp":1724835490118,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E8FB27375025282B1D0A0FCCB0798D24AB6FC72473FF03F195F311D61BDA6D47\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16447\r\nExpires: Wed, 28 Aug 2024 13:32:17 GMT\r\nDate: Wed, 28 Aug 2024 08:58:10 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d4dd734ee3b332b0befeb0ba13e21f5f","sha1":"8651bbd15f2e760d1145b1b6cb83d73cee9a0170","sha256":"e8fb27375025282b1d0a0fccb0798d24ab6fc72473ff03f195f311d61bda6d47","sha512":"3b0e70c62f86bd41ee1e63b6a5ec7021e780b7439ba3508982b355ffcb2dda8397f24c87849145ab8c73b7b30b7fd02f13301f7de4b7810ec370261c9ffd902a","ssdeep":"","tlshash":"4df00e8b22baa909de2c483c95c0c02227323ca93082b0b9652873c168153fb42c047d","first_seen":"2024-08-26T07:21:24Z","last_seen":"2024-08-29T17:46:40.071201Z","times_seen":21803,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:10.119136496Z","timestamp":1724835490119,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E8FB27375025282B1D0A0FCCB0798D24AB6FC72473FF03F195F311D61BDA6D47\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16447\r\nExpires: Wed, 28 Aug 2024 13:32:17 GMT\r\nDate: Wed, 28 Aug 2024 08:58:10 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d4dd734ee3b332b0befeb0ba13e21f5f","sha1":"8651bbd15f2e760d1145b1b6cb83d73cee9a0170","sha256":"e8fb27375025282b1d0a0fccb0798d24ab6fc72473ff03f195f311d61bda6d47","sha512":"3b0e70c62f86bd41ee1e63b6a5ec7021e780b7439ba3508982b355ffcb2dda8397f24c87849145ab8c73b7b30b7fd02f13301f7de4b7810ec370261c9ffd902a","ssdeep":"","tlshash":"4df00e8b22baa909de2c483c95c0c02227323ca93082b0b9652873c168153fb42c047d","first_seen":"2024-08-26T07:21:24Z","last_seen":"2024-08-29T17:46:40.071201Z","times_seen":21803,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:58:10.120173939Z","timestamp":1724835490120,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E8FB27375025282B1D0A0FCCB0798D24AB6FC72473FF03F195F311D61BDA6D47\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=16481\r\nExpires: Wed, 28 Aug 2024 13:32:51 GMT\r\nDate: Wed, 28 Aug 2024 08:58:10 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d4dd734ee3b332b0befeb0ba13e21f5f","sha1":"8651bbd15f2e760d1145b1b6cb83d73cee9a0170","sha256":"e8fb27375025282b1d0a0fccb0798d24ab6fc72473ff03f195f311d61bda6d47","sha512":"3b0e70c62f86bd41ee1e63b6a5ec7021e780b7439ba3508982b355ffcb2dda8397f24c87849145ab8c73b7b30b7fd02f13301f7de4b7810ec370261c9ffd902a","ssdeep":"","tlshash":"4df00e8b22baa909de2c483c95c0c02227323ca93082b0b9652873c168153fb42c047d","first_seen":"2024-08-26T07:21:24Z","last_seen":"2024-08-29T17:46:40.071201Z","times_seen":21803,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.estk.me/wp-content/uploads/2024/08/ESTKme-T002V01-T002V06.zip","fqdn":"www.estk.me","domain":"estk.me","tld":"me"},"ip":{"addr":"172.234.84.172","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-28T08:58:08.604Z","timestamp":1724835488604,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"estk.me","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Jul 2024 15:44:37 GMT","end":"Sun, 06 Oct 2024 15:44:36 GMT"},"fingerprint":{"sha1":"C2:03:F6:13:A0:73:D8:01:0E:C6:70:AF:1B:C3:49:86:08:55:18:07","sha256":"2B:3B:11:00:B4:76:8A:59:54:3F:DD:8D:70:E5:73:4C:60:A3:64:0E:94:09:4B:52:12:6A:75:51:6A:DE:D5:73"}}},"request":{"raw":"GET /wp-content/uploads/2024/08/ESTKme-T002V01-T002V06.zip HTTP/1.1\r\nHost: www.estk.me\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 28 Aug 2024 08:58:09 GMT\r\nServer: Apache/2.4.61 (Debian)\r\nLast-Modified: Wed, 21 Aug 2024 05:12:06 GMT\r\nETag: \"1cd5c-6202a9550d6c0\"\r\nAccept-Ranges: bytes\r\nContent-Length: 118108\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":118108,"size_decoded":118108,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"dbee732bc007b65dad97198905b786c2","sha1":"1f615b976695e21751ae91375006e4dc760afc4e","sha256":"ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","sha512":"ed082348b0366d44f9dfa147005ef8be5c79102c45c19ce611b7668006c26ae5124aef8c5df5848be55cfa1ac9510f03d44cbee80a99e7c4e779ca0c25779fe3","ssdeep":"3072:e3AXNPtQPQ6x73thhJYn6X3o0J+0cOGTKEOTWcc+Akzc:XtQPQOrY6o0J2eTWT6zc","tlshash":"8ab3121a914f6536932b8e30d2eae2e5bfd32063ea9d5c617c36c40d34912ed8369cb5","first_seen":"2024-08-29T17:29:42.33718Z","last_seen":"2025-01-30T23:16:07.744778Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2223,"timings":{"blocked":575,"dns":0,"connect":268,"send":0,"wait":268,"receive":805,"ssl":300},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-28","alert":"Scan result 3/69","trigger":"ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","verdict":"suspicious","severity":"","comment":"suspicious - 3/69","link":"https://www.virustotal.com/gui/file/ad093a6ecda62871ddbb55e5a7f4e051a30629cb23af08456b0dc778ba5e5498","meta":null}],"urlquery":null}}]}