{"report_id":"9689aa23-9576-4beb-94db-3630f5541f78","version":6,"status":"done","tags":[],"date":"2024-06-12T12:43:03Z","url":{"schema":"http","addr":"recte.host/venom/calc.exe","fqdn":"recte.host","domain":"recte.host","tld":"host"},"ip":{"addr":"172.67.208.75","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"recte.host/venom/calc.exe","fqdn":"recte.host","domain":"recte.host","tld":"host"},"title":"Your not supposed to be here"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T13:39:36Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"recte.host","ip":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2024-01-14","domain_rank":0,"first_seen":"2024-01-14 20:20:43","last_seen":"2024-03-15 09:27:33","alert_count":2,"request_count":3,"received_data":12201,"sent_data":1219,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.147.94","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-09-09 02:40:21","last_seen":"2024-06-11 08:04:12","alert_count":0,"request_count":1,"received_data":13813,"sent_data":540,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.147.95","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2013-06-10 22:14:26","last_seen":"2024-06-11 06:46:58","alert_count":0,"request_count":1,"received_data":11103,"sent_data":429,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-06-12T12:42:38Z","timestamp":1718196158,"ip_dst":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":45430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2024-06-12T12:42:38.657417+0000\",\"flow_id\":1365514383157972,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":45430,\"dest_ip\":\"172.67.208.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":7,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_04_11\"],\"updated_at\":[\"2024_04_22\"]}},\"http\":{\"hostname\":\"recte.host\",\"url\":\"/venom/calc.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":669,\"bytes_toclient\":2640,\"start\":\"2024-06-12T12:42:38.551636+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"recte.host/venom/calc.exe","fqdn":"recte.host","domain":"recte.host","tld":"host"},"ip":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T18:47:00.89111Z","times_seen":13342615,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-06-12T12:42:38Z","timestamp":1718196158,"ip_dst":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":45430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2024-06-12T12:42:38.657417+0000\",\"flow_id\":1365514383157972,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":45430,\"dest_ip\":\"172.67.208.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":7,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_04_11\"],\"updated_at\":[\"2024_04_22\"]}},\"http\":{\"hostname\":\"recte.host\",\"url\":\"/venom/calc.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":669,\"bytes_toclient\":2640,\"start\":\"2024-06-12T12:42:38.551636+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"recte.host/venom/calc.exe","fqdn":"recte.host","domain":"recte.host","tld":"host"},"ip":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-12T12:42:38.555Z","timestamp":1718196158555,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /venom/calc.exe HTTP/1.1\r\nHost: recte.host\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 525 No Reason Phrase\r\ndate: Wed, 12 Jun 2024 12:42:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 6854\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LsCoSl3KJdq%2Fq8r4qAgf1WONrpWK7vz5w0MxpjdZQKFIXuluPOR7RJPSB%2FVx6Y69ja%2FSuEHH1bgbr5xa55ssJC81oJt%2BNMO1fBrcnr4aNyljUVVCCrKFnMiJ6gmX\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nserver: cloudflare\r\ncf-ray: 8929ec051dc59302-CPH\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6854,"size_decoded":6854,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (394)","md5":"b9c2a58e4ef1e0631b09442bed7a53b1","sha1":"a892814d463aa561c88b1f6a68ddd5711355c159","sha256":"9aa72018a997a12161bafb86c0f6997c2d10a5e0f7ae32374c9346af707744bd","sha512":"873ebe9a2fee97c19d882f7eeccf357adae1767e44bf14e0dc473dc4e4b72a420c6d25a6cc440e1d2c0418c2b7c0e52dcb73517ae1da82fecad0a2f03b48e4b1","ssdeep":"96:1j9jwIjYj7DK/DpKUkG4Fh2TG4FhRU24FuAokKmoDm/PWKvrR79qaQxR:1j9jhjYjPK/d4wOgVxDavrl91eR","tlshash":"37e16571b1f5127a1093829236d5fb69b9e0c213cbef4494b3ddc6672f9ee81e903294","first_seen":"2024-08-19T20:12:38.682312Z","last_seen":"2024-08-19T20:12:38.682312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":34,"dns":1,"connect":36,"send":0,"wait":72,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-06-12T12:42:38Z","timestamp":1718196158,"ip_dst":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":45430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2024-06-12T12:42:38.657417+0000\",\"flow_id\":1365514383157972,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":45430,\"dest_ip\":\"172.67.208.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":7,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_04_11\"],\"updated_at\":[\"2024_04_22\"]}},\"http\":{\"hostname\":\"recte.host\",\"url\":\"/venom/calc.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":669,\"bytes_toclient\":2640,\"start\":\"2024-06-12T12:42:38.551636+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"recte.host/venom/calc.exe","fqdn":"recte.host","domain":"recte.host","tld":"host"},"ip":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-12T12:42:38.555Z","timestamp":1718196158555,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /venom/calc.exe HTTP/1.1\r\nHost: recte.host\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 12 Jun 2024 12:42:38 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 03 Oct 2023 18:30:48 GMT\r\nCache-Control: max-age=14400\r\nCF-Cache-Status: REVALIDATED\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=EBOb5O9HRYQCYs2KBCCaNMi9tU5sjUzxSSuq7YtUcdhseMaclSswb3YqcnrbE9fMrZrH7OlqbwYMR5mUFO%2FRbVV5X25OM2a8qO29uE3tpoaqWl2QoovVZVixwBrE\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8929ec073c4710ef-CPH\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1616,"size_decoded":5037,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"62db41431a1ea24d56f1ddd99c60708c","sha1":"042a6ae9a94e091d6af779b316fe95f4c8821634","sha256":"7f9f771db5c01084b7bc4a319ae4d917209a17435851b223be40a4110ded1e2c","sha512":"c04e27305dd634918b468394b241d53bff4eea5bb68f7c51d58228efa6d1349e3abd0af10640af247d6e63c2cc55a8b82147ee8f55c956f322cae83d30dd6641","ssdeep":"48:lzcbz45QG0bVofAHj2Vme2WYNGbElxr54H44Hm44Hy4QBdppRKpvMYIDVDZoRHUg:Ed52VmeUxaBgy4QHpnK6YE6R0Wk+9Ee","tlshash":"70a13f0e4739b541c5b2b3b98f530205f9695027b102861cbaaca2c14ff2916d2daffc","first_seen":"2024-06-10T17:05:36Z","last_seen":"2024-11-17T18:34:56.715741Z","times_seen":61,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":34,"dns":1,"connect":36,"send":0,"wait":72,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-06-12T12:42:38Z","timestamp":1718196158,"ip_dst":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":45430,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2024-06-12T12:42:38.657417+0000\",\"flow_id\":1365514383157972,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":45430,\"dest_ip\":\"172.67.208.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":7,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_04_11\"],\"updated_at\":[\"2024_04_22\"]}},\"http\":{\"hostname\":\"recte.host\",\"url\":\"/venom/calc.exe\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":774},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":669,\"bytes_toclient\":2640,\"start\":\"2024-06-12T12:42:38.551636+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vu_ROW4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.147.94","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://recte.host/venom/calc.exe","date":"2024-06-12T12:42:39.146Z","timestamp":1718196159146,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 21 May 2024 06:28:29 GMT","end":"Tue, 13 Aug 2024 06:28:28 GMT"},"fingerprint":{"sha1":"A9:1B:6C:AA:61:9D:FC:99:20:CB:CC:B2:EB:9B:BC:EA:7B:3E:AE:14","sha256":"44:5D:3B:4C:8C:A2:D5:CB:8F:C5:C7:5D:E1:14:FD:84:7D:A5:3F:0F:55:B3:88:F8:41:50:7B:EC:3C:A4:6F:C6"}}},"request":{"raw":"GET /s/robotomono/v23/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vu_ROW4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://recte.host\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 12980\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 08 Jun 2024 18:35:24 GMT\r\nexpires: Sun, 08 Jun 2025 18:35:24 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 14 Sep 2023 01:16:45 GMT\r\ncontent-type: font/woff2\r\nage: 324435\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12980,"size_decoded":12980,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 12980, version 1.0","md5":"757d0731ea3db7be6a321b06a71ea943","sha1":"44fc18ae3406fa3b3d58a84462f5affc6958cecb","sha256":"cce2217cc8323fe49789adefb35962918c6f682518a8955aaae92f772f24952a","sha512":"290331d8d90246d5af93aaef987e6e6e708b0b035f1c191b8f87e9eb8454bd3499c30893d69ae4b61567a7741c2f7b2514a2efbcf617bf515cefccfe67225830","ssdeep":"","tlshash":"","first_seen":"2023-12-10T01:56:34Z","last_seen":"2024-08-29T17:58:12.556834Z","times_seen":15,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":107,"dns":1,"connect":23,"send":0,"wait":23,"receive":4,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"recte.host/favicon.ico","fqdn":"recte.host","domain":"recte.host","tld":"host"},"ip":{"addr":"172.67.208.75","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://recte.host/venom/calc.exe","date":"2024-06-12T12:42:39.308Z","timestamp":1718196159308,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: recte.host\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://recte.host/venom/calc.exe\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 12 Jun 2024 12:42:39 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 03 Oct 2023 18:30:48 GMT\r\nCache-Control: max-age=14400\r\nCF-Cache-Status: HIT\r\nAge: 1620\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=CuC9J86%2FfkZNIIqn3tzgihPASF1WxxxvbFeLKcGJ2SrxbyrgHdXJJzrvXenA3JEH%2FyjCb8fabn1wSoPfqgSxVPcNSNStawO6AzQBx3Uvcf7K5VeHE2KxTdcfW1uO\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8929ec0bbb2610ef-CPH\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1616,"size_decoded":5037,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"62db41431a1ea24d56f1ddd99c60708c","sha1":"042a6ae9a94e091d6af779b316fe95f4c8821634","sha256":"7f9f771db5c01084b7bc4a319ae4d917209a17435851b223be40a4110ded1e2c","sha512":"c04e27305dd634918b468394b241d53bff4eea5bb68f7c51d58228efa6d1349e3abd0af10640af247d6e63c2cc55a8b82147ee8f55c956f322cae83d30dd6641","ssdeep":"48:lzcbz45QG0bVofAHj2Vme2WYNGbElxr54H44Hm44Hy4QBdppRKpvMYIDVDZoRHUg:Ed52VmeUxaBgy4QHpnK6YE6R0Wk+9Ee","tlshash":"70a13f0e4739b541c5b2b3b98f530205f9695027b102861cbaaca2c14ff2916d2daffc","first_seen":"2024-06-10T17:05:36Z","last_seen":"2024-11-17T18:34:56.715741Z","times_seen":61,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto+Mono:100","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.147.95","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://recte.host/venom/calc.exe","date":"2024-06-12T12:42:38.867Z","timestamp":1718196158867,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 21 May 2024 06:28:35 GMT","end":"Tue, 13 Aug 2024 06:28:34 GMT"},"fingerprint":{"sha1":"4D:73:7B:C8:0B:FD:22:17:D0:48:F9:41:24:84:80:E6:EA:1D:CF:C3","sha256":"05:C3:5A:28:83:AD:FF:AC:0D:FA:27:8B:D3:A2:E0:2F:DB:65:3E:9E:0E:F8:85:A7:37:E5:BD:50:7A:6A:15:91"}}},"request":{"raw":"GET /css?family=Roboto+Mono:100 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://recte.host/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 12 Jun 2024 12:42:39 GMT\r\ndate: Wed, 12 Jun 2024 12:42:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10473,"size_decoded":10473,"mime_type":"text/css; charset=utf-8","magic":"gzip compressed data, max compression","md5":"7c11af2e2444d103dd82867028cd01b3","sha1":"c7bca7e3efc6bd1b5824aefb77c0ddd18e3279f4","sha256":"b8d7b832ea6ba1661b169ef12e8db5bf46ed5f2dbc386164599a5b19ee1c4195","sha512":"24523123b6c770468fe5b6ee8e46746b82a42593c95f0e691bc40a9196fe9f7f940d14b615f288daac3bfc6208d0be1c3779c0483405d3de4c9b2d9d72596f6c","ssdeep":"192:aFQlEuzLM3toyXVDVm+61eTyiR/hHYTw9b2beTymzDlfuX6pJDYqvll5+1OrQlZA:PlE68FXVDP60Ty0p6w9ybeTFlWYDYQlV","tlshash":"bc22be6e6350a44af5b9fb33998cf3788119f7542145ca4b12e7b44aaeac0bdef05004","first_seen":"2024-08-19T20:12:38.684529Z","last_seen":"2024-08-19T20:12:38.684529Z","times_seen":1,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":148,"dns":1,"connect":35,"send":0,"wait":68,"receive":1,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}