{"report_id":"97ff05d0-fa1c-48db-b97b-860277c3f70c","version":6,"status":"done","tags":[],"date":"2024-08-20T06:22:31Z","url":{"schema":"http","addr":"ovix.retardhub.xyz/RdrBundle.zip","fqdn":"ovix.retardhub.xyz","domain":"retardhub.xyz","tld":"xyz"},"ip":{"addr":"172.67.184.93","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T10:17:16Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ovix.retardhub.xyz","ip":{"addr":"104.21.19.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":1,"request_count":1,"received_data":6435920,"sent_data":486,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"60001f4e5104db6fd98509674d720cfa","sha1":"458c6bcbb5cf066950fe1a4e1a7b446ecc336761","sha256":"e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","sha512":"ca1b83ce6f5f8851ee7f5ce969041c2a6f61c801e5509b89620d4e74b2eb90c70da760bd229c27f970a2065864f62e3fa75ffe23a82d9c32c6749a1fe662ac8d","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":6435212,"url":{"schema":"https","addr":"ovix.retardhub.xyz/RdrBundle.zip","fqdn":"ovix.retardhub.xyz","domain":"retardhub.xyz","tld":"xyz"},"ip":{"addr":"104.21.19.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"OvixBundle/appdata.lnk","filename":"appdata.lnk","modified":"","Modified":"2024-02-20T22:44:22+05:30","magic":"MS Windows shortcut, Item id list present, Points to a file or directory, Directory, ctime=Wed Oct  5 10:01:06 2022, mtime=Tue Feb 20 17:14:20 2024, atime=Fri Feb 16 08:00:43 2024, length=32768, window=hide","size":1921,"md5":"da95cc5a365e3f76d347b40073e55727","sha1":"e81a453c6a65e61c43e1b680e3a95a77f7d0c355","sha256":"421bd6156a87b6139646202d4b121c0b954e049153417c33071a97a50989ebb1","sha512":"4c763c71052aff73c6ae0804aedfcdcc45ccf11abb89049384ecf8840526941d85a2836bc48b83de9cc89893fa886217e407ebf248742de4d19795d8ce3862ea","alerts":{"urlquery":null,"analyzer":null}},{"path":"OvixBundle/Ovix/RDR2/headers/ovix.png","filename":"ovix.png","modified":"","Modified":"2024-01-21T22:42:42+05:30","magic":"PNG image data, 1104 x 368, 8-bit/color RGBA, non-interlaced","size":238969,"md5":"329fde5ed3b5729426487ae492d92028","sha1":"dc7acd5373479943727c6a6d855fa7fa03e218a6","sha256":"6494be617a92377297a0b34c8f3e86cced0c024eab7bd0c1a884b1319e3abcf4","sha512":"533febad86048bfb5d54b290b355cda67f4571596ab511a4cf151fa2ff150c2ca23ae9702e8e7d8b732858a237fdfaec16a0c33c4e3fe6bcfe8ed2771918c180","alerts":{"urlquery":null,"analyzer":null}},{"path":"OvixBundle/Ovix/RDR2/Ovix.dll","filename":"Ovix.dll","modified":"","Modified":"2024-03-22T21:42:50+05:30","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 12 sections","size":5879824,"md5":"571f56f1a5b157c87d6b23632297693a","sha1":"daf5cd371b1d9e3ea896a7ae3bc50c2920269289","sha256":"f57b3ea71fc1a296770464e6e8bdf769104030953966c75f816c5bf3eac1f80d","sha512":"c9c07a9a354fd52fbb6b4515739befeb342ce40bf9266a44f99a70c9abced28a15767ec66b08aae62a2804ef91a2c9709cc474e19bf5fe3857e876d0a8145c6d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-30","alert":"Scan result 30/75","trigger":"f57b3ea71fc1a296770464e6e8bdf769104030953966c75f816c5bf3eac1f80d","verdict":"malicious","severity":"","comment":"malicious - 30/75","link":"https://www.virustotal.com/gui/file/f57b3ea71fc1a296770464e6e8bdf769104030953966c75f816c5bf3eac1f80d","meta":null}]}},{"path":"OvixBundle/Ovix/RDR2/translations/Chinese.json","filename":"Chinese.json","modified":"","Modified":"2024-01-21T22:42:46+05:30","magic":"JSON text data","size":6060,"md5":"be1406a5879ea61d4f5f4dee45463128","sha1":"f7457a9efb9a7b44f7c971ddfce309f4eb62f973","sha256":"de75afa1889443f87aeaea4065499ea2584c76b7adc4b92612d651c8d6cbfa32","sha512":"a60aca4712d7aab5aceb501341978f01a6a11dc1286cf8aa466a5d1c35ba0c7b218f66f71e46fa6896adcfa7f9f93026a1cc1a6646e616f1214cd871326707c5","alerts":{"urlquery":null,"analyzer":null}},{"path":"OvixBundle/Ovix/RDR2/translations/English.json","filename":"English.json","modified":"","Modified":"2024-01-21T22:42:46+05:30","magic":"JSON text data","size":5919,"md5":"20070521087b6a0ee7e5aeab1d90fcf7","sha1":"943398ba5a67cb75a5ed31fd90c116ffa73f24e4","sha256":"771f951ea444c0e5c8eb72f5b403e0ef3aa399af2eda72354a2cccc838223fde","sha512":"7194d3867a1d05d80d5ca15a0da0853b1ac68343d8b6998a4db1a16c5866ba6e873ace8ce78fa40e15c63a82491629d9922edc2a46be14219a1ee8c727256e15","alerts":{"urlquery":null,"analyzer":null}},{"path":"OvixBundle/OvixRDRLauncher.exe","filename":"OvixRDRLauncher.exe","modified":"","Modified":"2024-02-22T21:17:38+05:30","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":1196032,"md5":"808bb304f7fad076d490d3f49bffa294","sha1":"5d0256bd5993213f0f1bb0ebe8d305f563239cf0","sha256":"07cd999a4cef4d323c3ac77ba4042e4b8f7cdad7308ce1d40b03f44a0956a419","sha512":"3cc6f09296c4a863cb9efb09292d2a10b460c38ea716244a03b2af5b3780a6a5a43369ef8329deb50e0c08adb1d75e105a3045c94ec415b61752f9e05ce8f9de","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-21","alert":"Scan result 45/73","trigger":"07cd999a4cef4d323c3ac77ba4042e4b8f7cdad7308ce1d40b03f44a0956a419","verdict":"malicious","severity":"","comment":"malicious - 45/73","link":"https://www.virustotal.com/gui/file/07cd999a4cef4d323c3ac77ba4042e4b8f7cdad7308ce1d40b03f44a0956a419","meta":null}]}},{"path":"OvixBundle/README.txt","filename":"README.txt","modified":"","Modified":"2024-02-20T22:49:26+05:30","magic":"ASCII text, with CRLF line terminators","size":139,"md5":"68778fb62e2e3559f23f2ec68978d2b4","sha1":"bac1143c60adfef8571c647f8711b1def2cf5bf4","sha256":"dcb4f46ae8e31dcacb3b85cf186ba7ae6e4c988793b250d4781dffa434eeefdf","sha512":"0e8d9a424f32212485eab33f84065f5aa31fd7e790a1c335bac02b2f77bb2facd3d9e2d2fa9514c46024806989bf47c97855461b6f4185a9046b911d2b5019f4","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-07","alert":"Scan result 40/71","trigger":"e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","verdict":"malicious","severity":"","comment":"malicious - 40/71","link":"https://www.virustotal.com/gui/file/e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:04.231470413Z","timestamp":1724134924231,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C5FDDE15E0DC09E045C2DF21C77D2C87E6C7D4ABE86048426F468FCD696054E0\"\r\nLast-Modified: Sun, 18 Aug 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6632\r\nExpires: Tue, 20 Aug 2024 08:12:36 GMT\r\nDate: Tue, 20 Aug 2024 06:22:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18cce98073c1bf25df62a3ca026dedbf","sha1":"26ea37fc15ead14ac2047d074f6c4153d57775d0","sha256":"c5fdde15e0dc09e045c2df21c77d2c87e6c7d4abe86048426f468fcd696054e0","sha512":"77c11720b94e7dd2bd49d57d7116ec80ecb3f536d7541a09b212a4503f1942c327ae91713cd33f75b82902a55b85803c80d21f0581c6c79266910c65325dea9e","ssdeep":"","tlshash":"5ef0750704b2b9a036bd320327f7c821ea24e8b5186d889a29c041d15c51fd5fda401c","first_seen":"2024-08-18T23:48:14Z","last_seen":"2024-08-21T12:56:35.090265Z","times_seen":19240,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:04.233454216Z","timestamp":1724134924233,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EAABD011ED0722DEEEE97E566B8318B17D8E993D31DB4C2CC31CF0E3CD8191F5\"\r\nLast-Modified: Mon, 19 Aug 2024 12:55:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11479\r\nExpires: Tue, 20 Aug 2024 09:33:23 GMT\r\nDate: Tue, 20 Aug 2024 06:22:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50a89b39234eb6cc4eda70d7e27be17f","sha1":"306340eb26b6817fd8851a085563a88eed7e2b6b","sha256":"eaabd011ed0722deeee97e566b8318b17d8e993d31db4c2cc31cf0e3cd8191f5","sha512":"7d592199f85ced546368250c7f6e71bad2611144a4f9cf9d2346a20146b5969bb44c255d6f34f150491509120073feb4e9578bf92a6afb9e2cb493afeadcca3d","ssdeep":"","tlshash":"bef00e154c13ba61f761343f45dcf03f2431def8302a21e6989ca3d43cb17a9568080c","first_seen":"2024-08-19T15:50:19Z","last_seen":"2024-08-22T17:23:48.161724Z","times_seen":40825,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:04.692593462Z","timestamp":1724134924692,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"07BB496669AF2E33765F0AD730934DAD6F8AD79A628C6B21CD545505335471C6\"\r\nLast-Modified: Mon, 19 Aug 2024 21:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6729\r\nExpires: Tue, 20 Aug 2024 08:14:13 GMT\r\nDate: Tue, 20 Aug 2024 06:22:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5d0dd93e6a07253100201a9c8a3e15a5","sha1":"30adbd52887825ae2779d7fb12276bed8b1d8178","sha256":"07bb496669af2e33765f0ad730934dad6f8ad79a628c6b21cd545505335471c6","sha512":"cd4f007dd0abd0dd3e4dc49bb9e26bc44db873b90c5f910823dc692fb0a23dcb0a2d8499a04a2ca984ef20a3cd00ecc460fb79fb1fe92afc1ea3060936aaa909","ssdeep":"","tlshash":"00f0548a27ebb624bd740d4555a2f01baed3cda838f0d4e7b484c6e06d207c8db810ce","first_seen":"2024-08-20T02:39:08Z","last_seen":"2024-08-22T17:23:48.162993Z","times_seen":38938,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:05.125094081Z","timestamp":1724134925125,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A\"\r\nLast-Modified: Sun, 18 Aug 2024 15:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17158\r\nExpires: Tue, 20 Aug 2024 11:08:03 GMT\r\nDate: Tue, 20 Aug 2024 06:22:05 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18f75729f3e25e2eb7f12b70dfce3849","sha1":"479177b92dda7c4e8763c80a15cbc71c3386d06c","sha256":"0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a","sha512":"e66c720ca28beb0fbe2f36167471d00b84a0b62b82930af69daff98902f1307d0cf60aa29ad35c97ede418f7e3bff9a2008d9fc5767e563f16539636c6ce220c","ssdeep":"","tlshash":"aaf05c473c6e7523876219317779d4297b31fcf53415409370d803f269117c556c004c","first_seen":"2024-08-18T17:20:22Z","last_seen":"2024-08-21T10:22:51.030856Z","times_seen":40508,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ovix.retardhub.xyz/RdrBundle.zip","fqdn":"ovix.retardhub.xyz","domain":"retardhub.xyz","tld":"xyz"},"ip":{"addr":"104.21.19.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-20T06:22:04.808Z","timestamp":1724134924808,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"retardhub.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jul 2024 18:01:15 GMT","end":"Sun, 13 Oct 2024 18:01:14 GMT"},"fingerprint":{"sha1":"A5:B8:0A:E0:4E:C1:47:85:E6:B6:6F:BB:0D:11:B6:0E:72:5B:AA:D8","sha256":"8B:68:75:FE:23:78:C1:36:A4:7D:30:5E:5E:84:D1:5A:9D:11:41:33:29:B6:82:AB:E0:58:15:DF:25:28:D0:C7"}}},"request":{"raw":"GET /RdrBundle.zip HTTP/1.1\r\nHost: ovix.retardhub.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 20 Aug 2024 06:22:04 GMT\r\ncontent-type: application/zip\r\ncontent-length: 6435212\r\nlast-modified: Sat, 17 Aug 2024 19:54:28 GMT\r\netag: \"66c0fff4-62318c\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=1VWhsUbK%2BDNNk%2FLxjKATX0iHIfm5lRM%2BkCwQ1RdlcfQrC1U%2BtFzZigO4FtLfFtvS03evIYqI5x7dtSVSDzfe0iTWjvXWw0VKvzSLVo4gC6owhfrisAgIMMhYdfOFflID4qCXHxo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8b604970387d56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6435212,"size_decoded":6435212,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"60001f4e5104db6fd98509674d720cfa","sha1":"458c6bcbb5cf066950fe1a4e1a7b446ecc336761","sha256":"e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","sha512":"ca1b83ce6f5f8851ee7f5ce969041c2a6f61c801e5509b89620d4e74b2eb90c70da760bd229c27f970a2065864f62e3fa75ffe23a82d9c32c6749a1fe662ac8d","ssdeep":"98304:5jr/lbvqfoNQJrI0D9c4NxrozYtMiNr3o5CqI2Cy2JU4gjFX1AR0KWFmgD7zrh:lr/lLqft5I0D9zFBN7o7nYR0K9a7zV","tlshash":"bf563391466e4cc9d046de76efd8c4bf3aef10e7796d41a3d20ad05ac79e282c08749e","first_seen":"2024-08-13T18:10:54Z","last_seen":"2024-08-21T10:17:16.876546Z","times_seen":2,"resource_available":false,"data":null}},"time_used":888,"timings":{"blocked":30,"dns":1,"connect":1,"send":0,"wait":141,"receive":686,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-07","alert":"Scan result 40/71","trigger":"e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","verdict":"malicious","severity":"","comment":"malicious - 40/71","link":"https://www.virustotal.com/gui/file/e16cc1c292d6cb3d5306377f2cdb7a75169fc7ee3b5cd34a94b6c4b73e9c1315","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:06.784152535Z","timestamp":1724134926784,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2454\r\nExpires: Tue, 20 Aug 2024 07:03:00 GMT\r\nDate: Tue, 20 Aug 2024 06:22:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T06:22:06.785364991Z","timestamp":1724134926785,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2454\r\nExpires: Tue, 20 Aug 2024 07:03:00 GMT\r\nDate: Tue, 20 Aug 2024 06:22:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}