{"report_id":"99f5f80d-be75-481b-bce3-00034d2d7994","version":6,"status":"done","tags":[],"date":"2024-09-29T14:47:38Z","url":{"schema":"http","addr":"181.78.105.146:6060/play/a02z/index.m3u8","fqdn":"181.78.105.146","domain":"181.78.105.146","tld":""},"ip":{"addr":"181.78.105.146","port":0,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Guatemala","country_code":"GT"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-13T11:10:53Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-28 18:12:41","alert_count":0,"request_count":4,"received_data":3549,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"181.78.105.146:6060","ip":{"addr":"181.78.105.146","port":6060,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Guatemala","country_code":"GT"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":420,"sent_data":410,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-28 18:12:10","alert_count":0,"request_count":1,"received_data":888,"sent_data":327,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-29","alert":"Sinkholed","trigger":"181.78.105.146","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T14:47:13.222895935Z","timestamp":1727621233222,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4868FAF0CF6C4F9BD0D7DB49DCDE0B7358890C362D5281A233AB666A702E1741\"\r\nLast-Modified: Sat, 28 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4205\r\nExpires: Sun, 29 Sep 2024 15:57:18 GMT\r\nDate: Sun, 29 Sep 2024 14:47:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d070dea5a1c30c330443d09132734e63","sha1":"3ca8c0f7cd2afd3a26da8bbe3f8a47c5995294f4","sha256":"4868faf0cf6c4f9bd0d7db49dcde0b7358890c362d5281a233ab666a702e1741","sha512":"1d47570d932cd437b5c1e807b6fe33e353730c9766d6a331819009c38d52f7ce69e3e7c6afb9831c9b670336052c61b543fcb3496cfdc5f32dac08c63a091cff","ssdeep":"","tlshash":"dcf00e723fba3500fa742f0678d5cc651e65aaf8700892d022d09252bd10bd815de01c","first_seen":"2024-09-28T14:22:13Z","last_seen":"2024-10-04T11:26:59.888878Z","times_seen":24632,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T14:47:13.275105622Z","timestamp":1727621233275,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DCD0A39D2797B3578C25899FD889C37FF54980F9DBC1888DCE17D6512539E9F0\"\r\nLast-Modified: Sun, 29 Sep 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12023\r\nExpires: Sun, 29 Sep 2024 18:07:36 GMT\r\nDate: Sun, 29 Sep 2024 14:47:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"dbde5c5adbbd6a8e97882b8268361ce9","sha1":"d8857cca329a8ee2f9f6af7d4e534e394d9d59f1","sha256":"dcd0a39d2797b3578c25899fd889c37ff54980f9dbc1888dce17d6512539e9f0","sha512":"e49c546a26a4320729243fa8b3e54625764350a29a33b3dc8977a6576ed3478908ea4fcccf9ea0c8aebc6fd93f2a32b5fdcfe1fc831a67d42a1557192946be69","ssdeep":"","tlshash":"3ff005ed1166fdd1b75144063c61db643d3068fe3c754492bde4cbd26551b98094875c","first_seen":"2024-09-29T14:20:01Z","last_seen":"2024-10-04T11:12:24.118754Z","times_seen":9259,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T14:47:13.556922437Z","timestamp":1727621233556,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D98004D3571E1A51D26420F00A34D03BA467DA831291574A99D2A920AABC60DE\"\r\nLast-Modified: Fri, 27 Sep 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9376\r\nExpires: Sun, 29 Sep 2024 17:23:29 GMT\r\nDate: Sun, 29 Sep 2024 14:47:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7a008f7018d5b98d787afdc07ddf2066","sha1":"88ae935b7f05301000668ad6fb1d83f6a86e82b4","sha256":"d98004d3571e1a51d26420f00a34d03ba467da831291574a99d2a920aabc60de","sha512":"0ea884269848de2d62fa3b9ba4f8e053022bedf0c617cff5ee003f3cfe4133c567d6104c5323a4efc01b5e249704f6c332abee16aa0dea3818d88cef49ec0259","ssdeep":"","tlshash":"d6f00e9955b6f802bbb90d5a38f0e84acd72e9b83900add07cd58be6a4423ec07c5008","first_seen":"2024-09-27T18:46:47Z","last_seen":"2024-10-04T11:30:57.35425Z","times_seen":30020,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T14:47:13.627054113Z","timestamp":1727621233627,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"99289CCBCD1ED7679DAD27FA9565DBC77D0A59332BEE28C1A2480426667B16EF\"\r\nLast-Modified: Fri, 27 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3497\r\nExpires: Sun, 29 Sep 2024 15:45:30 GMT\r\nDate: Sun, 29 Sep 2024 14:47:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4b28467956198f83634920e149806abd","sha1":"608e925158915f159b491eba496c9f65cf4bf0c8","sha256":"99289ccbcd1ed7679dad27fa9565dbc77d0a59332bee28c1a2480426667b16ef","sha512":"a973e5b8a975554cbe1452f1e875f6a748ba2500419f74f2898444a0bc74a062d26dcd2ec9745b28c1fb1660a2e0cba9b47b9b9dfa0dc3407451a3ba7cd9d772","ssdeep":"","tlshash":"75f00eb236c1b904a7f41630bebae59d8e7165e8290019d81ce407f72420bee52c689c","first_seen":"2024-09-27T21:55:35Z","last_seen":"2024-10-04T11:30:57.354725Z","times_seen":13613,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"181.78.105.146:6060/play/a02z/index.m3u8","fqdn":"181.78.105.146:6060","domain":"181.78.105.146","tld":"146:6060"},"ip":{"addr":"181.78.105.146","port":6060,"asn":52468,"as":"UFINET PANAMA S.A.","country":"Guatemala","country_code":"GT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-29T14:47:13.644Z","timestamp":1727621233644,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /play/a02z/index.m3u8 HTTP/1.1\r\nHost: 181.78.105.146:6060\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Astra\r\nDate: Sun, 29 Sep 2024 14:47:13 GMT\r\nCache-Control: no-cache\r\nContent-Length: 134\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET\r\nAccess-Control-Allow-Credentials: true\r\nContent-Type: application/vnd.apple.mpegURL\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134,"size_decoded":134,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"3fa23cc4e1c4e8cfcb43dd5762c05f14","sha1":"b5ca7900e0af9f71c95064a1badf600e29416f9e","sha256":"79e58115108c66c1d465efc3e57d1fa073b0ae6d1b204d95d62c784a6cf525e1","sha512":"fe91e0a4cc6712a649d1429e0fbb602093686c2483665195670d735ea1d11ec4a1ec8a651a5c2b1869d64ac4c19c7e7683a59a0881f7833561d61fec69f6b2aa","ssdeep":"","tlshash":"9dc02bc0b16dc2a46444c4c0d2982037a53d51d40c55093033e7c4800882c407aac005","first_seen":"2024-10-04T11:10:56.247337Z","last_seen":"2024-10-04T11:10:56.247337Z","times_seen":1,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":139,"dns":0,"connect":144,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-29","alert":"Sinkholed","trigger":"181.78.105.146","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-29T14:47:15.362603649Z","timestamp":1727621235362,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D9AC18F65CD9E42C677C8607BFDC0811B73E6C711804F4B5AE78AC30A59C71A4\"\r\nLast-Modified: Fri, 27 Sep 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12668\r\nExpires: Sun, 29 Sep 2024 18:18:23 GMT\r\nDate: Sun, 29 Sep 2024 14:47:15 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"dfedf5b10ed23db78cab4d0e5943dbbb","sha1":"6e0d497c63bd73836ac42bb2fe0b859cdbfd1a5f","sha256":"d9ac18f65cd9e42c677c8607bfdc0811b73e6c711804f4b5ae78ac30a59c71a4","sha512":"d5e1fb40e8cc6be852de5bb45d3e15f6d8b8445c49b36c81a0d0557ddf60daf37135ed50fba2cc9ef2d1a1b2ef9ff1b5190487c4d325f156374a488bbc7294a2","ssdeep":"","tlshash":"0ff0c06034a1de600f341924ececd53f2664ace82c4421f1d48e53a178647bd524504c","first_seen":"2024-09-27T17:26:02Z","last_seen":"2024-10-04T11:25:56.726592Z","times_seen":11965,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}