{"report_id":"b018914a-91da-40ca-b1da-87e201761742","version":6,"status":"done","tags":["botpanel","malware"],"date":"2024-07-05T03:22:19Z","url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login/","fqdn":"23.94.168.52","domain":"23.94.168.52","tld":""},"ip":{"addr":"23.94.168.52","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"title":"Supershell - 登录"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T11:13:04Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"23.94.168.52:8888","ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":19,"request_count":10,"received_data":771526,"sent_data":3690,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rsms.me","ip":{"addr":"104.21.234.235","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-12-05","domain_rank":102779,"first_seen":"2014-10-14 19:46:02","last_seen":"2024-07-04 11:57:39","alert_count":0,"request_count":2,"received_data":348408,"sent_data":925,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-03 18:12:42","alert_count":0,"request_count":8,"received_data":7097,"sent_data":2616,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-05T03:21:54Z","timestamp":1720149714,"ip_dst":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"ip_src":{"addr":"Client IP","port":45748,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox Unknown malware botnet C2 traffic (ip:port - confidence level: 50%)","source":"{\"timestamp\":\"2024-07-05T03:21:54.183999+0000\",\"flow_id\":1798721143754431,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":45748,\"dest_ip\":\"23.94.168.52\",\"dest_port\":8888,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91286365,\"rev\":1,\"signature\":\"ThreatFox Unknown malware botnet C2 traffic (ip:port - confidence level: 50%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"23.94.168.52\",\"port\":8888},\"target\":{\"ip\":\"172.18.0.9\",\"port\":45748},\"metadata\":{\"confidence_level\":[\"50\"],\"first_seen\":[\"2024_06_18\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":74,\"bytes_toclient\":0,\"start\":\"2024-07-05T03:21:54.183999+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/tabler.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"a0fbd55554b2cdaef264d38eafb728d9","sha1":"57704bc0edce6c54dacb557c5073fbc3f1f1e537","sha256":"40dc9ece12a8f6ef9966a81e08a4a2510d003121d1e5bdf9a95aee9c85878b8a","sha512":"29ade6282b52b8f2b38a767086e5f29178e173157d9a19aa1be3e3d558de09631282da78c37fdad16f3a0d21f774612ac6c780fb3ad9b470becb0ffc35357db4","ssdeep":"1536:gTKQBUafsY8VNNiSY3jisVjjC/3/2I5XThhJ/AcWxxvUAVd62wOC6zNpfbnmERZL:giTJyisVjDxBjp7nmOZCxdyRm3WQe","tlshash":"efe3c794b292b0724ada90a9403b020bf3366a58708ac15cf57de8dd2e7dd867177f7c","size":146910,"data":"","first_seen":"2023-07-18T02:09:12Z","last_seen":"2026-04-04T12:57:06.026416Z","times_seen":11253,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/jquery.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a7b18606448bded22cd1cf48d4712cc","sha1":"5b9df089eb85cecb320fd9ed3f0f9da173c92d61","sha256":"ab0d063b4ff2827192c0e44103d3091457a1d2374c3b6243721c5679bb61eae2","sha512":"b03d9f227ae0de5828e038805c46142ffc9b2b94c3c365588b5d4588ffcfaeaedceaa5e8fc314a25412539e2b250736dcc352868948a7887947d6456134dd6d3","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrR:++414Jiz6fh6lTqya98HrR","tlshash":"8383d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84344,"data":"","first_seen":"2023-03-07T01:18:00Z","last_seen":"2026-04-04T12:57:06.022725Z","times_seen":12793,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/toastr.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"8ee1218b09fb02d43fcf0b84e30637ad","sha1":"f871160d56be073d37159b169da23945fa132ab7","sha256":"1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143","sha512":"292be72897bf32e1850db5ec65a5964e86f7351e33a825192c1e003d7159199f94fecc1f1e1fc255a657737bc86bfa45ae244af814aea1ec432e1f3bee34507c","ssdeep":"96:yd4ZR1JHdOBjvZHEIY/X9oxNDP9mEL1RWBsEyJiJAsq/Aef2ffr6:yOBt8j9EI8cN3WziYIxWr6","tlshash":"59b19484b120f28b5b739069919f141b967673a2cccf4510763ae99cbe7052897a3fdc","size":5251,"data":"","first_seen":"2023-03-07T12:06:48Z","last_seen":"2026-04-04T12:57:06.02329Z","times_seen":12980,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/func/login.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"bcbb4af9c70de03edd8fc6c64604de7b","sha1":"af8abcc821cff7f7e34f10c2b3d3da50ddbf247c","sha256":"0c170addf4db0652f05cb8692978add1e819daa3891780164468c600055f5159","sha512":"335bc7ac8940e4ae88ea508ed922e614cd849b3d5e4163b6ad719be0da3ac7ccad5194d06ef908ae7987d267c3f0bc860bc934e59d5980438e6a2dfc43fbb047","ssdeep":"","tlshash":"e9518465b9096e36d62a67f54ff9801032aeb0d4541309083f6c0dce3b36a5fd223e4c","size":2756,"data":"","first_seen":"2023-07-18T02:09:12Z","last_seen":"2026-04-04T12:57:06.023757Z","times_seen":11294,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:53.680130929Z","timestamp":1720149713680,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E4778C960B009C229DBB555FF7679B6D245D6F7111FD66FD5C514847B06ACDBB\"\r\nLast-Modified: Wed, 03 Jul 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4333\r\nExpires: Fri, 05 Jul 2024 04:34:06 GMT\r\nDate: Fri, 05 Jul 2024 03:21:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"957cd8e6bd774045d4cab550ce76f80a","sha1":"d06d4246273e9ba4fba69494038c77f5c53aadb6","sha256":"e4778c960b009c229dbb555ff7679b6d245d6f7111fd66fd5c514847b06acdbb","sha512":"622e80a3c0127ea2ba7645aa24082f8e9ae5f7df651dcc4beb756a9afae0d5402dbf265b8ca710cfffe466df25151989555956e2f08984e8e09327a6b086dfb5","ssdeep":"","tlshash":"4ef00e9213e77a80aaa009236eece53d1d3c6a6c261502f017e041fb9869bb64184888","first_seen":"2024-07-03T08:47:34Z","last_seen":"2024-08-19T18:16:08.498809Z","times_seen":45866,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:53.755760223Z","timestamp":1720149713755,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3BB2A3698D452F1DE2FF4F283A89FC427D9FE01C02AD968F215BEE1834B1C1E3\"\r\nLast-Modified: Thu, 04 Jul 2024 15:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17710\r\nExpires: Fri, 05 Jul 2024 08:17:03 GMT\r\nDate: Fri, 05 Jul 2024 03:21:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e9a839fbbf2a5bc4f1a01cd5fca04d5e","sha1":"ff4396bb2dcc9211b70f2e3266720172ee2ce085","sha256":"3bb2a3698d452f1de2ff4f283a89fc427d9fe01c02ad968f215bee1834b1c1e3","sha512":"f24e231017d32c1b1604d0d7e6e0ea6cc23cf43026e68b3d1cc81e06370b0b2f07e21840408613f1f3ea44040167afac8575241e3b5a548cd9889c55dbaa1b55","ssdeep":"","tlshash":"7bf00ede1ed93e41b2a8522d1a70d81d6d01beba287008e9248143d62f587e689c4d4e","first_seen":"2024-07-04T17:28:39Z","last_seen":"2024-08-19T18:05:50.120876Z","times_seen":49663,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:54.066915907Z","timestamp":1720149714066,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BDCA7CE7BB6FEBD6A6AFB56A828CF4422C1A8971524484E8128CAFAD8E6B3367\"\r\nLast-Modified: Tue, 02 Jul 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6905\r\nExpires: Fri, 05 Jul 2024 05:16:59 GMT\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b8ee6ca153df6819132dd5d8a6ba5c76","sha1":"0ed0f0f631777272bd71ba23719e71695c9d95e1","sha256":"bdca7ce7bb6febd6a6afb56a828cf4422c1a8971524484e8128cafad8e6b3367","sha512":"bfa4d85450474abedf68b006d8f30686ac28d6691b099c832135f7f396dc714182b2a3b00a02a1e4d84801d5b94e405e6aaf5d07b1a71b8a9dd156879e3ce268","ssdeep":"","tlshash":"f3f005963377bf6057b01b20689ce77f0e56ad6e644479b8289053927c00bf1454486c","first_seen":"2024-07-02T15:39:03Z","last_seen":"2024-08-19T18:21:34.826446Z","times_seen":54016,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:54.30937957Z","timestamp":1720149714309,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"73DFDDABE9477748A0F32D3C2105CC266659ED6CECEE3B16EF8E8908192DE269\"\r\nLast-Modified: Thu, 04 Jul 2024 16:21:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9267\r\nExpires: Fri, 05 Jul 2024 05:56:21 GMT\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7a665c357c9589136708e266c9f9a140","sha1":"e75c705088f540933589402929fb9dcbb39e7747","sha256":"73dfddabe9477748a0f32d3c2105cc266659ed6cecee3b16ef8e8908192de269","sha512":"1a0acb3bf96b7eb4ba3f1e9e06f778efc37eda5216bf5e2d78f45677d6a5d3515d15a391a9c783241aacb6f859fff37aae7c8ca839d453d1375798a74adeab40","ssdeep":"","tlshash":"cff0c45e8cf0fd123a3007085acef60d2d902d8c20240ad2a08043ca93103ffcaec40d","first_seen":"2024-07-04T21:44:56Z","last_seen":"2024-08-19T18:04:35.289979Z","times_seen":10732,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login/","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-05T03:21:54.192Z","timestamp":1720149714192,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /supershell/login/ HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 FOUND\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 221\r\nConnection: keep-alive\r\nLocation: /supershell/login\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"FOUND","fingerprints":null,"data":{"size":221,"size_decoded":221,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"88ffecfff07bf5086b8d123dcb7ce361","sha1":"58e591d9f4772dca8195e37685bd44f6ea82a0c0","sha256":"9279bd33ed7c9e30f89e9861fa2fd1bb9612d56277f76adf306cc9985958555a","sha512":"3b8aeeafbe61092ee91f8ee094e470b87612360ed88c1b3611bb24418e96f8b74700d67372e3a73c5a423b004345789da4b69b661a3e19992dc2d4e274575b25","ssdeep":"","tlshash":"1ad0230531c0244d9f42014e70d51fd8dd6e6064559ce77c5f6d0d9c6c44a15d1d008b","first_seen":"2023-07-18T02:09:12Z","last_seen":"2025-03-01T16:54:40.307664Z","times_seen":7595,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":89,"dns":0,"connect":97,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/supershell/login","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-05T03:21:54.387Z","timestamp":1720149714387,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /supershell/login HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1486,"size_decoded":3363,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"8e5e6a715fb0e79cfcb1b566c3ab3156","sha1":"eec9e11cae4d956295d00f9399c438df2860b04c","sha256":"6084d5352ce347a3f6b9f7b789acc8b422b748a0cd99549f2ea534e439b8999b","sha512":"4933e2bddc1a2ea24fde318010239d236da35cfe556095f938472e1860c0d1a3450a4d7aec4e34b5c49549cbca6a9fceb4640bf568be25fe5440d3adc729db64","ssdeep":"","tlshash":"286194143cf44a37d123818aa3e4b92a6e90f143d25ad804b1ad0bd48f92f87c86395c","first_seen":"2023-10-13T00:25:14Z","last_seen":"2026-04-04T12:57:06.020619Z","times_seen":9107,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rsms.me/inter/inter.css","fqdn":"rsms.me","domain":"rsms.me","tld":"me"},"ip":{"addr":"104.21.234.235","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.651Z","timestamp":1720149714651,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rsms.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Jun 2024 08:13:54 GMT","end":"Sat, 21 Sep 2024 08:13:53 GMT"},"fingerprint":{"sha1":"E0:C9:09:74:7F:BA:0D:AD:96:70:64:79:08:C7:4D:2D:E6:B7:8D:83","sha256":"71:B0:DE:B8:63:ED:6B:C7:72:FC:C9:11:B3:CB:0E:8D:96:01:9D:E7:A9:C8:0E:7A:FA:02:E3:73:56:6F:75:16"}}},"request":{"raw":"GET /inter/inter.css HTTP/1.1\r\nHost: rsms.me\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Jul 2024 03:21:54 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 712\r\nx-origin-cache: HIT\r\nlast-modified: Mon, 25 Mar 2024 16:53:19 GMT\r\naccess-control-allow-origin: *\r\netag: W/\"6601abff-1b8d\"\r\nexpires: Thu, 27 Jun 2024 04:47:31 GMT\r\ncache-control: max-age=14400\r\ncontent-encoding: gzip\r\nx-proxy-cache: HIT\r\nx-github-request-id: D99C:0EA7:1790B49:17F8BFA:6601AC0B\r\nvia: 1.1 varnish\r\nage: 57\r\nx-served-by: cache-lcy-eglc8600065-LCY\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1711385669.215207,VS0,VE1\r\nvary: Accept-Encoding\r\nx-fastly-request-id: 4412002234a5ae20239b76fa239ec07be7e7be9f\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=TH4FIjJzf0CCaIBaBhOdYVYve9sQwHT5cUku6bXSS0MV9JryzNSbLLYxugARSYnmNLbKKwrQEF%2BHAZA2vaRPxoDhTOYYa8n6rSoyJfqe%2BfEBBcsW3Vjb8sBl\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 89e43a4518836376-LHR\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":712,"size_decoded":7053,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"c64a4ac8b3294c33af995b611a01ea33","sha1":"80299860a6975cdbc960e183ab2f43fcb3535671","sha256":"8fedfb7def1421aa9d58d1732be7164e33eec27b9c87193e010b9ddaa67b6a18","sha512":"bb5bc1128e1f2e6ac1d761cf14f884c6182299a094708300cc57cd256d1a7a51461ac0c4f8dc5fd82a7e2b3448a4b64ca15cb5804de5aa7697572bdc864bf1e1","ssdeep":"192:AEEyB1gRyQdlinoe1JWdCs6ZoRARo6llApwGnb2tS8qr4:uwgRyQdlinoe1JWdCs6ZoRARo6llApwn","tlshash":"14e1cd50663f5a01d9539c9273cfbf163d1e2d75209a1ab11a2a180cceef97943e0f5e","first_seen":"2023-11-20T04:53:45Z","last_seen":"2026-01-29T16:38:30.575741Z","times_seen":3862,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":78,"dns":29,"connect":17,"send":0,"wait":26,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/css/toastr.min.css","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.649Z","timestamp":1720149714649,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/toastr.min.css HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 6454\r\nLast-Modified: Tue, 21 Mar 2023 12:47:12 GMT\r\nConnection: keep-alive\r\nETag: \"6419a750-1936\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6454,"size_decoded":6454,"mime_type":"text/css","magic":"ASCII text, with very long lines (6454), with no line terminators","md5":"f284028c678041d687c6f1be6968f68a","sha1":"a668ec5d16eec86372216a8c1b161cdec3eebecf","sha256":"47dd690f8f315bea076e92581a7e7147443bb4c847e313ab5a7d50a8c44836d0","sha512":"e92d875b3545c6bb83959c48dec5ce659e3f789f007319101f5f898d27bf38d084a91f4be18b2ae49753e62a6ab7353b5876a5370cf006ffa2139d6034724da9","ssdeep":"96:XKZGSoKiejY1Sq9octKokNM/WQ78GhJZCjts/WP+zLmlDI/WKG8Czy4/WVMz2Tb3:XKZ6yjY1SqvKbBY8syRttzGjVMSbO6r","tlshash":"9bd18431da81361dfed3811af45966092d0be1b3e6ee5dae250fa1bcd2c67d06c33280","first_seen":"2023-04-05T23:07:13Z","last_seen":"2026-04-04T12:57:06.024847Z","times_seen":14274,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":91,"dns":0,"connect":98,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/toastr.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.658Z","timestamp":1720149714658,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/toastr.min.js HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 5251\r\nLast-Modified: Tue, 21 Mar 2023 12:47:03 GMT\r\nConnection: keep-alive\r\nETag: \"6419a747-1483\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5251,"size_decoded":5251,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5215)","md5":"8ee1218b09fb02d43fcf0b84e30637ad","sha1":"f871160d56be073d37159b169da23945fa132ab7","sha256":"1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143","sha512":"292be72897bf32e1850db5ec65a5964e86f7351e33a825192c1e003d7159199f94fecc1f1e1fc255a657737bc86bfa45ae244af814aea1ec432e1f3bee34507c","ssdeep":"96:yd4ZR1JHdOBjvZHEIY/X9oxNDP9mEL1RWBsEyJiJAsq/Aef2ffr6:yOBt8j9EI8cN3WziYIxWr6","tlshash":"59b19484b120f28b5b739069919f141b967673a2cccf4510763ae99cbe7052897a3fdc","first_seen":"2023-03-07T12:06:48Z","last_seen":"2026-04-04T12:57:06.02329Z","times_seen":12980,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":84,"dns":0,"connect":97,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/func/login.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.659Z","timestamp":1720149714659,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/func/login.js HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2756\r\nLast-Modified: Tue, 21 Mar 2023 12:47:04 GMT\r\nConnection: keep-alive\r\nETag: \"6419a748-ac4\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2756,"size_decoded":2756,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"bcbb4af9c70de03edd8fc6c64604de7b","sha1":"af8abcc821cff7f7e34f10c2b3d3da50ddbf247c","sha256":"0c170addf4db0652f05cb8692978add1e819daa3891780164468c600055f5159","sha512":"335bc7ac8940e4ae88ea508ed922e614cd849b3d5e4163b6ad719be0da3ac7ccad5194d06ef908ae7987d267c3f0bc860bc934e59d5980438e6a2dfc43fbb047","ssdeep":"","tlshash":"e9518465b9096e36d62a67f54ff9801032aeb0d4541309083f6c0dce3b36a5fd223e4c","first_seen":"2023-07-18T02:09:12Z","last_seen":"2026-04-04T12:57:06.023757Z","times_seen":11294,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":90,"dns":0,"connect":105,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/jquery.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.657Z","timestamp":1720149714657,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/jquery.min.js HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 84344\r\nLast-Modified: Tue, 21 Mar 2023 12:47:04 GMT\r\nConnection: keep-alive\r\nETag: \"6419a748-14978\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84344,"size_decoded":84344,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"7a7b18606448bded22cd1cf48d4712cc","sha1":"5b9df089eb85cecb320fd9ed3f0f9da173c92d61","sha256":"ab0d063b4ff2827192c0e44103d3091457a1d2374c3b6243721c5679bb61eae2","sha512":"b03d9f227ae0de5828e038805c46142ffc9b2b94c3c365588b5d4588ffcfaeaedceaa5e8fc314a25412539e2b250736dcc352868948a7887947d6456134dd6d3","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrR:++414Jiz6fh6lTqya98HrR","tlshash":"8383d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:18:00Z","last_seen":"2026-04-04T12:57:06.022725Z","times_seen":12793,"resource_available":true,"data":null}},"time_used":476,"timings":{"blocked":84,"dns":0,"connect":97,"send":0,"wait":97,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/js/tabler.min.js","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.656Z","timestamp":1720149714656,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/tabler.min.js HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 146911\r\nLast-Modified: Tue, 21 Mar 2023 12:47:03 GMT\r\nConnection: keep-alive\r\nETag: \"6419a747-23ddf\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":146911,"size_decoded":146911,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65272)","md5":"7b9f247cfec72dca7cd63aeb4a3ddbee","sha1":"4538feb553ec996f1483d19edbb6d16a481042ef","sha256":"70092f07f13a46d5f8fab402c92d50d1677f703ec9656590ca7a0f264296f067","sha512":"c3ff1d0567362f18d47d1b07966a95dae3a3dbbae3b822109d7ac22d4828b63321ff7249bd2b827cc8be2dd493158649c1ab681e878ebdb940bfe7ffd6cd0443","ssdeep":"1536:mTKQBUafsY8VNNiSY3jisVjjC/3/2I5XThhJ/AcWxxvUAVd62wOC6zNpfbnmERZL:miTJyisVjDxBjp7nmOZCxdyRm3WQe","tlshash":"00e3c794b292b0724ada90a9403b020bf3366a58708ac15cf57de8dd2e7dd867177f7c","first_seen":"2023-07-18T02:09:12Z","last_seen":"2025-03-01T16:54:40.311232Z","times_seen":9107,"resource_available":false,"data":null}},"time_used":565,"timings":{"blocked":85,"dns":0,"connect":95,"send":0,"wait":96,"receive":289,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/css/tabler.min.css","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.648Z","timestamp":1720149714648,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/tabler.min.css HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 498576\r\nLast-Modified: Tue, 21 Mar 2023 12:47:10 GMT\r\nConnection: keep-alive\r\nETag: \"6419a74e-79b90\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":498576,"size_decoded":498576,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65269)","md5":"8af8e772a872021c5ab4ac15887f83b9","sha1":"337336efcea0d47e92ee1857314a51d704cf65e6","sha256":"c3e9d7da708c0f3a5998e558656f2ec90f3fbbe8973651b534da0a60b24563ea","sha512":"039e1e3be0046f404468d3ea5637c04a833e6d334cd632dc45e68a8e502bc1fd7d855bd7d5fb6858d739442dbc622396dca6c9f3aa2a43cd2d03d8ba11cae368","ssdeep":"3072:qTe3kY/kAtS91fiaxPHniT4AwRUzXbzPVRb8FQRywEu2u3/gODRj:qT+tS91fiaxPHmwRUzXbzPVKwp/g4Rj","tlshash":"f4b44299f1a0313b5967805b529eeaed091a66c1df150ab7b433e37407ce6e20be1d3c","first_seen":"2023-07-18T02:09:12Z","last_seen":"2025-03-01T16:54:40.311725Z","times_seen":8952,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":495,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/img/logo.svg","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:54.654Z","timestamp":1720149714654,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/img/logo.svg HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:55 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 17610\r\nLast-Modified: Tue, 21 Mar 2023 12:48:02 GMT\r\nConnection: keep-alive\r\nETag: \"6419a782-44ca\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17610,"size_decoded":17610,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"49c9f1790bffe6655f6c02b5e48787ab","sha1":"42aaadc455b442e34d716f81c132a19f7c111321","sha256":"662b68e7f5cec8085faf5f341578bea97a3bc6785f5e900a677da664fb4202de","sha512":"4de1c066adec58ddceff9a673e93289842eb6d008da1ef449ab648826ce807986f0e4e9727777aff32303592e7e4e94a786cbbda6e0faafa09ccef50c04307c8","ssdeep":"192:wDb1OqnZd2yXx4Lz67qnZd2yXx4Lz5eQceaXvFFpqnZd2yXx4Lj6mqnZd2yXx4LS:wf1OkuK7kuxIF/ku/Tkuzy","tlshash":"02827c6b43c44b65bfae143c69b91458798cd9c5f0e4fbc8aa9f2001f0b86f1b454aed","first_seen":"2023-07-18T02:09:12Z","last_seen":"2026-04-04T12:57:06.025884Z","times_seen":10994,"resource_available":false,"data":null}},"time_used":678,"timings":{"blocked":581,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"https","addr":"rsms.me/inter/font-files/InterVariable.woff2?v=4.0","fqdn":"rsms.me","domain":"rsms.me","tld":"me"},"ip":{"addr":"104.21.234.235","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:55.311Z","timestamp":1720149715311,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rsms.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Jun 2024 08:13:54 GMT","end":"Sat, 21 Sep 2024 08:13:53 GMT"},"fingerprint":{"sha1":"E0:C9:09:74:7F:BA:0D:AD:96:70:64:79:08:C7:4D:2D:E6:B7:8D:83","sha256":"71:B0:DE:B8:63:ED:6B:C7:72:FC:C9:11:B3:CB:0E:8D:96:01:9D:E7:A9:C8:0E:7A:FA:02:E3:73:56:6F:75:16"}}},"request":{"raw":"GET /inter/font-files/InterVariable.woff2?v=4.0 HTTP/1.1\r\nHost: rsms.me\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://23.94.168.52:8888\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rsms.me/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 05 Jul 2024 03:21:55 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 345588\r\nx-origin-cache: HIT\r\nlast-modified: Mon, 25 Mar 2024 16:53:19 GMT\r\naccess-control-allow-origin: *\r\netag: \"6601abff-545f4\"\r\nexpires: Tue, 11 Jun 2024 00:12:18 GMT\r\ncache-control: max-age=2678400\r\nx-proxy-cache: MISS\r\nx-github-request-id: 233A:1A6087:287A6E:29D0DD:6667940A\r\nvia: 1.1 varnish\r\nx-served-by: cache-lcy-eglc8600039-LCY\r\nx-cache: HIT\r\nx-cache-hits: 1\r\nx-timer: S1720149715.372103,VS0,VE2\r\nvary: Accept-Encoding\r\nx-fastly-request-id: 2d9606f8f563893b2338b6f930ebe922ede430d3\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RtxyYv%2FXekk5yn8R4qPvDj5Klk4nKiMAvcJJWcX7dBdo8d0cfAGetzMjeaIgIk6z9WyAXz%2FYyJyV%2FerEbBEK%2Btf8fAfqfg11PTB%2FBR3NI0ISwIqOTaLn6lus\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 89e43a48fdf66582-LHR\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":345588,"size_decoded":345588,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 345588, version 4.0","md5":"499fcada6ddb2c38718c2c16a190d639","sha1":"9ef5d7d28925b9e0213f67b8105870e0afade711","sha256":"8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0","sha512":"87a11b8a8cf75924370985a9975f88e427eff4550ed8d88fcb9fc69d294cb7320f216cc72748742705779be516cac02e57f5c4423d8e486612f657636dcac4ea","ssdeep":"6144:JnKViLt/6nunnpMQzXmL3QY5kpTL6/5JHXLZgK5isueYDoZmy+nTPvQAZKCyomgM:hfZ/HWEXI7kt6hJ3NgxsunDR7vQXomgM","tlshash":"d874239b7b7e4ccf443bb638d549c34660221333c5df9a1e5b60f2f79b82b6265481a2","first_seen":"2023-11-20T04:53:45Z","last_seen":"2026-04-04T02:51:53.249557Z","times_seen":10395,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":39,"dns":1,"connect":0,"send":0,"wait":40,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"23.94.168.52:8888/static/img/favicon.ico","fqdn":"23.94.168.52:8888","domain":"23.94.168.52","tld":"52:8888"},"ip":{"addr":"23.94.168.52","port":8888,"asn":36352,"as":"AS-COLOCROSSING","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://23.94.168.52:8888/supershell/login","date":"2024-07-05T03:21:55.464Z","timestamp":1720149715464,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/img/favicon.ico HTTP/1.1\r\nHost: 23.94.168.52:8888\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://23.94.168.52:8888/supershell/login\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Fri, 05 Jul 2024 03:21:55 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 5563\r\nLast-Modified: Tue, 21 Mar 2023 12:47:13 GMT\r\nConnection: keep-alive\r\nETag: \"6419a751-15bb\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5563,"size_decoded":5563,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"cb183a53ebfc2b61b3968c9d4aa4b14a","sha1":"7ecdf1b8ec7a60388850f693d377540b651c2aed","sha256":"8a0bfe63bcd9859d68e4e60ac703c20e6242c2a9c690638c4887e32eadf59ceb","sha512":"fb669ddcc24d1843f84794988cfc0a24a8d82d7603c0232d527274ed79f72515b862582e7ba0d25b6f27b727f1d034293851ec688b1e4daabcbf3d213feeb6c8","ssdeep":"96:x/UcEl9rLOYZ7yIDd0wmsTK3223XWzVcfybdqqfqKmFvY1/y292xbM/FVM:eJOYZ7yUWsTK322HWzKmffcFvY1/y2ot","tlshash":"01b17e5f766084f9ccbf123d86b83b7d93a450702427d7068f39a1fa9c63fc26856461","first_seen":"2023-07-18T02:09:12Z","last_seen":"2026-04-04T12:57:06.026983Z","times_seen":11009,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-07-05","alert":"Sinkholed","trigger":"23.94.168.52","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Botnet panel","verdict":"malware","severity":"medium","comment":"Associated with Botnet webpanel","tags":["botpanel","malware"],"meta":null}]}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:56.00268912Z","timestamp":1720149716002,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27\"\r\nLast-Modified: Wed, 03 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3989\r\nExpires: Fri, 05 Jul 2024 04:28:25 GMT\r\nDate: Fri, 05 Jul 2024 03:21:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"20f6da3946882ea83e1d78dfaedbf953","sha1":"1a8f214ff6a98dae0e57244bac88b6721452a40c","sha256":"a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27","sha512":"e72f13f6ada836c1dd103fc9cc2fc7c45d3e4f42309dea8e5decfd15ba8f674666d9402d33639001e5fcdb690035335003943523a7ddd65fbb6c047b28b4c753","ssdeep":"","tlshash":"3ff00e1936debc835ae1096a2cf9f52e24282e9b354408a8399022b26c107aa45d948e","first_seen":"2024-07-03T10:33:03Z","last_seen":"2024-08-19T18:15:37.977555Z","times_seen":49369,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:56.003976506Z","timestamp":1720149716003,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27\"\r\nLast-Modified: Wed, 03 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3989\r\nExpires: Fri, 05 Jul 2024 04:28:25 GMT\r\nDate: Fri, 05 Jul 2024 03:21:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"20f6da3946882ea83e1d78dfaedbf953","sha1":"1a8f214ff6a98dae0e57244bac88b6721452a40c","sha256":"a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27","sha512":"e72f13f6ada836c1dd103fc9cc2fc7c45d3e4f42309dea8e5decfd15ba8f674666d9402d33639001e5fcdb690035335003943523a7ddd65fbb6c047b28b4c753","ssdeep":"","tlshash":"3ff00e1936debc835ae1096a2cf9f52e24282e9b354408a8399022b26c107aa45d948e","first_seen":"2024-07-03T10:33:03Z","last_seen":"2024-08-19T18:15:37.977555Z","times_seen":49369,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:56.005064373Z","timestamp":1720149716005,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27\"\r\nLast-Modified: Wed, 03 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3989\r\nExpires: Fri, 05 Jul 2024 04:28:25 GMT\r\nDate: Fri, 05 Jul 2024 03:21:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"20f6da3946882ea83e1d78dfaedbf953","sha1":"1a8f214ff6a98dae0e57244bac88b6721452a40c","sha256":"a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27","sha512":"e72f13f6ada836c1dd103fc9cc2fc7c45d3e4f42309dea8e5decfd15ba8f674666d9402d33639001e5fcdb690035335003943523a7ddd65fbb6c047b28b4c753","ssdeep":"","tlshash":"3ff00e1936debc835ae1096a2cf9f52e24282e9b354408a8399022b26c107aa45d948e","first_seen":"2024-07-03T10:33:03Z","last_seen":"2024-08-19T18:15:37.977555Z","times_seen":49369,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-05T03:21:56.005926677Z","timestamp":1720149716005,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A6AD831046E57007E12F62B75B6FC71963F13823E799A3E25E618EE09A3C9D27\"\r\nLast-Modified: Wed, 03 Jul 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3989\r\nExpires: Fri, 05 Jul 2024 04:28:25 GMT\r\nDate: Fri, 05 Jul 2024 03:21:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"20f6da3946882ea83e1d78dfaedbf953","sha1":"1a8f214ff6a98dae0e57244bac88b6721452a40c","sha256":"a6ad831046e57007e12f62b75b6fc71963f13823e799a3e25e618ee09a3c9d27","sha512":"e72f13f6ada836c1dd103fc9cc2fc7c45d3e4f42309dea8e5decfd15ba8f674666d9402d33639001e5fcdb690035335003943523a7ddd65fbb6c047b28b4c753","ssdeep":"","tlshash":"3ff00e1936debc835ae1096a2cf9f52e24282e9b354408a8399022b26c107aa45d948e","first_seen":"2024-07-03T10:33:03Z","last_seen":"2024-08-19T18:15:37.977555Z","times_seen":49369,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}