{"report_id":"e281754b-b309-40f0-9036-4f06171ea5c8","version":6,"status":"done","tags":[],"date":"2024-07-30T10:29:59Z","url":{"schema":"http","addr":"wikileaks.org/spyfiles4/binaries/ffrelay-debian-4.30.ggi.zip","fqdn":"wikileaks.org","domain":"wikileaks.org","tld":"org"},"ip":{"addr":"51.159.197.136","port":0,"asn":12876,"as":"Scaleway S.a.s.","country":"France","country_code":"FR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T07:42:16Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-29 18:12:12","alert_count":0,"request_count":6,"received_data":5325,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-07-29 18:12:11","alert_count":0,"request_count":1,"received_data":888,"sent_data":327,"comment":"","tags":null,"fingerprints":null},{"fqdn":"wikileaks.org","ip":{"addr":"80.81.248.21","port":443,"asn":15657,"as":"Speedbone Internet \u0026 Connectivity GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2006-10-04","domain_rank":299872,"first_seen":"2012-07-10 21:19:39","last_seen":"2024-06-26 13:34:52","alert_count":1,"request_count":1,"received_data":223275,"sent_data":514,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"180caf23dd71383921e368128fb6db52","sha1":"03c15a82f46543f703298baf1b877a4d2f7bc0f7","sha256":"7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","sha512":"318075f9d829ea910f40b52f71205f438558287e4219094c1faf264f8829519a7d4c0e835d656629d7a6e10636feb4ab95c987b545d012c414f2c00204f1cc15","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":222905,"url":{"schema":"https","addr":"wikileaks.org/spyfiles4/binaries/ffrelay-debian-4.30.ggi.zip","fqdn":"wikileaks.org","domain":"wikileaks.org","tld":"org"},"ip":{"addr":"80.81.248.21","port":443,"asn":15657,"as":"Speedbone Internet \u0026 Connectivity GmbH","country":"Germany","country_code":"DE"},"archive":[{"path":"ffrelay-debian-4.30.ggi","filename":"ffrelay-debian-4.30.ggi","modified":"","Modified":"1984-01-01T13:00:00+01:00","magic":"Bourne-Again shell script executable (binary data)","size":227457,"md5":"febb1aeec754b65665289aa1447fdf86","sha1":"5a447b28a6440cd3e8af25d35c036edc6dca8476","sha256":"716dfc991af82e8d2563dc4b6f121c7a3ed7d6fcfe58d20b4c826ec456942b65","sha512":"0a7af11dab65799cc040128a124f19bc73c17552c807cd2ee0c166ff3e155030200d5e0860f570157da1354ed8963008b1d0ba3b0d076b6b90c34aa1137d63ea","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-22","alert":"Scan result 32/64","trigger":"716dfc991af82e8d2563dc4b6f121c7a3ed7d6fcfe58d20b4c826ec456942b65","verdict":"malicious","severity":"","comment":"malicious - 32/64","link":"https://www.virustotal.com/gui/file/716dfc991af82e8d2563dc4b6f121c7a3ed7d6fcfe58d20b4c826ec456942b65","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-18","alert":"Scan result 31/67","trigger":"7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","verdict":"malicious","severity":"","comment":"malicious - 31/67","link":"https://www.virustotal.com/gui/file/7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:33.766255723Z","timestamp":1722335373766,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"159FE1F7A2D6EA4C94209AF2EA277A66B066E7970331BC6F68B3C34B25BD1E6D\"\r\nLast-Modified: Mon, 29 Jul 2024 18:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14799\r\nExpires: Tue, 30 Jul 2024 14:36:12 GMT\r\nDate: Tue, 30 Jul 2024 10:29:33 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8de48a40f03d0580f3403af038bdc7c5","sha1":"26acd49233fc235bbea743c0a675d50b4810ec89","sha256":"159fe1f7a2d6ea4c94209af2ea277a66b066e7970331bc6f68b3c34b25bd1e6d","sha512":"17d94aab4de011071acdaf1e72470cc264b0e39962f214b6c405d87673172d8a54ab6474b7b39d066178db50336a6e5573b756064b3fd92ef35bc0c7300831a5","ssdeep":"","tlshash":"a1f075012481be10e1b0045a22f6e19e2938a56c2c4e28221a400eca78a1b224ec7006","first_seen":"2024-07-30T05:07:23Z","last_seen":"2024-08-19T15:18:43.301122Z","times_seen":8738,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:33.779873938Z","timestamp":1722335373779,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8855EF94F553A3D130A13BDF45BA112B3A3282A8110A98DAE49144E0B70CFF7B\"\r\nLast-Modified: Mon, 29 Jul 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19308\r\nExpires: Tue, 30 Jul 2024 15:51:21 GMT\r\nDate: Tue, 30 Jul 2024 10:29:33 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0a7ed9f549f2b3f25d9e54500bcb15b9","sha1":"93b4f0fb8a1be59fa68f9a72a2196c84be6ad61a","sha256":"8855ef94f553a3d130a13bdf45ba112b3a3282a8110a98dae49144e0b70cff7b","sha512":"c3641231634e590c131260035f4e3b7e97e26ee686305ae08106b063f9b119563075340547050164a261926be18543f60c9b5b0b0d2f34fd6b45634e57a53026","ssdeep":"","tlshash":"4ff00511040eac01b69610027cf5e12a6c5176bd184915de19d001f0bd447a78f95e0d","first_seen":"2024-07-30T01:03:33Z","last_seen":"2024-08-19T15:19:25.312862Z","times_seen":24504,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:34.075445675Z","timestamp":1722335374075,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E9E51DA5ED2854A5EAD2219E70B950CCAC93EFD228BDD965F3A116EE600F390B\"\r\nLast-Modified: Mon, 29 Jul 2024 18:26:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=10261\r\nExpires: Tue, 30 Jul 2024 13:20:35 GMT\r\nDate: Tue, 30 Jul 2024 10:29:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"12b3b90abdd8ddc5edfc58288f11925f","sha1":"8093a9a5520def1c87fd60aab5c3636f305224d2","sha256":"e9e51da5ed2854a5ead2219e70b950ccac93efd228bdd965f3a116ee600f390b","sha512":"ef64588e30a845df457929a80bdb26f3f5c404cfe9bfcd21dfe3d7369026827acc6bd7fa73abc2f9befba03b5d542ed72fde6cd66560861d6e99fd31c3bcc584","ssdeep":"","tlshash":"ebf0054605eb7a225777140627eeca5f1d15bcdc784482fd24c006d13d117e25bc204e","first_seen":"2024-07-30T01:27:04Z","last_seen":"2024-08-19T15:19:20.609236Z","times_seen":18717,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:34.44676437Z","timestamp":1722335374446,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4EBAB397788084F48AC0F43B84229D5D8EEDB0771E0E60642AA99A6C68EB58E4\"\r\nLast-Modified: Mon, 29 Jul 2024 19:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21600\r\nExpires: Tue, 30 Jul 2024 16:29:34 GMT\r\nDate: Tue, 30 Jul 2024 10:29:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a248d7ffdec3aef17f80bde4e18d6e96","sha1":"62bca697bbe982e0119d317aed49d891c7d971a2","sha256":"4ebab397788084f48ac0f43b84229d5d8eedb0771e0e60642aa99a6c68eb58e4","sha512":"91c68bccb6b97243595c5d73087f237ddc144c2d0f1113e242002da08a97de8730665a6efafb804697ad79fbb20739c0a699557b00f438d6eee492f4597a5502","ssdeep":"","tlshash":"40f005843d75bdd17f7824b5edf9c9394d1429bc194040b0566948da3c527fd350540c","first_seen":"2024-08-19T15:16:45.695826Z","last_seen":"2024-08-19T15:16:45.695826Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.249","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:34.466466222Z","timestamp":1722335374466,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"7EB46BD061B6FBB7C5BF83417FD63FA53F987178C15FB5E57AE7AB0240FEEBC7\"\r\nLast-Modified: Mon, 29 Jul 2024 18:57:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5238\r\nExpires: Tue, 30 Jul 2024 11:56:52 GMT\r\nDate: Tue, 30 Jul 2024 10:29:34 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"00599d2586dd7bc94597291537a481ae","sha1":"13c2d4ddb37b39106e478de2de141a7063468dd7","sha256":"7eb46bd061b6fbb7c5bf83417fd63fa53f987178c15fb5e57ae7ab0240feebc7","sha512":"3d9ac4deb40f3b1fa3dd351e24f99963a72c8c4d52a64b4b2d54bd69eeb654ac5b0ec80bd29b3efdcadc93cfedca2d48ce6f80a3fb94d90e922d4d35ab8d1410","ssdeep":"","tlshash":"c3f0052e11d0fd41b57505197494c2373d367ebd7c9469e877c401d31420797214d0ec","first_seen":"2024-07-29T23:44:57Z","last_seen":"2024-08-19T15:20:00.51017Z","times_seen":19473,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wikileaks.org/spyfiles4/binaries/ffrelay-debian-4.30.ggi.zip","fqdn":"wikileaks.org","domain":"wikileaks.org","tld":"org"},"ip":{"addr":"80.81.248.21","port":443,"asn":15657,"as":"Speedbone Internet \u0026 Connectivity GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-30T10:29:34.230Z","timestamp":1722335374230,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wikileaks.org","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 25 Jun 2024 06:43:23 GMT","end":"Mon, 23 Sep 2024 06:43:22 GMT"},"fingerprint":{"sha1":"B5:9D:99:79:D9:B2:32:12:AF:1A:26:B7:4B:EB:D5:88:01:39:2E:1F","sha256":"2E:DA:26:46:C9:28:BA:5F:7D:6B:DA:EC:D5:D1:3D:3E:F4:16:E7:55:4E:AF:11:97:A2:AE:BE:55:84:C5:8E:BB"}}},"request":{"raw":"GET /spyfiles4/binaries/ffrelay-debian-4.30.ggi.zip HTTP/1.1\r\nHost: wikileaks.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 30 Jul 2024 10:29:34 GMT\r\ncontent-type: application/zip\r\ncontent-length: 222905\r\nlast-modified: Fri, 21 Aug 2015 19:38:32 GMT\r\netag: \"55d77e38-366b9\"\r\nsurrogate-control: ESI/1.0\r\ncache-control: public, max-age=1200\r\nx-varnish: 5977253 167418\r\nage: 39662\r\nvia: 1.1 varnish (Varnish/7.1)\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":222905,"size_decoded":222905,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"180caf23dd71383921e368128fb6db52","sha1":"03c15a82f46543f703298baf1b877a4d2f7bc0f7","sha256":"7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","sha512":"318075f9d829ea910f40b52f71205f438558287e4219094c1faf264f8829519a7d4c0e835d656629d7a6e10636feb4ab95c987b545d012c414f2c00204f1cc15","ssdeep":"6144:2l6wvX72UGc31kDoDMc3+9bCmK/R+vUqu74:28wvXGmkDo/3EXKyUqu74","tlshash":"c3242342c029255ac2bfae78913ea76ccc6c9bfdbf4591e5061e5804cebf96121e247c","first_seen":"2023-06-27T06:23:07Z","last_seen":"2024-10-12T13:54:50.021583Z","times_seen":30,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":236,"dns":1,"connect":24,"send":0,"wait":26,"receive":102,"ssl":216},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-18","alert":"Scan result 31/67","trigger":"7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","verdict":"malicious","severity":"","comment":"malicious - 31/67","link":"https://www.virustotal.com/gui/file/7225f6dc3276caf343561e229681cf9d6ec18b88f6b40d2c949ba99c0c716443","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:36.293155423Z","timestamp":1722335376293,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF\"\r\nLast-Modified: Mon, 29 Jul 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2289\r\nExpires: Tue, 30 Jul 2024 11:07:45 GMT\r\nDate: Tue, 30 Jul 2024 10:29:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"3bcd70e3c9d0d4edf43c4f35306f7898","sha1":"8334db3317d065d5811e8826adecfd876f29ef3b","sha256":"5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff","sha512":"b7711a24def3c742eb9303633e1ebd21d32c741c13a010a9d3c00b6461a5e4f95478732a5a8bddfa4b93fb7dd2a7cb24eea7de92d8089da3752bb7ee48872d6d","ssdeep":"","tlshash":"7df00e9702723ad1b33814231cc8f22a2a3251a9765ef9d9b8d88ae455203e523a019a","first_seen":"2024-07-30T05:34:59Z","last_seen":"2024-08-19T15:20:44.133136Z","times_seen":26025,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T10:29:36.29464235Z","timestamp":1722335376294,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF\"\r\nLast-Modified: Mon, 29 Jul 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2289\r\nExpires: Tue, 30 Jul 2024 11:07:45 GMT\r\nDate: Tue, 30 Jul 2024 10:29:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"3bcd70e3c9d0d4edf43c4f35306f7898","sha1":"8334db3317d065d5811e8826adecfd876f29ef3b","sha256":"5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff","sha512":"b7711a24def3c742eb9303633e1ebd21d32c741c13a010a9d3c00b6461a5e4f95478732a5a8bddfa4b93fb7dd2a7cb24eea7de92d8089da3752bb7ee48872d6d","ssdeep":"","tlshash":"7df00e9702723ad1b33814231cc8f22a2a3251a9765ef9d9b8d88ae455203e523a019a","first_seen":"2024-07-30T05:34:59Z","last_seen":"2024-08-19T15:20:44.133136Z","times_seen":26025,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}