{"report_id":"e55bdc99-275e-41ce-9dbd-0b9eff7d21f1","version":6,"status":"done","tags":[],"date":"2024-09-05T04:25:12Z","url":{"schema":"http","addr":"58.59.153.186:60598/Mozi.m","fqdn":"58.59.153.186","domain":"58.59.153.186","tld":""},"ip":{"addr":"58.59.153.186","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T22:32:21Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-04 18:12:06","alert_count":0,"request_count":4,"received_data":3550,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"58.59.153.186:60598","ip":{"addr":"58.59.153.186","port":60598,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":1,"received_data":137586,"sent_data":396,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-04 18:12:09","alert_count":0,"request_count":5,"received_data":4435,"sent_data":1635,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"3849f30b51a5c49e8d1546960cc206c7","sha1":"61c74136534b826059c63221a2373dc0613a47b7","sha256":"f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","sha512":"43d79293d1fbf716111c27e50df95a0860a0d706079625fa2b8a6b57c5ee06fa7b5b6b8c0acae33714a2181686426728513c990534e44b6f03a05dde0629ab86","magic":"ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV)","size":137480,"url":{"schema":"http","addr":"58.59.153.186:60598/Mozi.m","fqdn":"58.59.153.186:60598","domain":"58.59.153.186","tld":"186:60598"},"ip":{"addr":"58.59.153.186","port":60598,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-09-05","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-09-05","alert":"Linux.Packer.Patched_UPX","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-05","alert":"Scan result 45/64","trigger":"f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","verdict":"malicious","severity":"","comment":"malicious - 45/64","link":"https://www.virustotal.com/gui/file/f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-09-05","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-09-05","alert":"Linux.Packer.Patched_UPX","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-05","alert":"Sinkholed","trigger":"58.59.153.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:46.81523666Z","timestamp":1725510286815,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"ED538EA400323F4C987F91C0B0AFC79A8526B62F7AA317DD62BD107CB37850A2\"\r\nLast-Modified: Tue, 03 Sep 2024 09:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4972\r\nExpires: Thu, 05 Sep 2024 05:47:38 GMT\r\nDate: Thu, 05 Sep 2024 04:24:46 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8d2e6150f7d0845dc26f5bd5cd6f28dd","sha1":"6aad5091620585a5f76065c1888456ee70b88257","sha256":"ed538ea400323f4c987f91c0b0afc79a8526b62f7aa317dd62bd107cb37850a2","sha512":"dd2b8ba0eb764244c92b404bd053d75174a13127c61027fff0a538fa2d3375f480ee774bb73c01010e728b0f9ad66bc3dc9c6a1357e24ef34d10fb84b89bc9a1","ssdeep":"","tlshash":"31f0c0ba27ad7511adf1612025b4e83c2b546cfb74405aa874949041ed10ff8298241c","first_seen":"2024-09-03T15:32:51Z","last_seen":"2024-09-19T22:57:09.758778Z","times_seen":28107,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:46.839068563Z","timestamp":1725510286839,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"41C00088AFC20571F6A0C6998324D9517346256AC33696DC706192EC606FE7A7\"\r\nLast-Modified: Mon, 02 Sep 2024 12:20:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3717\r\nExpires: Thu, 05 Sep 2024 05:26:43 GMT\r\nDate: Thu, 05 Sep 2024 04:24:46 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"66fbf7f95cb55f388373a20d4b1a736e","sha1":"afc34259758a563362367848629ff7639982e1fb","sha256":"41c00088afc20571f6a0c6998324d9517346256ac33696dc706192ec606fe7a7","sha512":"80f0c1a3f29e795722e05ea6260e1ec92780f3f554ace63e7a0e4ad5d030be18b0cde8397bffc652a92306b23ba802aa8a0db463bac3a6827e645816bd5759a0","ssdeep":"","tlshash":"02f00e7956f2e6c3faf8112314a6ed606c227aab780021a279800ac239c67f6678545c","first_seen":"2024-09-02T19:20:57Z","last_seen":"2024-09-19T23:09:36.632755Z","times_seen":35846,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:47.124444415Z","timestamp":1725510287124,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2EFF28E3E6829BF2CFCBC417FD76313D5B5E8BA8A3F0F0DE6A5B5CDC2888E7E5\"\r\nLast-Modified: Mon, 02 Sep 2024 14:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11725\r\nExpires: Thu, 05 Sep 2024 07:40:12 GMT\r\nDate: Thu, 05 Sep 2024 04:24:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"1f0091b166a0138433eabf08a4530e4a","sha1":"769d1eeaefb4987198c821ea98e06ea8ba0de215","sha256":"2eff28e3e6829bf2cfcbc417fd76313d5b5e8ba8a3f0f0de6a5b5cdc2888e7e5","sha512":"364d524de90207f10545b2179829782e69bd266bbf207919deaadeb860795d7eb3208b252cf11c3a0012563ee5c90123a384f0a98780a90e6bbe017936f2cf5b","ssdeep":"","tlshash":"c7f00eba34e2a622b7f402a11978d43b6e30dfbcb82552f6a5c043e66c017b80540c4c","first_seen":"2024-09-03T06:12:03Z","last_seen":"2024-09-19T23:01:55.712232Z","times_seen":17078,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:47.360301706Z","timestamp":1725510287360,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"2B2A41201A3881BD029AB7161BE291B23128D5952E5959092607B98C951FA18C\"\r\nLast-Modified: Mon, 02 Sep 2024 14:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13602\r\nExpires: Thu, 05 Sep 2024 08:11:29 GMT\r\nDate: Thu, 05 Sep 2024 04:24:47 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"cabaaa7c3e6a621cc5836be05eee4924","sha1":"c4bc6288aed0597ff7ae2dbc5aea340b6c9636b8","sha256":"2b2a41201a3881bd029ab7161be291b23128d5952e5959092607b98c951fa18c","sha512":"7da36317a8c4f485281c503bcc03813f77f4339dd43124bdba3345414625f7dbb71911cd5eb19e1d4afb482b9ce0ffb5678bd41d4d5e6e77f56069bd2f99817d","ssdeep":"","tlshash":"a0f00efb12f33260dbf59d293989f23a0610ad9ebc2198e624c5d1cb9442fec408890c","first_seen":"2024-09-02T19:36:30Z","last_seen":"2024-09-19T23:09:22.854855Z","times_seen":22244,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"58.59.153.186:60598/Mozi.m","fqdn":"58.59.153.186:60598","domain":"58.59.153.186","tld":"186:60598"},"ip":{"addr":"58.59.153.186","port":60598,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-05T04:24:47.204Z","timestamp":1725510287204,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /Mozi.m HTTP/1.1\r\nHost: 58.59.153.186:60598\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Length: 137480\r\nConnection: close\r\nContent-Type: application/zip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":137480,"size_decoded":137480,"mime_type":"application/zip","magic":"ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV)","md5":"3849f30b51a5c49e8d1546960cc206c7","sha1":"61c74136534b826059c63221a2373dc0613a47b7","sha256":"f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","sha512":"43d79293d1fbf716111c27e50df95a0860a0d706079625fa2b8a6b57c5ee06fa7b5b6b8c0acae33714a2181686426728513c990534e44b6f03a05dde0629ab86","ssdeep":"3072:biMYFJvw6Yh0b1gKobtCGCmCRlrisfrYm:fYFJvwe1gKCYVl2szN","tlshash":"59d31322d3130c4fc02579fa7a2be62a39873e6a24ce449c45f5d66a2fb7084ed71753","first_seen":"2023-05-05T13:35:11Z","last_seen":"2026-06-07T20:07:03.302371Z","times_seen":38626,"resource_available":true,"data":null}},"time_used":1553,"timings":{"blocked":264,"dns":0,"connect":266,"send":0,"wait":255,"receive":768,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-09-05","alert":"Detects a suspicious ELF binary with UPX compression","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2018-12-12","description":"Detects a suspicious ELF binary with UPX compression","hash1":"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4","reference":"Internal Research","rule":"SUSP_ELF_LNX_UPX_Compressed_File","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Elastic Security YARA Rules","scan_date":"2024-09-05","alert":"Linux.Packer.Patched_UPX","trigger":"58.59.153.186:60598/Mozi.m","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/elastic/protections-artifacts/tree/main/yara","meta":{"arch_context":"x86","author":"Elastic Security","creation_date":"2021-06-08","fingerprint":"3297b5c63e70c557e71b739428b453039b142e1e04c2ab15eea4627d023b686d","id":"62e11c64-fc7d-4a0a-9d72-ad53ec3987ff","last_modified":"2021-07-28","license":"Elastic License v2","os":"linux","reference":"https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/","reference_sample":"02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669","rule":"Linux_Packer_Patched_UPX_62e11c64","scan_context":"file","severity":"60","threat_name":"Linux.Packer.Patched_UPX"}},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-09-05","alert":"Sinkholed","trigger":"58.59.153.186","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-05","alert":"Scan result 45/64","trigger":"f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","verdict":"malicious","severity":"","comment":"malicious - 45/64","link":"https://www.virustotal.com/gui/file/f6c97b1e2ed02578ca1066c8235ba4f991e645f89012406c639dbccc6582eec8","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:48.940500471Z","timestamp":1725510288940,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A\"\r\nLast-Modified: Mon, 02 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7535\r\nExpires: Thu, 05 Sep 2024 06:30:23 GMT\r\nDate: Thu, 05 Sep 2024 04:24:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c96a4972e341191f93e963880196f8e1","sha1":"8318aa6dcbdababe8728023ec9ef3aaac10917a9","sha256":"dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a","sha512":"421ac0df88874013ca3d60effb579ccd6e51ef8474cd8656e2632446e6706ce125bd3044bf5ed5826ba1bc65a9b4464617a17758a343c993914c3b07368940cb","ssdeep":"","tlshash":"16f00eb326717a418cf84c21d8cac02e0e28777d058341670a169af36aa17fe150040c","first_seen":"2024-09-02T19:32:31Z","last_seen":"2024-09-19T23:09:22.857014Z","times_seen":21388,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:48.942378253Z","timestamp":1725510288942,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A\"\r\nLast-Modified: Mon, 02 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7535\r\nExpires: Thu, 05 Sep 2024 06:30:23 GMT\r\nDate: Thu, 05 Sep 2024 04:24:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c96a4972e341191f93e963880196f8e1","sha1":"8318aa6dcbdababe8728023ec9ef3aaac10917a9","sha256":"dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a","sha512":"421ac0df88874013ca3d60effb579ccd6e51ef8474cd8656e2632446e6706ce125bd3044bf5ed5826ba1bc65a9b4464617a17758a343c993914c3b07368940cb","ssdeep":"","tlshash":"16f00eb326717a418cf84c21d8cac02e0e28777d058341670a169af36aa17fe150040c","first_seen":"2024-09-02T19:32:31Z","last_seen":"2024-09-19T23:09:22.857014Z","times_seen":21388,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:48.943840879Z","timestamp":1725510288943,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A\"\r\nLast-Modified: Mon, 02 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7535\r\nExpires: Thu, 05 Sep 2024 06:30:23 GMT\r\nDate: Thu, 05 Sep 2024 04:24:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c96a4972e341191f93e963880196f8e1","sha1":"8318aa6dcbdababe8728023ec9ef3aaac10917a9","sha256":"dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a","sha512":"421ac0df88874013ca3d60effb579ccd6e51ef8474cd8656e2632446e6706ce125bd3044bf5ed5826ba1bc65a9b4464617a17758a343c993914c3b07368940cb","ssdeep":"","tlshash":"16f00eb326717a418cf84c21d8cac02e0e28777d058341670a169af36aa17fe150040c","first_seen":"2024-09-02T19:32:31Z","last_seen":"2024-09-19T23:09:22.857014Z","times_seen":21388,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:48.9447922Z","timestamp":1725510288944,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A\"\r\nLast-Modified: Mon, 02 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7535\r\nExpires: Thu, 05 Sep 2024 06:30:23 GMT\r\nDate: Thu, 05 Sep 2024 04:24:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c96a4972e341191f93e963880196f8e1","sha1":"8318aa6dcbdababe8728023ec9ef3aaac10917a9","sha256":"dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a","sha512":"421ac0df88874013ca3d60effb579ccd6e51ef8474cd8656e2632446e6706ce125bd3044bf5ed5826ba1bc65a9b4464617a17758a343c993914c3b07368940cb","ssdeep":"","tlshash":"16f00eb326717a418cf84c21d8cac02e0e28777d058341670a169af36aa17fe150040c","first_seen":"2024-09-02T19:32:31Z","last_seen":"2024-09-19T23:09:22.857014Z","times_seen":21388,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-05T04:24:48.945644113Z","timestamp":1725510288945,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DD8F73D55D492AD4E3FC3915C05ECFC6883F124C050DDED51F4E43292E6B8C2A\"\r\nLast-Modified: Mon, 02 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7535\r\nExpires: Thu, 05 Sep 2024 06:30:23 GMT\r\nDate: Thu, 05 Sep 2024 04:24:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c96a4972e341191f93e963880196f8e1","sha1":"8318aa6dcbdababe8728023ec9ef3aaac10917a9","sha256":"dd8f73d55d492ad4e3fc3915c05ecfc6883f124c050dded51f4e43292e6b8c2a","sha512":"421ac0df88874013ca3d60effb579ccd6e51ef8474cd8656e2632446e6706ce125bd3044bf5ed5826ba1bc65a9b4464617a17758a343c993914c3b07368940cb","ssdeep":"","tlshash":"16f00eb326717a418cf84c21d8cac02e0e28777d058341670a169af36aa17fe150040c","first_seen":"2024-09-02T19:32:31Z","last_seen":"2024-09-19T23:09:22.857014Z","times_seen":21388,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}