192.169.80.50302 Found 232 B URL User Request GET HTTP/1.1 IP 192.169.80.50:80
ASN #46475 LIMESTONENETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b03fd401446928177f77634fcfbcf3f3
77269435bd74437f8e59012c62f181ce07ad03d6
b727b3df10068e1660f4ab3f518882b8d9fd194d4039a7f562a49653f746ca94
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: centralcert.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 20 Apr 2023 21:45:02 GMT
Server: Apache
Location: http://centralcert.top/cgi-sys/suspendedpage.cgi
Content-Length: 232
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
centralcert.top/cgi-sys/suspendedpage.cgi
192.169.80.50200 OK 971 B URL GET HTTP/1.1 centralcert.top/cgi-sys/suspendedpage.cgi
IP 192.169.80.50:80
ASN #46475 LIMESTONENETWORKS
Requested by http://centralcert.top/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 136b57dd755b8b9d5621ecd27fb5cae0
15ce0961f0a28e01891b359a5795db6b756f4600
3f93263a4ea16ec9f7aafe0801248278bee5be6d01d94432d06b153ef7d5bfde
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: centralcert.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 21:45:03 GMT
Server: Apache
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
centralcert.top/favicon.ico
192.169.80.50302 Found 232 B URL GET HTTP/1.1 centralcert.top/favicon.ico
IP 192.169.80.50:80
ASN #46475 LIMESTONENETWORKS
Requested by http://centralcert.top/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b03fd401446928177f77634fcfbcf3f3
77269435bd74437f8e59012c62f181ce07ad03d6
b727b3df10068e1660f4ab3f518882b8d9fd194d4039a7f562a49653f746ca94
GET /favicon.ico HTTP/1.1
Host: centralcert.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://centralcert.top/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Thu, 20 Apr 2023 21:45:03 GMT
Server: Apache
Location: http://centralcert.top/cgi-sys/suspendedpage.cgi
Content-Length: 232
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.godaddy.com/
192.124.249.23 1.8 kB IP 192.124.249.23:0
Hash 313ddfc3c4ee0a03d3136c945879dd37
1dd6be614f834e62078fcba5b5c501e788ae62df
536ada5e8788818740fefc572c2b61a0e195947162b54357dbe1148c69459ea3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 20 Apr 2023 21:45:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 20 Apr 2023 19:50:56 GMT
Expires: Fri, 21 Apr 2023 19:50:56 GMT
ETag: "1dd6be614f834e62078fcba5b5c501e788ae62df"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
superdominios.org/images/255.jpg
192.124.249.160200 OK 486 kB URL GET HTTP/2 superdominios.org/images/255.jpg
IP 192.124.249.160:443
Requested by http://centralcert.top/cgi-sys/suspendedpage.cgi
Certificate IssuerGoDaddy.com, Inc.
Subjectsuperdominios.org
FingerprintE7:06:19:A7:1D:87:48:64:2F:A5:84:7B:5D:5F:40:33:02:13:CB:8E
ValidityWed, 20 Jul 2022 07:25:04 GMT - Sat, 19 Aug 2023 05:29:17 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 3000x2000, components 3\012- data
Size 486 kB (486424 bytes)
Hash 331bfb4f0e79fc90411c4aa29db542bf
3b5c2698ec99ab0cd4ada6ff32bbedb18458da75
52dda163c31d184008c35185768427ec4fba61a500abb1b5b7bde5a954cadebf
GET /images/255.jpg HTTP/1.1
Host: superdominios.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://centralcert.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 20 Apr 2023 21:45:03 GMT
content-type: image/jpeg
content-length: 486424
x-sucuri-id: 19010
last-modified: Wed, 29 Mar 2023 22:36:51 GMT
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
centralcert.top/cgi-sys/suspendedpage.cgi
192.169.80.50200 OK 971 B URL GET HTTP/1.1 centralcert.top/cgi-sys/suspendedpage.cgi
IP 192.169.80.50:80
ASN #46475 LIMESTONENETWORKS
Requested by http://centralcert.top/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 136b57dd755b8b9d5621ecd27fb5cae0
15ce0961f0a28e01891b359a5795db6b756f4600
3f93263a4ea16ec9f7aafe0801248278bee5be6d01d94432d06b153ef7d5bfde
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: centralcert.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://centralcert.top/cgi-sys/suspendedpage.cgi
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 21:45:03 GMT
Server: Apache
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html