{"report_id":"1c5fb1fe-df76-401c-a9d2-57de2a85594d","version":6,"status":"done","tags":[],"date":"2026-05-12T19:56:06Z","url":{"schema":"http","addr":"vlrntevents.top","fqdn":"vlrntevents.top","domain":"vlrntevents.top","tld":"top"},"ip":{"addr":"178.16.52.249","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"vlrntevents.top/","fqdn":"vlrntevents.top","domain":"vlrntevents.top","tld":"top"},"title":"Loading","dom":{"size":2530675,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (51221)","md5":"a7706d6b2b64be2cbed855685f64459a","sha1":"265d06e0a361da6468efdb2b162bf4deb6391f7f","sha256":"88c8f00dceafcd18c5e2c4ff7e3ebc6d45bc057863b7e73b656b5d81055a350e","sha512":"eb58f7a07134b5b7198ce8bc3195632c03049a440e789dbb1a7a464ecfede9bbd343d44285645d82ac1ee6fe2de028dcdbe53a53e38d0d0bcdb46ddd982772e5","ssdeep":"12288:G/NIt4nHUR6Jn+fr/gyNROIMkd38fpsFJqxyhpGQd35gZRd3kjnwSuhjIAPEZdRp:iNnc+n+jIyzDMlNQ","tlshash":"c5c585927992b66e00878b35364e56e558bfc505cacba04df9ccadecf0dc9b239483c5","dom_hash":"domhash3510a583cc183b781043b4744a117d73","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"vlrntevents.top","fqdn":"vlrntevents.top","domain":"vlrntevents.top","tld":"top"},"ip":{"addr":"178.16.52.249","port":0,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-16T19:56:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-12T19:55:44Z","timestamp":1778615744,"ip_dst":{"addr":"178.16.52.249","port":80,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":36538,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-05-12T19:55:44.524428+0000\",\"flow_id\":1521275365237976,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":36538,\"dest_ip\":\"178.16.52.249\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"vlrntevents.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://vlrntevents.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":552,\"bytes_toclient\":229,\"start\":\"2026-05-12T19:55:44.402648+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vlrntevents.top","ip":{"addr":"178.16.52.249","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-05-10","domain_rank":0,"first_seen":"2026-05-12T19:58:05.908271Z","last_seen":"2026-05-12T19:58:05.908271Z","alert_count":1,"request_count":1,"received_data":2231535,"sent_data":484,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"vlrntevents.top/","fqdn":"vlrntevents.top","domain":"vlrntevents.top","tld":"top"},"ip":{"addr":"178.16.52.249","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"97bf294bff785dcc36a1b11a19a5f22e","sha1":"ba82ba681dd1d84b486a2e9b1f1836ccb7ae55e2","sha256":"105ee7e3d668c353c464680a19651b397b854e747ffb28d5334d89551470d947","sha512":"d92a2cdb01033ed0e267ad083794771a09f8ff71650d182b8f45e8a77c73c82f4a16034f152230188f9b4fcf6bd50c1ad149f9dfe8e3fe2df43ac63303c42e17","ssdeep":"12288:hd38fpsFJqxyhpGQd35gZRd3kjnwSuhjIAPEZdRSU27MSWCvaOyvXZxbkpQIEs/b:eNp","tlshash":"2da522927992b66e00878b35364e56e558bfc505cacba04df9ccadecf0dc9b239483c5","size":2214716,"data":"","first_seen":"2026-05-12T19:58:11.213403Z","last_seen":"2026-05-12T19:58:11.213403Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-12T19:55:44Z","timestamp":1778615744,"ip_dst":{"addr":"178.16.52.249","port":80,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":36538,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-05-12T19:55:44.524428+0000\",\"flow_id\":1521275365237976,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":36538,\"dest_ip\":\"178.16.52.249\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"vlrntevents.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://vlrntevents.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":552,\"bytes_toclient\":229,\"start\":\"2026-05-12T19:55:44.402648+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"vlrntevents.top/","fqdn":"vlrntevents.top","domain":"vlrntevents.top","tld":"top"},"ip":{"addr":"178.16.52.249","port":443,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-12T19:55:41.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vlrntevents.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 19:06:34 GMT","end":"Sat, 08 Aug 2026 19:06:33 GMT"},"fingerprint":{"sha1":"04:20:F6:B9:A2:B5:E5:7F:93:2D:45:44:BA:9E:80:DE:4E:3B:99:75","sha256":"08:61:3D:1D:1C:ED:C3:64:94:6A:15:88:9C:72:44:1D:0E:BB:53:E2:9C:C5:52:51:58:57:10:02:BC:D7:57:5D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: vlrntevents.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 657573\r\ncache-control: no-store\r\nx-edge-action: captcha\r\nset-cookie: sil_ses=65bf318fcac06e10cd1ffbd601b07de6; Path=/; Domain=vlrntevents.top; Max-Age=86400; HttpOnly; Secure; SameSite=None\n__Host-sil_ses=65bf318fcac06e10cd1ffbd601b07de6; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=None; Partitioned\nsil_gate=ASA2NWJmMzE4ZmNhYzA2ZTEwY2QxZmZiZDYwMWIwN2RlNgG0oJygDbKVM3Ba5JAa.-j7aYC_3IXJjnP0s0NWDM2YbnxINGmGbqjM4otvDtiPtoqFMtuwYTQQqCy5hUyB7fQXNMich9RgXJK1w8rROAA; Path=/; Domain=vlrntevents.top; Max-Age=600; HttpOnly; Secure; SameSite=None\n__Host-sil_gate=ASA2NWJmMzE4ZmNhYzA2ZTEwY2QxZmZiZDYwMWIwN2RlNgG0oJygDbKVM3Ba5JAa.-j7aYC_3IXJjnP0s0NWDM2YbnxINGmGbqjM4otvDtiPtoqFMtuwYTQQqCy5hUyB7fQXNMich9RgXJK1w8rROAA; Path=/; Max-Age=600; HttpOnly; Secure; SameSite=None; Partitioned\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 12 May 2026 19:55:46 GMT\r\nalt-svc: h3=\":443\"; ma=60\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2230551,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (49408)","md5":"a6f149a5516fbbc8a6f8e8b9c77e6244","sha1":"979f138a55734181d5844f1aebc6eb860ecac289","sha256":"e04bea983f7b5f67ce299546415d496167f1aa489e0cd5c543b7aa7d2e643dd0","sha512":"31b46df44d4f8e200e464739ccedf73848ba2fef35a0517124af704bb2841660fb59219c75757dbb4b436a6b3e4713d6373166d8399518abc34695641903dc4d","ssdeep":"12288:+d38fpsFJqxyhpGQd35gZRd3kjnwSuhjIAPEZdRSU27MSWCvaOyvXZxbkpQIEs/t:t","tlshash":"9825d0923992b66e00878b35364e56f558bfc505cacba44df9c8adecf0dc9b236483c5","first_seen":"2026-05-12T19:58:11.212094Z","last_seen":"2026-05-12T19:58:11.212094Z","times_seen":1,"resource_available":true,"data":null}},"time_used":6137,"timings":{"blocked":515,"dns":377,"connect":61,"send":0,"wait":4751,"receive":356,"ssl":74},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-12T19:55:44Z","timestamp":1778615744,"ip_dst":{"addr":"178.16.52.249","port":80,"asn":40999,"as":"dus.net GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.9","port":36538,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-05-12T19:55:44.524428+0000\",\"flow_id\":1521275365237976,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":36538,\"dest_ip\":\"178.16.52.249\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"vlrntevents.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://vlrntevents.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":552,\"bytes_toclient\":229,\"start\":\"2026-05-12T19:55:44.402648+0000\"}}"}],"analyzer":null,"urlquery":null}}]}