{"report_id":"258cefb6-0a9e-49b4-802a-0ae501634400","version":6,"status":"done","tags":[],"date":"2024-08-24T00:33:54Z","url":{"schema":"http","addr":"mr.duplonknut.top/cx/75J7RjPuzFaTV_ADHqCJxygxR9o6XsJFD_jaWbBeWWpXdxl16_PSMynUIEGM4I6K21MklfIFGLZ4AOgCyjOu8F*KPwF3a0i3NprLNG20i4Ft1tTT8ZAO_fJXl*bHSUSUs4km0IYtcAJifLHYdQxxLqCT2J0Ihu4DzcIHPaaoJZXp6cbpiTmAJAks7T3jQMwrwaV1UZkWULRphA9k9kcvQL9FwPg3ugzTQVtWivQKqS1qpUPHi*k6tS5R_dS46qX26w0wtztTjmVLd_rY3AIsxwJjLcuaYs0pxk3jeT5cWzfvVufSFcKkDuADmk_iPfq8T6g92aeO*eySGw6zBnpFjCABKkvMgIRYagbt2eUy2CLsXnMcM3O6RUA82b9CA4KOCecQ31bnU2muDi7JKsdEfePnQpAEo4kjZK5HLw0K6g2xhZ9J5cwtPRbiwK7Krj*gmiJwO5*PwwRHqhSpK2MiYdqVWegzQAWHOiInHUE_CWq7u_RoIOTraE1jphbq9gGvDidl13gO3e1Qz7Jb*BpxLh93YKzzFqZiqCW2bVF90REyIhjGUG9ym0L9c15wYuGEUwvWweL_PSr4lorSJyH4nuJstZOiMJCCjpebP3VWAg8PYA*f_44jDfyxSfj2weLdrLHd7vWId1xct9s1Qd8_CqNOS_HoWXxwwRySWwAdBcD9RfkLIIWgWBAItRMFx4v2hf7FhSEGfoqVnLjqM7yjwDgGykv_Ntf7KxK0vY7sbfyrMBKUubp8QKUXNriJB3I3Nw_x2FnOABTiGWbqg9_HKIJEafN4s27UXi6GyWi6bz0","fqdn":"mr.duplonknut.top","domain":"duplonknut.top","tld":"top"},"ip":{"addr":"23.109.170.72","port":0,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"mr.duplonknut.top/imp/69368?param_3=nortb_over_ttl\u0026nrb","fqdn":"mr.duplonknut.top","domain":"duplonknut.top","tld":"top"},"title":""},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T18:04:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-23 18:12:18","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"zerossl.ocsp.sectigo.com","ip":{"addr":"104.18.38.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-08-16","domain_rank":4049,"first_seen":"2020-05-09 21:05:29","last_seen":"2024-08-23 17:47:06","alert_count":0,"request_count":1,"received_data":1219,"sent_data":336,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mr.duplonknut.top","ip":{"addr":"212.117.184.188","port":0,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":1582,"sent_data":1794,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-23 18:12:28","alert_count":0,"request_count":1,"received_data":887,"sent_data":327,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-24T00:33:15Z","timestamp":1724459595,"ip_dst":{"addr":"Client IP","port":40038,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"medium","alert":"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)","source":"{\"timestamp\":\"2024-08-24T00:33:15.752104+0000\",\"flow_id\":833894379919772,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.4\",\"dest_port\":40038,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031230,\"rev\":1,\"signature\":\"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=mr.duplonknut.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"09:07:2A:2C:21:4D:1E:51:5C:C7:3F:A5:C0:52:8A:26\",\"fingerprint\":\"3b:f4:b8:33:c4:34:07:04:e4:96:0b:71:54:4c:87:ff:d4:33:1c:03\",\"sni\":\"mr.duplonknut.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-07-30T00:00:00\",\"notafter\":\"2024-10-28T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1459,\"bytes_toclient\":4017,\"start\":\"2024-08-24T00:33:15.694684+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-08-24T00:33:15Z","timestamp":1724459595,"ip_dst":{"addr":"Client IP","port":40038,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"212.117.184.188","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2024-08-24T00:33:15.752104+0000\",\"flow_id\":833894379919772,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"212.117.184.188\",\"src_port\":443,\"dest_ip\":\"172.18.0.4\",\"dest_port\":40038,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=mr.duplonknut.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"09:07:2A:2C:21:4D:1E:51:5C:C7:3F:A5:C0:52:8A:26\",\"fingerprint\":\"3b:f4:b8:33:c4:34:07:04:e4:96:0b:71:54:4c:87:ff:d4:33:1c:03\",\"sni\":\"mr.duplonknut.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-07-30T00:00:00\",\"notafter\":\"2024-10-28T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1459,\"bytes_toclient\":4017,\"start\":\"2024-08-24T00:33:15.694684+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.273832877Z","timestamp":1724459595273,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DF2DB18FA10EEB1D535253183D68A561C6B52B77B539DF6A0A36AEC736A9DA9C\"\r\nLast-Modified: Fri, 23 Aug 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5765\r\nExpires: Sat, 24 Aug 2024 02:09:20 GMT\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"cc687a19f2854a47020b22f4aa1806ef","sha1":"9d4058393445f64f6dda190557bf37686e19e7a0","sha256":"df2db18fa10eeb1d535253183d68a561c6b52b77b539df6a0a36aec736a9da9c","sha512":"860b3b851af226471c29162665b2889c6623802d849fa48081a33740e5529e34b7287421144c1bc2ffdc8f246cd73135a0878201b2d9dcf35b8e6b601a5de601","ssdeep":"","tlshash":"bff00565252575902c5c5c74aad2c07b2f30ddac3fb005c6d97453de68633ed61c1e4d","first_seen":"2024-08-24T00:40:32Z","last_seen":"2024-08-29T18:05:07.605336Z","times_seen":14227,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.277368062Z","timestamp":1724459595277,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8D8503DCA377A8430CD883ACDEC16A62201F61FF923847BB95CD00B4B5B76DEE\"\r\nLast-Modified: Fri, 23 Aug 2024 14:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12612\r\nExpires: Sat, 24 Aug 2024 04:03:27 GMT\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0116304cb4b20e1766015ee4e636662f","sha1":"c2b93f53852c06a7a9648a817818c0d5a7011898","sha256":"8d8503dca377a8430cd883acdec16a62201f61ff923847bb95cd00b4b5b76dee","sha512":"a9a69cc853242d97dd83627b9b37ceb3fbea79206e89f4c440f88e50a45b2c7dae970bbe00c12a6801ffc0db56cd14af73f13509cbee270337b35d36d89252d8","ssdeep":"","tlshash":"14f005d83563761191a0102476b9f21b7b21e9a1284010e6a09041ffb450f699d5d44c","first_seen":"2024-08-23T19:07:39Z","last_seen":"2024-08-29T18:07:10.468175Z","times_seen":16095,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.62285307Z","timestamp":1724459595622,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"38F07545BD30EF0B4ADEC907DEB75C1CB2365D645A54B545486599117707E28B\"\r\nLast-Modified: Fri, 23 Aug 2024 14:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6040\r\nExpires: Sat, 24 Aug 2024 02:13:55 GMT\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5a54df7ab1a35ec424b9be7e9c3c9a4b","sha1":"e7cea7d874319740ce20d0b7c37e99b5e21461ff","sha256":"38f07545bd30ef0b4adec907deb75c1cb2365d645a54b545486599117707e28b","sha512":"911ab834c2696c535a13b977417f3e885d1429752f43fe0113e4c4a9a9efd8567990a742f0b1a6df8c1cfcfa06e24eeb2fec00a7a156631c9fdd602eaa7120ad","ssdeep":"","tlshash":"78f00ea8aee0b892faa15c217bf9da0a2b217ddf392516c059d452c17510b7c130046e","first_seen":"2024-08-23T18:47:18Z","last_seen":"2024-08-29T18:07:26.515866Z","times_seen":17370,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"zerossl.ocsp.sectigo.com/","fqdn":"zerossl.ocsp.sectigo.com","domain":"sectigo.com","tld":"com"},"ip":{"addr":"104.18.38.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.787360266Z","timestamp":1724459595787,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: zerossl.ocsp.sectigo.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nContent-Type: application/ocsp-response\r\nContent-Length: 727\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Aug 2024 03:09:54 GMT\r\nExpires: Thu, 29 Aug 2024 03:09:53 GMT\r\nEtag: \"60c210944355834049443dffb1cc93c97043ce8d\"\r\nCache-Control: max-age=441557,s-maxage=1800,public,no-transform,must-revalidate\r\nX-CCACDN-Proxy-ID: mcdpinlb2\r\nX-Frame-Options: SAMEORIGIN\r\nCF-Cache-Status: DYNAMIC\r\nServer: cloudflare\r\nCF-RAY: 8b7f3ff95dff569d-OSL\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":727,"size_decoded":727,"mime_type":"application/octet-stream","magic":"data","md5":"6c6d9fcf3b552d1b69afa8d895790347","sha1":"60c210944355834049443dffb1cc93c97043ce8d","sha256":"e5d6b123bc98dcd9757742322ac5f1811ddd9dadec2e198a8961ee078197af8f","sha512":"b47d1b114df7de0b3cc5effe65543d70fa29eaad5cac39a2bf766d6a3c411d4d6d54b133ae9568531ea490c39534f6619df682bd4b503279072cefbd85327219","ssdeep":"","tlshash":"a00149405ffc35ac2c910c912655d496795c17fd4c56d577b2340cc93584bf5ee4c10c","first_seen":"2024-08-29T18:04:27.501695Z","last_seen":"2024-08-29T18:04:27.501695Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.800867228Z","timestamp":1724459595800,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"CB3BF00DB937121AA64ED4B8047093CD89CB7376A3C66CF46ECB6974CA047D4C\"\r\nLast-Modified: Fri, 23 Aug 2024 14:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3448\r\nExpires: Sat, 24 Aug 2024 01:30:43 GMT\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"44d2fa336203fefa7fcc2e369e453d16","sha1":"71a006973afdbe2deb2374768a328cf9307fd4d1","sha256":"cb3bf00db937121aa64ed4b8047093cd89cb7376a3c66cf46ecb6974ca047d4c","sha512":"fdef4543622ed54bda6a05ad55b86cb9f05cfbd34a9734b76661e957474c1da55386c98d36887c2b7686532216a6201dd9ba9d8b5cc7b8ce3b095e0cfe24ac5c","ssdeep":"","tlshash":"d7f00e2616a6e500aa7c18107ebec25f3b22bea93850a5e1b051c5d07830ffd5b8844c","first_seen":"2024-08-23T21:40:07Z","last_seen":"2024-08-29T18:06:19.075482Z","times_seen":15481,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mr.duplonknut.top/cx/75J7RjPuzFaTV_ADHqCJxygxR9o6XsJFD_jaWbBeWWpXdxl16_PSMynUIEGM4I6K21MklfIFGLZ4AOgCyjOu8F*KPwF3a0i3NprLNG20i4Ft1tTT8ZAO_fJXl*bHSUSUs4km0IYtcAJifLHYdQxxLqCT2J0Ihu4DzcIHPaaoJZXp6cbpiTmAJAks7T3jQMwrwaV1UZkWULRphA9k9kcvQL9FwPg3ugzTQVtWivQKqS1qpUPHi*k6tS5R_dS46qX26w0wtztTjmVLd_rY3AIsxwJjLcuaYs0pxk3jeT5cWzfvVufSFcKkDuADmk_iPfq8T6g92aeO*eySGw6zBnpFjCABKkvMgIRYagbt2eUy2CLsXnMcM3O6RUA82b9CA4KOCecQ31bnU2muDi7JKsdEfePnQpAEo4kjZK5HLw0K6g2xhZ9J5cwtPRbiwK7Krj*gmiJwO5*PwwRHqhSpK2MiYdqVWegzQAWHOiInHUE_CWq7u_RoIOTraE1jphbq9gGvDidl13gO3e1Qz7Jb*BpxLh93YKzzFqZiqCW2bVF90REyIhjGUG9ym0L9c15wYuGEUwvWweL_PSr4lorSJyH4nuJstZOiMJCCjpebP3VWAg8PYA*f_44jDfyxSfj2weLdrLHd7vWId1xct9s1Qd8_CqNOS_HoWXxwwRySWwAdBcD9RfkLIIWgWBAItRMFx4v2hf7FhSEGfoqVnLjqM7yjwDgGykv_Ntf7KxK0vY7sbfyrMBKUubp8QKUXNriJB3I3Nw_x2FnOABTiGWbqg9_HKIJEafN4s27UXi6GyWi6bz0","fqdn":"mr.duplonknut.top","domain":"duplonknut.top","tld":"top"},"ip":{"addr":"212.117.184.188","port":0,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.813611353Z","timestamp":1724459595813,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /cx/75J7RjPuzFaTV_ADHqCJxygxR9o6XsJFD_jaWbBeWWpXdxl16_PSMynUIEGM4I6K21MklfIFGLZ4AOgCyjOu8F*KPwF3a0i3NprLNG20i4Ft1tTT8ZAO_fJXl*bHSUSUs4km0IYtcAJifLHYdQxxLqCT2J0Ihu4DzcIHPaaoJZXp6cbpiTmAJAks7T3jQMwrwaV1UZkWULRphA9k9kcvQL9FwPg3ugzTQVtWivQKqS1qpUPHi*k6tS5R_dS46qX26w0wtztTjmVLd_rY3AIsxwJjLcuaYs0pxk3jeT5cWzfvVufSFcKkDuADmk_iPfq8T6g92aeO*eySGw6zBnpFjCABKkvMgIRYagbt2eUy2CLsXnMcM3O6RUA82b9CA4KOCecQ31bnU2muDi7JKsdEfePnQpAEo4kjZK5HLw0K6g2xhZ9J5cwtPRbiwK7Krj*gmiJwO5*PwwRHqhSpK2MiYdqVWegzQAWHOiInHUE_CWq7u_RoIOTraE1jphbq9gGvDidl13gO3e1Qz7Jb*BpxLh93YKzzFqZiqCW2bVF90REyIhjGUG9ym0L9c15wYuGEUwvWweL_PSr4lorSJyH4nuJstZOiMJCCjpebP3VWAg8PYA*f_44jDfyxSfj2weLdrLHd7vWId1xct9s1Qd8_CqNOS_HoWXxwwRySWwAdBcD9RfkLIIWgWBAItRMFx4v2hf7FhSEGfoqVnLjqM7yjwDgGykv_Ntf7KxK0vY7sbfyrMBKUubp8QKUXNriJB3I3Nw_x2FnOABTiGWbqg9_HKIJEafN4s27UXi6GyWi6bz0 HTTP/1.1\r\nHost: mr.duplonknut.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nLocation: https://mr.duplonknut.top/imp/69368?param_3=nortb_over_ttl\u0026nrb\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":20,"size_decoded":20,"mime_type":"application/x-gzip","magic":"gzip compressed data, from Unix","md5":"7029066c27ac6f5ef18d660d5741979a","sha1":"46c6643f07aa7f6bfe7118de926b86defc5087c4","sha256":"59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2","sha512":"7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f","ssdeep":"","tlshash":"de70000000c03c30cc00003000000000000c30000000c00300000c3000030c000c003c","first_seen":"2023-04-09T15:32:38Z","last_seen":"2025-03-02T06:10:10.559841Z","times_seen":229342,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mr.duplonknut.top/imp/69368?param_3=nortb_over_ttl\u0026nrb","fqdn":"mr.duplonknut.top","domain":"duplonknut.top","tld":"top"},"ip":{"addr":"212.117.184.188","port":0,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-24T00:33:15.938564119Z","timestamp":1724459595938,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /imp/69368?param_3=nortb_over_ttl\u0026nrb HTTP/1.1\r\nHost: mr.duplonknut.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 24 Aug 2024 00:33:15 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nSet-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 25-Aug-2024 00:33:15 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 25-Aug-2024 00:33:15 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":61,"size_decoded":52,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"86733bb66fb84b851592d733e51f0cbd","sha1":"42eaf19a5ca195667a9212b0ea3557eee76954a8","sha256":"927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d","sha512":"a8c4b7ea33487c8308d0700e573367d976b4a0407719089157679ebb8ce14168fb8825f798ac5aaa4b14892c5cc22a6468491fb776ab8b0dc29218628f1fcaa8","ssdeep":"","tlshash":"c99002d55c01c1289cf0094418e2b15c090886541806d48070c09db509503959c22585","first_seen":"2024-01-18T20:18:28Z","last_seen":"2026-06-10T01:06:27.729529Z","times_seen":10591,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}