{"report_id":"25f213fc-cb72-4062-8d12-e2938d3fd199","version":6,"status":"done","tags":[],"date":"2026-01-25T12:39:09Z","url":{"schema":"http","addr":"echoray.click","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"http","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"title":"Login","dom":{"size":3596,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1670)","md5":"a1406afeb19f68b61e4afc9122834f23","sha1":"c31d4e6c4cf126d6dd1852066d4c8a9fbbe9df17","sha256":"29f2c4d2539a8b80f459cf47c2f467bf33f3332da7210ce3f6c933b0cd494f04","sha512":"a5c7c36d80268da0a0689ae7fe284aecdcb1092598b497c3180840bb976f206b2048bd41bed7b7f6b8d429ea7e88c2d18a52b0fd4d2af84351389707f31c3135","ssdeep":"","tlshash":"7171c1252450583717230e94e8d1ef4a79c6f30fc91b5420b6bd53a81ff5ea1c8699b5","dom_hash":"domhashd7a7a5aab4866a1cb1e42faffa20369a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"echoray.click","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":0,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-01T12:39:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":18,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.599618+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/vendors/font-awesome-v5.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1198},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":8,\"bytes_toserver\":1162,\"bytes_toclient\":8750,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.643445+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/vendors/line-icons-pro.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1197},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":631,\"bytes_toclient\":6196,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.644397+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/CFERDFng.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1197},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":624,\"bytes_toclient\":6196,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.644796+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/index-wOImfd4K.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1183},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":614,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.976222+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/CP-wY-N8.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1200},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":219,\"pkts_toclient\":312,\"bytes_toserver\":15166,\"bytes_toclient\":469391,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.978807+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/mcPhvRDT.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1200},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":88,\"pkts_toclient\":111,\"bytes_toserver\":6510,\"bytes_toclient\":163784,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.981353+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/BlGbBrki.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1199},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":65,\"pkts_toclient\":82,\"bytes_toserver\":5009,\"bytes_toclient\":120116,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50310,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012230+0000\",\"flow_id\":1222109570757545,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50310,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.947113+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012437+0000\",\"flow_id\":344967727249849,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50324,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":610,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.948665+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.014542+0000\",\"flow_id\":985763962916329,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50340,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1186},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":610,\"bytes_toclient\":5227,\"start\":\"2026-01-25T12:38:47.953833+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.031837+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/index-wOImfd4K.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2532},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":315,\"bytes_toserver\":15990,\"bytes_toclient\":473049,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.040908+0000\",\"flow_id\":1684069810672189,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50354,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.954941+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.080480+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2634},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":318,\"bytes_toserver\":16480,\"bytes_toclient\":477591,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082027+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":93,\"pkts_toclient\":116,\"bytes_toserver\":7198,\"bytes_toclient\":171354,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082588+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":79,\"pkts_toclient\":95,\"bytes_toserver\":6291,\"bytes_toclient\":138523,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.164232+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/favicon.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":724},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":231,\"pkts_toclient\":320,\"bytes_toserver\":17445,\"bytes_toclient\":479177,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"Client IP","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.208149+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/n-dP9qr2.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_refer\":\"http://echoray.click/assets/CFERDFng.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2631},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":232,\"pkts_toclient\":325,\"bytes_toserver\":17511,\"bytes_toclient\":486747,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"echoray.click","ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-08-20","domain_rank":0,"first_seen":"2026-01-25T12:17:05.879094Z","last_seen":"2026-01-25T12:17:05.879094Z","alert_count":27,"request_count":19,"received_data":972811,"sent_data":6904,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.iconify.design","ip":{"addr":"104.26.13.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-10-17","domain_rank":89604,"first_seen":"2018-12-24T02:01:40Z","last_seen":"2026-01-21T11:33:08.365887Z","alert_count":0,"request_count":1,"received_data":1462,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"echoray.click/assets/index-wOImfd4K.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0342fbfd8e9d05ac76eba92828848412","sha1":"af74c5a1d649a9b34d5a8f7127277a216d4757f6","sha256":"2c9ea1f56b0d574c69a5dafa5ffdde7dd7b1a143fe569cd5c5d516906d55958d","sha512":"c25c3bf21beaef83c445ad7604f86f76778bc02a9af702780d2e214f6d6f8eda66c87e25233770f57e2de86e17ad6fc93fd3f556d978c7bf96c495c263889232","ssdeep":"3072:KOzX69d2A1Ea1do/zmAemhqpsvcESZzEogczP0:trc2KA9qecESZ4Bcg","tlshash":"e7e3f7e93186b03243ea19e2507b0016f33a1919380ed4d4f16dadeb3d77949a2b7f6d","size":150976,"data":"","first_seen":"2026-01-25T12:39:11.03148Z","last_seen":"2026-01-25T12:39:11.03148Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.644796+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/index-wOImfd4K.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1183},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":614,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/CEyXYCG2.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"c8e111d3aa979269aa754d063127d0bf","sha1":"c94a78de45b915f68dea5eed7cc4a8bfc207b91c","sha256":"b89558e289302ddb2e2ad184d63f2314832c757fcd19cde202e919f84280742e","sha512":"26f87cbe7efd204aabdb2309ac2736566ca0ddd6b252a02c66bce71970f1200aaa979baca3048b06986691782b3fdf9d9c334a9570799eebbd7ab4c327dca931","ssdeep":"96:MP3hT0wHNv9pMbfWBU46NkRRpN4UoMeDlJg707xWziHejJWHeMNswMQCseI:oywHmb0m8eJRe9WHeMNswN5eI","tlshash":"629176247559d93bcbe70cc8a0115a06d4e84b2fd7347af0daca3b341bfa954321db68","size":4561,"data":"","first_seen":"2026-01-25T12:39:11.023784Z","last_seen":"2026-01-25T12:39:11.023784Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.014542+0000\",\"flow_id\":985763962916329,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50340,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1186},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":610,\"bytes_toclient\":5227,\"start\":\"2026-01-25T12:38:47.953833+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.080480+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2634},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":318,\"bytes_toserver\":16480,\"bytes_toclient\":477591,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/BUL1M7oz.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"389943e88a0490ff9eb04dc6eb099173","sha1":"6d049e2982fd6169164e8d4e09a88ed2e35424de","sha256":"9b16c5abaa7652baf2cba1815a5f4795debdf68ad7ef76a46339262cb67bc28c","sha512":"9273efe6202bec21e16a3b4426ffe923c0651b6af640a2d10d034de53ee79a01b52210da7a4611930977a585ef236206a2afda4e19640f25bad6f2e65bbc67b2","ssdeep":"","tlshash":"1551101dbc35c678c9334458806e085070997f9eb276589696f85d283ff0db8952e32d","size":2532,"data":"","first_seen":"2026-01-25T12:39:11.027545Z","last_seen":"2026-01-25T12:39:11.027545Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50310,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012230+0000\",\"flow_id\":1222109570757545,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50310,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.947113+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.031837+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/index-wOImfd4K.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2532},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":315,\"bytes_toserver\":15990,\"bytes_toclient\":473049,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/D7_5HsiC.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"238011963c29b7a6d66e05ca814c40e0","sha1":"6074772861804c9e94e63119146f924f1a2fdb3d","sha256":"df451094271d5ab8d6036d60594f78028c8f9e72e5d9ebfe30c9927925101394","sha512":"a3f9668412e98d680157d55b2a8547a2c73cf0899e826066ef8abad4d950a683b2df917f30e434fcccaa0295f1f553962b302e093a3278d3151e58af460a4445","ssdeep":"768:nlSfhAqQggv7ELPCBv29bSLiK9mHdjl0Oz/agnO0MiFbzFuq+L9CynOW6gkW0LEP:iMrIOS9uNjxc2nBqjLW","tlshash":"ecf208d576d2b06153aa60f580ef0502f3399629740e80e4f168aceb2cb614f97a7f7d","size":36278,"data":"","first_seen":"2026-01-25T12:39:11.024992Z","last_seen":"2026-01-25T12:39:11.024992Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012437+0000\",\"flow_id\":344967727249849,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50324,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":610,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.948665+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082588+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":79,\"pkts_toclient\":95,\"bytes_toserver\":6291,\"bytes_toclient\":138523,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/eSRsTTyt.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"7b475db51f88542891767465e0d9b691","sha1":"f5a2783784f86b38731258428948d73b1c4f2a8e","sha256":"1a5a5506fd4591f77127bed2853083480526d02987607aac7184497c6b8cfffa","sha512":"70fe18c361700f9dd942b9f183775c1abaae08a54032f5a5d86398dee1413330f7506b3e9026f47407ae60fee76a871d46dd114226d99791bce841d520bba48f","ssdeep":"384:WzhokdDMdeXUdIx4CilIWVOArayZIVn0KoJk1RvjGk4kIZkocHYhd:tSywUdI2lBOAWGI90KoJk1RvjGk4k8kE","tlshash":"7a92eac876d7f032c77258d5807b4010f21c2b99b418e0d0e67fa8a63d669dad66bf2d","size":20548,"data":"","first_seen":"2026-01-25T12:39:11.038085Z","last_seen":"2026-01-25T12:39:11.038085Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.040908+0000\",\"flow_id\":1684069810672189,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50354,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.954941+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082027+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":93,\"pkts_toclient\":116,\"bytes_toserver\":7198,\"bytes_toclient\":171354,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"a60cec07a3dc40c27525212163b3dfdd","sha1":"9dcf1f6e5c35e6d0d64d8519425b735fe95a1254","sha256":"8f3c755c850605e0faf0b8b74437da1f0ee79d12310162c20e3002da7f72d37f","sha512":"7dabd4a7768b855e8af1e1466756002e81fac27c64b6620725257e849f5515b8a9ef271bcce4cd207ec2f10c56ff903d5759386a163681ceb6bc8a0dae2b6172","ssdeep":"","tlshash":"99e07dbd3044110e57af01b8e583cb94363310336170d430bf1d82244f62fbb00628cd","size":367,"data":"","first_seen":"2025-10-10T20:57:08.701764Z","last_seen":"2026-01-25T12:39:11.038942Z","times_seen":3,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"eventHandler","is_inline":false,"md5":"e56ddbb05a974a6bc5ea44661e509a21","sha1":"448d4cb69f9441e10731b1ff4aa9dc81502589bd","sha256":"1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913","sha512":"a3b2b0accbc0f18d13fc0eb6d742a5bf00a9614399e05b97b96ed0963e7d29b5868f73ef541c5f5bf8d125e7f7040d03f39cc853a52ffa2f1e2ebb7a20165242","ssdeep":"","tlshash":"7b700008080000800a002c00e000020080c2000802202008c020a8a0082c088808f800","size":21,"data":"","first_seen":"2023-04-10T22:51:51Z","last_seen":"2026-04-22T02:31:50.097038Z","times_seen":40873,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"eventHandler","is_inline":false,"md5":"e56ddbb05a974a6bc5ea44661e509a21","sha1":"448d4cb69f9441e10731b1ff4aa9dc81502589bd","sha256":"1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913","sha512":"a3b2b0accbc0f18d13fc0eb6d742a5bf00a9614399e05b97b96ed0963e7d29b5868f73ef541c5f5bf8d125e7f7040d03f39cc853a52ffa2f1e2ebb7a20165242","ssdeep":"","tlshash":"7b700008080000800a002c00e000020080c2000802202008c020a8a0082c088808f800","size":21,"data":"","first_seen":"2023-04-10T22:51:51Z","last_seen":"2026-04-22T02:31:50.097038Z","times_seen":40873,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"echoray.click/vendors/font-awesome-v5.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.559Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /vendors/font-awesome-v5.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 74488\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-122f8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74488,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"681289201643be6186a3176c2ad27309","sha1":"44d8e1ce09258bd9e9b81308a88e3f74e9d692bc","sha256":"400a910a167fdf61a3a7d8b327b8bd74830d9546b58ea325cad89d090522d10c","sha512":"bb4fc8c36d813bc71d413161601a11eb7d27a1d9793a51e89846d3f98f1c32d61a62c812e073b1a89b988cf53a7b7deda743b122e927faed9fe0431bf60ae815","ssdeep":"768:qAmCOWmykMxAEPaE3IA/Hqql/5jgYm4vOYzhLApOD81r:q3COWTOED3L/qql/5jgY3/lmr","tlshash":"537304ecddfe1cd08319e4992746f2b0b32db2a89c4a4e65c3e27d9c91c964494d2bcd","first_seen":"2025-10-23T06:25:11.483013Z","last_seen":"2026-01-25T12:39:11.019712Z","times_seen":2,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":93,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.599618+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/vendors/font-awesome-v5.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1198},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":8,\"bytes_toserver\":1162,\"bytes_toclient\":8750,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/CFERDFng.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.563Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/CFERDFng.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 441300\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-6bbd4\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":441300,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"63bbe2beae4f60eae2184843d848c021","sha1":"cbcff5d5a2388159e7235f8b1f34a5963e7a76cc","sha256":"0437aeda7110c489122e312fd0f9ab48de38a77856e52dfa7ee01cabb8ad082d","sha512":"6c13cfe48e9ddab3c25104835aeb5988dd52d9131425bf65e92d8e1376ba049796fe255d9aefa3d583100e54e281bb94a5f8bab9211eae5481ae68f06235cd65","ssdeep":"6144:qoAHiG30bxdxRx9jL/bfDrA5ddYnbfEDHHfpx:qoAHiG30bxUpx","tlshash":"7094a786e4602c3f3a23982e15d4bbac271e6464d9121bfff457e29046c77db2137a1e","first_seen":"2026-01-25T12:39:11.0211Z","last_seen":"2026-01-25T12:39:11.0211Z","times_seen":1,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":38,"dns":1,"connect":43,"send":0,"wait":43,"receive":188,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.644397+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/CFERDFng.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1197},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":624,\"bytes_toclient\":6196,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/mcPhvRDT.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/mcPhvRDT.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 4961\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-1361\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4961,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4960)","md5":"1c97b742bec6bf5bf21ebbe78bb1472e","sha1":"57c7c26a54424739045935cd2c424596b59508dd","sha256":"3f18037915acf631c6dbc065b841e2b4cca255e7745ca14b74f6c46e669c372d","sha512":"9a1fa05d1248a751ac1355b770316e02a3fa2e8138424371266e02da877923104bc68a41db3736f37cbf4670f5de2b849d81b8c068a720c568c190939d7de6b0","ssdeep":"96:kKsLq4Et5t5tgjXyyzjXyyzjXyyzjXyymq4Xt5t5tgjXyyzjXyyzjXyyzjXyy5JG:kJEt5t5t5Xt5t5th","tlshash":"68a11413a681c9db635696cf7a0b7cd0928af52b090f6d02522474e5fa1ee217043fbb","first_seen":"2026-01-25T12:39:11.022379Z","last_seen":"2026-01-25T12:39:11.022379Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.978807+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/mcPhvRDT.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1200},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":88,\"pkts_toclient\":111,\"bytes_toserver\":6510,\"bytes_toclient\":163784,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/CEyXYCG2.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.040Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/CEyXYCG2.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/assets/_/BUL1M7oz.js\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 4561\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-11d1\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":4561,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (4560)","md5":"c8e111d3aa979269aa754d063127d0bf","sha1":"c94a78de45b915f68dea5eed7cc4a8bfc207b91c","sha256":"b89558e289302ddb2e2ad184d63f2314832c757fcd19cde202e919f84280742e","sha512":"26f87cbe7efd204aabdb2309ac2736566ca0ddd6b252a02c66bce71970f1200aaa979baca3048b06986691782b3fdf9d9c334a9570799eebbd7ab4c327dca931","ssdeep":"96:MP3hT0wHNv9pMbfWBU46NkRRpN4UoMeDlJg707xWziHejJWHeMNswMQCseI:oywHmb0m8eJRe9WHeMNswN5eI","tlshash":"629176247559d93bcbe70cc8a0115a06d4e84b2fd7347af0daca3b341bfa954321db68","first_seen":"2026-01-25T12:39:11.023784Z","last_seen":"2026-01-25T12:39:11.023784Z","times_seen":1,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.014542+0000\",\"flow_id\":985763962916329,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50340,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1186},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":610,\"bytes_toclient\":5227,\"start\":\"2026-01-25T12:38:47.953833+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.080480+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2634},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":318,\"bytes_toserver\":16480,\"bytes_toclient\":477591,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/D7_5HsiC.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.043Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/D7_5HsiC.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/assets/_/BUL1M7oz.js\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 36278\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-8db6\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":36278,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36277)","md5":"238011963c29b7a6d66e05ca814c40e0","sha1":"6074772861804c9e94e63119146f924f1a2fdb3d","sha256":"df451094271d5ab8d6036d60594f78028c8f9e72e5d9ebfe30c9927925101394","sha512":"a3f9668412e98d680157d55b2a8547a2c73cf0899e826066ef8abad4d950a683b2df917f30e434fcccaa0295f1f553962b302e093a3278d3151e58af460a4445","ssdeep":"768:nlSfhAqQggv7ELPCBv29bSLiK9mHdjl0Oz/agnO0MiFbzFuq+L9CynOW6gkW0LEP:iMrIOS9uNjxc2nBqjLW","tlshash":"ecf208d576d2b06153aa60f580ef0502f3399629740e80e4f168aceb2cb614f97a7f7d","first_seen":"2026-01-25T12:39:11.024992Z","last_seen":"2026-01-25T12:39:11.024992Z","times_seen":1,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012437+0000\",\"flow_id\":344967727249849,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50324,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":610,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.948665+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082588+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":79,\"pkts_toclient\":95,\"bytes_toserver\":6291,\"bytes_toclient\":138523,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/vendors/line-icons-pro.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.561Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /vendors/line-icons-pro.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 107205\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-1a2c5\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":107205,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3bbe4da4f5f4d5d8948c206fd608a489","sha1":"0782432ff8c7ce40367aeb5e885f339ab72d6a8c","sha256":"5c7e03cedf489f772d9f4000607233f0196d414012a594efd4506a277b3663d5","sha512":"89c09ba3bf44490ade105d306b2c26864f780cf648a6a813d884323b65b6b0d91292ef89703cb4b11b4acd678ded9c28972f56b91ec16ca2f910e0d5191ada76","ssdeep":"768:+ZTFPZMVZFXMDZ6k7uiH8scReoRKceJIh1CF7PboVWnikaTmFbCq:iTXaZFGZYPKcVCFjboVEQTmH","tlshash":"cca3f0d9dcfe0cc59b5df19d26d2f231e308b2e1b80b4e61d39269ac82d8105a4d6bdd","first_seen":"2025-10-23T06:25:11.77469Z","last_seen":"2026-01-25T12:39:11.026246Z","times_seen":2,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":40,"dns":1,"connect":43,"send":0,"wait":43,"receive":131,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.643445+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/vendors/line-icons-pro.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1197},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":631,\"bytes_toclient\":6196,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/D7_5HsiC.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.961Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/D7_5HsiC.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://echoray.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 36278\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-8db6\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":36278,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36277)","md5":"238011963c29b7a6d66e05ca814c40e0","sha1":"6074772861804c9e94e63119146f924f1a2fdb3d","sha256":"df451094271d5ab8d6036d60594f78028c8f9e72e5d9ebfe30c9927925101394","sha512":"a3f9668412e98d680157d55b2a8547a2c73cf0899e826066ef8abad4d950a683b2df917f30e434fcccaa0295f1f553962b302e093a3278d3151e58af460a4445","ssdeep":"768:nlSfhAqQggv7ELPCBv29bSLiK9mHdjl0Oz/agnO0MiFbzFuq+L9CynOW6gkW0LEP:iMrIOS9uNjxc2nBqjLW","tlshash":"ecf208d576d2b06153aa60f580ef0502f3399629740e80e4f168aceb2cb614f97a7f7d","first_seen":"2026-01-25T12:39:11.024992Z","last_seen":"2026-01-25T12:39:11.024992Z","times_seen":1,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":21,"dns":0,"connect":31,"send":0,"wait":31,"receive":31,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012437+0000\",\"flow_id\":344967727249849,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50324,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":610,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.948665+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082588+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/D7_5HsiC.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":79,\"pkts_toclient\":95,\"bytes_toserver\":6291,\"bytes_toclient\":138523,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/BUL1M7oz.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.988Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/BUL1M7oz.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/assets/index-wOImfd4K.js\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2532\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-9e4\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2532,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2495)","md5":"389943e88a0490ff9eb04dc6eb099173","sha1":"6d049e2982fd6169164e8d4e09a88ed2e35424de","sha256":"9b16c5abaa7652baf2cba1815a5f4795debdf68ad7ef76a46339262cb67bc28c","sha512":"9273efe6202bec21e16a3b4426ffe923c0651b6af640a2d10d034de53ee79a01b52210da7a4611930977a585ef236206a2afda4e19640f25bad6f2e65bbc67b2","ssdeep":"","tlshash":"1551101dbc35c678c9334458806e085070997f9eb276589696f85d283ff0db8952e32d","first_seen":"2026-01-25T12:39:11.027545Z","last_seen":"2026-01-25T12:39:11.027545Z","times_seen":1,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50310,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012230+0000\",\"flow_id\":1222109570757545,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50310,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.947113+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.031837+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/index-wOImfd4K.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2532},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":315,\"bytes_toserver\":15990,\"bytes_toclient\":473049,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-25T12:38:47.359Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/html\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69417cf1-57e\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"8f5229871ecaae8fe7870750d6ab97f5","sha1":"a152513760b74b98e83bbf08e6a4416da6055c5c","sha256":"2e237c43289b2347ab7c73644cbff17982491a038db92540cd762795b6bef3ae","sha512":"a16b2ba986a1650754ad4ae050a20340e0262de84545bf135b4c60b447c6283b29e7541042ba8afa572cbdca89ab92ca6bb4c470def4d1f851b1630161262fbf","ssdeep":"","tlshash":"ba21622628a0919912180f3dfdd6fb56bb97615b573ae41434fd81388f60f85818bcf9","first_seen":"2026-01-25T12:39:11.030408Z","last_seen":"2026-01-25T12:39:11.030408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":44,"dns":1,"connect":43,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/index-wOImfd4K.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.562Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/index-wOImfd4K.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 150976\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-24dc0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150976,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (38277)","md5":"0342fbfd8e9d05ac76eba92828848412","sha1":"af74c5a1d649a9b34d5a8f7127277a216d4757f6","sha256":"2c9ea1f56b0d574c69a5dafa5ffdde7dd7b1a143fe569cd5c5d516906d55958d","sha512":"c25c3bf21beaef83c445ad7604f86f76778bc02a9af702780d2e214f6d6f8eda66c87e25233770f57e2de86e17ad6fc93fd3f556d978c7bf96c495c263889232","ssdeep":"3072:KOzX69d2A1Ea1do/zmAemhqpsvcESZzEogczP0:trc2KA9qecESZ4Bcg","tlshash":"e7e3f7e93186b03243ea19e2507b0016f33a1919380ed4d4f16dadeb3d77949a2b7f6d","first_seen":"2026-01-25T12:39:11.03148Z","last_seen":"2026-01-25T12:39:11.03148Z","times_seen":1,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":40,"dns":1,"connect":43,"send":0,"wait":43,"receive":136,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.644796+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/index-wOImfd4K.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1183},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":614,\"bytes_toclient\":4682,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/CP-wY-N8.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.939Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/CP-wY-N8.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 7659\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-1deb\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7659,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7658)","md5":"1266b8774f47a2d3d0af437aaaf5e188","sha1":"de18f4d7f231edbf8b3b965d8bc4926f0b84e6f0","sha256":"de21a6865f66586d8b6aabb88f768260a6aaee5e5f155265fdee4379739107dc","sha512":"dcce7808c35d65faefa0493ff6239988bb90e78f1997c86f47d732c02dc9a791a91a05281d1c792c125b5cb0ade2eceef07b07b04cddbb5ae306ddde76393609","ssdeep":"192:1IHsb80+9YCKpD2Nbf2udQlqt9rlbaE9cqsG:W9F","tlshash":"64f19ec8b1a0cb3f3f13a4a9130aaf2d371e6985d9207a5fd4a8b19016c77da705760e","first_seen":"2026-01-25T12:39:11.032809Z","last_seen":"2026-01-25T12:39:11.032809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.976222+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/CP-wY-N8.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1200},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":219,\"pkts_toclient\":312,\"bytes_toserver\":15166,\"bytes_toclient\":469391,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/favicon.svg","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.093Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 724\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-2d4\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":724,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e2af954d1093e1596b864d8602c32522","sha1":"15d58eb2e0c7f70b24bdfad1c3845ed94fd4f423","sha256":"2303b1499d3889f3807c17d17b8cbf8889ad7a8b6922c340a56f7502bee4675b","sha512":"b88ebf7689466eb1b5b8aa494a78df2cab4ce6d850f9280659a910635ebdb4dfea0d53cb89f6d363bc317dfd173dfb0e4c14da1ff570b51736ace2f967ecf870","ssdeep":"","tlshash":"ce01106563c0a67a8550c34c83f8a1c25375a0de70b056ccfd9a3d74f64e5c9c3646ea","first_seen":"2026-01-25T12:39:11.033964Z","last_seen":"2026-01-25T12:39:11.033964Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.164232+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/favicon.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":724},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":231,\"pkts_toclient\":320,\"bytes_toserver\":17445,\"bytes_toclient\":479177,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/n-dP9qr2.woff2","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.164Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/n-dP9qr2.woff2 HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/assets/CFERDFng.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 34320\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-8610\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34320,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 34320, version 1.0","md5":"39590172e41706c1364b52a27c61386a","sha1":"6130381a4c9bfceaca6538c4dc9ad2bcb441a46f","sha256":"8aabd65a22003f488ba7d2da8a8155a7f90e195ab2a11cd006615d00a0ee5eff","sha512":"e5ac158201adfdd69663a9e64ab9d15421f703822f25e4d659638470bb9576afad5b52d1d8c833b87d4d364f61b58c98b34871637620421084f0abcd7cdff66f","ssdeep":"768:LHtTyjpx9DOcecRvbiXSr/YD6uPcFOTEIrYO3:LHtTyDdpvASrAD6uPOIV","tlshash":"65f2f192bc1e4ae653313bf0ab46c496cd037cd580639792de6992c8febe2a40dd5352","first_seen":"2025-02-24T12:42:05.381425Z","last_seen":"2026-04-21T20:36:20.214881Z","times_seen":156,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.208149+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/n-dP9qr2.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_refer\":\"http://echoray.click/assets/CFERDFng.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2631},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":232,\"pkts_toclient\":325,\"bytes_toserver\":17511,\"bytes_toclient\":486747,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.iconify.design/lucide.json?icons=lock%2Cuser","fqdn":"api.iconify.design","domain":"iconify.design","tld":"design"},"ip":{"addr":"104.26.13.204","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iconify.design","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 02:44:50 GMT","end":"Thu, 26 Feb 2026 03:44:47 GMT"},"fingerprint":{"sha1":"16:D5:1A:12:51:59:5F:98:FA:18:F5:A5:61:9A:55:CE:24:8F:31:40","sha256":"71:5B:CE:48:56:9D:12:EF:6E:B1:89:DE:16:64:0C:2C:91:E7:C8:CF:94:D2:12:AC:64:17:70:D9:6B:61:16:5F"}}},"request":{"raw":"GET /lucide.json?icons=lock%2Cuser HTTP/1.1\r\nHost: api.iconify.design\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://echoray.click/\r\nOrigin: http://echoray.click\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 25 Jan 2026 12:38:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding\r\naccess-control-max-age: 86400\r\ncross-origin-resource-policy: cross-origin\r\ncache-control: public, max-age=604800, min-refresh=604800, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lh6DjGE8YMVgRYLcrGNOri4%2BjqDf%2BkxIPnULEfvq%2FOxRhBurm6oJKL5JKSDtusH%2BkX%2Fj4uM7it9WTmRCNvQg6O8ltHr6X2yuwJcB3gysFg%3D%3D\"}]}\r\nvary: accept-encoding\r\nlast-modified: Sun, 25 Jan 2026 12:11:03 GMT\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9c37d4678b1b7129-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":557,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c65f4d37c02587a0a02446977c309ca9","sha1":"9ceceee387d47a5fba61d355f127cc67ed9630c9","sha256":"d082fd505119fa8408b6e1a0ea3dd88e7cc8237b5375db0e9e4a16a56c391945","sha512":"f6c472b0274b4d704fce4c01d5edaa79a2ff0f4e2a670e5af45ba1a108df499a5ec9531ee27d5b5386a8ba82975e6b831c261f95bd83af471738f7fca98fba03","ssdeep":"","tlshash":"a1f0f018b328e57d7427709d9b283f2a192632413b07224868ae4274323573eb9f3ed0","first_seen":"2026-01-25T12:39:11.035715Z","last_seen":"2026-01-25T12:39:11.035715Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":16,"dns":3,"connect":1,"send":0,"wait":67,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"echoray.click/","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-25T12:38:47.151Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T05:09:04.594815Z","times_seen":14046463,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":104,"dns":0,"connect":43,"send":0,"wait":0,"receive":0,"ssl":50},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50272,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.445969+0000\",\"flow_id\":1570719181273862,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50272,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":714},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":670,\"bytes_toclient\":1180,\"start\":\"2026-01-25T12:38:47.359174+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/BlGbBrki.css","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.949Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/BlGbBrki.css HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: text/css\r\nContent-Length: 17300\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-4394\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17300,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (17295)","md5":"1fbc3f62106a12981de725df4874c2d5","sha1":"eeb0ebfbc14ce74e3d2f36c551fa6bbf4e1927d8","sha256":"df0a61e2bfb44633c2b86cf80a1e2bc4ea0f0fe749f92a64ef2d905fe926b988","sha512":"2d2a82a143a368ca9123afedfe9bcba4790d6c640e989dca31fcb94050f5cc7eb3da43cac76223d6dd0eb56853c09bf7fc5214f7c6827b8f7015e066ea4a18e3","ssdeep":"384:H35JMbIIvEz5oxb5AyKC3XLI8w0OC6D97lhsaQK7yAtBB3GRTS2EyAtA:HpytOexb5o9vW","tlshash":"ab72869166205f2c9c035939aa9c7f4c9929e1348b9b55fecc86a7e6cfcb1d6323710c","first_seen":"2026-01-25T12:39:11.037093Z","last_seen":"2026-01-25T12:39:11.037093Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:47Z","timestamp":1769344727,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50286,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:47.981353+0000\",\"flow_id\":2165286536446405,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50286,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/BlGbBrki.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1199},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":65,\"pkts_toclient\":82,\"bytes_toserver\":5009,\"bytes_toclient\":120116,\"start\":\"2026-01-25T12:38:47.557509+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/BUL1M7oz.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.955Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/BUL1M7oz.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://echoray.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2532\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-9e4\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2532,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (2495)","md5":"389943e88a0490ff9eb04dc6eb099173","sha1":"6d049e2982fd6169164e8d4e09a88ed2e35424de","sha256":"9b16c5abaa7652baf2cba1815a5f4795debdf68ad7ef76a46339262cb67bc28c","sha512":"9273efe6202bec21e16a3b4426ffe923c0651b6af640a2d10d034de53ee79a01b52210da7a4611930977a585ef236206a2afda4e19640f25bad6f2e65bbc67b2","ssdeep":"","tlshash":"1551101dbc35c678c9334458806e085070997f9eb276589696f85d283ff0db8952e32d","first_seen":"2026-01-25T12:39:11.027545Z","last_seen":"2026-01-25T12:39:11.027545Z","times_seen":1,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":27,"dns":0,"connect":30,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50310,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.012230+0000\",\"flow_id\":1222109570757545,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50310,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1187},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.947113+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.031837+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/BUL1M7oz.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/index-wOImfd4K.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2532},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":226,\"pkts_toclient\":315,\"bytes_toserver\":15990,\"bytes_toclient\":473049,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/CEyXYCG2.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.957Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/CEyXYCG2.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://echoray.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 4561\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-11d1\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":4561,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (4560)","md5":"c8e111d3aa979269aa754d063127d0bf","sha1":"c94a78de45b915f68dea5eed7cc4a8bfc207b91c","sha256":"b89558e289302ddb2e2ad184d63f2314832c757fcd19cde202e919f84280742e","sha512":"26f87cbe7efd204aabdb2309ac2736566ca0ddd6b252a02c66bce71970f1200aaa979baca3048b06986691782b3fdf9d9c334a9570799eebbd7ab4c327dca931","ssdeep":"96:MP3hT0wHNv9pMbfWBU46NkRRpN4UoMeDlJg707xWziHejJWHeMNswMQCseI:oywHmb0m8eJRe9WHeMNswN5eI","tlshash":"629176247559d93bcbe70cc8a0115a06d4e84b2fd7347af0daca3b341bfa954321db68","first_seen":"2026-01-25T12:39:11.023784Z","last_seen":"2026-01-25T12:39:11.023784Z","times_seen":1,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":27,"dns":0,"connect":30,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.014542+0000\",\"flow_id\":985763962916329,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50340,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1186},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":610,\"bytes_toclient\":5227,\"start\":\"2026-01-25T12:38:47.953833+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.080480+0000\",\"flow_id\":442991765849023,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50292,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/CEyXYCG2.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2634},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":228,\"pkts_toclient\":318,\"bytes_toserver\":16480,\"bytes_toclient\":477591,\"start\":\"2026-01-25T12:38:47.558015+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/eSRsTTyt.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:47.960Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/eSRsTTyt.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://echoray.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 20548\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-5044\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":20548,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20163)","md5":"7b475db51f88542891767465e0d9b691","sha1":"f5a2783784f86b38731258428948d73b1c4f2a8e","sha256":"1a5a5506fd4591f77127bed2853083480526d02987607aac7184497c6b8cfffa","sha512":"70fe18c361700f9dd942b9f183775c1abaae08a54032f5a5d86398dee1413330f7506b3e9026f47407ae60fee76a871d46dd114226d99791bce841d520bba48f","ssdeep":"384:WzhokdDMdeXUdIx4CilIWVOArayZIVn0KoJk1RvjGk4kIZkocHYhd:tSywUdI2lBOAWGI90KoJk1RvjGk4k8kE","tlshash":"7a92eac876d7f032c77258d5807b4010f21c2b99b418e0d0e67fa8a63d669dad66bf2d","first_seen":"2026-01-25T12:39:11.038085Z","last_seen":"2026-01-25T12:39:11.038085Z","times_seen":1,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":38,"dns":0,"connect":43,"send":0,"wait":43,"receive":43,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.040908+0000\",\"flow_id\":1684069810672189,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50354,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.954941+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082027+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":93,\"pkts_toclient\":116,\"bytes_toserver\":7198,\"bytes_toclient\":171354,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"echoray.click/assets/_/eSRsTTyt.js","fqdn":"echoray.click","domain":"echoray.click","tld":"click"},"ip":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://echoray.click/","date":"2026-01-25T12:38:48.041Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/_/eSRsTTyt.js HTTP/1.1\r\nHost: echoray.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://echoray.click/assets/_/BUL1M7oz.js\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 25 Jan 2026 12:38:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 20548\r\nLast-Modified: Tue, 16 Dec 2025 15:38:25 GMT\r\nConnection: keep-alive\r\nETag: \"69417cf1-5044\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":20548,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20163)","md5":"7b475db51f88542891767465e0d9b691","sha1":"f5a2783784f86b38731258428948d73b1c4f2a8e","sha256":"1a5a5506fd4591f77127bed2853083480526d02987607aac7184497c6b8cfffa","sha512":"70fe18c361700f9dd942b9f183775c1abaae08a54032f5a5d86398dee1413330f7506b3e9026f47407ae60fee76a871d46dd114226d99791bce841d520bba48f","ssdeep":"384:WzhokdDMdeXUdIx4CilIWVOArayZIVn0KoJk1RvjGk4kIZkocHYhd:tSywUdI2lBOAWGI90KoJk1RvjGk4k8kE","tlshash":"7a92eac876d7f032c77258d5807b4010f21c2b99b418e0d0e67fa8a63d669dad66bf2d","first_seen":"2026-01-25T12:39:11.038085Z","last_seen":"2026-01-25T12:39:11.038085Z","times_seen":1,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.040908+0000\",\"flow_id\":1684069810672189,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50354,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":610,\"bytes_toclient\":1654,\"start\":\"2026-01-25T12:38:47.954941+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T12:38:48Z","timestamp":1769344728,"ip_dst":{"addr":"37.1.202.254","port":80,"asn":58061,"as":"Scalaxy B.V.","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.33","port":50298,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-01-25T12:38:48.082027+0000\",\"flow_id\":2085073727227969,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.33\",\"src_port\":50298,\"dest_ip\":\"37.1.202.254\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"echoray.click\",\"url\":\"/assets/_/eSRsTTyt.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://echoray.click/assets/_/BUL1M7oz.js\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1185},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":93,\"pkts_toclient\":116,\"bytes_toserver\":7198,\"bytes_toclient\":171354,\"start\":\"2026-01-25T12:38:47.559169+0000\"}}"}],"analyzer":null,"urlquery":null}}]}