{"report_id":"26890592-8d27-4a98-bff2-a4421c10ed32","version":6,"status":"done","tags":[],"date":"2025-11-19T05:49:07Z","url":{"schema":"http","addr":"simptown.su/","fqdn":"simptown.su","domain":"simptown.su","tld":"su"},"ip":{"addr":"190.115.16.21","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d0e020ce155c9011fe0662bdbe534095","sha1":"a4915872657d8da19183c96334842910f6eb4988","sha256":"08bab4c2fb6a530bb574c46455acac529659c66537481025c6707674d0f9a2d6","sha512":"9316c83e813de00108b1937f10d8f28131001d5b79cb345ec4745eb38278c13a7a085215c91d3d8c509c50ea3c321a6a24fb172db1a22c03399be22b82133106","ssdeep":"","tlshash":"fe7135a514f1552718a383a5e9817f1bdf826a07cf8d6a407b9e00f22f97d59887f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"simptown.su/","fqdn":"simptown.su","domain":"simptown.su","tld":"su"},"ip":{"addr":"190.115.16.21","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-24T05:49:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:48:47Z","timestamp":1763531327,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:48:47.178893+0000\",\"flow_id\":2215601195909399,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":59396,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:48:47.131351+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:49:00Z","timestamp":1763531340,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":41330,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:49:00.434530+0000\",\"flow_id\":1476503897167186,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":41330,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:49:00.382290+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"simptown.su","ip":{"addr":"190.115.16.21","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"2025-01-12","domain_rank":195485,"first_seen":"2025-04-22T04:51:43.545797Z","last_seen":"2025-09-16T16:41:52.636591Z","alert_count":2,"request_count":1,"received_data":751,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:48:47Z","timestamp":1763531327,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:48:47.178893+0000\",\"flow_id\":2215601195909399,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":59396,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:48:47.131351+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:49:00Z","timestamp":1763531340,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":41330,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:49:00.434530+0000\",\"flow_id\":1476503897167186,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":41330,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:49:00.382290+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"simptown.su/","fqdn":"simptown.su","domain":"simptown.su","tld":"su"},"ip":{"addr":"190.115.16.21","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-19T05:48:44.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"simptown.su","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 21:15:19 GMT","end":"Thu, 12 Feb 2026 21:15:18 GMT"},"fingerprint":{"sha1":"08:7D:EC:86:E2:6F:46:17:B5:60:DB:FE:4A:77:2C:CD:33:2D:17:30","sha256":"DA:3F:61:EA:97:0A:56:42:00:9E:8E:C3:AE:E4:1A:9D:A8:8C:4A:A0:AD:DD:12:47:00:FD:61:35:B7:2C:AA:66"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: simptown.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 504 Gateway Timeout\r\nserver: ddos-guard\r\ndate: Wed, 19 Nov 2025 05:49:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 583\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"504","status_text":"Gateway Timeout","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":583,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (579), with no line terminators","md5":"e9f642657e61c1a7f2fe038474abf083","sha1":"5a506a1f8b95f50395e87f8a3ddfd5f21475fed1","sha256":"ed784195e804233002feb7cf3ff653c936a54b69fde0165ecbc7ce4f0bd068a9","sha512":"3b6fae427a80049865922578a74992f8eb892ad19498a1a1756ae2049f839c341c34a6d7b2d1015d9a63f42a2ae121d559a0a5c5be4b2bfb6eddd0aab34adf93","ssdeep":"","tlshash":"74f09609cb9330dfe01a40e8d8f1308830550cb1e3b6a3f1ae4b2b79ecc82a470b224d","first_seen":"2025-04-30T17:27:52.103081Z","last_seen":"2026-03-27T22:22:40.266812Z","times_seen":115,"resource_available":true,"data":null}},"time_used":16217,"timings":{"blocked":93,"dns":27,"connect":18,"send":0,"wait":16029,"receive":1,"ssl":45},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:48:47Z","timestamp":1763531327,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:48:47.178893+0000\",\"flow_id\":2215601195909399,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":59396,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:48:47.131351+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-19T05:49:00Z","timestamp":1763531340,"ip_dst":{"addr":"190.115.16.21","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.15","port":41330,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-11-19T05:49:00.434530+0000\",\"flow_id\":1476503897167186,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":41330,\"dest_ip\":\"190.115.16.21\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"simptown.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://simptown.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":1315,\"start\":\"2025-11-19T05:49:00.382290+0000\"}}"}],"analyzer":null,"urlquery":null}}]}