{"report_id":"36d3043f-fea6-4514-8440-b2d7c31f2e48","version":6,"status":"done","tags":[],"date":"2025-12-20T22:09:30Z","url":{"schema":"http","addr":"sweethelp.ru/","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"sweethelp.ru/","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"title":"DDoS-Guard","dom":{"size":651,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (651), with no line terminators","md5":"5855d596f3651bb5add8f8518b83eed5","sha1":"cfec6a4f25f5d8d5d17998f9c16f3d3b63cd9243","sha256":"733bc479f7cabfca7e4f3c2c8b5dfcda76105b960c03f7774f81cd277019821a","sha512":"347577a73e5fa3f59a129cd0130326e7c6999f55249c60b848b0587ee205de2684be50fdee7b68dd5f9e3002880fceca38054397e6036af50b01b0845baa196a","ssdeep":"","tlshash":"49f0fefb8530282f20530ac8b881330c0698da0dea89a4326bd983da86d2b74dd03408","dom_hash":"domhasha3d3d7415960b807b142bbf1c8e66ac9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"sweethelp.ru/","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T22:09:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-20T22:09:08Z","timestamp":1766268548,"ip_dst":{"addr":"172.18.0.21","port":53072,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2025-12-20T22:09:08.379552+0000\",\"flow_id\":745593949664674,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.129.100.243\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":53072,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"sweethelp.ru\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://sweethelp.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":698,\"bytes_toclient\":3168,\"start\":\"2025-12-20T22:09:08.341410+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-20T22:09:18Z","timestamp":1766268558,"ip_dst":{"addr":"172.18.0.21","port":53066,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2025-12-20T22:09:18.382131+0000\",\"flow_id\":1251382183368322,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.129.100.243\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":53066,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"sweethelp.ru\",\"url\":\"/.well-known/ddos-guard/wrongip.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://sweethelp.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2037},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2037,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1375,\"bytes_toclient\":3870,\"start\":\"2025-12-20T22:09:08.104066+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"sweethelp.ru","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2010-01-20","domain_rank":0,"first_seen":"2025-12-20T22:09:30.233912Z","last_seen":"2025-12-20T22:09:30.233912Z","alert_count":2,"request_count":5,"received_data":35194,"sent_data":2172,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"sweethelp.ru/.well-known/ddos-guard/wrongip.js","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa83093b54cc45784e7b3416237dc61f","sha1":"4f93cb43dc130732f0eeb558e3ad6cc595589f11","sha256":"5e89fd3c7c928d63f050e24a6f536cc5ae2def0fd51a7b3cc64113499c136c1e","sha512":"28cabc87dce4b59aab1e2de8759092a8e854414339dd7c431d3b83a0f2cc7fa10d4d3b8cfc635ee18b3a3d80a064eb3e7b6f83a5116e68db32fcc1451eb9e0ae","ssdeep":"384:ekMzelCQR05TN23zWEkoIsOzWY3r1toVkJKfgwUnqyZFrdW4WKtm3tV9wzl6T+94:ekMzelCImyWqGWwHKfgwUNP9ODZWOMmB","tlshash":"97d2c2c9f6c2f064439b7561403f100bf33a2d69a86e8094e2aad4d47cbd94ac17bf6d","size":30406,"data":"","first_seen":"2024-12-18T07:13:09.332755Z","last_seen":"2026-04-26T03:32:56.38047Z","times_seen":280,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-20T22:09:08Z","timestamp":1766268548,"ip_dst":{"addr":"172.18.0.21","port":53072,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2025-12-20T22:09:08.379552+0000\",\"flow_id\":745593949664674,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.129.100.243\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":53072,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"sweethelp.ru\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://sweethelp.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":698,\"bytes_toclient\":3168,\"start\":\"2025-12-20T22:09:08.341410+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"sweethelp.ru/","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T22:09:07.871Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: sweethelp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":84,"connect":19,"send":0,"wait":0,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sweethelp.ru/","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T22:09:08.106Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: sweethelp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 503 Service Unavailable\r\nServer: ddos-guard\r\nDate: Sat, 20 Dec 2025 22:09:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nSet-Cookie: __ddg8_=LbSM4c5mum6MOWiC; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\n__ddg10_=1766268548; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\n__ddg9_=91.90.42.154; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 587\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":587,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (587), with no line terminators","md5":"0044f599bb1614bc412f3b3331bf4ff6","sha1":"e1c98e479ba8f8d01ad96090f0ecc69d2246b4a9","sha256":"bb4ad35776dadba17794f9a00462fbfd625cde7e155e42fe99fb4a107776f451","sha512":"da657684c2778690720d0e3dfe19c1c9731b5c200b371fed973bc8b2e474062d71a5749fc762968d032a05dec20156635b6b15361d90c5ded71ae0d46d93cf21","ssdeep":"","tlshash":"5ff0a2fbc870382f605347c4bc81370c1699da0dee95a4316be9569d86d67649913448","first_seen":"2024-12-18T07:13:09.325278Z","last_seen":"2026-05-02T20:06:03.735216Z","times_seen":291,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":16,"dns":0,"connect":18,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sweethelp.ru/.well-known/ddos-guard/wrongip.css","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://sweethelp.ru/","date":"2025-12-20T22:09:08.344Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /.well-known/ddos-guard/wrongip.css HTTP/1.1\r\nHost: sweethelp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://sweethelp.ru/\r\nCookie: __ddg8_=LbSM4c5mum6MOWiC; __ddg10_=1766268548; __ddg9_=91.90.42.154\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 Ok\r\nServer: ddos-guard\r\nDate: Sat, 20 Dec 2025 22:09:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nContent-Type: text/css\r\nExpires: Sat, 20 Dec 2025 23:09:08 GMT\r\nContent-Length: 2037\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"Ok","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":2037,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2037), with no line terminators","md5":"a68b0d6dda5b68426925486b7c8d6ca7","sha1":"3b4fe309ca96432b919974676e4d6165754cec64","sha256":"1ad07bb78a8ce1d938b93339581d963edb773041deda339bc3bf1b5ebcfe9533","sha512":"f0866c9cb447917f327636c287d6f0bcad38db12bb90cecc47efb92ae6ce47ad26f4c291c7a63dd383ea4c0a68b0416d748aa6d5122d69994baf1c0d8fb69396","ssdeep":"","tlshash":"e54152226660b02db4b7c8a525c9aa993424ca15a0aff7fcde537131dacf1932e3174d","first_seen":"2025-02-26T21:52:29.856114Z","last_seen":"2026-03-23T03:15:25.75936Z","times_seen":255,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-20T22:09:18Z","timestamp":1766268558,"ip_dst":{"addr":"172.18.0.21","port":53066,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2025-12-20T22:09:18.382131+0000\",\"flow_id\":1251382183368322,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.129.100.243\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":53066,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"sweethelp.ru\",\"url\":\"/.well-known/ddos-guard/wrongip.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://sweethelp.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2037},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2037,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1375,\"bytes_toclient\":3870,\"start\":\"2025-12-20T22:09:08.104066+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sweethelp.ru/.well-known/ddos-guard/wrongip.js","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://sweethelp.ru/","date":"2025-12-20T22:09:08.346Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /.well-known/ddos-guard/wrongip.js HTTP/1.1\r\nHost: sweethelp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://sweethelp.ru/\r\nCookie: __ddg8_=LbSM4c5mum6MOWiC; __ddg10_=1766268548; __ddg9_=91.90.42.154\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 Ok\r\nServer: ddos-guard\r\nDate: Sat, 20 Dec 2025 22:09:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nContent-Type: application/javascript\r\nExpires: Sat, 20 Dec 2025 23:09:08 GMT\r\nContent-Length: 30468\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"Ok","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":30468,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (25340), with LF, NEL line terminators","md5":"aa83093b54cc45784e7b3416237dc61f","sha1":"4f93cb43dc130732f0eeb558e3ad6cc595589f11","sha256":"5e89fd3c7c928d63f050e24a6f536cc5ae2def0fd51a7b3cc64113499c136c1e","sha512":"28cabc87dce4b59aab1e2de8759092a8e854414339dd7c431d3b83a0f2cc7fa10d4d3b8cfc635ee18b3a3d80a064eb3e7b6f83a5116e68db32fcc1451eb9e0ae","ssdeep":"384:ekMzelCQR05TN23zWEkoIsOzWY3r1toVkJKfgwUnqyZFrdW4WKtm3tV9wzl6T+94:ekMzelCImyWqGWwHKfgwUNP9ODZWOMmB","tlshash":"97d2c2c9f6c2f064439b7561403f100bf33a2d69a86e8094e2aad4d47cbd94ac17bf6d","first_seen":"2024-12-18T07:13:09.332755Z","last_seen":"2026-04-26T03:32:56.38047Z","times_seen":280,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":15,"dns":1,"connect":19,"send":0,"wait":19,"receive":25,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-20T22:09:08Z","timestamp":1766268548,"ip_dst":{"addr":"172.18.0.21","port":53072,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2025-12-20T22:09:08.379552+0000\",\"flow_id\":745593949664674,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.129.100.243\",\"src_port\":80,\"dest_ip\":\"172.18.0.21\",\"dest_port\":53072,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"sweethelp.ru\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://sweethelp.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":698,\"bytes_toclient\":3168,\"start\":\"2025-12-20T22:09:08.341410+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sweethelp.ru/favicon.ico","fqdn":"sweethelp.ru","domain":"sweethelp.ru","tld":"ru"},"ip":{"addr":"185.129.100.243","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://sweethelp.ru/","date":"2025-12-20T22:09:08.429Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sweethelp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://sweethelp.ru/\r\nCookie: __ddg8_=LbSM4c5mum6MOWiC; __ddg10_=1766268548; __ddg9_=91.90.42.154\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 503 Service Unavailable\r\nServer: ddos-guard\r\nDate: Sat, 20 Dec 2025 22:09:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nSet-Cookie: __ddg8_=8rFOnovc4iPmLh3F; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\n__ddg10_=1766268548; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\n__ddg9_=91.90.42.154; Domain=.sweethelp.ru; Path=/; Expires=Sat, 20-Dec-2025 22:29:08 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 587\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":587,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (587), with no line terminators","md5":"0044f599bb1614bc412f3b3331bf4ff6","sha1":"e1c98e479ba8f8d01ad96090f0ecc69d2246b4a9","sha256":"bb4ad35776dadba17794f9a00462fbfd625cde7e155e42fe99fb4a107776f451","sha512":"da657684c2778690720d0e3dfe19c1c9731b5c200b371fed973bc8b2e474062d71a5749fc762968d032a05dec20156635b6b15361d90c5ded71ae0d46d93cf21","ssdeep":"","tlshash":"5ff0a2fbc870382f605347c4bc81370c1699da0dee95a4316be9569d86d67649913448","first_seen":"2024-12-18T07:13:09.325278Z","last_seen":"2026-05-02T20:06:03.735216Z","times_seen":291,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}