{"report_id":"8699a858-6210-4065-90c7-34d4694e3448","version":6,"status":"done","tags":[],"date":"2025-04-07T07:32:32Z","url":{"schema":"http","addr":"worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4","fqdn":"worldnaturenet.xyz","domain":"worldnaturenet.xyz","tld":"xyz"},"ip":{"addr":"175.110.113.177","port":0,"asn":49981,"as":"WorldStream B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4","fqdn":"worldnaturenet.xyz","domain":"worldnaturenet.xyz","tld":"xyz"},"title":"worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-16T07:32:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"worldnaturenet.xyz","ip":{"addr":"175.110.113.177","port":443,"asn":49981,"as":"WorldStream B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2017-04-26T00:26:21Z","last_seen":"2025-03-16T07:33:47.231802Z","alert_count":0,"request_count":2,"received_data":27338,"sent_data":1068,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-07T07:32:10Z","timestamp":1744011130,"ip_dst":{"addr":"172.18.0.16","port":44212,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"175.110.113.177","port":443,"asn":49981,"as":"WorldStream B.V.","country":"The Netherlands","country_code":"NL"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2025-04-07T07:32:10.571372+0000\",\"flow_id\":1999646569970002,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"175.110.113.177\",\"src_port\":443,\"dest_ip\":\"172.18.0.16\",\"dest_port\":44212,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=worldnaturenet.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R11\",\"serial\":\"06:84:70:AC:C9:93:5F:E0:BD:BB:0B:E7:37:52:00:B1:7C:0D\",\"fingerprint\":\"2d:c3:c2:cc:64:a7:17:1d:af:32:0a:61:45:4b:05:ea:67:59:19:88\",\"sni\":\"worldnaturenet.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-03-28T11:11:18\",\"notafter\":\"2025-06-26T11:11:17\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"c4b2785a87896e19d37eee932070cb22\",\"string\":\"771,49199,0-65281-11-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1113,\"bytes_toclient\":3564,\"start\":\"2025-04-07T07:32:10.506194+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4","fqdn":"worldnaturenet.xyz","domain":"worldnaturenet.xyz","tld":"xyz"},"ip":{"addr":"175.110.113.177","port":443,"asn":49981,"as":"WorldStream B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-07T07:32:10.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"worldnaturenet.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Mar 2025 11:11:18 GMT","end":"Thu, 26 Jun 2025 11:11:17 GMT"},"fingerprint":{"sha1":"2D:C3:C2:CC:64:A7:17:1D:AF:32:0A:61:45:4B:05:EA:67:59:19:88","sha256":"C8:D4:C9:34:3A:DA:FE:49:E5:2D:44:6D:AB:52:9E:C9:FD:8D:15:15:A0:59:78:4A:A6:E4:1D:1C:1B:DC:6F:B1"}}},"request":{"raw":"GET /91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4 HTTP/1.1\r\nHost: worldnaturenet.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":408,"data":"key=eyJpdiI6IklmQXB6TzI1NnBBekpZWVVTaE40bVE9PSIsInZhbHVlIjoiTWVoakt5YW1PY2ZMcXFrZkRKVzJvb1RKYXZIbFdwMVljSHNpWjI1U2lHaWZVVFNHMlJNck91Zmw2V3pIUEdMdERHWnMza1VaZFNYM0pJWHBLR1pGUGU2WHI0bDdlWHBMZ25pKzNuWm9pa1dtMkk0L1ZTdGRnK3l5cGNDT01tYUNQaDB6MmZlNk5VbEIrbEVzemxzUlh1RW16NStESjRLTzZQYWR4UG02UjRzPSIsIm1hYyI6IjNkMzBkZjM2ZjIwYTM0ZDU4NWMyYTU4MmJiZDQ3YzkyZWZmM2FkN2MzMjIxNGQ5NGU0NjkwYzFiNDk1MzZhMzEiLCJ0YWciOiIifQ%3D%3D"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.26.1\r\nDate: Mon, 07 Apr 2025 07:32:10 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Powered-By: PHP/7.2.34\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13303,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2612)","md5":"9a0bd50f3637aa35c8b6a7af4182e5e8","sha1":"5a54a8bb75914e2f1234aca1a9bb31fc59161796","sha256":"ba204413685e07844ffb683f4113f31c42edc508002a732ffbef2b58827ca357","sha512":"3267beb65c1e6b47889e149e4756a34aefbebcdcf2ab3e64bbcc72d61a11aa0daa09906d35e05b3724c19fac36be728c950bcf8bf5ef9d93b7bac2c26a900fa8","ssdeep":"384:R64tZo8uRCMz8+vMHaK7EBuyEaunwXpFnMws:RDm8uRfzGHldaUwa","tlshash":"df52b8f8fbad9639463e10e52a3e6b9e743c4073e9168c93fc58d93c5990e1d111ac9c","first_seen":"2025-04-07T07:32:33.153872Z","last_seen":"2025-04-07T07:32:33.153872Z","times_seen":1,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":167,"dns":3,"connect":18,"send":0,"wait":32,"receive":0,"ssl":144},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"worldnaturenet.xyz/favicon.ico","fqdn":"worldnaturenet.xyz","domain":"worldnaturenet.xyz","tld":"xyz"},"ip":{"addr":"175.110.113.177","port":443,"asn":49981,"as":"WorldStream B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"https://worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4","date":"2025-04-07T07:32:11.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"worldnaturenet.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Mar 2025 11:11:18 GMT","end":"Thu, 26 Jun 2025 11:11:17 GMT"},"fingerprint":{"sha1":"2D:C3:C2:CC:64:A7:17:1D:AF:32:0A:61:45:4B:05:EA:67:59:19:88","sha256":"C8:D4:C9:34:3A:DA:FE:49:E5:2D:44:6D:AB:52:9E:C9:FD:8D:15:15:A0:59:78:4A:A6:E4:1D:1C:1B:DC:6F:B1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: worldnaturenet.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51824x6643x\u0026r=4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.26.1\r\nDate: Mon, 07 Apr 2025 07:32:11 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Powered-By: PHP/7.2.34\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13303,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2612)","md5":"9a0bd50f3637aa35c8b6a7af4182e5e8","sha1":"5a54a8bb75914e2f1234aca1a9bb31fc59161796","sha256":"ba204413685e07844ffb683f4113f31c42edc508002a732ffbef2b58827ca357","sha512":"3267beb65c1e6b47889e149e4756a34aefbebcdcf2ab3e64bbcc72d61a11aa0daa09906d35e05b3724c19fac36be728c950bcf8bf5ef9d93b7bac2c26a900fa8","ssdeep":"384:R64tZo8uRCMz8+vMHaK7EBuyEaunwXpFnMws:RDm8uRfzGHldaUwa","tlshash":"df52b8f8fbad9639463e10e52a3e6b9e743c4073e9168c93fc58d93c5990e1d111ac9c","first_seen":"2025-04-07T07:32:33.153872Z","last_seen":"2025-04-07T07:32:33.153872Z","times_seen":1,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}