{"report_id":"8cfebeaf-668d-4912-998e-1b2404628671","version":6,"status":"done","tags":[],"date":"2024-01-07T03:25:06Z","url":{"schema":"http","addr":"chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/","fqdn":"chertaff.xyz","domain":"chertaff.xyz","tld":"xyz"},"ip":{"addr":"24.199.120.237","port":0,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/","fqdn":"chertaff.xyz","domain":"chertaff.xyz","tld":"xyz"},"title":"chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T04:46:21Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"chertaff.xyz","ip":{"addr":"24.199.120.237","port":80,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"domain_registered":"2023-09-05","domain_rank":0,"first_seen":"2023-09-05 19:08:33","last_seen":"2023-11-21 13:20:50","alert_count":0,"request_count":2,"received_data":510,"sent_data":816,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-01-07T03:24:42Z","timestamp":1704597882,"ip_dst":{"addr":"Client IP","port":38584,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"24.199.120.237","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2024-01-07T03:24:42.038005+0000\",\"flow_id\":1046406932037155,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"24.199.120.237\",\"src_port\":443,\"dest_ip\":\"10.70.215.25\",\"dest_port\":38584,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=chertedaff.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R3\",\"serial\":\"04:7E:00:8E:86:C2:DA:87:26:AF:E0:9A:9E:41:22:CF:8E:80\",\"fingerprint\":\"4f:46:cd:f8:3a:26:52:4c:4f:31:f7:2b:6b:e4:d3:52:d7:93:c1:1f\",\"sni\":\"chertaff.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-01-02T19:10:59\",\"notafter\":\"2024-04-01T19:10:58\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"b0016e8beb88196db9f345e6d45c6d92\",\"string\":\"771,52393,65281-0-11-5-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":7,\"bytes_toserver\":1293,\"bytes_toclient\":5044,\"start\":\"2024-01-07T03:24:41.556579+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/","fqdn":"chertaff.xyz","domain":"chertaff.xyz","tld":"xyz"},"ip":{"addr":"24.199.120.237","port":80,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-07T03:24:41.897Z","timestamp":1704597881897,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cc0rl5k.php?key=eyma5odb9unupyri9vu1/ HTTP/1.1\r\nHost: chertaff.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nDate: Sun, 07 Jan 2024 03:24:42 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20,"size_decoded":20,"mime_type":"text/html; charset=UTF-8","magic":"gzip compressed data, max speed, from Unix","md5":"a4745abc5e7fdb89cc6df3069f3c6e69","sha1":"74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed","sha256":"d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf","sha512":"849461cb54ecde577246aad993d1ecabb879913e353ae322561c7c57605f571e23210fe12bdcef49faa99b5b003611976ff64348f620968271e38bba1c7d7f62","ssdeep":"","tlshash":"ce70000000003c30cc000030000fc000000c30003000c00300000030000300300c003f","first_seen":"2023-04-08T01:36:47Z","last_seen":"2025-03-02T02:51:47.01042Z","times_seen":42040,"resource_available":false,"data":null}},"time_used":486,"timings":{"blocked":158,"dns":0,"connect":158,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"chertaff.xyz/favicon.ico","fqdn":"chertaff.xyz","domain":"chertaff.xyz","tld":"xyz"},"ip":{"addr":"24.199.120.237","port":80,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/","date":"2024-01-07T03:24:42.349Z","timestamp":1704597882349,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: chertaff.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://chertaff.xyz/cc0rl5k.php?key=eyma5odb9unupyri9vu1/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0\r\nDate: Sun, 07 Jan 2024 03:24:42 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":114,"size_decoded":153,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d47b646093dd84d34885a714ce4bd74e","sha1":"c4df23671b6440e29159093dc52cb8c4aa184597","sha256":"6807c84bf35d67496e020c1528303b87d4759933c09817e514a7159ac689d352","sha512":"906fb89d5ec9dc4338f9d5e26fdc9ccc041225157a8f114465449106128d69e9fbc7723b2bcdd56a17c74c29983f7126a1d970b24e3902a3c4e817834f21f338","ssdeep":"","tlshash":"29c08c2d25137c4c8563217432c36080c086832764aa42128440800331cb2a98ac7396","first_seen":"2023-04-15T19:52:36Z","last_seen":"2026-04-16T21:26:29.498213Z","times_seen":5186,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}