{"report_id":"9052b46a-ac25-4434-ba01-a2d51aff2e3c","version":6,"status":"done","tags":[],"date":"2023-09-19T05:24:32Z","url":{"schema":"http","addr":"mkrep.ru/bitrix/redirect.php?event1=\u0026event2=\u0026event3=\u0026goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"mkrep.ru","domain":"mkrep.ru","tld":"ru"},"ip":{"addr":"178.250.157.102","port":0,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"title":"Illusional Love BBS"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T23:12:49Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mkrep.ru","ip":{"addr":"178.250.157.102","port":0,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"domain_registered":"2015-07-04","domain_rank":0,"first_seen":"2015-07-05 12:08:01","last_seen":"2023-09-19 07:24:07","alert_count":0,"request_count":2,"received_data":36556,"sent_data":1164,"comment":"","tags":null,"fingerprints":null},{"fqdn":"snow-drop-tales.sakura.ne.jp","ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2017-07-21","domain_rank":0,"first_seen":"2018-02-19 06:56:33","last_seen":"2023-09-19 07:24:15","alert_count":0,"request_count":4,"received_data":37587,"sent_data":1677,"comment":"","tags":null,"fingerprints":null},{"fqdn":"affiliate.dtiserv.com","ip":{"addr":"140.174.2.195","port":80,"asn":30212,"as":"HYPERMEDIA-SYSTEMS","country":"United States","country_code":"US"},"domain_registered":"1996-09-30","domain_rank":456046,"first_seen":"2012-07-05 16:22:33","last_seen":"2023-09-09 21:30:50","alert_count":0,"request_count":2,"received_data":17097,"sent_data":760,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-19T05:24:19Z","timestamp":1695101059,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60683,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to .biz TLD","source":"{\"timestamp\":\"2023-09-19T05:24:19.747748+0000\",\"flow_id\":1244869167376612,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.36\",\"src_port\":60683,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027863,\"rev\":5,\"signature\":\"ET INFO Observed DNS Query to .biz TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":3691,\"rrname\":\"trainingpeople.biz\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":89,\"bytes_toclient\":0,\"start\":\"2023-09-19T05:24:19.747748+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-19T05:24:19Z","timestamp":1695101059,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60507,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to .biz TLD","source":"{\"timestamp\":\"2023-09-19T05:24:19.747874+0000\",\"flow_id\":971928290683234,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.36\",\"src_port\":60507,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027863,\"rev\":5,\"signature\":\"ET INFO Observed DNS Query to .biz TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":50029,\"rrname\":\"trainingpeople.biz\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":89,\"bytes_toclient\":0,\"start\":\"2023-09-19T05:24:19.747874+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-19T05:24:20Z","timestamp":1695101060,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36421,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to .world TLD","source":"{\"timestamp\":\"2023-09-19T05:24:20.961648+0000\",\"flow_id\":1429696642591856,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.36\",\"src_port\":36421,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027870,\"rev\":5,\"signature\":\"ET INFO Observed DNS Query to .world TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":53666,\"rrname\":\"be-happy.world\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":85,\"bytes_toclient\":0,\"start\":\"2023-09-19T05:24:20.961648+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-19T05:24:20Z","timestamp":1695101060,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42636,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to .world TLD","source":"{\"timestamp\":\"2023-09-19T05:24:20.961770+0000\",\"flow_id\":312751742561514,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.36\",\"src_port\":42636,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027870,\"rev\":5,\"signature\":\"ET INFO Observed DNS Query to .world TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":13053,\"rrname\":\"be-happy.world\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":85,\"bytes_toclient\":0,\"start\":\"2023-09-19T05:24:20.961770+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"c630408726027b228179c9c0873d2269","sha1":"e070cec778d17fde0640d07a10443491f7fbf536","sha256":"d228f4ec4900d1f28b4027e955dbba1247647f384ac8abfb23671978b5b9835e","sha512":"b49cf751f23341ffecbfd71589a755be557ee6cb6df56db5193b1ed2e961cbf1d880b635acf2bdb5f0ed4c20ace76e37c2db945b55dabb4ad3cc0a2e172c8bfe","ssdeep":"","tlshash":"39b02b1c5ba01c8040b22087bf4b392c109f800108d88200032d50b01b0d123422808e","size":120,"data":"","first_seen":"2023-03-25T23:11:39Z","last_seen":"2026-05-09T03:48:44.821551Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mkrep.ru/bitrix/redirect.php?event1=\u0026event2=\u0026event3=\u0026goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"mkrep.ru","domain":"mkrep.ru","tld":"ru"},"ip":{"addr":"178.250.157.102","port":0,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-19T05:24:15.666908064Z","timestamp":1695101055666,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /bitrix/redirect.php?event1=\u0026event2=\u0026event3=\u0026goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread HTTP/1.1\r\nHost: mkrep.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 19 Sep 2023 05:24:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nvary: HTTPS\r\np3p: policyref=\"/bitrix/p3p.xml\", CP=\"NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA\"\r\nx-powered-cms: Bitrix Site Manager (1d59a9e9a41e2e5da70d3c33f6f83c9a)\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread\r\nset-cookie: PHPSESSID=k6GkwQ346HavhRB5XZ7dKEISkF7Zf1oG; path=/; HttpOnly\nBITRIX_SM_GUEST_ID=3487410; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/\nBITRIX_SM_LAST_VISIT=19.09.2023%2008%3A24%3A15; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-11T23:03:05.58643Z","times_seen":15030564,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-19T05:24:15.679Z","timestamp":1695101055679,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /s/yybbs63/yybbs.cgi?list=thread HTTP/1.1\r\nHost: snow-drop-tales.sakura.ne.jp\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 19 Sep 2023 05:24:16 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34814,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document text\\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (17455)","md5":"73f79c56db0cdc034c69e01843eb88d9","sha1":"ff03145c034a4fcfcf7ac5286a7113323880c3ba","sha256":"77ff680e357a4182d2251d7c3bdb1b0602be6b5444526d65dc52bf79f12b9ba3","sha512":"5295ebe4bf760cde7b2cef0bf075d9df4931f7d9cf43d9c40c9a47c093f1eaf14686704d6f638ae7f53d13ee4a7178c374d8fad7a85dcefe0939476e255f3581","ssdeep":"384:iQT7+EFqdElEIXfWEGEjW4edwhA1k5BHh8QW9gp5E1hKz+Au1AuBk:XTDFqGeAfXHEw7hw9gp5Eezthwk","tlshash":"57f286f683c283e94703da6ce671fb7cc013a1e5cdc467cad5611f92a64d1aa6413ace","first_seen":"2023-09-19T07:24:35Z","last_seen":"2023-09-19T07:24:35Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2303,"timings":{"blocked":571,"dns":287,"connect":285,"send":0,"wait":865,"receive":295,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"affiliate.dtiserv.com/image/eroanime/124-468-06.gif","fqdn":"affiliate.dtiserv.com","domain":"dtiserv.com","tld":"com"},"ip":{"addr":"140.174.2.195","port":80,"asn":30212,"as":"HYPERMEDIA-SYSTEMS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","date":"2023-09-19T05:24:17.473Z","timestamp":1695101057473,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/eroanime/124-468-06.gif HTTP/1.1\r\nHost: affiliate.dtiserv.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://snow-drop-tales.sakura.ne.jp/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 19 Sep 2023 05:24:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 603\r\nConnection: keep-alive\r\nETag: \"60bfc381-25b\"\r\nX-Sh: 107\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":603,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"ec66ea85f6cdd590ccc24b6d956aa1f2","sha1":"303caf6690376a242aefc9ec513a29f3b3679c8d","sha256":"e9fa33abf2ec52fb1f46f77c773ca400421e6a363568f9919f245fb4cf7e26f1","sha512":"a25da46753b163126ec3edf621d483de6e67aab6ac3c511ec1d6bcdfad7c2f059a96cac5714fd414b15b86734d27cbb79cfed548bf83a3f0f08de8003d7e871a","ssdeep":"","tlshash":"f7f00cb7692100109a10060e0b8e750ea1b3b4521c89ea8df613e2007ff4b7e884fcdb","first_seen":"2023-07-20T10:50:36Z","last_seen":"2026-03-05T04:52:18.583037Z","times_seen":7,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":165,"dns":1,"connect":165,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"affiliate.dtiserv.com/image/netcomic/122-400-04.gif","fqdn":"affiliate.dtiserv.com","domain":"dtiserv.com","tld":"com"},"ip":{"addr":"140.174.2.195","port":80,"asn":30212,"as":"HYPERMEDIA-SYSTEMS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","date":"2023-09-19T05:24:17.373Z","timestamp":1695101057373,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /image/netcomic/122-400-04.gif HTTP/1.1\r\nHost: affiliate.dtiserv.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://snow-drop-tales.sakura.ne.jp/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 19 Sep 2023 05:24:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 16014\r\nLast-Modified: Mon, 14 Jul 2008 19:57:30 GMT\r\nConnection: keep-alive\r\nETag: \"487bafaa-3e8e\"\r\nX-Sh: 103\r\nStrict-Transport-Security: max-age=31536000\r\nX-Requested-Domain: affiliate.dtiserv.com\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16014,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 400 x 60\\012- data","md5":"bb2385117362cb3c101121607b49f912","sha1":"28c990c94a0f3a46acd11a9204b8e8a747f0afa1","sha256":"96dbed549bdd8bfe4bf75ec90d5080849b77306d4e341f9a83c9a45491cb43db","sha512":"ba4948762d6781b2fc7573c759b5a56a09613d8fb626cd39d96c7332839174b92cc56029f21a7b97cbdbdb0c77694ba28576154939ecc75486ecd86595c69955","ssdeep":"","tlshash":"","first_seen":"2023-09-19T07:24:35Z","last_seen":"2025-07-04T03:57:43.505451Z","times_seen":2,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":141,"dns":20,"connect":161,"send":0,"wait":161,"receive":162,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/s/yybbs63/img/home.gif","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","date":"2023-09-19T05:24:17.438Z","timestamp":1695101057438,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /s/yybbs63/img/home.gif HTTP/1.1\r\nHost: snow-drop-tales.sakura.ne.jp\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 19 Sep 2023 05:24:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1699\r\nConnection: keep-alive\r\nLast-Modified: Wed, 15 Sep 2010 01:53:36 GMT\r\nETag: \"6a3-4904299000800\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1699,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 20\\012- data","md5":"53151703af319044a4bdaa73080a3dab","sha1":"4a47137bf235f1eae62c415fcada58505a2006c3","sha256":"3f10936d2df16604505064e2de7b80c6b0aeb213a9aecfe0d0f58e8b15c3dad4","sha512":"1f3942f9d2160e11654a6439f14a9f8da09bdf207dcf6eef408f415f8c187112774ec6420dbfaba81d2b6e115cebaf512878b28517d5fdf5873c80042847404b","ssdeep":"","tlshash":"813123f376c1db5dd315737c550793b1270310e41a0087017507676cd38501c22f3987","first_seen":"2023-05-24T05:30:32Z","last_seen":"2026-05-09T03:48:44.820269Z","times_seen":36,"resource_available":false,"data":null}},"time_used":764,"timings":{"blocked":196,"dns":1,"connect":283,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/favicon.ico","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","date":"2023-09-19T05:24:18.021Z","timestamp":1695101058021,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: snow-drop-tales.sakura.ne.jp\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 19 Sep 2023 05:24:17 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 196\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-05-11T22:48:16.82323Z","times_seen":100031,"resource_available":true,"data":null}},"time_used":284,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"snow-drop-tales.sakura.ne.jp/s/yybbs63/registkey.cgi?w1sO9SOWjwSCDlCOF5w5.","fqdn":"snow-drop-tales.sakura.ne.jp","domain":"snow-drop-tales.sakura.ne.jp","tld":"sakura.ne.jp"},"ip":{"addr":"219.94.129.101","port":80,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread","date":"2023-09-19T05:24:17.428Z","timestamp":1695101057428,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /s/yybbs63/registkey.cgi?w1sO9SOWjwSCDlCOF5w5. HTTP/1.1\r\nHost: snow-drop-tales.sakura.ne.jp\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 19 Sep 2023 05:24:18 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":185,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 32 x 18\\012- data","md5":"417f00d3f2967631464f85129ef95ab0","sha1":"31ffa88d0c0901d33048ea2695d766387432a384","sha256":"3e49c132eb59a985d32c690e4549be4d73d0b7e1d51ba53e436b06660734aa60","sha512":"cb9c0ed1d65abed6175dbc38734fa54ce304f52f1bd414aa07b913d5fd501b1b5aadc22603f2c20306108bf78e3743a282af20fc60c827fbd8917c3f3cfe4b49","ssdeep":"","tlshash":"","first_seen":"2023-09-19T07:24:35Z","last_seen":"2023-09-19T07:24:35Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1078,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1077,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mkrep.ru/bitrix/redirect.php?event1=\u0026event2=\u0026event3=\u0026goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread","fqdn":"mkrep.ru","domain":"mkrep.ru","tld":"ru"},"ip":{"addr":"178.250.157.102","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-19T05:24:15.319Z","timestamp":1695101055319,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mkrep.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Fri, 18 Aug 2023 22:00:23 GMT","end":"Thu, 16 Nov 2023 22:00:22 GMT"},"fingerprint":{"sha1":"07:8F:A4:75:14:1D:29:58:D0:55:B3:98:29:6F:0B:09:B3:35:E2:19","sha256":"4F:F6:3D:E3:AF:6D:61:3C:6B:AB:C8:1E:B7:8C:C1:0D:D4:B7:05:96:7D:C0:98:50:F5:AA:18:A6:A6:75:1B:D9"}}},"request":{"raw":"GET /bitrix/redirect.php?event1=\u0026event2=\u0026event3=\u0026goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread HTTP/1.1\r\nHost: mkrep.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 19 Sep 2023 05:24:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nvary: HTTPS\r\np3p: policyref=\"/bitrix/p3p.xml\", CP=\"NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA\"\r\nx-powered-cms: Bitrix Site Manager (1d59a9e9a41e2e5da70d3c33f6f83c9a)\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread\r\nset-cookie: PHPSESSID=k6GkwQ346HavhRB5XZ7dKEISkF7Zf1oG; path=/; HttpOnly\nBITRIX_SM_GUEST_ID=3487410; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/\nBITRIX_SM_LAST_VISIT=19.09.2023%2008%3A24%3A15; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":34814,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-11T23:03:05.58643Z","times_seen":15030564,"resource_available":true,"data":null}},"time_used":613,"timings":{"blocked":220,"dns":0,"connect":29,"send":0,"wait":124,"receive":0,"ssl":236},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}