{"report_id":"952c2c01-0882-4c11-979d-89be19896ba4","version":6,"status":"done","tags":[],"date":"2024-11-24T20:34:00Z","url":{"schema":"http","addr":"pluralism.themancav.com","fqdn":"pluralism.themancav.com","domain":"themancav.com","tld":"com"},"ip":{"addr":"62.60.154.114","port":0,"asn":210644,"as":"Aeza International Ltd","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"pluralism.themancav.com/","fqdn":"pluralism.themancav.com","domain":"themancav.com","tld":"com"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-02T20:34:00Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pluralism.themancav.com","ip":{"addr":"62.60.154.114","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"domain_registered":"2023-07-18","domain_rank":0,"first_seen":"2023-12-02T12:04:10Z","last_seen":"2024-11-19T13:57:43.004614Z","alert_count":0,"request_count":2,"received_data":472,"sent_data":751,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-24T20:33:36Z","timestamp":1732480416,"ip_dst":{"addr":"62.60.154.114","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.18","port":49018,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET MALWARE SocGholish Domain in TLS SNI (pluralism .themancav .com)","source":"{\"timestamp\":\"2024-11-24T20:33:36.768286+0000\",\"flow_id\":714710703963062,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":49018,\"dest_ip\":\"62.60.154.114\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049476,\"rev\":1,\"signature\":\"ET MALWARE SocGholish Domain in TLS SNI (pluralism .themancav .com)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_12_05\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"SocGholish\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2024_08_19\"],\"signature_severity\":[\"Major\"],\"tag\":[\"compromised_website\"],\"updated_at\":[\"2023_12_05\"]}},\"tls\":{\"sni\":\"pluralism.themancav.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"fe0146829eef1917ba6c2dd4f5c08905\",\"string\":\"771,49196,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3533,\"start\":\"2024-11-24T20:33:36.490422+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-24T20:33:36Z","timestamp":1732480416,"ip_dst":{"addr":"172.18.0.18","port":49018,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.60.154.114","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2024-11-24T20:33:36.909151+0000\",\"flow_id\":714710703963062,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.60.154.114\",\"src_port\":443,\"dest_ip\":\"172.18.0.18\",\"dest_port\":49018,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=pluralism.themancav.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:89:CB:FD:71:18:9D:D3:86:7B:8D:DD:24:5C:0A:10\",\"fingerprint\":\"14:55:be:bf:27:7f:2f:1a:73:b8:37:8b:3d:0d:5e:53:e6:f5:23:7b\",\"sni\":\"pluralism.themancav.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-11-22T00:00:00\",\"notafter\":\"2025-02-20T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"fe0146829eef1917ba6c2dd4f5c08905\",\"string\":\"771,49196,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3650,\"start\":\"2024-11-24T20:33:36.490422+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"pluralism.themancav.com/","fqdn":"pluralism.themancav.com","domain":"themancav.com","tld":"com"},"ip":{"addr":"62.60.154.114","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-24T20:33:38.974Z","timestamp":1732480418974,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: pluralism.themancav.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 24 Nov 2024 20:33:40 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":203,"size_decoded":203,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a368ebdb8002fbb3142e16bc34b326d8","sha1":"e727c702fb6be3cbefa0b0847717b2334ce9b8fd","sha256":"7bb4be9184710e7d3067ce155a3f8e37c248bdf649906ea40af66a324ace61a4","sha512":"2550b4b0040f566d106e24e8180de41225feda5b82c68a31bc7dbcf422b6751cc1701cd3f1cc51a7ffdbd57fdcdccabf1f3b6444afda681221f8e6f734c40dad","ssdeep":"","tlshash":"edd022ee81833e8b407211b038c221e2558d23a2b42202e43c81340b2a0813cc9cb29e","first_seen":"2023-04-05T04:01:19Z","last_seen":"2026-04-16T11:02:09.620778Z","times_seen":558,"resource_available":true,"data":null}},"time_used":1868,"timings":{"blocked":145,"dns":1,"connect":146,"send":0,"wait":1576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pluralism.themancav.com/favicon.ico","fqdn":"pluralism.themancav.com","domain":"themancav.com","tld":"com"},"ip":{"addr":"62.60.154.114","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://pluralism.themancav.com/","date":"2024-11-24T20:33:40.827Z","timestamp":1732480420827,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pluralism.themancav.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://pluralism.themancav.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Sun, 24 Nov 2024 20:33:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T15:09:30.745699Z","times_seen":14107455,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}