{"report_id":"9a105f71-e4c4-4d69-a64f-b9ff02d7f0a2","version":6,"status":"done","tags":[],"date":"2024-08-05T07:00:25Z","url":{"schema":"http","addr":"ussf.vcnmsbsk.top/?mo=80f2a\u0026keyword=nm05j\u0026note=638b0e9c1b4428\u0026i=wfqg/769832/6oakwsle9wfa/oatghavsjfcn5vnxzctbln_k9zaatr4abjvaaaic3o13?jia/ws-apvy4amua/f3fd81/x47mzaja5yv0sac5pn?zhkgeou/awiziada6aju/qhhaaujazsta?aaayaermi__twcwhdr/penyg9p/505c03/4fhaa1v0z9pns5mvva/dqyae/...%20495%20...mlfh/jlpyrhpxfkjwlvxmvufi95zw2/60208bb/JHhyYX/FpZSp-QHRlLy/F5P2MqZCVef/D0jbnwqJSRnb15AfA2/ee365a/KmcqIWEvI3wjQH55ZWR-e/Cp8QCU9cmllP3FuY35/0QG8hJA2","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"ip":{"addr":"172.67.163.88","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ussf.vcnmsbsk.top/","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"title":"404 - 找不到文件或目录。"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T06:36:52Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":6,"received_data":5325,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ussf.vcnmsbsk.top","ip":{"addr":"172.67.163.88","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":8,"request_count":4,"received_data":37961,"sent_data":2585,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-05T07:00:02Z","timestamp":1722841202,"ip_dst":{"addr":"104.21.90.248","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42256,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-05T07:00:02.230262+0000\",\"flow_id\":1360306210229577,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":42256,\"dest_ip\":\"104.21.90.248\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ussf.vcnmsbsk.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ussf.vcnmsbsk.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1060,\"start\":\"2024-08-05T07:00:02.216393+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":[{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/favicon.ico","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/b30ab43a/ISplIW/F8L3h-ZEAqIX5/vZyMkP/3xAdEBuaSVxYyMlcmU9eQ2","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}]},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T06:59:59.94235589Z","timestamp":1722841199942,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"CC1E53796EC8C93A6A4CF66399A32249A405BD6EC1BD7399D5926C11657868A9\"\r\nLast-Modified: Sat, 03 Aug 2024 18:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19347\r\nExpires: Mon, 05 Aug 2024 12:22:26 GMT\r\nDate: Mon, 05 Aug 2024 06:59:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"aadf4023fd478bb51576a5f2358b225e","sha1":"a9d7b5d1e6a9d4f3fd800815a784607563dae142","sha256":"cc1e53796ec8c93a6a4cf66399a32249a405bd6ec1bd7399d5926c11657868a9","sha512":"8dfbc7de239c4e2eef8c691d434ef3a152c88d99df55e74781102c7de2ddeaa334800f2a2d7883e6b05d60eefe6a4fd9b670f7f51e44273aa9e9068f770d726a","ssdeep":"","tlshash":"97f0055d32d63b04ab71551d19e8e6162dadadb93415557032480bf17418ff8115880c","first_seen":"2024-08-04T01:53:29Z","last_seen":"2024-08-21T14:31:29.01118Z","times_seen":25384,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T06:59:59.994125191Z","timestamp":1722841199994,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"6D567507B5502A9E553E77B519B679E83B3A8A01896731CEC08BD1DA0699B379\"\r\nLast-Modified: Sat, 03 Aug 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8746\r\nExpires: Mon, 05 Aug 2024 09:25:45 GMT\r\nDate: Mon, 05 Aug 2024 06:59:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"084406a853d82fa208410ee4bc78b67c","sha1":"1c6276ec2e9a0fa10937dc34d821a64633c7d16a","sha256":"6d567507b5502a9e553e77b519b679e83b3a8a01896731cec08bd1da0699b379","sha512":"ec148540d6f7485ec2c7ee7849c3231a24ade8ff5391eda7f8b6fc229e7db09ff7219b9f10453110959f9422d1ac808ff945fa1f2072d26bc1ff9f88dd9bd7a3","ssdeep":"","tlshash":"8bf0051b266af424575511437decfe162601fafa78b526e13ba402f1145479c19d4c0c","first_seen":"2024-08-04T02:27:20Z","last_seen":"2024-08-21T14:31:29.011788Z","times_seen":24116,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T07:00:00.328170889Z","timestamp":1722841200328,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"25CB2E6AD29D4503F32121FBE37E2B0F4CE64A7F6CB57233EBF16DF5D6B78D53\"\r\nLast-Modified: Sat, 03 Aug 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9866\r\nExpires: Mon, 05 Aug 2024 09:44:26 GMT\r\nDate: Mon, 05 Aug 2024 07:00:00 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8bd7201be8d12c4b511d2c5643b45dbc","sha1":"f2ecb2ebafbf4f8d92f92007753001befcedc634","sha256":"25cb2e6ad29d4503f32121fbe37e2b0f4ce64a7f6cb57233ebf16df5d6b78d53","sha512":"bbd9b9ab7b654aac76fc894a763f4a856cd0bcc4413a9da81154c6e8b45423c28eb786789660eb35cfbf31f4562e80adac1d98de674954b75c6aa2c69ce83cf6","ssdeep":"","tlshash":"2af00e520aaabc4077b6861a2ea5ca932aa8fdfa3c0d07f6790043a53818bdd805444c","first_seen":"2024-08-03T21:22:08Z","last_seen":"2024-08-19T14:46:34.54816Z","times_seen":30175,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T07:00:00.750039453Z","timestamp":1722841200750,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D059EEDA67B64DD02259F5A9352DF39CC808E3F9E03068A434E0F6486814893D\"\r\nLast-Modified: Sat, 03 Aug 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5068\r\nExpires: Mon, 05 Aug 2024 08:24:28 GMT\r\nDate: Mon, 05 Aug 2024 07:00:00 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"3653abf0951eea060f104ae59d60cf7c","sha1":"75790e8c59cb78c77ab522e7dc7140b62a046bb9","sha256":"d059eeda67b64dd02259f5a9352df39cc808e3f9e03068a434e0f6486814893d","sha512":"606dd92b87628d9b5bffe03d99d23fdb00abdcb0b097d19cff5c40bb8f3bfaf0e3accc6975ca546eb38c992ed1469d6254372fd8745e6e70455ff68b9ee54012","ssdeep":"","tlshash":"99f0053e0676b944636935051de5e0196d00fffe389551d610b8c1d174247eed3f548c","first_seen":"2024-08-04T01:45:18Z","last_seen":"2024-08-21T14:31:29.013823Z","times_seen":29425,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ussf.vcnmsbsk.top/","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"ip":{"addr":"172.67.163.88","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-05T07:00:02.225Z","timestamp":1722841202225,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ussf.vcnmsbsk.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=acdtwgxms3d2qs0p0e0us54e; RdStr=acdtwgxms3d2qs0p0e0us54e\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 05 Aug 2024 07:00:02 GMT\r\ncontent-type: text/html\r\ncache-control: private\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=3qiD9u46XLCkMYCAbUl1pSAdf%2B37hL%2FxpQrj2zvdj%2Fnwo7dsJvyH7eKzKe3evLRZyKSE6Cn4VDBxAHIzD6NGJXCy%2B%2FPs668Ebv5bQuYLLH%2FL25z6L7gQDN2qYfTV77A9ZwDe8g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ae4e864e9e30b31-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":696,"size_decoded":1163,"mime_type":"text/html","magic":"HTML document, ISO-8859 text, with CRLF line terminators","md5":"8363acaeab9cbb099b59b78a44127ca6","sha1":"aef448ce5500e3734059ec285cf6ec0b547075f2","sha256":"9b342ae7f25d65bdb817d8c995f3211ac398e41575fc5d149d994c1dcb008f0a","sha512":"a431f7ee4cdc3c7c6edf43736e007e314a0f8c4d05706dbdf75b629b15bee335d173abc071568f447d78b4c43aba02017c1993d6da86a1acdde904eb287cb30c","ssdeep":"","tlshash":"2821412987d42804faa7c4e170f2b3e63e478646f59b4b9fb4127257d5c26a6c1d3388","first_seen":"2023-04-05T10:47:33Z","last_seen":"2026-06-06T04:30:24.138306Z","times_seen":14641,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-05T07:00:02Z","timestamp":1722841202,"ip_dst":{"addr":"104.21.90.248","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":42256,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-05T07:00:02.230262+0000\",\"flow_id\":1360306210229577,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":42256,\"dest_ip\":\"104.21.90.248\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ussf.vcnmsbsk.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ussf.vcnmsbsk.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1060,\"start\":\"2024-08-05T07:00:02.216393+0000\"}}"}],"analyzer":[{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T07:00:02.446079168Z","timestamp":1722841202446,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"ED2EE90D287F8197865A711DCCFA26DD2BE9D5EE12F8EA8170DE7DEF17B82FF4\"\r\nLast-Modified: Sat, 03 Aug 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20438\r\nExpires: Mon, 05 Aug 2024 12:40:40 GMT\r\nDate: Mon, 05 Aug 2024 07:00:02 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c350bdea34be0056bcbf94491fba7533","sha1":"f5924cf49bcc6dd310024b824003661ab02b68a7","sha256":"ed2ee90d287f8197865a711dccfa26dd2be9d5ee12f8ea8170de7def17b82ff4","sha512":"65a9c5ec970dcf8d23bca82decb1c90d3154d383d7b7d82e3bc0f1ca4e22e15f243c893a7e9ebe32962595174b06f59a58e7683557b7a77bbfc480bfb25f1ba1","ssdeep":"","tlshash":"04f00e73b5f2792657a7241b3bd1d2134ce8fab3346115f17d9049e2b4393e8a48588c","first_seen":"2024-08-04T00:43:11Z","last_seen":"2024-08-19T14:45:05.125832Z","times_seen":13648,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ussf.vcnmsbsk.top/?mo=80f2a\u0026keyword=nm05j\u0026note=638b0e9c1b4428\u0026i=wfqg/769832/6oakwsle9wfa/oatghavsjfcn5vnxzctbln_k9zaatr4abjvaaaic3o13?jia/ws-apvy4amua/f3fd81/x47mzaja5yv0sac5pn?zhkgeou/awiziada6aju/qhhaaujazsta?aaayaermi__twcwhdr/penyg9p/505c03/4fhaa1v0z9pns5mvva/dqyae/...%20495%20...mlfh/jlpyrhpxfkjwlvxmvufi95zw2/60208bb/JHhyYX/FpZSp-QHRlLy/F5P2MqZCVef/D0jbnwqJSRnb15AfA2/ee365a/KmcqIWEvI3wjQH55ZWR-e/Cp8QCU9cmllP3FuY35/0QG8hJA2","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"ip":{"addr":"172.67.163.88","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-05T07:00:00.637Z","timestamp":1722841200637,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vcnmsbsk.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Jun 2024 20:45:31 GMT","end":"Sun, 15 Sep 2024 20:45:30 GMT"},"fingerprint":{"sha1":"EA:C2:72:83:12:F7:45:A0:93:29:63:AB:8F:E6:F8:50:70:16:86:29","sha256":"9A:38:0C:63:DD:3A:67:74:11:64:E4:F0:72:38:A0:29:70:E1:2E:16:09:12:1F:D6:D3:B4:AA:9A:C6:B5:A9:1F"}}},"request":{"raw":"GET /?mo=80f2a\u0026keyword=nm05j\u0026note=638b0e9c1b4428\u0026i=wfqg/769832/6oakwsle9wfa/oatghavsjfcn5vnxzctbln_k9zaatr4abjvaaaic3o13?jia/ws-apvy4amua/f3fd81/x47mzaja5yv0sac5pn?zhkgeou/awiziada6aju/qhhaaujazsta?aaayaermi__twcwhdr/penyg9p/505c03/4fhaa1v0z9pns5mvva/dqyae/...%20495%20...mlfh/jlpyrhpxfkjwlvxmvufi95zw2/60208bb/JHhyYX/FpZSp-QHRlLy/F5P2MqZCVef/D0jbnwqJSRnb15AfA2/ee365a/KmcqIWEvI3wjQH55ZWR-e/Cp8QCU9cmllP3FuY35/0QG8hJA2 HTTP/1.1\r\nHost: ussf.vcnmsbsk.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 05 Aug 2024 07:00:01 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private\r\nlocation: /b30ab43a/ISplIW/F8L3h-ZEAqIX5/vZyMkP/3xAdEBuaSVxYyMlcmU9eQ2\r\nset-cookie: ASP.NET_SessionId=acdtwgxms3d2qs0p0e0us54e; path=/; HttpOnly\nRdStr=acdtwgxms3d2qs0p0e0us54e; path=/\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0t0k0T3ySPb0CQsIGOKtg0zbG8Al8XDXRkKE%2Fuw1nb7%2BqUQTldAwXGMdB6epWd0B7HRmdh8dk5oDoqqhoj1ZLiBS3Fy88PHSv2xrTKIbYV7KC0tep8%2FTDvYEaJbJbR9j8xl%2FQw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ae4e8600a9456b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":1210,"size_decoded":1210,"mime_type":"text/html","magic":"data","md5":"2cc6422323372de5b77a2f19c6d6685f","sha1":"bd73ad8ed34d4910d78ab06bb3461f5f970c63ad","sha256":"466b54397270b4109ffb1e9e716eb4094adcacd10f198d079b8dfa3e4ff8e459","sha512":"2f680a6c34406e6c6564a040dd655d6063aef4d0221eef46b8a456cdd6ce2d62fc0835c763f28d3120732b76225bb44aca6a41dcd9d42c3b55af43e470523554","ssdeep":"","tlshash":"cd21e777b5f97dd9a3f23ae60ed4e89268e0b53038001c95a6c048d6d415398980094c","first_seen":"2024-08-19T14:31:46.68921Z","last_seen":"2024-08-19T14:31:46.68921Z","times_seen":1,"resource_available":false,"data":null}},"time_used":633,"timings":{"blocked":12,"dns":1,"connect":1,"send":0,"wait":598,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-05T07:00:02.456044695Z","timestamp":1722841202456,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"ED2EE90D287F8197865A711DCCFA26DD2BE9D5EE12F8EA8170DE7DEF17B82FF4\"\r\nLast-Modified: Sat, 03 Aug 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20438\r\nExpires: Mon, 05 Aug 2024 12:40:40 GMT\r\nDate: Mon, 05 Aug 2024 07:00:02 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c350bdea34be0056bcbf94491fba7533","sha1":"f5924cf49bcc6dd310024b824003661ab02b68a7","sha256":"ed2ee90d287f8197865a711dccfa26dd2be9d5ee12f8ea8170de7def17b82ff4","sha512":"65a9c5ec970dcf8d23bca82decb1c90d3154d383d7b7d82e3bc0f1ca4e22e15f243c893a7e9ebe32962595174b06f59a58e7683557b7a77bbfc480bfb25f1ba1","ssdeep":"","tlshash":"04f00e73b5f2792657a7241b3bd1d2134ce8fab3346115f17d9049e2b4393e8a48588c","first_seen":"2024-08-04T00:43:11Z","last_seen":"2024-08-19T14:45:05.125832Z","times_seen":13648,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ussf.vcnmsbsk.top/favicon.ico","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"ip":{"addr":"172.67.163.88","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ussf.vcnmsbsk.top/","date":"2024-08-05T07:00:02.585Z","timestamp":1722841202585,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vcnmsbsk.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Jun 2024 20:45:31 GMT","end":"Sun, 15 Sep 2024 20:45:30 GMT"},"fingerprint":{"sha1":"EA:C2:72:83:12:F7:45:A0:93:29:63:AB:8F:E6:F8:50:70:16:86:29","sha256":"9A:38:0C:63:DD:3A:67:74:11:64:E4:F0:72:38:A0:29:70:E1:2E:16:09:12:1F:D6:D3:B4:AA:9A:C6:B5:A9:1F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ussf.vcnmsbsk.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ussf.vcnmsbsk.top/\r\nCookie: ASP.NET_SessionId=acdtwgxms3d2qs0p0e0us54e; RdStr=acdtwgxms3d2qs0p0e0us54e\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 05 Aug 2024 07:00:02 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Thu, 01 Aug 2024 10:56:54 GMT\r\netag: W/\"d3a861851e4da1:0\"\r\nx-powered-by: ASP.NET\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=kzGFcII%2BSRXwjIUAXCAtUPuTnW%2BVqCZoxdt8ILwSoQ77JowsVpI5s9Ej6GrLHKopA1jakhlouk7foO1%2Bc5%2BBxZ%2FY5crVf1NFF02jTJQvljWzSsoon7kpVNfMcSLkTnRM7NkTAg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8ae4e86c28490b31-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32038,"size_decoded":32038,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"3f0f72ed57a54b97cda500bcf0545efb","sha1":"2f252619c18e729d98e16b96d37cd7cd567b38eb","sha256":"67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943","sha512":"ea68c54a3ca39a47555a41ae5fc3723f1e7c06b3ad1776ee7082ffbff48277d2b4ee7ca1753165c2dccdf7012eb0cbe29cdbde21dc05373a07cf18e23de37e54","ssdeep":"192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn","tlshash":"6de2207b2193e200e49136f0adeaa4f059556f9a54708f19b0ba3d7de37a82bfc1d04d","first_seen":"2023-04-05T10:33:55Z","last_seen":"2026-06-21T22:00:20.072426Z","times_seen":28805,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/favicon.ico","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ussf.vcnmsbsk.top/b30ab43a/ISplIW/F8L3h-ZEAqIX5/vZyMkP/3xAdEBuaSVxYyMlcmU9eQ2","fqdn":"ussf.vcnmsbsk.top","domain":"vcnmsbsk.top","tld":"top"},"ip":{"addr":"172.67.163.88","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-05T07:00:01.257Z","timestamp":1722841201257,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vcnmsbsk.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Jun 2024 20:45:31 GMT","end":"Sun, 15 Sep 2024 20:45:30 GMT"},"fingerprint":{"sha1":"EA:C2:72:83:12:F7:45:A0:93:29:63:AB:8F:E6:F8:50:70:16:86:29","sha256":"9A:38:0C:63:DD:3A:67:74:11:64:E4:F0:72:38:A0:29:70:E1:2E:16:09:12:1F:D6:D3:B4:AA:9A:C6:B5:A9:1F"}}},"request":{"raw":"GET /b30ab43a/ISplIW/F8L3h-ZEAqIX5/vZyMkP/3xAdEBuaSVxYyMlcmU9eQ2 HTTP/1.1\r\nHost: ussf.vcnmsbsk.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=acdtwgxms3d2qs0p0e0us54e; RdStr=acdtwgxms3d2qs0p0e0us54e\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 05 Aug 2024 07:00:01 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private\r\nlocation: /\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eq6MHcoEtASdFSXAYmDx4OewDGs4QIbYkXZlRPT5bdrC3JTyINbc1sIfjNEowVobQjWDIBEdUsjZ04lwnzP3oO5e9HPrxAnZEwz1JBK3p9kLSkYMYKOSNpWiEuQyVMdxbkZKSQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ae4e863dff056b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":1163,"size_decoded":1163,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-26T04:14:34.919704Z","times_seen":16727915,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"url","title":"","description":"PhishTank","scan_date":"2024-07-28","alert":"Other","trigger":"ussf.vcnmsbsk.top/b30ab43a/ISplIW/F8L3h-ZEAqIX5/vZyMkP/3xAdEBuaSVxYyMlcmU9eQ2","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-05","alert":"Sinkholed","trigger":"vcnmsbsk.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}