{"report_id":"9e0df8e6-00de-44dc-92ae-3bea66fc0f9e","version":6,"status":"done","tags":[],"date":"2026-05-02T10:41:22Z","url":{"schema":"http","addr":"178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"ip":{"addr":"178.250.158.26","port":0,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"title":"404 Not Found","dom":{"size":225,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"7d72e70566a84063ba19ca07bb7227a6","sha1":"88969e9d12f27a62c4f2ac18a305e66a21ecd3c3","sha256":"65de3aa60e16642f0cf581210da84d9dfc800b1b47d101da3f3db9f60284e455","sha512":"0d9cbf9c6b363f13f2368c9bbc6e27fa7b2cfb91f97f51a9f6863fcc6bc1a48b271c2fa852f888752e2e685f4592fa72f53d20401f551c24796a3fc046fb085a","ssdeep":"","tlshash":"ebd0a79f5082a687895015707dc42586278d23f570368260598bc58b515882ece92bc4","dom_hash":"domhash6047034c37a0e90cd4b650026e316c39","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"ip":{"addr":"178.250.158.26","port":0,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-06T10:41:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-02T10:41:00Z","timestamp":1777718460,"ip_dst":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"ip_src":{"addr":"Client IP","port":55812,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2026-05-02T10:41:00.898303+0000\",\"flow_id\":976339829844029,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":55812,\"dest_ip\":\"178.250.158.26\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91408195,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"178.250.158.26\",\"port\":80},\"target\":{\"ip\":\"172.18.0.2\",\"port\":55812},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_10\"]}},\"http\":{\"hostname\":\"178.250.158.26\",\"url\":\"/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":276},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":1158,\"bytes_toclient\":699,\"start\":\"2026-05-02T10:41:00.845885+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"178.250.158.26","ip":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":3,"received_data":985,"sent_data":2696,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"178.250.158.26/favicon.ico","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"ip":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","date":"2026-05-02T10:41:00.982Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 178.250.158.26\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 02 May 2026 10:41:00 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 276\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":276,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"9f0f1c776ae25f3368ffb451bc4adebf","sha1":"b318fe85cbd970a5c40c7551e358d1fb7319b63b","sha256":"165b126e5cd9312d78ad6b3f597d792ed1b11af2b0b71fd6fb01b145e165be32","sha512":"22c5cdf1b6c8765136597ce58929a50474bd34c843745d575ba369efada81e8acf4e48a27742c56f691a3b85032ecdd6568dfd7a1bd16500e2dff7f38aae617c","ssdeep":"","tlshash":"09d02b9e5083b2c7885214703dc115c2264c13f6b43a81a82d87e887529893ece9ab88","first_seen":"2026-02-04T06:37:52.209787Z","last_seen":"2026-05-02T10:41:26.230314Z","times_seen":2,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-02T10:41:00.690Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/ HTTP/1.1\r\nHost: 178.250.158.26\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T12:30:46.217734Z","times_seen":14525433,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":76,"dns":0,"connect":29,"send":0,"wait":0,"receive":0,"ssl":35},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-02T10:41:00Z","timestamp":1777718460,"ip_dst":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"ip_src":{"addr":"172.18.0.2","port":55812,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2026-05-02T10:41:00.898303+0000\",\"flow_id\":976339829844029,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":55812,\"dest_ip\":\"178.250.158.26\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91408195,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"178.250.158.26\",\"port\":80},\"target\":{\"ip\":\"172.18.0.2\",\"port\":55812},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_10\"]}},\"http\":{\"hostname\":\"178.250.158.26\",\"url\":\"/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":276},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":1158,\"bytes_toclient\":699,\"start\":\"2026-05-02T10:41:00.845885+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"178.250.158.26/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/","fqdn":"178.250.158.26","domain":"178.250.158.26","tld":""},"ip":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-02T10:41:00.852Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/ HTTP/1.1\r\nHost: 178.250.158.26\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 02 May 2026 10:41:00 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 276\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":276,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"9f0f1c776ae25f3368ffb451bc4adebf","sha1":"b318fe85cbd970a5c40c7551e358d1fb7319b63b","sha256":"165b126e5cd9312d78ad6b3f597d792ed1b11af2b0b71fd6fb01b145e165be32","sha512":"22c5cdf1b6c8765136597ce58929a50474bd34c843745d575ba369efada81e8acf4e48a27742c56f691a3b85032ecdd6568dfd7a1bd16500e2dff7f38aae617c","ssdeep":"","tlshash":"09d02b9e5083b2c7885214703dc115c2264c13f6b43a81a82d87e887529893ece9ab88","first_seen":"2026-02-04T06:37:52.209787Z","last_seen":"2026-05-02T10:41:26.230314Z","times_seen":2,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":20,"dns":0,"connect":26,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-02T10:41:00Z","timestamp":1777718460,"ip_dst":{"addr":"178.250.158.26","port":80,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"ip_src":{"addr":"172.18.0.2","port":55812,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ThreatFox botnet C2 traffic (url - confidence level: 100%)","source":"{\"timestamp\":\"2026-05-02T10:41:00.898303+0000\",\"flow_id\":976339829844029,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":55812,\"dest_ip\":\"178.250.158.26\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":91408195,\"rev\":1,\"signature\":\"ThreatFox botnet C2 traffic (url - confidence level: 100%)\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"source\":{\"ip\":\"178.250.158.26\",\"port\":80},\"target\":{\"ip\":\"172.18.0.2\",\"port\":55812},\"metadata\":{\"confidence_level\":[\"100\"],\"first_seen\":[\"2025_02_10\"]}},\"http\":{\"hostname\":\"178.250.158.26\",\"url\":\"/4downloads4Provider/geoBigload/6/CpuGeomariadb2/Longpoll9/pipe/universal1/4/2http/dumpgame/temporaryTempprotonProton/19protonBetter/Windows/geo/3WpProviderCpu/GeoimageLongpoll/providerimagecpu9/vmLineapiflowertemporary.php?gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO\u002628ca204ef45011c24f2d6ad0f9fc2401=7f73ee0588e870007d71044e34f403bc\u00266887f5e4da6e991132b0dcee6bb6e919=AMlVzMiZWN2cjYxYmYhJmNwYzN0AjM0gzN3QDM1YGOjVTY1E2M3Y2N\u0026gBqxW9ThC4izUL2Zia=UPi7ysmwz502NAkqbpIzhFxof\u0026mc2=zucpO/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":276},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":1158,\"bytes_toclient\":699,\"start\":\"2026-05-02T10:41:00.845885+0000\"}}"}],"analyzer":null,"urlquery":null}}]}