{"report_id":"a2541c7b-6f83-4f3c-83fe-e63c2388a4a9","version":6,"status":"done","tags":[],"date":"2023-11-19T01:07:53Z","url":{"schema":"http","addr":"www.premierbet.ml/sports-register/","fqdn":"www.premierbet.ml","domain":"premierbet.ml","tld":"ml"},"ip":{"addr":"104.17.224.118","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"www.premierbet.ml/sports-register/","fqdn":"www.premierbet.ml","domain":"premierbet.ml","tld":"ml"},"title":"Sorry, you have been blocked"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T12:45:06Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.premierbet.ml","ip":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2019-03-19 09:03:58","last_seen":"2023-11-18 09:00:18","alert_count":3,"request_count":3,"received_data":2118,"sent_data":1219,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:37Z","timestamp":1700356057,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":40187,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DNS Query for Suspicious .ml Domain","source":"{\"timestamp\":\"2023-11-19T01:07:37.511145+0000\",\"flow_id\":1258631036783785,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":40187,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025106,\"rev\":6,\"signature\":\"ET INFO DNS Query for Suspicious .ml Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2017_12_03\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":57361,\"rrname\":\"www.premierbet.ml\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":88,\"bytes_toclient\":0,\"start\":\"2023-11-19T01:07:37.511145+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:37Z","timestamp":1700356057,"ip_dst":{"addr":"104.17.225.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36854,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Suspicious Domain (*.ml) in TLS SNI","source":"{\"timestamp\":\"2023-11-19T01:07:37.536693+0000\",\"flow_id\":1739598654410612,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":36854,\"dest_ip\":\"104.17.225.118\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025110,\"rev\":6,\"signature\":\"ET INFO Suspicious Domain (*.ml) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2017_12_03\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"sni\":\"www.premierbet.ml\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"7b54a7d14b24b747838e39a27c2de875\",\"string\":\"771,49199,0-23-65281-11-16-5\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":919,\"bytes_toclient\":5995,\"start\":\"2023-11-19T01:07:37.528244+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:37Z","timestamp":1700356057,"ip_dst":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52568,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:37.704239+0000\",\"flow_id\":2233921472926025,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":52568,\"dest_ip\":\"104.17.224.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/sports-register/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":400},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":680,\"bytes_toclient\":954,\"start\":\"2023-11-19T01:07:37.692553+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:38Z","timestamp":1700356058,"ip_dst":{"addr":"104.17.225.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46500,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:38.080110+0000\",\"flow_id\":559058173692426,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":46500,\"dest_ip\":\"104.17.225.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.premierbet.ml/sports-register/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":400},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":637,\"bytes_toclient\":955,\"start\":\"2023-11-19T01:07:38.068106+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:38Z","timestamp":1700356058,"ip_dst":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52568,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:38.087248+0000\",\"flow_id\":2233921472926025,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":52568,\"dest_ip\":\"104.17.224.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/403.html\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.premierbet.ml/sports-register/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.premierbet.ml/403.html\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":1330,\"bytes_toclient\":1875,\"start\":\"2023-11-19T01:07:37.692553+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"www.premierbet.ml/sports-register/","fqdn":"www.premierbet.ml","domain":"premierbet.ml","tld":"ml"},"ip":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-19T01:07:37.696Z","timestamp":1700356057696,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /sports-register/ HTTP/1.1\r\nHost: www.premierbet.ml\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 19 Nov 2023 01:07:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Credentials: true\r\nServer: cloudflare\r\nCF-RAY: 82848ea8982bb4f4-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":393,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"682f98569890eff828b6aa298284ccc7","sha1":"281ffd99b2c56eb87a8d0211a2ce0f6e7b12f6ab","sha256":"5f572e031821e8d51bcc503dd55763f36dbdc60602d732e061960fe3017b9ed5","sha512":"4f2d6c9550dc9371e8e5704d420bc0fff077d25286d9387faf325fb8bba02d74b9f3defecc59082119e42c89d371d35e27bed5c8c1a22567157364b242a35d43","ssdeep":"","tlshash":"f211769b5ca728c8801582346ee511047b62846b9b42cc707eed7228df8db46c8b37ac","first_seen":"2023-06-12T18:14:09Z","last_seen":"2025-12-05T05:36:21.722626Z","times_seen":124,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:37Z","timestamp":1700356057,"ip_dst":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"10.70.215.105","port":52568,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:37.704239+0000\",\"flow_id\":2233921472926025,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":52568,\"dest_ip\":\"104.17.224.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/sports-register/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":400},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":680,\"bytes_toclient\":954,\"start\":\"2023-11-19T01:07:37.692553+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.premierbet.ml/favicon.ico","fqdn":"www.premierbet.ml","domain":"premierbet.ml","tld":"ml"},"ip":{"addr":"104.17.225.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.premierbet.ml/sports-register/","date":"2023-11-19T01:07:38.072Z","timestamp":1700356058072,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.premierbet.ml\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.premierbet.ml/sports-register/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 19 Nov 2023 01:07:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: http://www.premierbet.ml/sports-register/\r\nServer: cloudflare\r\nCF-RAY: 82848eaafdca5684-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":393,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"682f98569890eff828b6aa298284ccc7","sha1":"281ffd99b2c56eb87a8d0211a2ce0f6e7b12f6ab","sha256":"5f572e031821e8d51bcc503dd55763f36dbdc60602d732e061960fe3017b9ed5","sha512":"4f2d6c9550dc9371e8e5704d420bc0fff077d25286d9387faf325fb8bba02d74b9f3defecc59082119e42c89d371d35e27bed5c8c1a22567157364b242a35d43","ssdeep":"","tlshash":"f211769b5ca728c8801582346ee511047b62846b9b42cc707eed7228df8db46c8b37ac","first_seen":"2023-06-12T18:14:09Z","last_seen":"2025-12-05T05:36:21.722626Z","times_seen":124,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:38Z","timestamp":1700356058,"ip_dst":{"addr":"104.17.225.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"10.70.215.105","port":46500,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:38.080110+0000\",\"flow_id\":559058173692426,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":46500,\"dest_ip\":\"104.17.225.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.premierbet.ml/sports-register/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":400},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":637,\"bytes_toclient\":955,\"start\":\"2023-11-19T01:07:38.068106+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.premierbet.ml/403.html","fqdn":"www.premierbet.ml","domain":"premierbet.ml","tld":"ml"},"ip":{"addr":"104.17.224.118","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.premierbet.ml/sports-register/","date":"2023-11-19T01:07:38.106Z","timestamp":1700356058106,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.premierbet.ml","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 23 May 2023 00:00:00 GMT","end":"Fri, 31 May 2024 23:59:59 GMT"},"fingerprint":{"sha1":"F0:55:5C:4C:97:89:43:21:1C:74:23:0C:AE:DB:23:67:7A:44:B5:76","sha256":"D1:09:59:05:37:8D:28:D9:AC:65:26:E1:7A:D5:A7:87:86:8F:4A:74:E6:F8:F2:FD:A2:C3:9D:81:1B:E7:6D:BD"}}},"request":{"raw":"GET /403.html HTTP/1.1\r\nHost: www.premierbet.ml\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.premierbet.ml/sports-register/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sun, 19 Nov 2023 01:07:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://www.premierbet.ml/403.html\r\nX-Cache: Redirect from cloudfront\r\nVia: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-P1\r\nX-Amz-Cf-Id: IZpujpADo4T66c2fY1IShW7XcDDNUdR1ZRq9T5N59qsCr2Kb-ZxGkQ==\r\nCF-Cache-Status: DYNAMIC\r\nContent-Security-Policy: frame-ancestors www.premierbet.ml premierbet.ml\r\nServer: cloudflare\r\nCF-RAY: 82848eaac919b4f4-OSL\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":167,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with CRLF line terminators","md5":"f5d40b7259645010f9a248858ad14178","sha1":"b3051d17a6ec8c9e166bf09a62b48261ab86957b","sha256":"7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d","sha512":"1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa","ssdeep":"","tlshash":"29c08cae6f022c88f8e73b38a1c36260e2ec80309299041112b00607f0cf0978ed23d2","first_seen":"2023-04-05T02:48:14Z","last_seen":"2025-08-07T12:04:07.743717Z","times_seen":5041,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":12,"dns":1,"connect":1,"send":0,"wait":193,"receive":0,"ssl":8},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-19T01:07:38Z","timestamp":1700356058,"ip_dst":{"addr":"104.17.224.118","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"10.70.215.105","port":52568,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.ml domain","source":"{\"timestamp\":\"2023-11-19T01:07:38.087248+0000\",\"flow_id\":2233921472926025,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.105\",\"src_port\":52568,\"dest_ip\":\"104.17.224.118\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032988,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.ml domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.premierbet.ml\",\"url\":\"/403.html\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.premierbet.ml/sports-register/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.premierbet.ml/403.html\",\"length\":173},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":1330,\"bytes_toclient\":1875,\"start\":\"2023-11-19T01:07:37.692553+0000\"}}"}],"analyzer":null,"urlquery":null}}]}