{"report_id":"a30de992-b65f-481f-a051-eaddfe5e53dc","version":6,"status":"done","tags":[],"date":"2024-08-15T03:41:24Z","url":{"schema":"http","addr":"refpa4496162.top/","fqdn":"refpa4496162.top","domain":"refpa4496162.top","tld":"top"},"ip":{"addr":"178.253.46.21","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"about","addr":"about:neterror?e=nssFailure2\u0026u=https%3A//refpa4496162.top/\u0026c=UTF-8\u0026d=The%20connection%20to%20refpa4496162.top%20was%20interrupted%20while%20the%20page%20was%20loading.","fqdn":"","domain":"","tld":""},"title":"Problem loading page"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-24T23:23:56Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":6,"received_data":5323,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":0,"request_count":3,"received_data":2664,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"refpa4496162.top","ip":{"addr":"178.253.46.21","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"domain_registered":"","domain_rank":0,"first_seen":"","last_seen":"","alert_count":1,"request_count":1,"received_data":348,"sent_data":387,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-15T03:41:00Z","timestamp":1723693260,"ip_dst":{"addr":"178.253.46.21","port":80,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"ip_src":{"addr":"Client IP","port":46356,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-15T03:41:00.491263+0000\",\"flow_id\":2067927847936042,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":46356,\"dest_ip\":\"178.253.46.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"refpa4496162.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://refpa4496162.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":661,\"bytes_toclient\":622,\"start\":\"2024-08-15T03:41:00.401450+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:neterror?e=nssFailure2\u0026u=https%3A//refpa4496162.top/\u0026c=UTF-8\u0026d=The%20connection%20to%20refpa4496162.top%20was%20interrupted%20while%20the%20page%20was%20loading.","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:40:59.173183853Z","timestamp":1723693259173,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8902058E383C2F43751417E1AF1D582F7A16CE0B6FC180AB20CBC76C4B00F914\"\r\nLast-Modified: Wed, 14 Aug 2024 12:55:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7349\r\nExpires: Thu, 15 Aug 2024 05:43:28 GMT\r\nDate: Thu, 15 Aug 2024 03:40:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"686480d25645ac2aca7a99974693a82f","sha1":"55ca9d53bd758d2afc75e8a9b59c656ff26a3f70","sha256":"8902058e383c2f43751417e1af1d582f7a16ce0b6fc180ab20cbc76c4b00f914","sha512":"65af6a10b322fb730377c398ae9185f820a73b8bc5f6488927d2664e39fbb75979a13ec0932cbc3734ae938d530328c525b750e9c0d48413a5d512295610148c","ssdeep":"","tlshash":"1cf0750e15196a6410a18c694ffcc8b30031b451309f316bdd4c54f53021bff098410d","first_seen":"2024-08-14T14:57:02Z","last_seen":"2024-08-19T13:21:13.094181Z","times_seen":48873,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:40:59.181332662Z","timestamp":1723693259181,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A5DC8C5B994299DA9E84F8285EC6D80BECA382C792FBDCF8E67201148AAD2269\"\r\nLast-Modified: Tue, 13 Aug 2024 18:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13079\r\nExpires: Thu, 15 Aug 2024 07:18:58 GMT\r\nDate: Thu, 15 Aug 2024 03:40:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"38ec58de07b1016bd9b813c7eda301e9","sha1":"c37f1517a0074a1de19e1dd4fb2f12a0b59c6ce3","sha256":"a5dc8c5b994299da9e84f8285ec6d80beca382c792fbdcf8e67201148aad2269","sha512":"1f40998f56093ff220181a27016cfb293f7c5a86aae8d6824f7d58454fade2ae6c947d2d38df5a23e60f04f76ec9900b342e39e78405e7fe79b2f69350d947c8","ssdeep":"","tlshash":"3cf0201311cebc7067ec51818aa4c20a09288eb92c860ed2384082a0580036884c458c","first_seen":"2024-08-14T08:03:37Z","last_seen":"2024-08-19T13:23:00.293541Z","times_seen":12815,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:40:59.576752331Z","timestamp":1723693259576,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5\"\r\nLast-Modified: Wed, 14 Aug 2024 21:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20564\r\nExpires: Thu, 15 Aug 2024 09:23:43 GMT\r\nDate: Thu, 15 Aug 2024 03:40:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4d209e16679910b467c26590a0073236","sha1":"ddd59fa6902b498e9c0cfb22e342757f954789d0","sha256":"9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5","sha512":"c51db05572ffd286971584fdb91cb70c2dbbca943460845163bbe781c5282225dfccb7121773c517ad3185efeab960a2adcdf13a765219d4843f808a51bc77fd","ssdeep":"","tlshash":"d2f005de12f0b550dab5490569e9e0156c50c5ec3b0541c5738016da16a07fc9f8150c","first_seen":"2024-08-15T00:00:44Z","last_seen":"2024-08-19T13:17:36.886871Z","times_seen":49254,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:40:59.871057664Z","timestamp":1723693259871,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5B79B468E1CAC072D2582B2937241A1F1BEE8FDBBC4741818061B6763652523E\"\r\nLast-Modified: Tue, 13 Aug 2024 18:57:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17398\r\nExpires: Thu, 15 Aug 2024 08:30:57 GMT\r\nDate: Thu, 15 Aug 2024 03:40:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"1401eaecc1dc9b318d389cf687018dd9","sha1":"49eef7150c440fee15deabf064e11a9fefad1845","sha256":"5b79b468e1cac072d2582b2937241a1f1bee8fdbbc4741818061b6763652523e","sha512":"b2a75244ae90ec56ec8b8aec947482c50082fbbea5f4f828482bdbec172dc23b83b8d6001486e625056c7d3aa455c1bf188209b73dc802081b769a934c991e5b","ssdeep":"","tlshash":"a7f00e450de4fed1f2e1060f28e5d5712e24b6da3c6d09905bd613f8391132bd59300c","first_seen":"2024-08-14T02:14:38Z","last_seen":"2024-08-19T13:24:25.755656Z","times_seen":21558,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:41:00.153534068Z","timestamp":1723693260153,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"87021E6BBD2D496314BC206A62ABADBF173A102D1576609318487DC11A0BF0A2\"\r\nLast-Modified: Wed, 14 Aug 2024 05:30:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21529\r\nExpires: Thu, 15 Aug 2024 09:39:49 GMT\r\nDate: Thu, 15 Aug 2024 03:41:00 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8e6e687f883f049506d5479c74419a94","sha1":"25aa5585f5e2e838d2b7c4af1c91218188af2bfa","sha256":"87021e6bbd2d496314bc206a62abadbf173a102d1576609318487dc11a0bf0a2","sha512":"4de2da3a95d80eeff9399fef51ac6cf6dc7244fb6a93036ca38ded0bafb5dd68a0f2f2d85299b2482af663b40a2dbfa50a4b8f4c4518dc2a4bb1f211f70720f9","ssdeep":"","tlshash":"43f005513a1e68500aaa492e5dd5bd372d24abf40595128680bcc3d228b47f4d48479d","first_seen":"2024-08-19T13:15:41.520921Z","last_seen":"2024-08-19T13:15:41.520921Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refpa4496162.top/","fqdn":"refpa4496162.top","domain":"refpa4496162.top","tld":"top"},"ip":{"addr":"178.253.46.21","port":0,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-15T03:41:00.501Z","timestamp":1723693260501,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refpa4496162.top","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jul 2024 05:18:39 GMT","end":"Sun, 29 Sep 2024 05:18:38 GMT"},"fingerprint":{"sha1":"F0:4F:CA:4D:E6:B5:ED:C9:5F:37:2A:0D:90:EB:9F:90:B5:24:4C:06","sha256":"73:E1:24:71:2D:2F:97:7F:23:64:53:9B:B0:32:6A:EC:72:09:B0:D5:B0:19:AB:A4:2E:99:E6:2F:F2:87:E3:C9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: refpa4496162.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Thu, 15 Aug 2024 03:41:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: close\r\nLocation: https://refpa4496162.top/\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":162,"size_decoded":162,"mime_type":"","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"4f8e702cc244ec5d4de32740c0ecbd97","sha1":"3adb1f02d5b6054de0046e367c1d687b6cdf7aff","sha256":"9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a","sha512":"21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f","ssdeep":"","tlshash":"0bc08cadab022cc8b8a73b3861c36160e2ec80701699451101b04a07f1cf1979ec23d1","first_seen":"2023-04-05T03:07:27Z","last_seen":"2025-10-21T23:58:19.216342Z","times_seen":131101,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-15T03:41:00Z","timestamp":1723693260,"ip_dst":{"addr":"178.253.46.21","port":80,"asn":202492,"as":"Silverhill Group Holding Ltd","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.13","port":46356,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-15T03:41:00.491263+0000\",\"flow_id\":2067927847936042,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":46356,\"dest_ip\":\"178.253.46.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"refpa4496162.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://refpa4496162.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":661,\"bytes_toclient\":622,\"start\":\"2024-08-15T03:41:00.401450+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:41:01.82833277Z","timestamp":1723693261828,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942\"\r\nLast-Modified: Mon, 12 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7799\r\nExpires: Thu, 15 Aug 2024 05:51:00 GMT\r\nDate: Thu, 15 Aug 2024 03:41:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"77619f0113a62e8c4c44f195901b385c","sha1":"1e1a5e3768ca683e66667aa14efa7042df57ee2f","sha256":"520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942","sha512":"459cb24749852faa2cc051ed3001e7591e96899f52c68d761e7a7e9539f87881e58e3a6e3df41df0c01f15106d8c097f8a658ab7f7ac31212afbbffc19ac658d","ssdeep":"","tlshash":"7ff054800d6174120f1508eb96ddc1330930db7414f039f34a9c23e52c79fbe8a4052d","first_seen":"2024-08-12T23:20:08Z","last_seen":"2024-08-19T13:41:24.292342Z","times_seen":47316,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:41:01.830478284Z","timestamp":1723693261830,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942\"\r\nLast-Modified: Mon, 12 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7799\r\nExpires: Thu, 15 Aug 2024 05:51:00 GMT\r\nDate: Thu, 15 Aug 2024 03:41:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"77619f0113a62e8c4c44f195901b385c","sha1":"1e1a5e3768ca683e66667aa14efa7042df57ee2f","sha256":"520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942","sha512":"459cb24749852faa2cc051ed3001e7591e96899f52c68d761e7a7e9539f87881e58e3a6e3df41df0c01f15106d8c097f8a658ab7f7ac31212afbbffc19ac658d","ssdeep":"","tlshash":"7ff054800d6174120f1508eb96ddc1330930db7414f039f34a9c23e52c79fbe8a4052d","first_seen":"2024-08-12T23:20:08Z","last_seen":"2024-08-19T13:41:24.292342Z","times_seen":47316,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:41:01.833298235Z","timestamp":1723693261833,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942\"\r\nLast-Modified: Mon, 12 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7799\r\nExpires: Thu, 15 Aug 2024 05:51:00 GMT\r\nDate: Thu, 15 Aug 2024 03:41:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"77619f0113a62e8c4c44f195901b385c","sha1":"1e1a5e3768ca683e66667aa14efa7042df57ee2f","sha256":"520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942","sha512":"459cb24749852faa2cc051ed3001e7591e96899f52c68d761e7a7e9539f87881e58e3a6e3df41df0c01f15106d8c097f8a658ab7f7ac31212afbbffc19ac658d","ssdeep":"","tlshash":"7ff054800d6174120f1508eb96ddc1330930db7414f039f34a9c23e52c79fbe8a4052d","first_seen":"2024-08-12T23:20:08Z","last_seen":"2024-08-19T13:41:24.292342Z","times_seen":47316,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-15T03:41:01.835636964Z","timestamp":1723693261835,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942\"\r\nLast-Modified: Mon, 12 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7746\r\nExpires: Thu, 15 Aug 2024 05:50:07 GMT\r\nDate: Thu, 15 Aug 2024 03:41:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"77619f0113a62e8c4c44f195901b385c","sha1":"1e1a5e3768ca683e66667aa14efa7042df57ee2f","sha256":"520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942","sha512":"459cb24749852faa2cc051ed3001e7591e96899f52c68d761e7a7e9539f87881e58e3a6e3df41df0c01f15106d8c097f8a658ab7f7ac31212afbbffc19ac658d","ssdeep":"","tlshash":"7ff054800d6174120f1508eb96ddc1330930db7414f039f34a9c23e52c79fbe8a4052d","first_seen":"2024-08-12T23:20:08Z","last_seen":"2024-08-19T13:41:24.292342Z","times_seen":47316,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}