{"report_id":"a705cd18-a581-4c86-aca5-d656f1d7e1b1","version":6,"status":"done","tags":[],"date":"2024-07-30T21:39:41Z","url":{"schema":"http","addr":"88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"ip":{"addr":"88.99.61.21","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T07:38:11Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-29 18:12:12","alert_count":0,"request_count":7,"received_data":6215,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"88-99-61-21.top","ip":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-01-09","domain_rank":0,"first_seen":"2024-01-18 07:42:10","last_seen":"2024-04-18 06:28:25","alert_count":3,"request_count":4,"received_data":1302,"sent_data":2145,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-30T21:39:17Z","timestamp":1722375557,"ip_dst":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":48704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-07-30T21:39:17.578916+0000\",\"flow_id\":730358610224411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":48704,\"dest_ip\":\"88.99.61.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"88-99-61-21.top\",\"url\":\"/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":752,\"bytes_toclient\":652,\"start\":\"2024-07-30T21:39:17.484635+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:16.706863426Z","timestamp":1722375556706,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F76A44AC993C568FCDAC2165655A7886F3207E980286B7605A48DC897E4FD68B\"\r\nLast-Modified: Mon, 29 Jul 2024 18:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17651\r\nExpires: Wed, 31 Jul 2024 02:33:27 GMT\r\nDate: Tue, 30 Jul 2024 21:39:16 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"eb8b5a3f62f8ead7f86e028723019196","sha1":"8941f16c283439f44a148ba7668a67a55aba16de","sha256":"f76a44ac993c568fcdac2165655a7886f3207e980286b7605a48dc897e4fd68b","sha512":"7baab1ad34d12a9412e3df7f1ed2f08d1d44312df71c7036a2e7a212634c4d64c5e8e2d80d5b41465e6b754b9b472e56efcaf9f84c64822b1acfc05a71850a9d","ssdeep":"","tlshash":"7df00e5a01ad3b80ba6a1a037da9d61e9d646db4bca042d3258a81d228807fca695279","first_seen":"2024-07-29T23:43:48Z","last_seen":"2024-08-19T15:20:44.126365Z","times_seen":32164,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:16.806034784Z","timestamp":1722375556806,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"61A47554EB6DB3AC87779825845D4D458EFEEB1C1833C7E9AF01E2FD6014E4CB\"\r\nLast-Modified: Mon, 29 Jul 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17950\r\nExpires: Wed, 31 Jul 2024 02:38:26 GMT\r\nDate: Tue, 30 Jul 2024 21:39:16 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"1d047e3b166ee35938a43c55f20ee111","sha1":"7880600b5415b4843047ef21d177aed6d4ad053f","sha256":"61a47554eb6db3ac87779825845d4d458efeeb1c1833c7e9af01e2fd6014e4cb","sha512":"182f98099121a5c5648d8b8e2bd3620615f4492268ea403335f839bedafb521930f4e07c36f4d369290342b9eb8d125bc9cd7cf13a18abd0213cd26b4efbf71c","ssdeep":"","tlshash":"34f054fe01543e006a32276695f7e21b3c317e7a34a098c3345103f57012bfc8599a3b","first_seen":"2024-07-30T06:29:58Z","last_seen":"2024-08-19T15:20:44.127078Z","times_seen":16333,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:17.257522139Z","timestamp":1722375557257,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E9E51DA5ED2854A5EAD2219E70B950CCAC93EFD228BDD965F3A116EE600F390B\"\r\nLast-Modified: Mon, 29 Jul 2024 18:26:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19244\r\nExpires: Wed, 31 Jul 2024 03:00:01 GMT\r\nDate: Tue, 30 Jul 2024 21:39:17 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"12b3b90abdd8ddc5edfc58288f11925f","sha1":"8093a9a5520def1c87fd60aab5c3636f305224d2","sha256":"e9e51da5ed2854a5ead2219e70b950ccac93efd228bdd965f3a116ee600f390b","sha512":"ef64588e30a845df457929a80bdb26f3f5c404cfe9bfcd21dfe3d7369026827acc6bd7fa73abc2f9befba03b5d542ed72fde6cd66560861d6e99fd31c3bcc584","ssdeep":"","tlshash":"ebf0054605eb7a225777140627eeca5f1d15bcdc784482fd24c006d13d117e25bc204e","first_seen":"2024-07-30T01:27:04Z","last_seen":"2024-08-19T15:19:20.609236Z","times_seen":18717,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:17.308911048Z","timestamp":1722375557308,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"7EB46BD061B6FBB7C5BF83417FD63FA53F987178C15FB5E57AE7AB0240FEEBC7\"\r\nLast-Modified: Mon, 29 Jul 2024 18:57:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4004\r\nExpires: Tue, 30 Jul 2024 22:46:01 GMT\r\nDate: Tue, 30 Jul 2024 21:39:17 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"00599d2586dd7bc94597291537a481ae","sha1":"13c2d4ddb37b39106e478de2de141a7063468dd7","sha256":"7eb46bd061b6fbb7c5bf83417fd63fa53f987178c15fb5e57ae7ab0240feebc7","sha512":"3d9ac4deb40f3b1fa3dd351e24f99963a72c8c4d52a64b4b2d54bd69eeb654ac5b0ec80bd29b3efdcadc93cfedca2d48ce6f80a3fb94d90e922d4d35ab8d1410","ssdeep":"","tlshash":"c3f0052e11d0fd41b57505197494c2373d367ebd7c9469e877c401d31420797214d0ec","first_seen":"2024-07-29T23:44:57Z","last_seen":"2024-08-19T15:20:00.51017Z","times_seen":19473,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"ip":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-30T21:39:17.486Z","timestamp":1722375557486,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/ HTTP/1.1\r\nHost: 88-99-61-21.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 30 Jul 2024 21:39:17 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":146,"size_decoded":146,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-05T13:48:51.350723Z","times_seen":479604,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":58,"dns":0,"connect":50,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-30T21:39:17Z","timestamp":1722375557,"ip_dst":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.4","port":48704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-07-30T21:39:17.578916+0000\",\"flow_id\":730358610224411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":48704,\"dest_ip\":\"88.99.61.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"88-99-61-21.top\",\"url\":\"/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":752,\"bytes_toclient\":652,\"start\":\"2024-07-30T21:39:17.484635+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"ip":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-30T21:39:17.486Z","timestamp":1722375557486,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/ HTTP/1.1\r\nHost: 88-99-61-21.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Tue, 30 Jul 2024 21:39:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":162,"size_decoded":162,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"4f8e702cc244ec5d4de32740c0ecbd97","sha1":"3adb1f02d5b6054de0046e367c1d687b6cdf7aff","sha256":"9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a","sha512":"21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f","ssdeep":"","tlshash":"0bc08cadab022cc8b8a73b3861c36160e2ec80701699451101b04a07f1cf1979ec23d1","first_seen":"2023-04-05T03:07:27Z","last_seen":"2025-10-21T23:58:19.216342Z","times_seen":131101,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":58,"dns":0,"connect":50,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-30T21:39:17Z","timestamp":1722375557,"ip_dst":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.4","port":48704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-07-30T21:39:17.578916+0000\",\"flow_id\":730358610224411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":48704,\"dest_ip\":\"88.99.61.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"88-99-61-21.top\",\"url\":\"/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":752,\"bytes_toclient\":652,\"start\":\"2024-07-30T21:39:17.484635+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"ip":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-30T21:39:17.486Z","timestamp":1722375557486,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/ HTTP/1.1\r\nHost: 88-99-61-21.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 30 Jul 2024 21:39:17 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":146,"size_decoded":146,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-05T13:48:51.350723Z","times_seen":479604,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":58,"dns":0,"connect":50,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-07-30T21:39:17Z","timestamp":1722375557,"ip_dst":{"addr":"88.99.61.21","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.4","port":48704,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-07-30T21:39:17.578916+0000\",\"flow_id\":730358610224411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":48704,\"dest_ip\":\"88.99.61.21\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"88-99-61-21.top\",\"url\":\"/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":752,\"bytes_toclient\":652,\"start\":\"2024-07-30T21:39:17.484635+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"88-99-61-21.top/favicon.ico","fqdn":"88-99-61-21.top","domain":"88-99-61-21.top","tld":"top"},"ip":{"addr":"88.99.61.21","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/","date":"2024-07-30T21:39:17.813Z","timestamp":1722375557813,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"88-99-61-21.top","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Jul 2024 19:05:16 GMT","end":"Sun, 06 Oct 2024 19:05:15 GMT"},"fingerprint":{"sha1":"7A:4A:3F:43:60:CA:C4:59:EC:AD:B2:E6:17:4D:87:EE:A1:E9:FE:60","sha256":"4D:CC:05:3B:02:27:64:10:0E:EB:D4:CD:61:51:D0:78:A1:86:68:77:B4:16:D6:95:73:6D:A0:2A:8B:18:90:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 88-99-61-21.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://88-99-61-21.top/Getintopc.com/Adobe-Acrobat_pro-002.20895.rar?md5=RJfS1RHtCu9NDAEN-QFG6A\u0026expires=1724740435/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 30 Jul 2024 21:39:17 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":146,"size_decoded":146,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-05T13:48:51.350723Z","times_seen":479604,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:19.377297701Z","timestamp":1722375559377,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"00250D516D26EAD1F376D80FEF0C83C59DF998D20C72ED5B96262E40AE3B96A8\"\r\nLast-Modified: Mon, 29 Jul 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20749\r\nExpires: Wed, 31 Jul 2024 03:25:08 GMT\r\nDate: Tue, 30 Jul 2024 21:39:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4e65f865b00bcb08c52dfe77a48c1c03","sha1":"26cbc733e53341bd2aab8c860546de10e9839e84","sha256":"00250d516d26ead1f376d80fef0c83c59df998d20c72ed5b96262e40ae3b96a8","sha512":"e69fa26c892a70facce23a7d50a1faaa50bf422a1aa5985ba5b28aae044e631ceb0044cd9f1985163f44dd727cbba30ebb5185c61fbd3d49f37a5989f451289a","ssdeep":"","tlshash":"49f0050e15973fc177fb34072984e21f7d4636f63c4505f1a45485c76451fe50680046","first_seen":"2024-07-30T01:46:56Z","last_seen":"2024-08-19T15:19:13.917399Z","times_seen":19063,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:19.378811742Z","timestamp":1722375559378,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"00250D516D26EAD1F376D80FEF0C83C59DF998D20C72ED5B96262E40AE3B96A8\"\r\nLast-Modified: Mon, 29 Jul 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20749\r\nExpires: Wed, 31 Jul 2024 03:25:08 GMT\r\nDate: Tue, 30 Jul 2024 21:39:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4e65f865b00bcb08c52dfe77a48c1c03","sha1":"26cbc733e53341bd2aab8c860546de10e9839e84","sha256":"00250d516d26ead1f376d80fef0c83c59df998d20c72ed5b96262e40ae3b96a8","sha512":"e69fa26c892a70facce23a7d50a1faaa50bf422a1aa5985ba5b28aae044e631ceb0044cd9f1985163f44dd727cbba30ebb5185c61fbd3d49f37a5989f451289a","ssdeep":"","tlshash":"49f0050e15973fc177fb34072984e21f7d4636f63c4505f1a45485c76451fe50680046","first_seen":"2024-07-30T01:46:56Z","last_seen":"2024-08-19T15:19:13.917399Z","times_seen":19063,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-30T21:39:19.380265896Z","timestamp":1722375559380,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"00250D516D26EAD1F376D80FEF0C83C59DF998D20C72ED5B96262E40AE3B96A8\"\r\nLast-Modified: Mon, 29 Jul 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20749\r\nExpires: Wed, 31 Jul 2024 03:25:08 GMT\r\nDate: Tue, 30 Jul 2024 21:39:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"4e65f865b00bcb08c52dfe77a48c1c03","sha1":"26cbc733e53341bd2aab8c860546de10e9839e84","sha256":"00250d516d26ead1f376d80fef0c83c59df998d20c72ed5b96262e40ae3b96a8","sha512":"e69fa26c892a70facce23a7d50a1faaa50bf422a1aa5985ba5b28aae044e631ceb0044cd9f1985163f44dd727cbba30ebb5185c61fbd3d49f37a5989f451289a","ssdeep":"","tlshash":"49f0050e15973fc177fb34072984e21f7d4636f63c4505f1a45485c76451fe50680046","first_seen":"2024-07-30T01:46:56Z","last_seen":"2024-08-19T15:19:13.917399Z","times_seen":19063,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}