{"report_id":"b931490d-9d12-4410-9b0e-e8ff34ffbff8","version":6,"status":"done","tags":[],"date":"2023-10-14T10:52:19Z","url":{"schema":"http","addr":"h41r.buzz/","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"h41r.buzz/","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"title":"h41r.buzz/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T20:03:44Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"h41r.buzz","ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2022-10-07","domain_rank":0,"first_seen":"2022-10-07 18:52:14","last_seen":"2023-10-14 12:51:56","alert_count":3,"request_count":3,"received_data":3322,"sent_data":1190,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img1.wsimg.com","ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2008-03-17","domain_rank":9893,"first_seen":"2012-06-20 16:42:31","last_seen":"2023-10-13 18:34:25","alert_count":0,"request_count":2,"received_data":203692,"sent_data":866,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ocsp.pki.goog","ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2016-06-13","domain_rank":175,"first_seen":"2018-07-01 08:43:07","last_seen":"2023-10-13 18:12:02","alert_count":0,"request_count":2,"received_data":1399,"sent_data":666,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":7,"first_seen":"2015-05-10 13:11:19","last_seen":"2023-09-20 20:05:47","alert_count":0,"request_count":1,"received_data":151686,"sent_data":414,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:02Z","timestamp":1697280722,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:02.720535+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":631},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":656,\"bytes_toclient\":2218,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:03Z","timestamp":1697280723,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:03.059673+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/px.js?ch=1\u0026abp=1\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://h41r.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1260,\"bytes_toclient\":3067,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:03Z","timestamp":1697280723,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":47550,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:03.072613+0000\",\"flow_id\":1659235839668991,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47550,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/px.js?ch=2\u0026abp=1\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://h41r.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":678,\"bytes_toclient\":923,\"start\":\"2023-10-14T10:52:02.946943+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"h41r.buzz/px.js?ch=1\u0026abp=1","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2183968f9080b37babfeba3ccf10df2","sha1":"24b9cf589ee6789e567fac3ae5acfc25826d00c6","sha256":"4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc","sha512":"0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42","ssdeep":"","tlshash":"4cf097192c28e27464362e96c2bdc0ba6164200236b0f422b8d4fb4f429dfe5083ac68","size":476,"data":"","first_seen":"2023-03-13T06:28:57Z","last_seen":"2024-08-21T09:44:36.254707Z","times_seen":9007,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:03Z","timestamp":1697280723,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.12","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:03.059673+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/px.js?ch=1\u0026abp=1\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://h41r.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1260,\"bytes_toclient\":3067,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/js/main.32a72d74.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"256e5c3738a4cf63368a60d2b8cf917e","sha1":"b74c6be3e01843e70ce0319aa12cbb50b6d59cf2","sha256":"8f14327418c9a725459dcf7ce1457edec97aac535f31e83f28c2bbb9f61d94b6","sha512":"8b24eab1aabf3166d02a85705d69025b8abe2d0e63c64f00d227b73cd76e5e1c26b073f7b24860e41fec0c09448ecca0991a346904e88997e2e26d599b0e55b7","ssdeep":"12288:Ykzrcp02n6b6QYn3QYnkiDUk4f0WTI4WY+MiqFfxt9UCT:YkzQu2nq6QYn3QYnkx","tlshash":"f8f428ce72d1b0b507e351e6c43f280fb2796a25e00cc571eabad9d6986944d823bf5c","size":730110,"data":"","first_seen":"2023-10-12T09:08:26Z","last_seen":"2023-11-16T04:25:20Z","times_seen":1725,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"016a2927d6f52714baa982b4f9ec914a","sha1":"582b3a5d0a70695186bcb81dcf5b1b7e7b76e16c","sha256":"f02f8eb9b0f7787d9e4105bb276e87248f441c5e657ba46f01f2cca9d53be6e8","sha512":"0e52d7483860e819bc7840c465894e0555df5a7b7398c941e330ec29dd7a6ca445c4acff6d4c44ff8190b4938b7d875d7aa11040c6d832d9b28316cca0001fed","ssdeep":"1536:EnzW5lvX3B33LPyHq3X2ry5joHg2fFUZq7C5BuUOAFzgaYjzPwgExlNwoqaHGuKX:FLHB0UOAFzJMPslNwojLfiBF9/aC","tlshash":"7be35c9a77613426636354f4602f028fb23af959e84845f8f198d4e47cb8da91237fbc","size":150834,"data":"","first_seen":"2023-10-12T18:51:43Z","last_seen":"2024-08-21T04:58:46.424358Z","times_seen":280,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"h41r.buzz/","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:02Z","timestamp":1697280722,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.12","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:02.720535+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":631},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":656,\"bytes_toclient\":2218,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"h41r.buzz/","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-10-14T10:52:02.600Z","timestamp":1697280722600,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: h41r.buzz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 14 Oct 2023 10:52:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 1177\r\nLast-Modified: Wed, 11 Oct 2023 21:10:45 GMT\r\nETag: \"65270f55-499\"\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_JJ8b26F2QQwHOOjbaAkL4JglGcWJo9jK2PBxb9CjcYfUzxEhH2zKWi/wSCH0H6v3HdwGXpERkmb9P25TBYvLUw\r\nCache-Control: no-cache\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: system=PW;Path=/;Max-Age=86400;\ncaf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;\ncountry=NO;Path=/;Max-Age=86400;\ncity=\"\";Path=/;Max-Age=86400;\ntraffic_target=reseller;Path=/;Max-Age=86400;\r\nAccept-Ranges: bytes\r\nVia: 1.1 google\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1177,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1177), with no line terminators","md5":"b8e5031ea545c52885f5e92f753dfa29","sha1":"caa26c58c4c50e0d1227a7d06b44171e4727c49f","sha256":"a2feeca638d07f490ab9a6808d334259ac823b8dc7d1d6a0408ce977c790bef2","sha512":"0d2e1e0b87a73f95f40d66a83200ea82b2d34f28d3b27aac3bb89a1edf323cfe6b681ce7f21b440880e07706d76fe90f6c8c3bda14b0c82837dee384a89713c5","ssdeep":"","tlshash":"cd21eee79c96c1948f6086e5f473f63cc049e418ca51dc14e5d140bfa1d8bda4d6a958","first_seen":"2023-10-12T09:08:26Z","last_seen":"2023-11-14T00:11:04Z","times_seen":947,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":6,"dns":0,"connect":7,"send":0,"wait":115,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:02Z","timestamp":1697280722,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.12","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:02.720535+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":631},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":656,\"bytes_toclient\":2218,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/css/main.b706c083.css","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://h41r.buzz/","date":"2023-10-14T10:52:02.961Z","timestamp":1697280722961,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Tue, 19 Sep 2023 21:06:14 GMT","end":"Sun, 20 Oct 2024 21:06:14 GMT"},"fingerprint":{"sha1":"B7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD","sha256":"F0:59:68:08:59:E1:70:FF:7C:87:9A:EC:6B:F0:FE:3F:9A:4E:A4:51:FD:F0:CA:14:49:B8:75:7D:CF:7F:A7:99"}}},"request":{"raw":"GET /parking-lander/static/css/main.b706c083.css HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h41r.buzz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: 8sd66zt7gfJX0Kmktwq0q2lL/yVHe7ezdUEyyvCgGKCAoVGL2nYulaUS9B9GhKWXs+G9WHvlxKNsC+9WLMlyLw==\r\nx-amz-request-id: B0P5YK4GVTYR7FB6\r\nlast-modified: Wed, 11 Oct 2023 21:09:07 GMT\r\netag: \"b370238e18d0f075f1527034e55ae938\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: nWh4jMyKPY7s4ISG4s0UYa976ncmVNJO\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 193\r\ncache-control: max-age=31536000\r\nexpires: Sun, 13 Oct 2024 10:52:02 GMT\r\ndate: Sat, 14 Oct 2023 10:52:02 GMT\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":193,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b370238e18d0f075f1527034e55ae938","sha1":"577668d4f10df8e1dc5531facefafcd2a184b36b","sha256":"d9ee660f3259931784ab34ff824b344a343a1ecea23eb2c6c24c587682cad1e7","sha512":"13340649759ba5c8aa9f7bb675b3f992f891ca2b2c38381b3b493785daed498947b05d38894f376d515aaacad8a4307ad895558e01abe78ccdb801a974df66bf","ssdeep":"","tlshash":"22d0a96baa969c2df83acd2c0630099474a01889d26aa338a4331d6283be04ae910604","first_seen":"2023-10-12T09:08:26Z","last_seen":"2023-11-16T04:25:20Z","times_seen":1724,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":24,"dns":12,"connect":1,"send":0,"wait":5,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/js/main.32a72d74.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"95.101.10.131","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://h41r.buzz/","date":"2023-10-14T10:52:02.959Z","timestamp":1697280722959,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Tue, 19 Sep 2023 21:06:14 GMT","end":"Sun, 20 Oct 2024 21:06:14 GMT"},"fingerprint":{"sha1":"B7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD","sha256":"F0:59:68:08:59:E1:70:FF:7C:87:9A:EC:6B:F0:FE:3F:9A:4E:A4:51:FD:F0:CA:14:49:B8:75:7D:CF:7F:A7:99"}}},"request":{"raw":"GET /parking-lander/static/js/main.32a72d74.js HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h41r.buzz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: TvKSFY60G+DCvrflwSngWtl7oKSP5rp9E+Zx93uyNIhornaXJ8XJn5WiBpZRPkzAIaOKuuJH0g4=\r\nx-amz-request-id: B0P7N3S188T941S9\r\nlast-modified: Wed, 11 Oct 2023 21:09:03 GMT\r\netag: \"256e5c3738a4cf63368a60d2b8cf917e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: GOHDljhe.kd0A6tfC2Oi41qAlAWeZDtP\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=31536000\r\nexpires: Sun, 13 Oct 2024 10:52:02 GMT\r\ndate: Sat, 14 Oct 2023 10:52:02 GMT\r\ncontent-length: 202232\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":202232,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65465)","md5":"256e5c3738a4cf63368a60d2b8cf917e","sha1":"b74c6be3e01843e70ce0319aa12cbb50b6d59cf2","sha256":"8f14327418c9a725459dcf7ce1457edec97aac535f31e83f28c2bbb9f61d94b6","sha512":"8b24eab1aabf3166d02a85705d69025b8abe2d0e63c64f00d227b73cd76e5e1c26b073f7b24860e41fec0c09448ecca0991a346904e88997e2e26d599b0e55b7","ssdeep":"12288:Ykzrcp02n6b6QYn3QYnkiDUk4f0WTI4WY+MiqFfxt9UCT:YkzQu2nq6QYn3QYnkx","tlshash":"f8f428ce72d1b0b507e351e6c43f280fb2796a25e00cc571eabad9d6986944d823bf5c","first_seen":"2023-10-12T09:08:26Z","last_seen":"2023-11-16T04:25:20Z","times_seen":1725,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":27,"dns":10,"connect":1,"send":0,"wait":4,"receive":14,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-10-14T10:52:03.038057001Z","timestamp":1697280723038,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 14 Oct 2023 10:52:02 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 472\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"06ad568f1cf3e959ca8c4342aecf04a8","sha1":"b694d4d303e0e1e4ee65f2379d02c63a00fb7396","sha256":"2cffc5cea95b3047fea042f6a12ff415e917e48a2b0689a2f91794f51f518172","sha512":"14011998886eaf27c1ba30fbfad9d9b6fdafc443c4d5e8c0ab8a07372927ceaabcf3312bf2e3c1a3d7beeb33b8fba97d85d08bd4599832980a31834a7b654745","ssdeep":"","tlshash":"bdf097081c3c7802aa5edb342187aa2ca426a0c509a14287acda91d2cada1e9b324042","first_seen":"2023-10-13T18:08:21Z","last_seen":"2023-10-14T22:57:48Z","times_seen":1045,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"h41r.buzz/px.js?ch=1\u0026abp=1","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://h41r.buzz/","date":"2023-10-14T10:52:02.955Z","timestamp":1697280722955,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /px.js?ch=1\u0026abp=1 HTTP/1.1\r\nHost: h41r.buzz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h41r.buzz/\r\nCookie: system=PW; caf_ipaddr=91.90.42.154; country=NO; city=\"\"; traffic_target=reseller\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 14 Oct 2023 10:52:02 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 476\r\nLast-Modified: Wed, 11 Oct 2023 21:10:45 GMT\r\nETag: \"65270f55-1dc\"\r\nAccept-Ranges: bytes\r\nVia: 1.1 google\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":476,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"d2183968f9080b37babfeba3ccf10df2","sha1":"24b9cf589ee6789e567fac3ae5acfc25826d00c6","sha256":"4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc","sha512":"0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42","ssdeep":"","tlshash":"4cf097192c28e27464362e96c2bdc0ba6164200236b0f422b8d4fb4f429dfe5083ac68","first_seen":"2023-03-13T06:28:57Z","last_seen":"2024-08-21T09:44:36.254707Z","times_seen":9007,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:03Z","timestamp":1697280723,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.12","port":47540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:03.059673+0000\",\"flow_id\":460669381124661,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47540,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/px.js?ch=1\u0026abp=1\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://h41r.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1260,\"bytes_toclient\":3067,\"start\":\"2023-10-14T10:52:02.598581+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"h41r.buzz/px.js?ch=2\u0026abp=1","fqdn":"h41r.buzz","domain":"h41r.buzz","tld":"buzz"},"ip":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://h41r.buzz/","date":"2023-10-14T10:52:02.957Z","timestamp":1697280722957,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /px.js?ch=2\u0026abp=1 HTTP/1.1\r\nHost: h41r.buzz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h41r.buzz/\r\nCookie: system=PW; caf_ipaddr=91.90.42.154; country=NO; city=\"\"; traffic_target=reseller\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 14 Oct 2023 10:52:02 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 476\r\nLast-Modified: Wed, 11 Oct 2023 21:10:24 GMT\r\nETag: \"65270f40-1dc\"\r\nAccept-Ranges: bytes\r\nVia: 1.1 google\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":476,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"d2183968f9080b37babfeba3ccf10df2","sha1":"24b9cf589ee6789e567fac3ae5acfc25826d00c6","sha256":"4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc","sha512":"0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42","ssdeep":"","tlshash":"4cf097192c28e27464362e96c2bdc0ba6164200236b0f422b8d4fb4f429dfe5083ac68","first_seen":"2023-03-13T06:28:57Z","last_seen":"2024-08-21T09:44:36.254707Z","times_seen":9007,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":1,"dns":0,"connect":11,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-14T10:52:03Z","timestamp":1697280723,"ip_dst":{"addr":"34.98.99.30","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.12","port":47550,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2023-10-14T10:52:03.072613+0000\",\"flow_id\":1659235839668991,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.12\",\"src_port\":47550,\"dest_ip\":\"34.98.99.30\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"h41r.buzz\",\"url\":\"/px.js?ch=2\u0026abp=1\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://h41r.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":678,\"bytes_toclient\":923,\"start\":\"2023-10-14T10:52:02.946943+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"142.250.74.131","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-10-14T10:52:03.306144886Z","timestamp":1697280723306,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 83\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sat, 14 Oct 2023 10:52:02 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 471\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":471,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"a91da8e035e4b10b219053969ff4ab86","sha1":"976b8deaf7501df2c923383087106a823e7a0859","sha256":"008adc1696a4aa427606743795c5de301921946a3d2887c7a7817dcc6fc16ba5","sha512":"f8a5a0e817b501b7f29eadcdfec815d289075f67365901323235c50647b487ca7925db8872d35231b60c4a58c4d3ef08b42a9420399ce568563b12c00f9b298f","ssdeep":"","tlshash":"6ff0dc4c0e762e82aeaecd655fa830603106b50c55fb01e62cf897ea8815af72c1c255","first_seen":"2023-10-13T18:03:22Z","last_seen":"2023-10-14T22:58:03Z","times_seen":1275,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.132","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://h41r.buzz/","date":"2023-10-14T10:52:02.952Z","timestamp":1697280722952,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 18 Sep 2023 08:25:14 GMT","end":"Mon, 11 Dec 2023 08:25:13 GMT"},"fingerprint":{"sha1":"C9:F6:98:54:A9:56:99:75:0A:10:B7:BD:95:70:40:74:3A:B0:B0:77","sha256":"38:41:20:B1:65:14:7C:F7:3A:23:D1:3C:01:8D:6E:2A:8D:EC:D3:17:BC:30:F1:3F:8C:B6:C8:25:9C:6A:01:8E"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h41r.buzz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Sat, 14 Oct 2023 10:52:02 GMT\r\nexpires: Sat, 14 Oct 2023 10:52:02 GMT\r\ncache-control: private, max-age=3600\r\netag: \"7229732264559423250\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://www.adsensecustomsearchads.com\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":150834,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2067)","md5":"016a2927d6f52714baa982b4f9ec914a","sha1":"582b3a5d0a70695186bcb81dcf5b1b7e7b76e16c","sha256":"f02f8eb9b0f7787d9e4105bb276e87248f441c5e657ba46f01f2cca9d53be6e8","sha512":"0e52d7483860e819bc7840c465894e0555df5a7b7398c941e330ec29dd7a6ca445c4acff6d4c44ff8190b4938b7d875d7aa11040c6d832d9b28316cca0001fed","ssdeep":"1536:EnzW5lvX3B33LPyHq3X2ry5joHg2fFUZq7C5BuUOAFzgaYjzPwgExlNwoqaHGuKX:FLHB0UOAFzJMPslNwojLfiBF9/aC","tlshash":"7be35c9a77613426636354f4602f028fb23af959e84845f8f198d4e47cb8da91237fbc","first_seen":"2023-10-12T18:51:43Z","last_seen":"2024-08-21T04:58:46.424358Z","times_seen":280,"resource_available":true,"data":null}},"time_used":583,"timings":{"blocked":272,"dns":1,"connect":8,"send":0,"wait":20,"receive":11,"ssl":267},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}