{"report_id":"bb191a42-f7cc-4928-baef-75932c5ecc03","version":6,"status":"done","tags":["opendir"],"date":"2024-10-21T02:27:28Z","url":{"schema":"http","addr":"cdn.xn--ygba1c.wtf/","fqdn":"cdn.xn--ygba1c.wtf","domain":"xn--ygba1c.wtf","tld":"wtf"},"ip":{"addr":"209.112.88.12","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cdn.xn--ygba1c.wtf/","fqdn":"cdn.xn--ygba1c.wtf","domain":"xn--ygba1c.wtf","tld":"wtf"},"title":"Index of /"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2026-12-30T02:27:28Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cdn.xn--ygba1c.wtf","ip":{"addr":"209.112.88.227","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2024-10-21T02:27:28.427333Z","last_seen":"2024-10-21T02:27:28.427333Z","alert_count":1,"request_count":2,"received_data":850656,"sent_data":906,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Audit - Open directory","verdict":"none","severity":"audit","comment":"","tags":["opendir"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdn.xn--ygba1c.wtf/","fqdn":"cdn.xn--ygba1c.wtf","domain":"xn--ygba1c.wtf","tld":"wtf"},"ip":{"addr":"209.112.88.227","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-10-21T02:27:02.862Z","timestamp":1729477622862,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.xn--ygba1c.wtf","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Sep 2024 03:08:15 GMT","end":"Wed, 04 Dec 2024 03:08:14 GMT"},"fingerprint":{"sha1":"60:17:AE:E3:31:60:F9:80:56:9F:AF:52:6D:63:3D:B1:E6:87:DC:63","sha256":"90:02:9D:A9:35:04:2F:34:29:E5:2A:9E:8B:C4:02:EA:CE:33:57:79:AB:23:4E:4C:6D:60:19:E7:8D:A3:7F:36"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.xn--ygba1c.wtf\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 21 Oct 2024 02:27:03 GMT\r\ncontent-type: text/html\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-robots-tag: none\r\ncontent-security-policy: frame-ancestors 'self'\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":850092,"size_decoded":850092,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2c799045e97635ae0fcc1044d2ac26c6","sha1":"fcc46528963ded95bea6d446567b1e6852acfb63","sha256":"6cb1e255b54aa529981e64ce872fd26c85ae85e2adc43336d2762861fa9d735f","sha512":"e1ad545f9b102cb3653a449e8abb4bf4dde6cbb53b42099e9ce1a41ab797c32b58652f49446af3d5b04bf77d26f33235e4b7cab885692941153fa5ac8501617e","ssdeep":"6144:QMHz89+q0NUOwtxNM6baW88MDAOM+30gZ:NimexFaWKDAOM+30gZ","tlshash":"25054aa64ef11a6f4bb5636210b0fc29c32622e103457d5d714c5cf7eb3eaa23b9d492","first_seen":"2024-10-21T02:27:32.335354Z","last_seen":"2026-03-13T10:55:29.114287Z","times_seen":5,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":260,"dns":1,"connect":18,"send":0,"wait":18,"receive":0,"ssl":240},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Audit - Open directory","verdict":"none","severity":"audit","comment":"","tags":["opendir"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.xn--ygba1c.wtf/favicon.ico","fqdn":"cdn.xn--ygba1c.wtf","domain":"xn--ygba1c.wtf","tld":"wtf"},"ip":{"addr":"209.112.88.227","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cdn.xn--ygba1c.wtf/","date":"2024-10-21T02:27:04.116Z","timestamp":1729477624116,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.xn--ygba1c.wtf","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Sep 2024 03:08:15 GMT","end":"Wed, 04 Dec 2024 03:08:14 GMT"},"fingerprint":{"sha1":"60:17:AE:E3:31:60:F9:80:56:9F:AF:52:6D:63:3D:B1:E6:87:DC:63","sha256":"90:02:9D:A9:35:04:2F:34:29:E5:2A:9E:8B:C4:02:EA:CE:33:57:79:AB:23:4E:4C:6D:60:19:E7:8D:A3:7F:36"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cdn.xn--ygba1c.wtf\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.xn--ygba1c.wtf/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 21 Oct 2024 02:27:04 GMT\r\ncontent-type: text/html\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":146,"size_decoded":146,"mime_type":"text/html","magic":"HTML document, ASCII text, with no line terminators","md5":"40b3fc14254227ec5012d996bf90c4e1","sha1":"b0dd06eb5a779151151101337889ff09953f8ac0","sha256":"740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca","sha512":"23526121f81d22bdf929ae6d93210e7a7eb2f5f943c237bc732e1dd658be58cd058b34290d56d72e102c712c6c672ee14372fa75e0779409a01d827203fa6fc2","ssdeep":"","tlshash":"4dc08c1cb813304485030ba00bc33542c29aa22ba8ba802104884203e0ce2bac8ea3d5","first_seen":"2023-04-05T04:09:16Z","last_seen":"2025-04-06T22:43:34.098035Z","times_seen":107868,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}