{"report_id":"df88cb0e-35c7-4ef2-bd1a-03c69716500e","version":6,"status":"done","tags":[],"date":"2025-10-10T06:57:43Z","url":{"schema":"http","addr":"fapello.su/bunni3-png/","fqdn":"fapello.su","domain":"fapello.su","tld":"su"},"ip":{"addr":"190.115.31.109","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"http","addr":"fapello.su/bunni3-png/","fqdn":"fapello.su","domain":"fapello.su","tld":"su"},"ip":{"addr":"190.115.31.109","port":0,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-14T06:57:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:57:23Z","timestamp":1760079443,"ip_dst":{"addr":"190.115.31.109","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.16","port":50954,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-10-10T06:57:23.977297+0000\",\"flow_id\":896920945118663,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":50954,\"dest_ip\":\"190.115.31.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"fapello.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://fapello.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":547,\"bytes_toclient\":1311,\"start\":\"2025-10-10T06:57:23.937415+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:57:37Z","timestamp":1760079457,"ip_dst":{"addr":"190.115.31.109","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.16","port":39980,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-10-10T06:57:37.208662+0000\",\"flow_id\":1603013569519700,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":39980,\"dest_ip\":\"190.115.31.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"fapello.su\",\"url\":\"/bunni3-png/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://fapello.su/bunni3-png/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":678,\"bytes_toclient\":1322,\"start\":\"2025-10-10T06:57:37.172116+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fapello.su","ip":{"addr":"190.115.31.109","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"2023-06-07","domain_rank":86381,"first_seen":"2023-06-28T19:43:43Z","last_seen":"2025-10-08T15:17:14.680753Z","alert_count":1,"request_count":1,"received_data":751,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:57:23Z","timestamp":1760079443,"ip_dst":{"addr":"190.115.31.109","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.16","port":50954,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-10-10T06:57:23.977297+0000\",\"flow_id\":896920945118663,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":50954,\"dest_ip\":\"190.115.31.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"fapello.su\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://fapello.su/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":547,\"bytes_toclient\":1311,\"start\":\"2025-10-10T06:57:23.937415+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:57:37Z","timestamp":1760079457,"ip_dst":{"addr":"190.115.31.109","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.16","port":39980,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-10-10T06:57:37.208662+0000\",\"flow_id\":1603013569519700,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":39980,\"dest_ip\":\"190.115.31.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"fapello.su\",\"url\":\"/bunni3-png/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://fapello.su/bunni3-png/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":678,\"bytes_toclient\":1322,\"start\":\"2025-10-10T06:57:37.172116+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fapello.su/bunni3-png/","fqdn":"fapello.su","domain":"fapello.su","tld":"su"},"ip":{"addr":"190.115.31.109","port":443,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-10T06:57:20.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fapello.su","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 04:08:08 GMT","end":"Tue, 09 Dec 2025 04:08:07 GMT"},"fingerprint":{"sha1":"FD:34:FC:41:E3:9D:3E:4F:6E:05:E4:E8:9D:35:9E:3F:E8:3D:CF:71","sha256":"51:A7:57:6A:6C:D0:81:73:9E:8F:C4:19:7B:CA:5E:72:52:06:2F:54:61:26:8F:A5:EF:1E:0F:BB:A2:94:7A:01"}}},"request":{"raw":"GET /bunni3-png/ HTTP/1.1\r\nHost: fapello.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 504 Gateway Timeout\r\nserver: ddos-guard\r\ndate: Fri, 10 Oct 2025 06:57:37 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 583\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"504","status_text":"Gateway Timeout","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":583,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (579), with no line terminators","md5":"e9f642657e61c1a7f2fe038474abf083","sha1":"5a506a1f8b95f50395e87f8a3ddfd5f21475fed1","sha256":"ed784195e804233002feb7cf3ff653c936a54b69fde0165ecbc7ce4f0bd068a9","sha512":"3b6fae427a80049865922578a74992f8eb892ad19498a1a1756ae2049f839c341c34a6d7b2d1015d9a63f42a2ae121d559a0a5c5be4b2bfb6eddd0aab34adf93","ssdeep":"","tlshash":"74f09609cb9330dfe01a40e8d8f1308830550cb1e3b6a3f1ae4b2b79ecc82a470b224d","first_seen":"2025-04-30T17:27:52.103081Z","last_seen":"2026-04-24T06:40:45.275572Z","times_seen":119,"resource_available":true,"data":null}},"time_used":16197,"timings":{"blocked":85,"dns":21,"connect":19,"send":0,"wait":16019,"receive":1,"ssl":47},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-10T06:57:37Z","timestamp":1760079457,"ip_dst":{"addr":"190.115.31.109","port":80,"asn":59692,"as":"IQWeb FZ-LLC","country":"United Arab Emirates","country_code":"AE"},"ip_src":{"addr":"172.18.0.16","port":39980,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related","source":"{\"timestamp\":\"2025-10-10T06:57:37.208662+0000\",\"flow_id\":1603013569519700,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":39980,\"dest_ip\":\"190.115.31.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2014170,\"rev\":6,\"signature\":\"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2012_01_31\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"http\":{\"hostname\":\"fapello.su\",\"url\":\"/bunni3-png/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://fapello.su/bunni3-png/\",\"length\":568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":678,\"bytes_toclient\":1322,\"start\":\"2025-10-10T06:57:37.172116+0000\"}}"}],"analyzer":null,"urlquery":null}}]}