{"report_id":"e4671ef5-9b9b-47a6-9f6a-7e2f222c304f","version":6,"status":"done","tags":[],"date":"2025-09-02T11:24:47Z","url":{"schema":"http","addr":"vipbhbiss.top:8080/get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u","fqdn":"vipbhbiss.top","domain":"vipbhbiss.top","tld":"top"},"ip":{"addr":"31.43.191.125","port":0,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"http","addr":"vipbhbiss.top:8080/get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u","fqdn":"vipbhbiss.top","domain":"vipbhbiss.top","tld":"top"},"ip":{"addr":"31.43.191.125","port":0,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-07T11:24:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-02T11:24:23Z","timestamp":1756812263,"ip_dst":{"addr":"31.43.191.125","port":8080,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"ip_src":{"addr":"172.18.0.24","port":39838,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-02T11:24:23.818828+0000\",\"flow_id\":7768856054733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39838,\"dest_ip\":\"31.43.191.125\",\"dest_port\":8080,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"vipbhbiss.top\",\"http_port\":8080,\"url\":\"/get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1110},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":743,\"bytes_toclient\":7710,\"start\":\"2025-09-02T11:24:23.576461+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vipbhbiss.top","ip":{"addr":"31.43.191.125","port":8080,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"domain_registered":"2025-02-28","domain_rank":0,"first_seen":"2025-08-28T08:19:34.878048Z","last_seen":"2025-08-28T08:19:34.878048Z","alert_count":0,"request_count":1,"received_data":2453340,"sent_data":471,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-02T11:24:23Z","timestamp":1756812263,"ip_dst":{"addr":"31.43.191.125","port":8080,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"ip_src":{"addr":"172.18.0.24","port":39838,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-09-02T11:24:23.818828+0000\",\"flow_id\":7768856054733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":39838,\"dest_ip\":\"31.43.191.125\",\"dest_port\":8080,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"vipbhbiss.top\",\"http_port\":8080,\"url\":\"/get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1110},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":743,\"bytes_toclient\":7710,\"start\":\"2025-09-02T11:24:23.576461+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"vipbhbiss.top:8080/get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u","fqdn":"vipbhbiss.top","domain":"vipbhbiss.top","tld":"top"},"ip":{"addr":"31.43.191.125","port":8080,"asn":210848,"as":"Telkom Internet LTD","country":"South Africa","country_code":"ZA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-02T11:24:23.546Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /get.php?username=VIP01651753907200528\u0026password=50407d29ea1b\u0026type=m3u HTTP/1.1\r\nHost: vipbhbiss.top:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 02 Sep 2025 11:24:23 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2453002\r\nConnection: keep-alive\r\nContent-Description: File Transfer\r\nExpires: 0\r\nCache-Control: must-revalidate\r\nPragma: public\r\nContent-Disposition: attachment; filename=\"tv_channels_VIP01651753907200528.m3u\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2453002,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"9776786d3d5458feb8bee17c8055482c","sha1":"8581d5c8d4d181956c7659a0827fb786c08b6c16","sha256":"a780f1e8baf3ae54561e77123604b9f544d033b98d7f9196d438bd99eb32a2b7","sha512":"9a4bd46a3bd11ab0c3e93208a39d93a9b0216a2c910f7a539a0ad7a35173087b1f1d54cdde6bc9dcc9db992379e2f081e5be902d24749f3a7d04fa5f2b858ea7","ssdeep":"6144:22bcjwILE2xAff6G+l7Bir3IxNeFOcgLAl:22bcj7/xYgLc","tlshash":"4f2543fc45672012e3b86ddcf6afb7d1da1a88f629c46940af174ff1214539b18a027b","first_seen":"2025-09-02T11:24:48.05622Z","last_seen":"2025-09-02T11:24:48.05622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":548,"timings":{"blocked":53,"dns":40,"connect":22,"send":0,"wait":220,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}