{"report_id":"f3f01161-d9ee-408d-9db7-6b4b0c5ac5ba","version":6,"status":"done","tags":[],"date":"2024-08-02T20:52:14Z","url":{"schema":"http","addr":"uswm.xoiawbvs.top/?playlist=e5c2f10e1wulj/6e8c54/b6_l5pokeaocaa?iag/apa8ih46aav/2apacxy_kklf95/i2wxaxsgaei_anha3v5jzbamu?daeoska/c13277/ke57xllphada/8ihh2a?oha_?suae79nynaa9wr-rwlg3axzgana2/6a_ofa4bs45aitsraaose5me/3b27da/ausavzeaulkehbivzsiogi-a?n/1paaa_lxaa82cq6xo/ahh...%20311%20.../haobkssasaaayau3tq_4z-ctegaas/c72e6/aV58Kj/98I3R8JCNlJWR-cnEveG9-Y2Flbj/0qJCVeJHlnfg2/71a251/P24lKkB4JHFj/fmV-YS/oqZ14kdCRveXxAaS9eZCU9fGVecg2/459565165/JHQkfG/9hXm4qfipneHxlZSN/8JCU9ZHkjfnFpXiV-cmM_Lw2/a5b8f7/JT9jeS9lciN0aT0heG/FxQH5uJF5kK/iEjfiNnbyRAXiFeZQ2/4ac0088f/LyEqdF/58cSQlcm9-ZX5jJSNhZV5kaWcjPW58eEAqJD9eeQ2/8165d4f1/YWUjaS/pnKip8b2R8QCEhfCNyeWNAJ/HRuZXg/lfn49LyM_cQ2/8d3ade7/fHleJGN0biEjQD1-Km/8qYXh-cT9yQH5AaSQh/L2ckI2VlZA2/f74c5/ZWd-Y3glJHF0bmRvQCUhcl4vQGE9fj/8kJCE/hI15peV4jZQ2/4eb927ab7/IUA9JX5AZ2FeXiNlbm/llIWRA/dCUvYyN4cS/p8cm98Kj8qeQ2/1d6d23/dC95ZW/MjIW8_J/CVnISNeQGl-JX58JGRhZW54/PSRyfnxecQ2/187f7c0da/cmFlJW/9jQHxefC8hZCR8P2l4fiVxK/iUqZV50bmckPXl-QA2/a038075f6/ZXhjdE/Ajfj0hIXFeJHI_QG55LyMqJSFe/I2ReJ/GdpfmVvYQ2/ad7754/Y3l-IW/dAPV4/hcWVeL0AkPyNhZSpvbnhyJSR/pZCN0JF4hfg2/141769553/QHxAZyMqI3hu/byEvaXQjciRjYX55P/X4hZHEhPyVlZXxeKg2/48867/ISF8KiVlJD1l/Y3ElI25vaXxAXmEkc/mQqQCF5eD9eZ3QvfA2/010a0d0e3/eCN-aX/kjfiV/lXi9jXmQkcl4jIXQh/P24lJGEhQG89Z3xlcQ2/4b4acd5/ZX4ldH/ElI28_/fCReJSRjfHJneH4vbl5kaXwqQH5heWU9Kg2/a10b6/Z2FAZH/JjXm9eISEjJCN4eT9xfj0vZ/WUjJX/RpKm4hQF4kfg2/736d0/ciVjJV/5eeWUkfCQkP0BneGU/hPS9kdCFuIypxI2lhXn5vfg2/a209dc5b7/b2EkZWR-Kn4laV4/kZ3x4I3R5ZWNePz0lb/iFyIy9ecXwkKg2/f6c6e43/eXx4Xi/ohPyQlJHJlaV5lQH5eYyUvbnRAQHF8Kmc9KmFkbw2/a9c37/JCMkXiFefGFjeH49cXwlJG8qbnlAaS9yfmUj/fj8lZWRndA2","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"title":"404 - 找不到文件或目录。"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T07:12:40Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-01 18:12:56","alert_count":0,"request_count":6,"received_data":5324,"sent_data":1962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"uswm.xoiawbvs.top","ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":6,"received_data":46837,"sent_data":4777,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-02T20:51:50Z","timestamp":1722631910,"ip_dst":{"addr":"104.21.54.236","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44858,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-02T20:51:50.668361+0000\",\"flow_id\":2185948417162929,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":44858,\"dest_ip\":\"104.21.54.236\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"uswm.xoiawbvs.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://uswm.xoiawbvs.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1054,\"start\":\"2024-08-02T20:51:50.655025+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:48.695139194Z","timestamp":1722631908695,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"542B016F56D55AC6E101E5930905AC5873AB375BB530AE7F2DBBBE98F4663926\"\r\nLast-Modified: Thu, 01 Aug 2024 06:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14306\r\nExpires: Sat, 03 Aug 2024 00:50:14 GMT\r\nDate: Fri, 02 Aug 2024 20:51:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"2b7af8743a0baccf520f7d3c63f9aa03","sha1":"d531f4d4c3b83565dbe8f972052708201df0d668","sha256":"542b016f56d55ac6e101e5930905ac5873ab375bb530ae7f2dbbbe98f4663926","sha512":"7057ee9951dfbee47dc98a6fc594eb7421c9500ce77fc52a843899749f030953148787d88da29630f2983cfceef7e5f9cd81cbb5831c99beb69dfaaf3060cb40","ssdeep":"","tlshash":"5bf0c050069876069ea04a202fddd0111a286c7a647074f17cd80666b5207ad4d8e94c","first_seen":"2024-08-01T12:26:57Z","last_seen":"2024-08-19T15:03:08.441696Z","times_seen":27247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:48.700391214Z","timestamp":1722631908700,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"31567666BDA7DB348CD6E2AD94576DA2C7240872F45E969FD6A52CF14440E95B\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5105\r\nExpires: Fri, 02 Aug 2024 22:16:53 GMT\r\nDate: Fri, 02 Aug 2024 20:51:48 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"44e4b90088be23610d96d270d377406d","sha1":"ce7ab232af453bb960a97435173b3ab09a376054","sha256":"31567666bda7db348cd6e2ad94576da2c7240872f45e969fd6a52cf14440e95b","sha512":"d674548a794cb80b5cc2fd4967186cbde82712e2d80e88dbda6d43abbc14b8f5a01a5b510b07fd7acf96a33577bab8b5eeffb899c232a062a8b551fdaa9e6885","ssdeep":"","tlshash":"88f00e822285fde36e385f369eb0d51538706ee8311664ca2a8042d074a3b9c76cc94c","first_seen":"2024-08-01T13:30:15Z","last_seen":"2024-08-19T15:02:48.976986Z","times_seen":21208,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:49.036228485Z","timestamp":1722631909036,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F37F00B9679113AC2B3B7D43E4D3AFA8F3B1861B9F0B31744641771257B5714F\"\r\nLast-Modified: Thu, 01 Aug 2024 06:26:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=15931\r\nExpires: Sat, 03 Aug 2024 01:17:20 GMT\r\nDate: Fri, 02 Aug 2024 20:51:49 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d8c8330168da4a9d503ddb04a4df6f87","sha1":"08502623c14dd495434507146b62dd062e06c609","sha256":"f37f00b9679113ac2b3b7d43e4d3afa8f3b1861b9f0b31744641771257b5714f","sha512":"aa8f4848eb44b592d2bea5816516f3c831ff9f3be7dd84a326625bff8b4a0060ad739874d7f1f4ec33e8606eafbc53ab3d9f824b273c9380311e05ff4ac1c863","ssdeep":"","tlshash":"76f0057213df3d01fd7456152f5ad3052f21bda8340665f269c891e328117e26ec8408","first_seen":"2024-08-01T12:51:30Z","last_seen":"2024-08-19T15:03:08.442939Z","times_seen":23918,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:49.199805718Z","timestamp":1722631909199,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E9D373F8BCB454C3FC0B4E4D3768E5104C7F4CAD03145468F9D2C0FF89C08143\"\r\nLast-Modified: Thu, 01 Aug 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3102\r\nExpires: Fri, 02 Aug 2024 21:43:31 GMT\r\nDate: Fri, 02 Aug 2024 20:51:49 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"06f86a556a3bc0d04f36267a3081f07f","sha1":"3ca01a6761c66a9434a2ee060e2cb4b685b0b9f8","sha256":"e9d373f8bcb454c3fc0b4e4d3768e5104c7f4cad03145468f9d2c0ff89c08143","sha512":"5d2afaf30f4b626d830d5404cc82ccea273969bba9a832005a64f12aa15e56eb5b5c85876d82dde52c590ca6f5c0e57e3ff801aab3ed9887a1d0b147413a9b5c","ssdeep":"","tlshash":"75f00e8a20ed7b8555a0ac001e78e21afd396abc3c2025e21e9c05f57421bf26dc404c","first_seen":"2024-08-01T08:37:09Z","last_seen":"2024-08-19T15:04:18.900784Z","times_seen":23373,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/b8fa9/QEB8QCV4IXJxZGFlZW8jI25eKiEqfi/UveWN-Z/3xpKj0_dA2","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-02T20:51:49.676Z","timestamp":1722631909676,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xoiawbvs.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Aug 2024 13:55:16 GMT","end":"Wed, 30 Oct 2024 13:55:15 GMT"},"fingerprint":{"sha1":"3C:9C:D0:1E:91:7F:62:7F:D2:90:B5:46:FF:6E:4C:EE:19:30:DF:EA","sha256":"BE:D7:85:8A:C5:BC:4E:58:35:4B:E5:C2:CE:C5:2D:DE:A9:77:F2:1A:9E:61:A8:4A:F7:1E:79:7F:F4:1D:5F:53"}}},"request":{"raw":"GET /b8fa9/QEB8QCV4IXJxZGFlZW8jI25eKiEqfi/UveWN-Z/3xpKj0_dA2 HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; RdStr=dq1kzlmy24slbjkxc1au2hjg\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 02 Aug 2024 20:51:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private\r\nlocation: /\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=zTzZlKeZ6%2BiwLRf%2BFjFM7pO6%2F1So3UH6E%2FBuC4WW3fXZhGzTfyp%2BbzxJgWSgPCie7JmuX8BKUBJBo3k2%2Bl61A3WlfCTxqNIKBmSlUPo5IJwwZLMvFHu5zGk%2BOOHN3A1quMu8Vw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ad0f2bb7de856a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":814,"size_decoded":814,"mime_type":"text/html","magic":"data","md5":"1a50def5285069bd820444a0caad50ea","sha1":"853080ce6185ae76e73799f2866bffc6a4a73c52","sha256":"e067f83328ada3d1735afdbfe94d13088ef6be632e9f6155136f6420e1321f18","sha512":"3afdee147e221e4622a971c907bf7ccb57bf440137d77e33761084f3e98cce75b4d2fc1bcbaae96018b214967df679b3203be5b232d319b33501ef635d893473","ssdeep":"","tlshash":"380146697bdd7ddcb1f33bf44c956ce0b5d8603035451c055295485be14625bcd023bb","first_seen":"2024-05-22T20:23:27Z","last_seen":"2024-10-24T00:40:40.441989Z","times_seen":2610,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:51.170175889Z","timestamp":1722631911170,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2359\r\nExpires: Fri, 02 Aug 2024 21:31:10 GMT\r\nDate: Fri, 02 Aug 2024 20:51:51 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7b71bbce2c5e563fde3afb60497eb33b","sha1":"ffe77143d7aae5b966b693211336919b872de46a","sha256":"5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f","sha512":"74b26d7ae39d9dcb1edf5fee9cb2c138bbc2c82f3586365580a0ed3270b19d3e8fd100f2914c64f1b5cadcaf6073eba610a22ac4a19f56e4afce0e72293070d8","ssdeep":"","tlshash":"acf00e4a079d6e462b6dc8443d84fa215d640daa742030f42accc2a572b07e46ac641c","first_seen":"2024-08-01T13:13:22Z","last_seen":"2024-08-19T15:03:08.4448Z","times_seen":14162,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.27","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-02T20:51:51.173452662Z","timestamp":1722631911173,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D3FE5575B14F6F240E86C4C5065E8F3F79A6F20039EFCE544E7597166C1AE0F\"\r\nLast-Modified: Thu, 01 Aug 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2359\r\nExpires: Fri, 02 Aug 2024 21:31:10 GMT\r\nDate: Fri, 02 Aug 2024 20:51:51 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7b71bbce2c5e563fde3afb60497eb33b","sha1":"ffe77143d7aae5b966b693211336919b872de46a","sha256":"5d3fe5575b14f6f240e86c4c5065e8f3f79a6f20039efce544e7597166c1ae0f","sha512":"74b26d7ae39d9dcb1edf5fee9cb2c138bbc2c82f3586365580a0ed3270b19d3e8fd100f2914c64f1b5cadcaf6073eba610a22ac4a19f56e4afce0e72293070d8","ssdeep":"","tlshash":"acf00e4a079d6e462b6dc8443d84fa215d640daa742030f42accc2a572b07e46ac641c","first_seen":"2024-08-01T13:13:22Z","last_seen":"2024-08-19T15:03:08.4448Z","times_seen":14162,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/?playlist=e5c2f10e1wulj/6e8c54/b6_l5pokeaocaa?iag/apa8ih46aav/2apacxy_kklf95/i2wxaxsgaei_anha3v5jzbamu?daeoska/c13277/ke57xllphada/8ihh2a?oha_?suae79nynaa9wr-rwlg3axzgana2/6a_ofa4bs45aitsraaose5me/3b27da/ausavzeaulkehbivzsiogi-a?n/1paaa_lxaa82cq6xo/ahh...%20311%20.../haobkssasaaayau3tq_4z-ctegaas/c72e6/aV58Kj/98I3R8JCNlJWR-cnEveG9-Y2Flbj/0qJCVeJHlnfg2/71a251/P24lKkB4JHFj/fmV-YS/oqZ14kdCRveXxAaS9eZCU9fGVecg2/459565165/JHQkfG/9hXm4qfipneHxlZSN/8JCU9ZHkjfnFpXiV-cmM_Lw2/a5b8f7/JT9jeS9lciN0aT0heG/FxQH5uJF5kK/iEjfiNnbyRAXiFeZQ2/4ac0088f/LyEqdF/58cSQlcm9-ZX5jJSNhZV5kaWcjPW58eEAqJD9eeQ2/8165d4f1/YWUjaS/pnKip8b2R8QCEhfCNyeWNAJ/HRuZXg/lfn49LyM_cQ2/8d3ade7/fHleJGN0biEjQD1-Km/8qYXh-cT9yQH5AaSQh/L2ckI2VlZA2/f74c5/ZWd-Y3glJHF0bmRvQCUhcl4vQGE9fj/8kJCE/hI15peV4jZQ2/4eb927ab7/IUA9JX5AZ2FeXiNlbm/llIWRA/dCUvYyN4cS/p8cm98Kj8qeQ2/1d6d23/dC95ZW/MjIW8_J/CVnISNeQGl-JX58JGRhZW54/PSRyfnxecQ2/187f7c0da/cmFlJW/9jQHxefC8hZCR8P2l4fiVxK/iUqZV50bmckPXl-QA2/a038075f6/ZXhjdE/Ajfj0hIXFeJHI_QG55LyMqJSFe/I2ReJ/GdpfmVvYQ2/ad7754/Y3l-IW/dAPV4/hcWVeL0AkPyNhZSpvbnhyJSR/pZCN0JF4hfg2/141769553/QHxAZyMqI3hu/byEvaXQjciRjYX55P/X4hZHEhPyVlZXxeKg2/48867/ISF8KiVlJD1l/Y3ElI25vaXxAXmEkc/mQqQCF5eD9eZ3QvfA2/010a0d0e3/eCN-aX/kjfiV/lXi9jXmQkcl4jIXQh/P24lJGEhQG89Z3xlcQ2/4b4acd5/ZX4ldH/ElI28_/fCReJSRjfHJneH4vbl5kaXwqQH5heWU9Kg2/a10b6/Z2FAZH/JjXm9eISEjJCN4eT9xfj0vZ/WUjJX/RpKm4hQF4kfg2/736d0/ciVjJV/5eeWUkfCQkP0BneGU/hPS9kdCFuIypxI2lhXn5vfg2/a209dc5b7/b2EkZWR-Kn4laV4/kZ3x4I3R5ZWNePz0lb/iFyIy9ecXwkKg2/f6c6e43/eXx4Xi/ohPyQlJHJlaV5lQH5eYyUvbnRAQHF8Kmc9KmFkbw2/a9c37/JCMkXiFefGFjeH49cXwlJG8qbnlAaS9yfmUj/fj8lZWRndA2","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-02T20:51:49.050Z","timestamp":1722631909050,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xoiawbvs.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Aug 2024 13:55:16 GMT","end":"Wed, 30 Oct 2024 13:55:15 GMT"},"fingerprint":{"sha1":"3C:9C:D0:1E:91:7F:62:7F:D2:90:B5:46:FF:6E:4C:EE:19:30:DF:EA","sha256":"BE:D7:85:8A:C5:BC:4E:58:35:4B:E5:C2:CE:C5:2D:DE:A9:77:F2:1A:9E:61:A8:4A:F7:1E:79:7F:F4:1D:5F:53"}}},"request":{"raw":"GET /?playlist=e5c2f10e1wulj/6e8c54/b6_l5pokeaocaa?iag/apa8ih46aav/2apacxy_kklf95/i2wxaxsgaei_anha3v5jzbamu?daeoska/c13277/ke57xllphada/8ihh2a?oha_?suae79nynaa9wr-rwlg3axzgana2/6a_ofa4bs45aitsraaose5me/3b27da/ausavzeaulkehbivzsiogi-a?n/1paaa_lxaa82cq6xo/ahh...%20311%20.../haobkssasaaayau3tq_4z-ctegaas/c72e6/aV58Kj/98I3R8JCNlJWR-cnEveG9-Y2Flbj/0qJCVeJHlnfg2/71a251/P24lKkB4JHFj/fmV-YS/oqZ14kdCRveXxAaS9eZCU9fGVecg2/459565165/JHQkfG/9hXm4qfipneHxlZSN/8JCU9ZHkjfnFpXiV-cmM_Lw2/a5b8f7/JT9jeS9lciN0aT0heG/FxQH5uJF5kK/iEjfiNnbyRAXiFeZQ2/4ac0088f/LyEqdF/58cSQlcm9-ZX5jJSNhZV5kaWcjPW58eEAqJD9eeQ2/8165d4f1/YWUjaS/pnKip8b2R8QCEhfCNyeWNAJ/HRuZXg/lfn49LyM_cQ2/8d3ade7/fHleJGN0biEjQD1-Km/8qYXh-cT9yQH5AaSQh/L2ckI2VlZA2/f74c5/ZWd-Y3glJHF0bmRvQCUhcl4vQGE9fj/8kJCE/hI15peV4jZQ2/4eb927ab7/IUA9JX5AZ2FeXiNlbm/llIWRA/dCUvYyN4cS/p8cm98Kj8qeQ2/1d6d23/dC95ZW/MjIW8_J/CVnISNeQGl-JX58JGRhZW54/PSRyfnxecQ2/187f7c0da/cmFlJW/9jQHxefC8hZCR8P2l4fiVxK/iUqZV50bmckPXl-QA2/a038075f6/ZXhjdE/Ajfj0hIXFeJHI_QG55LyMqJSFe/I2ReJ/GdpfmVvYQ2/ad7754/Y3l-IW/dAPV4/hcWVeL0AkPyNhZSpvbnhyJSR/pZCN0JF4hfg2/141769553/QHxAZyMqI3hu/byEvaXQjciRjYX55P/X4hZHEhPyVlZXxeKg2/48867/ISF8KiVlJD1l/Y3ElI25vaXxAXmEkc/mQqQCF5eD9eZ3QvfA2/010a0d0e3/eCN-aX/kjfiV/lXi9jXmQkcl4jIXQh/P24lJGEhQG89Z3xlcQ2/4b4acd5/ZX4ldH/ElI28_/fCReJSRjfHJneH4vbl5kaXwqQH5heWU9Kg2/a10b6/Z2FAZH/JjXm9eISEjJCN4eT9xfj0vZ/WUjJX/RpKm4hQF4kfg2/736d0/ciVjJV/5eeWUkfCQkP0BneGU/hPS9kdCFuIypxI2lhXn5vfg2/a209dc5b7/b2EkZWR-Kn4laV4/kZ3x4I3R5ZWNePz0lb/iFyIy9ecXwkKg2/f6c6e43/eXx4Xi/ohPyQlJHJlaV5lQH5eYyUvbnRAQHF8Kmc9KmFkbw2/a9c37/JCMkXiFefGFjeH49cXwlJG8qbnlAaS9yfmUj/fj8lZWRndA2 HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 02 Aug 2024 20:51:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private\r\nlocation: /b8fa9/QEB8QCV4IXJxZGFlZW8jI25eKiEqfi/UveWN-Z/3xpKj0_dA2\r\nset-cookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; path=/; HttpOnly\nRdStr=dq1kzlmy24slbjkxc1au2hjg; path=/\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=zqkZXhgi8sQQAphvasZUvJgk5dPzagciaQVgJRzPOTa2sXZ7rMCEG4hlFsYWNci7LuyWMSDyq7N6pUR%2B7Awxh8Fpjg5s2tITbgsPgHIYCyl7Zaw3mHbf5EJIdlBgglDEREBltQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ad0f2b7aa2956a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":6316,"size_decoded":6316,"mime_type":"text/html","magic":"data","md5":"4cdb2b4fb5dffa0f719815008be02a15","sha1":"3ccfb857e37acb5439fb2c2c8ece6aeb20128bd4","sha256":"1bd5722c2693c292bfffa6441d276ea7d9e2209fea05fe6b02eff54949cf07d5","sha512":"2b2f32250175088ed5f62f6dbc8afd075ceee33f567752429ac0e49834f1e91d677d9e096e61ccd2a1eb2df8bd31ed0a58a34bba37659921cdbe4718c3462642","ssdeep":"96:WMEaWGXM9mGwrd2OupPPQDq0c04dp4gJNSmJPiySU6vBLFTvrMCv0Vw1:WMESXM96rd2zADq0cfp4gJBKPUSv2Vw1","tlshash":"84d17d4502c24eaaed1cfc37eccb53669724d8e46c50aa3f9e90fa961dfd580e448e52","first_seen":"2024-08-19T14:51:57.725207Z","last_seen":"2024-08-19T14:51:57.725207Z","times_seen":1,"resource_available":false,"data":null}},"time_used":638,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":600,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-02T20:51:49.843Z","timestamp":1722631909843,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xoiawbvs.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Aug 2024 13:55:16 GMT","end":"Wed, 30 Oct 2024 13:55:15 GMT"},"fingerprint":{"sha1":"3C:9C:D0:1E:91:7F:62:7F:D2:90:B5:46:FF:6E:4C:EE:19:30:DF:EA","sha256":"BE:D7:85:8A:C5:BC:4E:58:35:4B:E5:C2:CE:C5:2D:DE:A9:77:F2:1A:9E:61:A8:4A:F7:1E:79:7F:F4:1D:5F:53"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; RdStr=dq1kzlmy24slbjkxc1au2hjg\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 02 Aug 2024 20:51:50 GMT\r\ncontent-type: text/html\r\ncache-control: private\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ogHsf5fsdOTvbtDcZNSI3rKM7ezN3fmvwGwXH77jOQ%2FTZ5cAkSaANXvLNj8c0iv%2BrWFDvGojNZDRKHiP7X8OlBll94rPfMx3BvYUPsqAF5M7sHNQhNyrPdz90fuzugfJI3wwoQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ad0f2bc8df756c9-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1163,"size_decoded":1163,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1241), with no line terminators","md5":"14fc8ed36d3358a2d4a9557d2b69f860","sha1":"875918c5480201d7fd3a1c646600cc8e206d9afa","sha256":"a5a5957109aeeeb74db86456a631d1a1d6667ccf5cc5744901c2210f8efacdd6","sha512":"60d80ad763dec05957747d4cb41f9c4cc3968a1fc1f7b54c53fc26f8aa52e15319762e239fc4c7becf42846ba85c2b70ad5cf40d1175f92fc525df3005986fc6","ssdeep":"","tlshash":"0e21481ee5207241e64a89d438f372ba7b094507f4770e59f466663ed4c65f4c0be7c4","first_seen":"2023-04-14T11:07:34Z","last_seen":"2025-04-06T21:06:20.896621Z","times_seen":3968,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":613,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-02T20:51:50Z","timestamp":1722631910,"ip_dst":{"addr":"104.21.54.236","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.18","port":44858,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-02T20:51:50.668361+0000\",\"flow_id\":2185948417162929,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":44858,\"dest_ip\":\"104.21.54.236\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"uswm.xoiawbvs.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://uswm.xoiawbvs.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1054,\"start\":\"2024-08-02T20:51:50.655025+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"uswm.xoiawbvs.top/","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"104.21.54.236","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-02T20:51:50.645Z","timestamp":1722631910645,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; RdStr=dq1kzlmy24slbjkxc1au2hjg\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Fri, 02 Aug 2024 20:51:50 GMT\r\nContent-Type: text/html\r\nContent-Length: 167\r\nConnection: keep-alive\r\nCache-Control: max-age=3600\r\nExpires: Fri, 02 Aug 2024 21:51:50 GMT\r\nLocation: https://uswm.xoiawbvs.top/\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=7tee5X%2FBUs5kYUYYBkwWjkoEyJ%2FueSvEphaqRvypreCXqa1ZM6xueUWX8a2%2Bs3HaxZW6TRfmRvoxLxu%2FeWfL19VGnr5wFM0uAklyNdtbQgddX2vG7Ny4OwBfacAFe41TVHec2A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8ad0f2c19fd856ae-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":1163,"size_decoded":1163,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T20:38:47.575438Z","times_seen":13797803,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":11,"dns":13,"connect":1,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-02T20:51:50Z","timestamp":1722631910,"ip_dst":{"addr":"104.21.54.236","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.18","port":44858,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-02T20:51:50.668361+0000\",\"flow_id\":2185948417162929,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":44858,\"dest_ip\":\"104.21.54.236\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"uswm.xoiawbvs.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://uswm.xoiawbvs.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1054,\"start\":\"2024-08-02T20:51:50.655025+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-02T20:51:50.673Z","timestamp":1722631910673,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xoiawbvs.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Aug 2024 13:55:16 GMT","end":"Wed, 30 Oct 2024 13:55:15 GMT"},"fingerprint":{"sha1":"3C:9C:D0:1E:91:7F:62:7F:D2:90:B5:46:FF:6E:4C:EE:19:30:DF:EA","sha256":"BE:D7:85:8A:C5:BC:4E:58:35:4B:E5:C2:CE:C5:2D:DE:A9:77:F2:1A:9E:61:A8:4A:F7:1E:79:7F:F4:1D:5F:53"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; RdStr=dq1kzlmy24slbjkxc1au2hjg\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 02 Aug 2024 20:51:50 GMT\r\ncontent-type: text/html\r\ncache-control: private\r\nx-aspnetmvc-version: 5.2\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tuLPZmXrRkqetk55zOCqj7S8MmE4B7zcwXPLXQoP2xqdlv0XW6%2FG6cHA%2FTBjdaGEbVQBETEmT8SUMnpCTU6wGTF4PprJjy9wgwDTZYDqXD6pCVl4ZRXPLaQE9%2FmG%2BzX6vSft0g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8ad0f2c1bb3f56c9-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1163,"size_decoded":1163,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1241), with no line terminators","md5":"14fc8ed36d3358a2d4a9557d2b69f860","sha1":"875918c5480201d7fd3a1c646600cc8e206d9afa","sha256":"a5a5957109aeeeb74db86456a631d1a1d6667ccf5cc5744901c2210f8efacdd6","sha512":"60d80ad763dec05957747d4cb41f9c4cc3968a1fc1f7b54c53fc26f8aa52e15319762e239fc4c7becf42846ba85c2b70ad5cf40d1175f92fc525df3005986fc6","ssdeep":"","tlshash":"0e21481ee5207241e64a89d438f372ba7b094507f4770e59f466663ed4c65f4c0be7c4","first_seen":"2023-04-14T11:07:34Z","last_seen":"2025-04-06T21:06:20.896621Z","times_seen":3968,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-02T20:51:50Z","timestamp":1722631910,"ip_dst":{"addr":"104.21.54.236","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.18","port":44858,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2024-08-02T20:51:50.668361+0000\",\"flow_id\":2185948417162929,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":44858,\"dest_ip\":\"104.21.54.236\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"uswm.xoiawbvs.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://uswm.xoiawbvs.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":746,\"bytes_toclient\":1054,\"start\":\"2024-08-02T20:51:50.655025+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uswm.xoiawbvs.top/favicon.ico","fqdn":"uswm.xoiawbvs.top","domain":"xoiawbvs.top","tld":"top"},"ip":{"addr":"172.67.169.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uswm.xoiawbvs.top/","date":"2024-08-02T20:51:50.919Z","timestamp":1722631910919,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xoiawbvs.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Aug 2024 13:55:16 GMT","end":"Wed, 30 Oct 2024 13:55:15 GMT"},"fingerprint":{"sha1":"3C:9C:D0:1E:91:7F:62:7F:D2:90:B5:46:FF:6E:4C:EE:19:30:DF:EA","sha256":"BE:D7:85:8A:C5:BC:4E:58:35:4B:E5:C2:CE:C5:2D:DE:A9:77:F2:1A:9E:61:A8:4A:F7:1E:79:7F:F4:1D:5F:53"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: uswm.xoiawbvs.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uswm.xoiawbvs.top/\r\nCookie: ASP.NET_SessionId=dq1kzlmy24slbjkxc1au2hjg; RdStr=dq1kzlmy24slbjkxc1au2hjg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 02 Aug 2024 20:51:51 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Thu, 01 Aug 2024 10:58:50 GMT\r\netag: W/\"5ff186ca1e4da1:0\"\r\nx-powered-by: ASP.NET\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=oWgoL5tdkwxzf1X62d97DUW01dmVQMI8%2F%2Fm18E7g3%2BhFqlCPdGat0hIN%2FqXLnWXElLosiWpvBVODVmqoMERpaO67qL1MPR5vad5pW0zPyQvxI%2BpUe81nkLvSZxERpiW8KbTZIg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8ad0f2c33d9156c9-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32038,"size_decoded":32038,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"3f0f72ed57a54b97cda500bcf0545efb","sha1":"2f252619c18e729d98e16b96d37cd7cd567b38eb","sha256":"67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943","sha512":"ea68c54a3ca39a47555a41ae5fc3723f1e7c06b3ad1776ee7082ffbff48277d2b4ee7ca1753165c2dccdf7012eb0cbe29cdbde21dc05373a07cf18e23de37e54","ssdeep":"192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn","tlshash":"6de2207b2193e200e49136f0adeaa4f059556f9a54708f19b0ba3d7de37a82bfc1d04d","first_seen":"2023-04-05T10:33:55Z","last_seen":"2026-04-14T14:27:58.326913Z","times_seen":28717,"resource_available":false,"data":null}},"time_used":568,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":568,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}