{"report_id":"f7adcf03-8695-4c5a-90f1-023720467e17","version":6,"status":"done","tags":[],"date":"2025-10-09T23:17:12Z","url":{"schema":"http","addr":"lottingem.com","fqdn":"lottingem.com","domain":"lottingem.com","tld":"com"},"ip":{"addr":"5.149.249.219","port":0,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"lottingem.com/","fqdn":"lottingem.com","domain":"lottingem.com","tld":"com"},"title":"lottingem.com/"},"submit":{"url":{"schema":"http","addr":"lottingem.com","fqdn":"lottingem.com","domain":"lottingem.com","tld":"com"},"ip":{"addr":"5.149.249.219","port":0,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-13T23:17:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T23:16:50Z","timestamp":1760051810,"ip_dst":{"addr":"172.18.0.17","port":39656,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"5.149.249.219","port":443,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-09T23:16:50.347708+0000\",\"flow_id\":1957572045334356,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"5.149.249.219\",\"src_port\":443,\"dest_ip\":\"172.18.0.17\",\"dest_port\":39656,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=lottingem.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"06:A7:E6:A1:FF:5B:96:62:7D:4B:51:DC:25:5D:78:BD\",\"fingerprint\":\"95:27:6b:7a:37:bf:ae:a9:86:06:bc:be:eb:39:b0:68:4a:90:a4:ca\",\"sni\":\"lottingem.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-09-01T00:00:00\",\"notafter\":\"2025-11-30T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"c4b2785a87896e19d37eee932070cb22\",\"string\":\"771,49199,0-65281-11-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1305,\"bytes_toclient\":5830,\"start\":\"2025-10-09T23:16:50.288596+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"lottingem.com","ip":{"addr":"5.149.249.219","port":443,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-01-15","domain_rank":282624,"first_seen":"2025-02-21T19:44:21.248066Z","last_seen":"2025-08-22T15:10:10.7249Z","alert_count":0,"request_count":2,"received_data":410,"sent_data":915,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T23:16:50Z","timestamp":1760051810,"ip_dst":{"addr":"172.18.0.17","port":39656,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"5.149.249.219","port":443,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-10-09T23:16:50.347708+0000\",\"flow_id\":1957572045334356,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"5.149.249.219\",\"src_port\":443,\"dest_ip\":\"172.18.0.17\",\"dest_port\":39656,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=lottingem.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"06:A7:E6:A1:FF:5B:96:62:7D:4B:51:DC:25:5D:78:BD\",\"fingerprint\":\"95:27:6b:7a:37:bf:ae:a9:86:06:bc:be:eb:39:b0:68:4a:90:a4:ca\",\"sni\":\"lottingem.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-09-01T00:00:00\",\"notafter\":\"2025-11-30T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"c4b2785a87896e19d37eee932070cb22\",\"string\":\"771,49199,0-65281-11-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1305,\"bytes_toclient\":5830,\"start\":\"2025-10-09T23:16:50.288596+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"lottingem.com/","fqdn":"lottingem.com","domain":"lottingem.com","tld":"com"},"ip":{"addr":"5.149.249.219","port":443,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:16:50.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"lottingem.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Sun, 30 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"95:27:6B:7A:37:BF:AE:A9:86:06:BC:BE:EB:39:B0:68:4A:90:A4:CA","sha256":"B2:83:EE:54:15:03:A0:58:7E:99:82:CC:0A:2A:C3:CB:7F:36:2F:9F:09:4F:A7:71:64:C1:5A:7E:98:6B:25:13"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lottingem.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nDate: Thu, 09 Oct 2025 23:16:50 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":18,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f040e1614f337945c5c5614190742843","sha1":"c5d875ae2b3e35a431a6e6af809b1a440ffbe5cb","sha256":"a89a847f63d9224ce59857eb2c845a27ed86cee38cfa47da0da08168f3189a05","sha512":"c618d6b95cd445c472aa013922b5f2e7dd1764fd85974dfe65e450ddfe413690e5180a1587011aab9d0d65fb79d1dea0b0f47da933b4cab14763f063c7354794","ssdeep":"","tlshash":"3570000020b00080c800028b0002a80200880000280080c000080880802220280233c0","first_seen":"2024-08-20T11:00:18.412639Z","last_seen":"2025-11-14T21:06:56.001778Z","times_seen":5,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":142,"dns":0,"connect":17,"send":0,"wait":19,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lottingem.com/favicon.ico","fqdn":"lottingem.com","domain":"lottingem.com","tld":"com"},"ip":{"addr":"5.149.249.219","port":443,"asn":59711,"as":"HZ Hosting Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lottingem.com/","date":"2025-10-09T23:16:50.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"lottingem.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 01 Sep 2025 00:00:00 GMT","end":"Sun, 30 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"95:27:6B:7A:37:BF:AE:A9:86:06:BC:BE:EB:39:B0:68:4A:90:A4:CA","sha256":"B2:83:EE:54:15:03:A0:58:7E:99:82:CC:0A:2A:C3:CB:7F:36:2F:9F:09:4F:A7:71:64:C1:5A:7E:98:6B:25:13"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: lottingem.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lottingem.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nDate: Thu, 09 Oct 2025 23:16:50 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}