{"report_id":"f93a45f3-0c72-4493-95d7-2b335e85a685","version":6,"status":"done","tags":[],"date":"2026-03-05T09:57:02Z","url":{"schema":"http","addr":"95.129.233.56/","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"http","addr":"95.129.233.56/","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"title":"DDoS-Guard","dom":{"size":572,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (572), with no line terminators","md5":"236f225903752d9ebf5961b9f6519e9e","sha1":"8a0686de9f891edd2257f6bc8ff6efffdf190ee1","sha256":"54917cdc36cdee2aab259f470a713c39bf271e1a369eed03659163976380c5fb","sha512":"4bf5cf927128f5467874fe242888ba5edb426c16874bdb75852fa4c2a52e7d038989dda00eb6787297aa3b01bd9c5cf5965a9b147b08951e1337b3f84705fcc6","ssdeep":"","tlshash":"dcf0e1fbc870382f60534bc4bc81370c1699d90def99a4316bea47de86d7ba4d913448","dom_hash":"domhasha3d3d7415960b807b142bbf1c8e66ac9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"95.129.233.56/","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-09T09:57:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T09:56:41Z","timestamp":1772704601,"ip_dst":{"addr":"Client IP","port":50334,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2026-03-05T09:56:41.069810+0000\",\"flow_id\":474601727029756,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"95.129.233.56\",\"src_port\":80,\"dest_ip\":\"172.18.0.30\",\"dest_port\":50334,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"95.129.233.56\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://95.129.233.56/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":623,\"bytes_toclient\":3168,\"start\":\"2026-03-05T09:56:41.029180+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T09:56:51Z","timestamp":1772704611,"ip_dst":{"addr":"Client IP","port":50328,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2026-03-05T09:56:51.071896+0000\",\"flow_id\":1936688051445911,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"95.129.233.56\",\"src_port\":80,\"dest_ip\":\"172.18.0.30\",\"dest_port\":50328,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"95.129.233.56\",\"url\":\"/.well-known/ddos-guard/wrongip.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://95.129.233.56/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2037},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2037,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1301,\"bytes_toclient\":3852,\"start\":\"2026-03-05T09:56:40.778391+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"95.129.233.56","ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":5,"received_data":35158,"sent_data":1949,"comment":"","tags":null,"fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"95.129.233.56/.well-known/ddos-guard/wrongip.js","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa83093b54cc45784e7b3416237dc61f","sha1":"4f93cb43dc130732f0eeb558e3ad6cc595589f11","sha256":"5e89fd3c7c928d63f050e24a6f536cc5ae2def0fd51a7b3cc64113499c136c1e","sha512":"28cabc87dce4b59aab1e2de8759092a8e854414339dd7c431d3b83a0f2cc7fa10d4d3b8cfc635ee18b3a3d80a064eb3e7b6f83a5116e68db32fcc1451eb9e0ae","ssdeep":"384:ekMzelCQR05TN23zWEkoIsOzWY3r1toVkJKfgwUnqyZFrdW4WKtm3tV9wzl6T+94:ekMzelCImyWqGWwHKfgwUNP9ODZWOMmB","tlshash":"97d2c2c9f6c2f064439b7561403f100bf33a2d69a86e8094e2aad4d47cbd94ac17bf6d","size":30406,"data":"","first_seen":"2024-12-18T07:13:09.332755Z","last_seen":"2026-04-02T23:43:19.899526Z","times_seen":271,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T09:56:41Z","timestamp":1772704601,"ip_dst":{"addr":"172.18.0.30","port":50334,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2026-03-05T09:56:41.069810+0000\",\"flow_id\":474601727029756,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"95.129.233.56\",\"src_port\":80,\"dest_ip\":\"172.18.0.30\",\"dest_port\":50334,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"95.129.233.56\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://95.129.233.56/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":623,\"bytes_toclient\":3168,\"start\":\"2026-03-05T09:56:41.029180+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"95.129.233.56/.well-known/ddos-guard/wrongip.js","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://95.129.233.56/","date":"2026-03-05T09:56:41.032Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /.well-known/ddos-guard/wrongip.js HTTP/1.1\r\nHost: 95.129.233.56\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://95.129.233.56/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 Ok\r\nServer: ddos-guard\r\nDate: Thu, 05 Mar 2026 09:56:41 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nContent-Type: application/javascript\r\nExpires: Thu, 05 Mar 2026 10:56:41 GMT\r\nContent-Length: 30468\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"Ok","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":30468,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (25340), with LF, NEL line terminators","md5":"aa83093b54cc45784e7b3416237dc61f","sha1":"4f93cb43dc130732f0eeb558e3ad6cc595589f11","sha256":"5e89fd3c7c928d63f050e24a6f536cc5ae2def0fd51a7b3cc64113499c136c1e","sha512":"28cabc87dce4b59aab1e2de8759092a8e854414339dd7c431d3b83a0f2cc7fa10d4d3b8cfc635ee18b3a3d80a064eb3e7b6f83a5116e68db32fcc1451eb9e0ae","ssdeep":"384:ekMzelCQR05TN23zWEkoIsOzWY3r1toVkJKfgwUnqyZFrdW4WKtm3tV9wzl6T+94:ekMzelCImyWqGWwHKfgwUNP9ODZWOMmB","tlshash":"97d2c2c9f6c2f064439b7561403f100bf33a2d69a86e8094e2aad4d47cbd94ac17bf6d","first_seen":"2024-12-18T07:13:09.332755Z","last_seen":"2026-04-02T23:43:19.899526Z","times_seen":271,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":18,"dns":0,"connect":20,"send":0,"wait":20,"receive":29,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T09:56:41Z","timestamp":1772704601,"ip_dst":{"addr":"172.18.0.30","port":50334,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2026-03-05T09:56:41.069810+0000\",\"flow_id\":474601727029756,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"95.129.233.56\",\"src_port\":80,\"dest_ip\":\"172.18.0.30\",\"dest_port\":50334,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"95.129.233.56\",\"url\":\"/.well-known/ddos-guard/wrongip.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://95.129.233.56/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.js\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":1223,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":623,\"bytes_toclient\":3168,\"start\":\"2026-03-05T09:56:41.029180+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"95.129.233.56/favicon.ico","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://95.129.233.56/","date":"2026-03-05T09:56:41.121Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 95.129.233.56\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://95.129.233.56/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 503 Service Unavailable\r\nServer: ddos-guard\r\nDate: Thu, 05 Mar 2026 09:56:41 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nSet-Cookie: __ddg8_=5eSw2vB5cwZoMsF5; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:41 GMT\n__ddg10_=1772704601; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:41 GMT\n__ddg9_=91.90.42.154; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:41 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 587\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":587,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (587), with no line terminators","md5":"0044f599bb1614bc412f3b3331bf4ff6","sha1":"e1c98e479ba8f8d01ad96090f0ecc69d2246b4a9","sha256":"bb4ad35776dadba17794f9a00462fbfd625cde7e155e42fe99fb4a107776f451","sha512":"da657684c2778690720d0e3dfe19c1c9731b5c200b371fed973bc8b2e474062d71a5749fc762968d032a05dec20156635b6b15361d90c5ded71ae0d46d93cf21","ssdeep":"","tlshash":"5ff0a2fbc870382f605347c4bc81370c1699da0dee95a4316be9569d86d67649913448","first_seen":"2024-12-18T07:13:09.325278Z","last_seen":"2026-04-02T23:43:19.898029Z","times_seen":278,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.129.233.56/","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-05T09:56:40.627Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 95.129.233.56\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":0,"dns":0,"connect":22,"send":0,"wait":0,"receive":0,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"95.129.233.56/","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-05T09:56:40.782Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 95.129.233.56\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 503 Service Unavailable\r\nServer: ddos-guard\r\nDate: Thu, 05 Mar 2026 09:56:40 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nSet-Cookie: __ddg8_=SQTNNSh7sTPq1Dmx; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:40 GMT\n__ddg10_=1772704600; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:40 GMT\n__ddg9_=91.90.42.154; Domain=.233.56; Path=/; Expires=Thu, 05-Mar-2026 10:16:40 GMT\r\nCache-Control: no-cache, no-store, must-revalidate\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 587\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":587,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (587), with no line terminators","md5":"0044f599bb1614bc412f3b3331bf4ff6","sha1":"e1c98e479ba8f8d01ad96090f0ecc69d2246b4a9","sha256":"bb4ad35776dadba17794f9a00462fbfd625cde7e155e42fe99fb4a107776f451","sha512":"da657684c2778690720d0e3dfe19c1c9731b5c200b371fed973bc8b2e474062d71a5749fc762968d032a05dec20156635b6b15361d90c5ded71ae0d46d93cf21","ssdeep":"","tlshash":"5ff0a2fbc870382f605347c4bc81370c1699da0dee95a4316be9569d86d67649913448","first_seen":"2024-12-18T07:13:09.325278Z","last_seen":"2026-04-02T23:43:19.898029Z","times_seen":278,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":18,"dns":0,"connect":21,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"95.129.233.56/.well-known/ddos-guard/wrongip.css","fqdn":"95.129.233.56","domain":"95.129.233.56","tld":""},"ip":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://95.129.233.56/","date":"2026-03-05T09:56:41.030Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /.well-known/ddos-guard/wrongip.css HTTP/1.1\r\nHost: 95.129.233.56\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://95.129.233.56/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 Ok\r\nServer: ddos-guard\r\nDate: Thu, 05 Mar 2026 09:56:41 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=60\r\nContent-Type: text/css\r\nExpires: Thu, 05 Mar 2026 10:56:41 GMT\r\nContent-Length: 2037\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"Ok","fingerprints":[{"name":"DDoS-Guard","description":"DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.","website":"https://ddos-guard.net","common_platform_enumeration":"","icon":"DDoS-Guard.svg","categories":["Security"]}],"data":{"size":2037,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2037), with no line terminators","md5":"a68b0d6dda5b68426925486b7c8d6ca7","sha1":"3b4fe309ca96432b919974676e4d6165754cec64","sha256":"1ad07bb78a8ce1d938b93339581d963edb773041deda339bc3bf1b5ebcfe9533","sha512":"f0866c9cb447917f327636c287d6f0bcad38db12bb90cecc47efb92ae6ce47ad26f4c291c7a63dd383ea4c0a68b0416d748aa6d5122d69994baf1c0d8fb69396","ssdeep":"","tlshash":"e54152226660b02db4b7c8a525c9aa993424ca15a0aff7fcde537131dacf1932e3174d","first_seen":"2025-02-26T21:52:29.856114Z","last_seen":"2026-03-23T03:15:25.75936Z","times_seen":255,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-05T09:56:51Z","timestamp":1772704611,"ip_dst":{"addr":"172.18.0.30","port":50328,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"95.129.233.56","port":80,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET HUNTING DDoS-Guard Hosted Content","source":"{\"timestamp\":\"2026-03-05T09:56:51.071896+0000\",\"flow_id\":1936688051445911,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"95.129.233.56\",\"src_port\":80,\"dest_ip\":\"172.18.0.30\",\"dest_port\":50328,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2043310,\"rev\":1,\"signature\":\"ET HUNTING DDoS-Guard Hosted Content\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2023_01_17\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_01_17\"]}},\"http\":{\"hostname\":\"95.129.233.56\",\"url\":\"/.well-known/ddos-guard/wrongip.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://95.129.233.56/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2037},\"files\":[{\"filename\":\"/.well-known/ddos-guard/wrongip.css\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2037,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1301,\"bytes_toclient\":3852,\"start\":\"2026-03-05T09:56:40.778391+0000\"}}"}],"analyzer":null,"urlquery":null}}]}