{ "in_iface": "tppdummy0", "event_type": "stamus", "type": "json-log", "@version": "1", "proto": "TCP", "see_id": "fe19238f45f5", "input": { "type": "log" }, "alert": { "signature_id": 999999999 }, "src_port": 58628, "http": { "http_user_agent": "Wget/1.20.3 (linux-gnu)", "length": 29, "protocol": "HTTP/1.1", "url": "/", "http_content_type": "text/html", "http_method": "GET", "last_modified": "Wed, 10 Jun 2020 19:38:39 GMT", "content_length": "29", "accept": "*/*", "accept_encoding": "identity", "hostname": "xn--mazon-3ve.co.jp", "server": "SimpleHTTP/0.6 Python/2.7.16", "date": "Thu, 11 Jun 2020 06:06:39 GMT", "response_headers": [ { "value": "SimpleHTTP/0.6 Python/2.7.16", "name": "Server" }, { "value": "Thu, 11 Jun 2020 06:06:39 GMT", "name": "Date" }, { "value": "text/html", "name": "Content-type" }, { "value": "29", "name": "Content-Length" }, { "value": "Wed, 10 Jun 2020 19:38:39 GMT", "name": "Last-Modified" } ], "request_headers": [ { "value": "Wget/1.20.3 (linux-gnu)", "name": "User-Agent" }, { "value": "*/*", "name": "Accept" }, { "value": "identity", "name": "Accept-Encoding" }, { "value": "xn--mazon-3ve.co.jp", "name": "Host" }, { "value": "Keep-Alive", "name": "Connection" } ], "status": 200, "user_agent": { "os_name": "Linux", "device": "Other", "patch": "3", "minor": "20", "os": "Linux", "major": "1", "os_full": "Linux", "version": "1.20.3", "name": "Wget" }, "content_type": "text/html" }, "hostname_info": { "url": "xn--mazon-3ve.co.jp", "subdomain": "", "domain_without_tld": "xn--mazon-3ve", "tld": "co.jp", "host": "xn--mazon-3ve.co.jp", "domain": "xn--mazon-3ve.co.jp" }, "community_id": "1:unq6oPuDcnVwllXQjHhZHs3AE4o=", "dest_ip": "114.126.169.163", "geoip": { "coordinate": [ 106.8286, -6.175 ], "location": { "lon": 106.8286, "lat": -6.175 }, "timezone": "", "ip": "114.126.169.165", "registered_country": { "geoname_id": 1643084, "iso_code": "ID", "name": "Indonesia" }, "latitude": -6.175, "country": { "geoname_id": 1643084, "iso_code": "ID", "name": "Indonesia" }, "provider": { "autonomous_system_organization": "PT. Telekomunikasi Selular", "autonomous_system_number": 23693 }, "longitude": 106.8286, "continent_code": "AS", "country_code2": "ID", "country_code3": "ID", "continent": { "code": "AS", "geoname_id": 6255147, "name": "Asia" }, "country_name": "Indonesia" }, "ether": { "src_mac": "0a:00:27:00:00:00", "dest_mac": "08:00:27:3c:94:28" }, "uuid": "de1e5b07-2f03-4d90-82dd-de2da766e6d0", "alerted": true, "app_proto": "http", "net_info": { "src": [ "Internet" ], "dest": [ "Internet" ], "src_agg": "internet", "dest_agg": "internet" }, "tags": [ "beats_input_codec_json_applied" ], "host": "SSProbe-1", "dest_port": 80, "see_name": "stamus-central-server", "tx_id": 0, "agent": { "hostname": "SSProbe-1", "type": "filebeat", "id": "9f305fa4-6db1-485c-81f9-598dce1469e3", "ephemeral_id": "f5dbade3-4d0f-4cc4-9c00-dfdb5bfcc92a", "version": "7.17.29", "name": "SSProbe-1" }, "pkt_src": "wire/pcap", "flow_id": 1144918859788476, "log": { "offset": 262207259, "file": { "path": "/var/log/suricata/eve-nsm-1.json" } }, "logger": "logstash-manager", "@timestamp": "2025-07-24T03:33:16.039Z", "timestamp": "2025-07-24T03:33:16.039968+0000", "src_ip": "114.126.169.165", "stamus": { "extra_info": "homoglyph: аmazon.co.jp instead of amazon.co.jp", "source": "114.126.169.163", "family_name": "Phishing", "incidents_id": [ 61 ], "threat_id": 7, "asset_net_info": "internet", "pk": 893, "asset_info": { "last_seen": "2025-07-24T03:33:16.039968Z", "event_id": 75, "first_seen": "2025-07-24T02:38:47.286042Z", "incident_id": 61, "kill_chain": "installation", "state": "ongoing" }, "method_id": 999999999, "family_type": "family", "event_id": 75, "offender_type": "", "asset_type": "ip", "family_id": 6, "threat_name": "Homoglyph", "asset": "114.126.169.165", "kill_chain": "installation" }, "_id": "76t-OpgBsog6-RUOFuIG" }