{"report_id":"106ea527-721f-4b5f-bfe0-7959ab853b66","version":6,"status":"done","tags":[],"date":"2026-06-02T06:04:25Z","url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"title":"初中研究所-","dom":{"size":180713,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3241)","md5":"92731257a1bca091117504bca33e0825","sha1":"341be2a3cb42d3810f30071514b9ba02d5d2738b","sha256":"247952b43cb4a76fc64d9f6075cf50b7d6d0aaff1ecd0afa251cd3a79a90b13b","sha512":"a30ba9b83eceaf0651ef2fe00c6beaf55894cdb1a400ada71aa84c1269228d74ac596fa5bf4f5c4ace916a72ee7a7c4ec8c3cf35d45d09ac6f86a3e9e1e4acfe","ssdeep":"1536:d/weNBKZ3uDI08Ay6mpFU+cbI7BWv3cZDPngxsXJoyZ31sRWmG3461VGsflV+KyF:d/weNBKwbeV+cC","tlshash":"4904842246e25427417380d695f65b2bf1e2b12bdd8b4910b3ec1bd6bfc9e62bc0b15c","dom_hash":"domhash1b1598ee4b2821913d9ef98bda146f5c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T06:04:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":55,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"Client IP","port":35978,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.67.129.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-06-02T06:03:59.474645+0000\",\"flow_id\":1545487917198531,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.67.129.44\",\"src_port\":443,\"dest_ip\":\"172.18.0.12\",\"dest_port\":35978,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.t56qv7.czyjsosio.buzz\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":861,\"bytes_toclient\":213,\"start\":\"2026-06-02T06:03:59.470211+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"Client IP","port":35980,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.67.129.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-06-02T06:03:59.482381+0000\",\"flow_id\":1312962682765487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.67.129.44\",\"src_port\":443,\"dest_ip\":\"172.18.0.12\",\"dest_port\":35980,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.t56qv7.czyjsosio.buzz\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":723,\"bytes_toclient\":213,\"start\":\"2026-06-02T06:03:59.475311+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:03:59.749273+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":719},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":2957,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:00Z","timestamp":1780380240,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:00.100433+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":366},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1383,\"bytes_toclient\":4086,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:01Z","timestamp":1780380241,"ip_dst":{"addr":"Client IP","port":35982,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.67.129.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-06-02T06:04:01.781086+0000\",\"flow_id\":2098235175981213,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.67.129.44\",\"src_port\":443,\"dest_ip\":\"172.18.0.12\",\"dest_port\":35982,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.t56qv7.czyjsosio.buzz\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":861,\"bytes_toclient\":213,\"start\":\"2026-06-02T06:04:01.774301+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:01Z","timestamp":1780380241,"ip_dst":{"addr":"Client IP","port":35988,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.67.129.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-06-02T06:04:01.788483+0000\",\"flow_id\":847469832433099,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.67.129.44\",\"src_port\":443,\"dest_ip\":\"172.18.0.12\",\"dest_port\":35988,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"www.t56qv7.czyjsosio.buzz\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":723,\"bytes_toclient\":213,\"start\":\"2026-06-02T06:04:01.781771+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.332372+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/css/home.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":691},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":718,\"bytes_toclient\":6371,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.344121+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":672},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":703,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.345282+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":366},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":709,\"bytes_toclient\":1195,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.357038+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.autocomplete.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":685},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":716,\"bytes_toclient\":6857,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.377954+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/home.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":679},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":701,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.427405+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.lazyload.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":34,\"pkts_toclient\":36,\"bytes_toserver\":4069,\"bytes_toclient\":38934,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.573269+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/css/main.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6490},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":20,\"bytes_toserver\":1632,\"bytes_toclient\":22130,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.576235+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/css/fonts.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":956},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1360,\"bytes_toclient\":3254,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.579463+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main2.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6468},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":20,\"bytes_toserver\":1618,\"bytes_toclient\":22624,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.604125+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.easy-autocomplete3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4920},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":16,\"bytes_toserver\":1751,\"bytes_toclient\":16623,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.654773+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":666},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":31,\"bytes_toserver\":2436,\"bytes_toclient\":33197,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.661549+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.star-rating-svg.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":42,\"bytes_toserver\":4720,\"bytes_toclient\":44045,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.662143+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":369},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":33,\"bytes_toserver\":3005,\"bytes_toclient\":34332,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.689153+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main5.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":35,\"bytes_toserver\":2459,\"bytes_toclient\":40469,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.829607+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/layer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7641},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":15,\"bytes_toserver\":1928,\"bytes_toclient\":12122,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.876443+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/theme/default/layer.css?v=3.1.1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2840},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":21,\"bytes_toserver\":2357,\"bytes_toclient\":20558,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.106535+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2137},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":38,\"bytes_toserver\":3629,\"bytes_toclient\":40454,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.117970+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":41,\"bytes_toserver\":3083,\"bytes_toclient\":48105,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.119873+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6481},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":97,\"bytes_toserver\":3892,\"bytes_toclient\":127483,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.120693+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6475},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":33,\"bytes_toserver\":2981,\"bytes_toclient\":36258,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.123737+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7931},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":40,\"pkts_toclient\":54,\"bytes_toserver\":5410,\"bytes_toclient\":59737,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.130089+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":683},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":22,\"bytes_toserver\":2618,\"bytes_toclient\":19829,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.460370+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/fonts/icomoon.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/main.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":12752},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":46,\"bytes_toserver\":3767,\"bytes_toclient\":51523,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.467615+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aenpF2V0Er24c5k5Y9xJlCGg.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":45,\"pkts_toclient\":70,\"bytes_toserver\":6278,\"bytes_toclient\":78491,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.544822+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aTnpF2V0EjcKUsvrQw7g.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":52,\"pkts_toclient\":108,\"bytes_toserver\":5333,\"bytes_toclient\":139338,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.552598+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aenpF2V0Ery4A5k5Y9xJlCGg.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":62,\"pkts_toclient\":131,\"bytes_toserver\":6014,\"bytes_toclient\":170016,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.594681+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260412-1/10ed0bda9f5937c0057aa4c064b3c75a.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2145},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":66,\"pkts_toclient\":128,\"bytes_toserver\":7157,\"bytes_toclient\":163583,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.595631+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260513-1/25ce8cd3c62cfd14cd24621642ac937d.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2143},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":77,\"pkts_toclient\":96,\"bytes_toserver\":7400,\"bytes_toclient\":124235,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.712011+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260414-1/623ac2773c6d1c10228e0782cc135300.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2140},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":75,\"bytes_toserver\":6902,\"bytes_toclient\":84613,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.714547+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/133738d9222d65d0573cb1b664ed0689.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6477},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":58,\"bytes_toserver\":4391,\"bytes_toclient\":67221,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.782528+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260411-1/6f09b78fbb6d8cbbb96f2e35fccac082.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":54,\"pkts_toclient\":111,\"bytes_toserver\":5957,\"bytes_toclient\":142432,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.788176+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260331-1/c0bb4b287408e10b879ccaa45c871da7.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":64,\"pkts_toclient\":137,\"bytes_toserver\":6638,\"bytes_toclient\":177652,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.015053+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260506-1/535f393c35f065af21037da9c3cb4d6d.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":145,\"pkts_toclient\":170,\"bytes_toserver\":12380,\"bytes_toclient\":226983,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.122412+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/loading.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2138},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":81,\"pkts_toclient\":115,\"bytes_toserver\":9618,\"bytes_toclient\":138010,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.256671+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":194,\"pkts_toclient\":334,\"bytes_toserver\":16111,\"bytes_toclient\":461554,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.273194+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2130},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":200,\"pkts_toclient\":343,\"bytes_toserver\":17025,\"bytes_toclient\":469749,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.274211+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":160,\"pkts_toclient\":282,\"bytes_toserver\":13888,\"bytes_toclient\":384288,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.281105+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6482},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":163,\"pkts_toclient\":313,\"bytes_toserver\":14592,\"bytes_toclient\":428412,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.292216+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":65,\"pkts_toclient\":142,\"bytes_toserver\":7669,\"bytes_toclient\":183645,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.361836+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":401,\"bytes_toserver\":18430,\"bytes_toclient\":562190,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.497748+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/?mode=async\u0026action=js_stats\u0026rand=1780380243366\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2256},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":241,\"pkts_toclient\":414,\"bytes_toserver\":19328,\"bytes_toclient\":578633,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.506029+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/site/20260130-1/051465130733f4c8f57aa863a9a5bf42.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":216,\"pkts_toclient\":395,\"bytes_toserver\":18574,\"bytes_toclient\":544493,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.509679+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":676},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":842,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.520745+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":51,\"pkts_toclient\":86,\"bytes_toserver\":4514,\"bytes_toclient\":124836,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.521874+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/telegram.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":171,\"pkts_toclient\":378,\"bytes_toserver\":15579,\"bytes_toclient\":523134,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.529369+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":58,\"pkts_toclient\":98,\"bytes_toserver\":5546,\"bytes_toclient\":141490,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.550369+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/mail.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":14144},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":92,\"pkts_toclient\":158,\"bytes_toserver\":10799,\"bytes_toclient\":194218,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.721614+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":219,\"pkts_toclient\":401,\"bytes_toserver\":19342,\"bytes_toclient\":552129,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"js.matomotj.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.t56qv7.czyjsosio.buzz","ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":71,"request_count":60,"received_data":4250593,"sent_data":29344,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"js.matomotj.cc","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-29","domain_rank":0,"first_seen":"2025-05-11T18:34:15.112457Z","last_seen":"2026-05-13T12:03:02.116103Z","alert_count":2,"request_count":2,"received_data":69587,"sent_data":1312,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.cdn1.vip","ip":{"addr":"178.236.38.1","port":443,"asn":38136,"as":"Akari Networks","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-09-02","domain_rank":0,"first_seen":"2025-09-08T22:07:28.177277Z","last_seen":"2026-05-31T17:45:30.585765Z","alert_count":0,"request_count":1,"received_data":135033,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img.erpweb.eu.org","ip":{"addr":"104.21.92.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":3860157,"first_seen":"2023-10-23T12:11:36Z","last_seen":"2026-05-26T02:53:37.168228Z","alert_count":0,"request_count":1,"received_data":473186,"sent_data":469,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"js.matomotj.cc/matomo.js","fqdn":"js.matomotj.cc","domain":"matomotj.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67972,"data":"","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-06-03T15:11:39.380965Z","times_seen":16462,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"czguii.com/12/29724011?1780380242887","fqdn":"czguii.com","domain":"czguii.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"74bce5ee4893491aa35fdabc7b5f59cd","sha1":"36e9659a8242a85fc944d63e5c7bca2546e13d31","sha256":"2d47bd31b71723baa6f50e0c13866ba76bc88b6ebffd3d4a6383a888d8f29fc3","sha512":"f7d0aaf26025c928d100d8b246d02484c355ccb45e8cc0630908c53a20c31bcb9bb88774d93f1092074ef8b3c1ff055b1698dccb3e1dcec34924affba47c686c","ssdeep":"1536:7/0M/UBWJIVKoWWrobo76GH3bLHVVFllR1i5sCFya37oiHWS8sj+tFhIOMohyJNK:Bo77L/Syf","tlshash":"5e9320d4a29ad15f2b8c5d43fe78aade50b6972790c97347c398fa4d04ed24bc29c8c4","size":89547,"data":"","first_seen":"2026-06-02T06:04:36.887892Z","last_seen":"2026-06-02T06:04:36.887892Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9826beb059afedc3913eca60cdd57d3d","sha1":"c519578f7b92ddb2a2935782553a4a957f157096","sha256":"cdc355272ed3811de0d525701883585ea2cb4067b5645115dfd3c2cbc2ac0759","sha512":"cb16e3aff05c4ec2cb6347f6bfb5513683f1f5ad925733669dd1952e5b0a5a3390cf0e0071232aa06b334b6107e69c8cdff5f95fcc842ff5605fab9156f20355","ssdeep":"","tlshash":"0ef02b9ba2820c7016ab6637292823443c30d0071e23b942f90c11608f79e59c2bffd4","size":574,"data":"","first_seen":"2026-05-13T12:03:10.384086Z","last_seen":"2026-06-02T06:04:36.889083Z","times_seen":2,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:03:59.749273+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":719},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":2957,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/main2.min.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4568c5491bf930ba319299ce27c83b67","sha1":"eec434aa926e6ca58e5953b292adfd393b64c379","sha256":"53c5840c77e5cba02e6765a74fc9481c75fa7c517d64079958ff2a97b660b72e","sha512":"fa4b6f97e4d587b0eb7a54c5b8ba20aac2cf467d8c535ebcf98fa2640aea6f07c3ccbd214e827d23955a87617b9925af381bb6f1b343c68e2318883d88920ab7","ssdeep":"6144:R8hXcF+BQwD7lXm7QK7VhFJKGuztZDpQHdKpx2dSgCesF2IcTA+E:RAcoBQw3IhDJKGKZDpQHdKwCesbcTA3","tlshash":"0f74c8c1f3dd25378656701a5c3e98cc713da43a9a848cefbd9cb0a528a483d5376e39","size":363565,"data":"","first_seen":"2023-03-07T18:50:38Z","last_seen":"2026-06-02T06:04:36.887261Z","times_seen":182,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.579463+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main2.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6468},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":20,\"bytes_toserver\":1618,\"bytes_toclient\":22624,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.easy-autocomplete3.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"49fe4dd996e575254f1bb5727d460ac9","sha1":"8b85d8c02c3015501d1698fccda9fc75f456f714","sha256":"96abf633475774ebf73bdc392217e4b8fe17809bbb443c43d67bc694bea501cb","sha512":"e3f67d4c98a5614228bbe1b3aa516d7840fdb0c4b148e392abe0f14815f7b594f365db4a4c36a52d8745d55f6e51450edfd6bdf506e64001766cd66845096a74","ssdeep":"384:BzPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbc:BTTFxQKIM5KlmYVDYUTlmNpiMCMVMBSh","tlshash":"7b62a65c76d9710903a7717691ff000b713aece999094ca0e990c1e06db8eaf5277f2d","size":15824,"data":"","first_seen":"2023-04-17T04:07:28Z","last_seen":"2026-06-02T06:04:36.862549Z","times_seen":45,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.604125+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.easy-autocomplete3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4920},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":16,\"bytes_toserver\":1751,\"bytes_toclient\":16623,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1e43a9a6791e29fcff570582ded5e321","sha1":"0c4656f5fdb53d7be6fc6b4afca7b248ceec2de4","sha256":"3cff9291c05653aedaf94aa7fc6cca59ea714f7d2306921ee1dd4644ae1357d1","sha512":"4929ac7cc31d5b80b268f1be9cc8ca12e5aa7a9941b789ebd0a9b23a47f6438c5f65a74742973effadab7f4ca48981cc305a5d43181736f84f15c7ac9e80fca4","ssdeep":"","tlshash":"d8a002a45a6fd0478c8733d55b4e562217ee76a440bf0b45d649ed09c64f4d0831d8c1","size":71,"data":"","first_seen":"2026-03-14T04:14:57.563118Z","last_seen":"2026-06-02T06:04:36.890466Z","times_seen":3,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"99512042e6c259f69ff273e6d1753b2d","sha1":"07016c1537d93159d21aed28df5737d55e486f95","sha256":"c473032a439cbf279c1a54e06d91b842201250aa884ce3d1a6f5b56cea0340ab","sha512":"ea8d77221347ce8a1f269f71247f186f28ccccf3f35e15db996b4cc83f8faf9cec497c569032a71833976c3c4399fe9eae0443b069a4a1b3de4317dafb569825","ssdeep":"","tlshash":"20a024341c1c7570c507107c547f505c4331301031107130c00c044c3543d040111c44","size":69,"data":"","first_seen":"2023-03-07T01:11:24Z","last_seen":"2026-06-02T06:04:36.891041Z","times_seen":497,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"b3hhv0k.com/12/29724011?1780380242886","fqdn":"b3hhv0k.com","domain":"b3hhv0k.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"74bce5ee4893491aa35fdabc7b5f59cd","sha1":"36e9659a8242a85fc944d63e5c7bca2546e13d31","sha256":"2d47bd31b71723baa6f50e0c13866ba76bc88b6ebffd3d4a6383a888d8f29fc3","sha512":"f7d0aaf26025c928d100d8b246d02484c355ccb45e8cc0630908c53a20c31bcb9bb88774d93f1092074ef8b3c1ff055b1698dccb3e1dcec34924affba47c686c","ssdeep":"1536:7/0M/UBWJIVKoWWrobo76GH3bLHVVFllR1i5sCFya37oiHWS8sj+tFhIOMohyJNK:Bo77L/Syf","tlshash":"5e9320d4a29ad15f2b8c5d43fe78aade50b6972790c97347c398fa4d04ed24bc29c8c4","size":89547,"data":"","first_seen":"2026-06-02T06:04:36.887892Z","last_seen":"2026-06-02T06:04:36.887892Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"893a87340e43112ef5a3c6deac797c48","sha1":"8188ae88fe593cff28423862c229242f8d4116f0","sha256":"d23d29557a0c29a6636fccde1281864c9465c5ad801f2a86387fde2fb1068f6f","sha512":"48ef5a38a5e0fced62fc052618a0332bbcc4d83c33259632b2147230e9e368bd8169e044bd7f95580561360f5a4ca18b605162a81fff1dda40af374071d9ec9e","ssdeep":"384:AKvetVf+7GTipTodhInlHHiJRrhvM1u2xs/TaTC3iigsv/UHX57:AKIf+7/ToYHUR1EFYTF3L7257","tlshash":"bba2d6ed6562152895ba62e52ebf315cb0b330232d29ce477b1c90708f600b565bfef9","size":22379,"data":"","first_seen":"2026-06-02T06:04:36.891593Z","last_seen":"2026-06-02T06:04:36.891593Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.lazyload.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"86480273870541651834dab2e9e488bf","sha1":"dfe2a7e89f04fb699763c98a9e3364733d9a70b8","sha256":"accd3b501496ebee2a781b90f289a7936e36f401d0a31a933d20ea133b09a302","sha512":"170a8d3dbf043455c0a4928d811818ab9a24ed5a0e7f922668e773c85ff17bf4f98dd77f4b4c6ad025c12c3869cda7a6c6943ad57de72d5967e8a69ccf084a80","ssdeep":"192:dZDJcN8nm2SMbtZ3/JydOwS3YJmesi7idSQVUMoA4UykYK2NEbN2OSTcTWZfTBT2:f6Cx3/kkwS3YI3dfA1LEbNn","tlshash":"6a12238a39d6642ea027743ddb5f1309333ac457116cdd307c7c4b84afe497652e1ada","size":9056,"data":"","first_seen":"2023-03-07T16:50:25Z","last_seen":"2026-06-03T03:12:10.623539Z","times_seen":231,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.427405+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.lazyload.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":34,\"pkts_toclient\":36,\"bytes_toserver\":4069,\"bytes_toclient\":38934,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"76b4f7085980f427d6cbb626af4ee32c","sha1":"2baec5c49e38bd1f960c5693c2bd883c266803a3","sha256":"2e09fa55de1174709ac7f248682f4e9a08b5aa38eb89ca2a43f3d7bfb4d2c840","sha512":"99d6237c4c8f86d82247939a0a2ad3b446ef1c7be3de6c3b7ffaec9bf34e1f23f50af1405a60fa4ada738ad7a18053b15e5cb933b37a03fd75b0114d84dcd8a3","ssdeep":"","tlshash":"2951e082a3c80b65e9590ce51368765b54f1e46f303536e4ebf3239bb93a998bc18374","size":2810,"data":"","first_seen":"2026-06-02T06:04:36.893461Z","last_seen":"2026-06-02T06:04:36.893461Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.star-rating-svg.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"af607d2208a57968ab7047f42d2e82a5","sha1":"299c7600893333c708212f8b65689d748a148a8a","sha256":"32a1ee2fe595384779fa1dd2c03d8848ee19bf1cf52d3d71f688274e474bae2d","sha512":"08c1775e17dab988c03378ef2b83250098ee91b32c456340ba938b7a0de0abfe3d851e4f3b86244018db7c6e5c6ec322e8f3e6b342163ec6114540130ec9c939","ssdeep":"192:RXD+KRXk6nAzDEf6wuN4yiphcbqmnBOSC33LFheOBSPYZWjMtUxoMf1WHj3lmmnm:0Km6neoCFFASI2rPYZW6+","tlshash":"3b324219bbeb102dde63a1558f2f164532be405b0912ea0c7cbc91d0cf9685943aeef9","size":11850,"data":"","first_seen":"2023-03-07T01:25:11Z","last_seen":"2026-06-02T06:04:36.877411Z","times_seen":234,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.661549+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.star-rating-svg.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":42,\"bytes_toserver\":4720,\"bytes_toclient\":44045,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0d04bccc1b6d80a1cf39f74e88232b85","sha1":"6484e644cd1b4283d3dc73c03267508ca8cc019e","sha256":"cc6e3304bf112adf93f7b13f1fc234f2451ed1da683f10a67128a94e08d0170e","sha512":"d1195cfba410c1384fdb31d38b37b521793b0121afc5cf3cdd256c00c7c019d4e5695263ed5df6e95f39650d4d1cb3ef472979c20558c24149d52e260280b25b","ssdeep":"","tlshash":"5e11716b29c228d9277b30688bb72109e04519732c16bc637d9d45a51fbf21ea251b01","size":1068,"data":"","first_seen":"2026-06-02T06:04:36.89579Z","last_seen":"2026-06-02T06:04:36.89579Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"24a7b68370a1c3018e2280f25b7c852d","sha1":"1e451746ea6d3622c7464b7ba93947ebf00b1113","sha256":"f05406b0941b6effc8f40b2fea21800137100573083e7b68497497899ee28b97","sha512":"61e299878060fa763678030cdc17fe3db890548b67ce24abec8ff7be73ac01a30d6cb11e7ed5021234b35f89e52b21593b8c0d3f5d9bc0f96973d5a7fce6514e","ssdeep":"","tlshash":"0d016d4916a768ea211b3436cfc9b414f23492331149dc04fe1c8710ef9353aa3e9f49","size":839,"data":"","first_seen":"2025-10-08T08:14:43.768734Z","last_seen":"2026-06-02T06:04:36.896991Z","times_seen":29,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"893a87340e43112ef5a3c6deac797c48","sha1":"8188ae88fe593cff28423862c229242f8d4116f0","sha256":"d23d29557a0c29a6636fccde1281864c9465c5ad801f2a86387fde2fb1068f6f","sha512":"48ef5a38a5e0fced62fc052618a0332bbcc4d83c33259632b2147230e9e368bd8169e044bd7f95580561360f5a4ca18b605162a81fff1dda40af374071d9ec9e","ssdeep":"384:AKvetVf+7GTipTodhInlHHiJRrhvM1u2xs/TaTC3iigsv/UHX57:AKIf+7/ToYHUR1EFYTF3L7257","tlshash":"bba2d6ed6562152895ba62e52ebf315cb0b330232d29ce477b1c90708f600b565bfef9","size":22379,"data":"","first_seen":"2026-06-02T06:04:36.891593Z","last_seen":"2026-06-02T06:04:36.891593Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6b881a0e901e316130a869a9a98151c","sha1":"d46791463b933913dfdd3714dc09899f7ec336a1","sha256":"8a90d005ee2eb33977ed783f94b5ac48b6deab7ed7b380cb83d7821692c1c8ac","sha512":"a2b99cd8afe7fe31590e257ff2f3131bc5856cbbbbc862795abb2e2afa41f7bf2e03653871f2aa6cae57705f4cb16da40ed6cd1be14c4749ed74efdbfff577fc","ssdeep":"","tlshash":"4a70002088ac08830802230000a8028008a200888882b0008c02020000000020300002","size":22,"data":"","first_seen":"2025-10-26T16:56:41.094227Z","last_seen":"2026-06-02T06:04:36.898274Z","times_seen":12,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:03:59.749273+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":719},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":2957,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/jquery.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0fca26b5a37a66d68d0f4406976be4b5","sha1":"ee000eb654b3bd37185665d3901e93b34ce1aa52","sha256":"8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18","sha512":"cf010995991a8f8b50cfb4b466d3b457b0a6addc4f2fd96c48c33d40ac251de400894828ccd99662b13fc9ca25c676ef0aee05faa4910530ff9996d03c411645","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp94:t4J+R3jL5TCOauTwD6FdnCVQNea98HrF","tlshash":"7a93d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","size":97162,"data":"","first_seen":"2023-03-07T01:06:51Z","last_seen":"2026-06-03T15:56:02.963749Z","times_seen":7323,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.344121+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":672},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":703,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/jquery.autocomplete.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","size":25108,"data":"","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-06-03T17:04:22.011732Z","times_seen":20805,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.357038+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.autocomplete.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":685},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":716,\"bytes_toclient\":6857,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/home.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ee4a07d1d8a29b1139b1f3366413953","sha1":"6aadf5f8c72f7fdc9928b72089128d72b8e3b1fe","sha256":"909db584f9c933c475b26510266cdd41be56178a43ec23447b5c6341713ac9a7","sha512":"92e6f97c00561e0e5dfa1d2ae2ee9e6d685c0eb36bcd614097671a5ae743ba74597652fe8c005d096794a0759dfdca463e0c31ed50cda0ff8c251fefe3968bd3","ssdeep":"768:hR0cTTu8ehbZLbhpa6aeb7z9SsbhkeA5gr9GiSo5E7Iw4TQvD:hRZXdeC6URiGD","tlshash":"11f2b55d7af3146050b3317a4fbf59042276815f190ddd88fe2d11a48fc4a4eba62bbd","size":37483,"data":"","first_seen":"2023-03-07T16:10:40Z","last_seen":"2026-06-02T06:04:36.859868Z","times_seen":1645,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.377954+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/home.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":679},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":701,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8be8f9e911ceb446247841813d1905b","sha1":"7253b77e313038c126815f348c189a5d5f84efad","sha256":"17d21a017fe1c684c50719a3bc78f02af23f919825a641d517500e6d878639fb","sha512":"89d925585817e189bfb91bf17fd28ff83adfccd1a2264ba6c5c68a315c92625dcf7281a8c0352bcebc6b8d4cef35c0b264cf8df2bbf636c2025ca4fcc1c41539","ssdeep":"","tlshash":"d5f0051248ef1dfd213a627f3d7e8d2c73eb2c1ea4a0c0007d80d415adb2a8146502cc","size":512,"data":"","first_seen":"2026-06-02T06:04:36.899777Z","last_seen":"2026-06-02T06:04:36.899777Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"819830d39cb8b02a62ca52a94d243675","sha1":"fce11b8ed204c9a80820f99bb08ed997c53ad2ee","sha256":"95d4724bb6d2ae1ad1c255a03a865e13fc96a86528c30bfb90c2c50023c406bf","sha512":"4d19fc3ab46b586fcf87be4f0d9d2bdcdc95a5b713e8753f1347763396b956305ae876cf76cf397719d16d6fa97b7678e84981d282e7487af15202156cbf1440","ssdeep":"","tlshash":"e201463977a76011a09774652a3f2b5c6b3f4250c420410f44cd88be6891d53c1baf91","size":806,"data":"","first_seen":"2026-06-02T06:04:36.901267Z","last_seen":"2026-06-02T06:04:36.901267Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T16:53:21.202667Z","times_seen":359233,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.654773+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":666},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":31,\"bytes_toserver\":2436,\"bytes_toclient\":33197,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d6d70e73af503321af354460bdf424fb","sha1":"7cfc15811dd16cc175875224acdece8a9637f181","sha256":"4dd38d11b74f166a9ba5b719cc852ba05b76e4564771d7425cd75dac6ebbcd8a","sha512":"edce03f407ebb789315b9b73ef10078e1e78ac72e4f4b03fb57bd96084783aed4714eba7d02c9e90442e2e8eceff3a81c62d3c682dba0ca3359e67b279c49f8e","ssdeep":"","tlshash":"79219b29007b14ab192350b96f8f61e53ba40053715dce113f8ef2abaf8da354da1bc2","size":1266,"data":"","first_seen":"2026-06-02T06:04:36.902605Z","last_seen":"2026-06-02T06:04:36.902605Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/main5.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1843392d7f38cc141b50fb03a3cf830f","sha1":"b32de91f7e13b9e8be43bc50de53974378627fd7","sha256":"e35374fbe8f6f0823f09f9dfdb252d27e58bc6e3e2d9ae01319c487acffcda8b","sha512":"8008ab529d56f0d1bb6ca16d5be8abebbf256c5ed1d9cdb8b38b75ac55cac7735de87b65c97c72d9cc69e66956720e51a5f09f8947f0d56870a98436e68661c8","ssdeep":"192:1zzJbyNuQxYw7NfFmAbVDTiZD8FIzQLaphTo7H+1QISaVH7Q1ylN:1cUOEAR/iZDnbEG","tlshash":"d3125309f9f224a160bb347b5bffb080392954171109df50bcec97945f8466ca6b3aaf","size":9213,"data":"","first_seen":"2023-03-07T12:58:08Z","last_seen":"2026-06-02T06:04:36.873413Z","times_seen":182,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.689153+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main5.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":35,\"bytes_toserver\":2459,\"bytes_toclient\":40469,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/layer.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0c975e34297f3e44e99c9d83555ffc1","sha1":"7e465bd79e65428cf07e5991196cff512ce44a4b","sha256":"691aad750624d84b17f2fbb73a4982860edd18837f3000c5b660ac82bf408e82","sha512":"1d9dcd7e1afe695e5716ea55f9a5a3e3aa45852722b4e1a2653ebd3f3a85c8b7a34b15264751f5ee26ea56ee49c8683a00d771197d8b32d9ea53d842d6db3b79","ssdeep":"384:41xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:41EiV3i+WtXItqF13k8","tlshash":"56a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","size":22104,"data":"","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-06-03T07:54:38.149693Z","times_seen":5624,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.829607+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/layer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7641},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":15,\"bytes_toserver\":1928,\"bytes_toclient\":12122,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0570c804aac22324d7702a38a1dadc92","sha1":"4d03ba0e1939744bdda2e47a8c173d55b0e8bc5d","sha256":"a6eec1d1e441e5a40de4899c80892ae5ddc6a05b4e705eafff527d9dd2215092","sha512":"02df9bebaf68e460f6c5b458740707d2161b361d7c716096bd852e04759fd9df7190c96d4cf9847b723cd8dadeb286cf979ccb4bcc35d15cfdec97c84077798b","ssdeep":"","tlshash":"f701f7147fb12971f47aa0fd4e8fd6591a158513a009dc497616dc40dde1a378db748c","size":692,"data":"","first_seen":"2026-06-02T06:04:36.903837Z","last_seen":"2026-06-02T06:04:36.903837Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cab1bf616cffc492aedaad04e317665d","sha1":"0aeaca9030846c03fb0b27472f35f5b0d3bbf7d0","sha256":"162c94c68c4436cdd2cf8d2aa1b06e79f41f2a57df15a729404b8d93c8d26abd","sha512":"12b2e86edcf3d03f2d0e93622f35f28ba9751c48663103142435af9f86254deda8ca4a774edde17d679757fcddf327a863f4b28b5baf025f706d11bf5b7242fb","ssdeep":"","tlshash":"6cb012adf9d046e6d0f23194303f844468459c02222f2e00908c01001fdc57842a3335","size":99,"data":"","first_seen":"2025-06-20T17:03:47.29743Z","last_seen":"2026-06-02T06:04:36.904891Z","times_seen":1318,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/css/home.css","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.110Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/home.css HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 02:59:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c1e85-5337\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y6%2Bz7LdZU1zXnQjW0tueh6XVxr6Dkkc4cyCn1V8qkGQ8YPllomy7TXWXH9i6ca67iRfLpe0apRaGupxT1Va%2BU09m8zUtpLAYTl5DUcEwocc4tYyYWsfK2FvG5%2BN%2FV5xI1rVS3aM%2FKeTcIOFl\"}]}\r\nCF-RAY: a05442212ad33181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21303,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (310)","md5":"76033e849ea3eaaaf2ee30234c201d42","sha1":"2ebff75cbb0f01f21541591f5b913b1ad807bc8c","sha256":"621a59634240b148bf71d280734527cf1f5bcb73cb363670d3e17a79dd2aa127","sha512":"3b626747f35232f4eb4ed0980f369f1bbb734edba096f6e4408717b925a9f0c995e7048e27dd22447140a3e068d115aa67d11a0654194feff7d178a01bc4063c","ssdeep":"384:XnyduJhhJQInrPgLZiS0Wa2N79nI1SaEAsVWkcEMtEUphhl6mPJZRBL5HvMPf:ikB5Sqq79nI1SaEAsVWkcEMtEUDhl6ma","tlshash":"efa28422d6475c0db12be5b07c6a5bae334f5067a6073bacfda73428c18d2b80532789","first_seen":"2025-04-07T20:38:33.162771Z","last_seen":"2026-06-02T06:04:36.832792Z","times_seen":2895,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":228,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.332372+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/css/home.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":691},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":718,\"bytes_toclient\":6371,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/jquery.autocomplete.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.114Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/jquery.autocomplete.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 02:59:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c1e85-6215\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6BxVtk16SeOz67wyFu65o2tbYKSYH4jSCSgRZ0JCgijRL7XNfFzpu1owhEBq5Ab7ZkRvrSnBw77bDgD5TZbdsfU0HHIqNAXGKj0Bc9E94LZA9KuSVDd8C4EjjyqDrVAbrxSGS%2FraIOe0Xmoy\"}]}\r\nCF-RAY: a05442212dcd0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-06-03T17:04:22.011732Z","times_seen":20805,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.357038+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.autocomplete.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":685},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":716,\"bytes_toclient\":6857,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.208Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 04 Jun 2026 06:04:02 GMT\r\nCache-Control: public\r\nVary: accept-encoding\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GFFPq146hSvQu%2FTVn3Fm8qAOJI8TrR11k%2BtVEVLHiKeG%2Fpe18nppstyhvM%2Bz6Hd7%2BrKFIJVlwGNEOrb%2BWf3A3KErFG68b%2FwOXF7DgrGgr7eXlymDzZ3XkTmyu%2FwCKRNeU2RBSRLKWmC64ZeR\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: a05442249daa3181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T16:53:21.202667Z","times_seen":359233,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":445,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.654773+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":666},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":31,\"bytes_toserver\":2436,\"bytes_toclient\":33197,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.487Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/jquery.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LWAzudfGk4optbLj%2F%2BY9LCQU6kp%2BeneLoBrsGRIrtW7Em9XyvD86x6ztB8mOPCuWK4dJMydUk4pc5Kd85MnoggoVxRtUzbBEItiKcZxDV1CJp6QDn9rcusubnBQGnR0pDDcK4YZ9MKD9ddIY\"}]}\r\nAge: 0\r\nCache-Control: max-age=300\r\ncf-cache-status: HIT\r\nContent-Encoding: gzip\r\nCF-RAY: a05442249dba3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.345282+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":366},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":709,\"bytes_toclient\":1195,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.662143+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":369},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":33,\"bytes_toserver\":3005,\"bytes_toclient\":34332,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/favicon.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:04.876Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/favicon.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1; _pk_id.27.5e61=9f5e0374c2a18f08.1780380244.; _pk_ses.27.5e61=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:05 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 10:26:24 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c8750-721\"\r\nExpires: Thu, 02 Jul 2026 06:04:05 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uaPQ3t1KRg0%2BPYhOt0PdZiXGISN9BJ6TmdJ7XcdGOkcWyhCp2I18mZlP9F2Y8CjaUw%2FLJIF0yrpWTMh0csiAG3UzF9BBxhu0u5V7Pv4HSdafKYWRhY8ZPqpJDlAC6M0m4ujiT69Iqrgbx2KA\"}]}\r\nCF-RAY: a05442327b3b3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1825,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=Greenshot], baseline, precision 8, 55x58, components 3","md5":"31f81c74ff9ca349fa71fa786e5b83f7","sha1":"859122a09408fc8f111e890b09b8146c40eb8c7a","sha256":"638bc54b8fe918ec96ff92bfed527ea454562ef56e90567bfe83a3a3de60ff60","sha512":"550ed087c94f39dbb18d3f3c4a3160593bbfdc846bbcd85f439c492e2df7a7f3b317549c64a03112bc77b6a3276e0218bbdeb2d97eec9315f8317e8cdc1e63ac","ssdeep":"","tlshash":"b3312bb967eddc10ac226e7f842781f250fb6551f4a43346168139d2414ccc19011a0f","first_seen":"2026-06-02T06:04:36.838233Z","last_seen":"2026-06-02T06:04:36.838233Z","times_seen":1,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:04:01.773Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /channel/ HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":9,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":6},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/mail.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.204Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/mail.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:32 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c072c-6baa\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vOzu23HuW0zwdxOtcCYK77KWwONRu68pyILiWr7O8RCzGCOhWlgQFdrO%2FUd%2BdSC4w0hqE43OjDsE1O9e6DWQPFVz5j2STR%2BDEtJ89KOdUCV1xeynG7%2B6qcm2ltEYZvHiecraGpvRuzHxH3h0\"}]}\r\nCF-RAY: a054422edf6856c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27562,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"61bc6499c49dbf0a7bd23d0445b5f803","sha1":"f49a7c38c5386403b5401319259931aca35977d1","sha256":"b24ce54a48864298c75d2dc9cb8767ac93ae52423a6690144824f4a804d1dc44","sha512":"a55582a6bac8e01f6cf9c010b13a96b43a3ba259c3b204fabf3cd21464aeecf473abb59cf5c2a39881d2b03182784b0fb097206244c063321af20572cf73670c","ssdeep":"768:DQaMR374Il78JZlVqu/9lH8yiiIVn4a8eIjyIbwM0Ebwq:DQaCNKvlVlFnsHl8TRBR","tlshash":"d1c29caf61bd4c652dd0d23e6ffed2e0b1d432e57a323a415221c7112e6e0db72a8785","first_seen":"2023-05-02T12:24:43Z","last_seen":"2026-06-02T06:04:36.841817Z","times_seen":523,"resource_available":false,"data":null}},"time_used":2453,"timings":{"blocked":2092,"dns":0,"connect":0,"send":0,"wait":254,"receive":107,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.550369+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/mail.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":14144},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":92,\"pkts_toclient\":158,\"bytes_toserver\":10799,\"bytes_toclient\":194218,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/s/k2d/v4/J7aenpF2V0Ery4A5k5Y9xJlCGg.woff2","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.988Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/s/k2d/v4/J7aenpF2V0Ery4A5k5Y9xJlCGg.woff2 HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SSlFxogjw12LPJl15e6GcTBB33yG39WAt8xKLru0e9mPaaVh7Hv1BIL3vGPLf8j5Nps5WoTiyR0XmJ%2FPEE3rqr7XwUObRmOfzKSPurlutnw9I2tYCyf6D%2F662EMCIOm3uX18mSaViEPquasb\"}]}\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nCF-RAY: a0544228da950b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":565,"timings":{"blocked":348,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.552598+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aenpF2V0Ery4A5k5Y9xJlCGg.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":62,\"pkts_toclient\":131,\"bytes_toserver\":6014,\"bytes_toclient\":170016,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:04.448Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1; _pk_id.27.5e61=9f5e0374c2a18f08.1780380244.; _pk_ses.27.5e61=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:15:23 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4cfb-226d\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pe%2F6g2MW9M0OzoB89rX5Tr6MLJhIx1b%2BjaKrBHusgLewXSb8%2B57kNOuVOWwXNc3WWxDkBAdR6CpGs%2Bm3LqYeDWaD2D8%2FM2%2F01Fzu14FddKDEdh89Pvo9sVs7ceU8iUAnX2iMWSD95CyL7KMy\"}]}\r\nCF-RAY: a05442302c033181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8813,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x180, components 3","md5":"956bd095007dc08a722aaf9c9542cc3c","sha1":"3ffb88d79e6f0299c349c46ecb9a580157091641","sha256":"2ceb87b6f7afb43d125fbd6dc947b53879fc944cb20d52b3413b1eeb15e51686","sha512":"b742f737f217fdd3acabb9acce368516d0b0ba890af096c33de18132ba44713c94669961a2492d59821516c4a6de7cb8eb7d478ac852cf749c91a92db338b904","ssdeep":"192:BxVJb3SwFsjtYniT/owZKZJtnlNbfHq9HMvGy1xJ4V/+jsS1qF9:H7CwFC5KPtHbfHq9Hzy/aCT1qF9","tlshash":"9102bebfe7e0755318c504f9ef081ab4ee6438185f0c79821d9ae290cbfeb156b95293","first_seen":"2026-06-02T06:04:36.843035Z","last_seen":"2026-06-02T06:04:36.843035Z","times_seen":1,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.721614+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":219,\"pkts_toclient\":401,\"bytes_toserver\":19342,\"bytes_toclient\":552129,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:04:01.798Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /channel/ HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tAWiBQjITYcUv24KevWPVx02yQ9SM4uexX2KOw%2BNpUKsMR27bckc4uoh%2B2jr%2FZqZnVddgsmrjfd2pyfW8Net8D3BFudlyeEO%2BwCNNKVSG3ZN5m%2BqkANh6U%2FK5u6oDBwWWTkTTP4gM13tcKYA\"}]}\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: a054421f3f3256c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":303947,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2904), with CRLF, LF line terminators","md5":"400aa773c5a0605c62179cfaf473938d","sha1":"bf830a54839082ed136390e794ebeac9eb623c65","sha256":"25fd7aa1d77963d1ba779822f259ffbd52f7f6db61b9c0b14c2edd03f1b66174","sha512":"08084264dc37f472d12ee663730777935aa8c5023a57bb1d061ad751a2c111fe9b282ab71230e6ec3c2337467ab0253994672b4998d7f0a0ad1de0444d57abf4","ssdeep":"1536:BAweNBkZ3uDI08As3bAm/56+iNL4x3cG7rRrU9qUHFOQCuv2amjjUfFly+QISsrT:BAweNBkwsw1iknj","tlshash":"0c54ad6119a17055c1f2d1c618b2c62be2e1f137ca9ac51477ecae877f86fa2fc4606c","first_seen":"2026-06-02T06:04:36.845344Z","last_seen":"2026-06-02T06:04:36.845344Z","times_seen":1,"resource_available":true,"data":null}},"time_used":379,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":263,"receive":116,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.060429+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":812},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2105,\"bytes_toclient\":10279,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.197Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:15:23 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4cfb-3aff\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9TerOBbnHAcnXEjTOJ%2BdRPZO%2BmdP1%2FZgPTfOHXqUvtQxt309Nl%2FkUYqyqe8xdG9DFahHWcVfim5SAl6GfEQ9qNKIA4lwZjDeNaIx2ubpEm5nGtW%2FQisOIW0n0lCFaBCsrUsw9%2BRe%2Bk59oCOg\"}]}\r\nCF-RAY: a0544225f8c10b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15103,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"a17796bef68775c75d0aaddc7cb2ca62","sha1":"fbc5940e8dd19bc64f524014b6e4d4badb13269f","sha256":"f25812995d78b9d5299f8241bd351cb65044dd609d351d417be89645be469072","sha512":"f065f38de7aada402a4df6965c2b1a625d13aab9609a3ea0d4594a5f50e27e849bd30986d39b3f47e536637c2c081e34c66c8bedefb5472aaadac38ec22afb53","ssdeep":"384:EJpzUqdS350wwj02GET9rBeMU7bwNYjM1yMa0i6MWdvB:8pzw5/i0lkrBeN7NYyl0i6MWdvB","tlshash":"a162d0dfbf40c260832322fe6148d4bd32a79570be90f92f1d88ca1c0f61c842e9a498","first_seen":"2026-06-02T06:04:36.847306Z","last_seen":"2026-06-02T06:04:36.847306Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1021,"timings":{"blocked":680,"dns":0,"connect":0,"send":0,"wait":244,"receive":97,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.120693+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6475},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":33,\"bytes_toserver\":2981,\"bytes_toclient\":36258,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.520745+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":51,\"pkts_toclient\":86,\"bytes_toserver\":4514,\"bytes_toclient\":124836,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.matomotj.cc/matomo.js","fqdn":"js.matomotj.cc","domain":"matomotj.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"matomotj.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Jun 2026 23:14:15 GMT","end":"Mon, 31 Aug 2026 00:13:02 GMT"},"fingerprint":{"sha1":"AA:DE:12:AA:B0:2B:A4:6F:50:0D:40:4D:28:90:A5:D7:84:6A:4E:F2","sha256":"EC:82:FD:42:BA:CB:69:B2:12:1A:16:3C:21:20:C0:2E:65:25:83:CA:D9:5A:7E:29:50:39:CB:A8:49:98:19:DC"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: js.matomotj.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:04:03 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 31 Oct 2025 01:48:19 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"69041563-10984\"\r\nset-cookie: server_name_session=9e1bfb50896f8f3ab05a6368f5987a6f; Max-Age=86400; httponly; path=/\r\nexpires: Tue, 02 Jun 2026 18:04:03 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DlnzQkqfd9Ae3SBtjc319YB3AC2SbeWiySzKJibZTRFflvYPR456C9wRjfws0qO%2FJhLVbVxZVVJSJXadYhe2GLyQgwPgnQD7x7nP0Ndg4xHFua8ohZjGYjPXhF3OTwjf%2Fg%3D%3D\"}]}\r\ncf-ray: a05442267bff7130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67972,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-06-03T15:11:39.380965Z","times_seen":16462,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":58,"dns":41,"connect":1,"send":0,"wait":379,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"js.matomotj.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.649Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 10 Apr 2026 08:12:41 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69d8b0f9-2055\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lz9j0XI%2Bx7Eph%2FCEL8LQsRRxFFyr%2F4DKTfhNjqGnYsVyk%2BtJdiuLB4FAMsC9PWBWxS2D6hBkMMcPr2DmgtK8ja%2F1ash66%2FlVV88VvFgctm%2B0YO94455bfDAMn6P66d8D8o4K5m%2FW7p%2FdHLNA\"}]}\r\nCF-RAY: a054422cefe43181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8277,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x180, components 3","md5":"3b440cca6f31ec43eba8dde2cc8f70d7","sha1":"35ea1ca28df7d17f7fb1d02a9a4c9bba3f1ac90d","sha256":"023c32837d963bcf9410ee28506ca45fa48adc6bdd092dbddc95f9dfb6c8b183","sha512":"3cb5a66cdac1680e09251706dbf9d94f2d7ea8af9885e4d0f20d378d8c83cae8677788bdb503283b08681b0ee952d730b74abffbe76505e8269a2c8f89a9f763","ssdeep":"192:xS6TC9ZkgThxQQBjeFpxLMgCiZROKmlAFuM/4MbarBiNsHFPJAC2I:fC9qpCgCiKKQouM/9barIWlPN","tlshash":"1d02af091b530ed49bef2f7b5db79b9dc84a4fbd90fef0b19c265642c1225941a34360","first_seen":"2026-06-02T06:04:36.850581Z","last_seen":"2026-06-02T06:04:36.850581Z","times_seen":1,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":333,"dns":0,"connect":0,"send":0,"wait":281,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.256671+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":194,\"pkts_toclient\":334,\"bytes_toserver\":16111,\"bytes_toclient\":461554,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260412-1/10ed0bda9f5937c0057aa4c064b3c75a.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.157Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260412-1/10ed0bda9f5937c0057aa4c064b3c75a.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Sat, 11 Apr 2026 16:45:42 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69da7ab6-45599\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CJL5TlM0GfqdJyaaOq0AxTKitEfM9TPKqi7D3GhMCxNTgHduqOPSyAzKrCHGPzFkf6GxMyGGTfr9M0mCUmmkLqZn0FgCYmao30u8NSDhOLSyn6UNtRNGby89lwgIvnJrMgHkonJMl67N4Wvd\"}]}\r\nCF-RAY: a0544228fa893181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":284057,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"0a188ad409bf86ec50cebea96e6e3a08","sha1":"a0b6a4967ac09d118d52bcddc3df68474c910318","sha256":"dc31e983d8d49a1ad4bac964d7e68c0717757be832f4a89c7f51320548fec90b","sha512":"1aa4164fdc832f04151fe04967fb408926431a6fac7e0083040c26f4b500174a3ecbc2510c1925eede1c6edeee12430f99261b2bdbf0178fe8425e84ef314158","ssdeep":"6144:8OBQYkocR9UNwsPZE6WZKw4HMpbPflWgPsf8AkXcef09w:sFLUN/tWZKFHMPflWAeCsG","tlshash":"a254234e5d110e0882d0a34561961f33941e9b6b62f6c4ea3157fbd6e6ff0f8892cd87","first_seen":"2026-03-22T23:58:00.106054Z","last_seen":"2026-06-02T06:04:36.852474Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1824,"timings":{"blocked":1201,"dns":0,"connect":0,"send":0,"wait":236,"receive":387,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.594681+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260412-1/10ed0bda9f5937c0057aa4c064b3c75a.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2145},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":66,\"pkts_toclient\":128,\"bytes_toserver\":7157,\"bytes_toclient\":163583,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.653Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Thu, 28 May 2026 16:50:02 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a18723a-4f7c0\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ffhUXQNz%2FyAtXJUFZQm8cS5K29nQw6ttZ104hlbC5s%2F9WwD5WeAJOSpeFMd01PPe1pQXI8pdI6D%2Bk4ZdsrDyLq%2FoRwzic06hxbH%2BpMyZsZoX4BeUpbplN9FypVxiMeY0f4tDJvGp1d78vRFw\"}]}\r\nCF-RAY: a054422d2d5f0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":325568,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 852x480, components 3","md5":"c320248eb217d3fc63f080a4ab5dab42","sha1":"4db2c70bb4ea064783f1cf9377c5d2723b952f50","sha256":"76437aae6e95511cb96869106733e51f120323cd480ff31485667207a368baf3","sha512":"f6678e879180a7bfd96e31e0c5f08a168ac897c39c4f29a410aaad3e12cc69e84116dd3dc48911302514800376c66085acc42fb11980ef25820e117e77a2abac","ssdeep":"6144:EoHreFXxFh2zKh5oFiy5ufdAsZQJl7J4mPJZE7OnMbdbEke9qV32BT7JnPW8jNO7:FyFXxFh2uh+FRuVDW37um87OnMlL07hY","tlshash":"3a6423189d0ab13afab565749cc9db3b9ce54d48498e874c0a23954ecbd1bc3c9b278c","first_seen":"2026-06-02T06:04:36.85353Z","last_seen":"2026-06-02T06:04:36.85353Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1027,"timings":{"blocked":377,"dns":0,"connect":0,"send":0,"wait":263,"receive":387,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.292216+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":65,\"pkts_toclient\":142,\"bytes_toserver\":7669,\"bytes_toclient\":183645,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.656Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Thu, 28 May 2026 16:48:45 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a1871ed-2f06\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DISxbqpBs%2FPaMp0GS9qhHHjljk6djnlx%2BoU3aPjLvk2mji3e1N0vMk3THdHyI9GFkskn24bj8DPWbF%2B8huT8e3%2BfR8qx8%2FJiN8W2xnGk5uONCwq4kEg9MNehMIA8CG1eC%2BkQLErtXwJnV456\"}]}\r\nCF-RAY: a054422dddd70b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12038,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 345x228, components 3","md5":"ab3ffededd9613e29d84d5ca42687802","sha1":"38a4357d17fd434580eaee4f1602470c360ab21c","sha256":"acd22f765438c71e6c71f8cab4eab3c1f8be0f7ea4e68fa523e96f5b5ba5d57f","sha512":"e718e2ac6115418ba125bf645a2464696af9bf18ff2af773c08587139e8ed0bbb41a2921b11f690ab10be4a8abef6917f025406c177868296ab14976cc7a17b0","ssdeep":"192:GQEVporj5j2zZFELpL3nHrp7/uuybY91QUWh4+o6R1fRCTnwt8ofoIAA0h/QtJCe:G5forj5LpL3nHrUlbY9b+FR1QTwtXfoM","tlshash":"ac42af0cbc879742cbb21676106d31a2770385db8848ab78bfe5d7e8c5b5dfd825920d","first_seen":"2024-08-14T05:38:43Z","last_seen":"2026-06-02T06:04:36.85541Z","times_seen":5,"resource_available":false,"data":null}},"time_used":707,"timings":{"blocked":480,"dns":0,"connect":0,"send":0,"wait":226,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.361836+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":401,\"bytes_toserver\":18430,\"bytes_toclient\":562190,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.matomotj.cc/matomo.php?action_name=%E5%88%9D%E4%B8%AD%E7%A0%94%E7%A9%B6%E6%89%80-\u0026idsite=27\u0026rec=1\u0026r=229453\u0026h=6\u0026m=4\u0026s=3\u0026url=http%3A%2F%2Fwww.t56qv7.czyjsosio.buzz%2Fchannel%2F\u0026urlref=http%3A%2F%2Fwww.t56qv7.czyjsosio.buzz%2F\u0026_id=9f5e0374c2a18f08\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=T8dDq2\u0026pf_net=0\u0026pf_srv=264\u0026pf_tfr=115\u0026pf_dm1=1037\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"js.matomotj.cc","domain":"matomotj.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"matomotj.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Jun 2026 23:14:15 GMT","end":"Mon, 31 Aug 2026 00:13:02 GMT"},"fingerprint":{"sha1":"AA:DE:12:AA:B0:2B:A4:6F:50:0D:40:4D:28:90:A5:D7:84:6A:4E:F2","sha256":"EC:82:FD:42:BA:CB:69:B2:12:1A:16:3C:21:20:C0:2E:65:25:83:CA:D9:5A:7E:29:50:39:CB:A8:49:98:19:DC"}}},"request":{"raw":"POST /matomo.php?action_name=%E5%88%9D%E4%B8%AD%E7%A0%94%E7%A9%B6%E6%89%80-\u0026idsite=27\u0026rec=1\u0026r=229453\u0026h=6\u0026m=4\u0026s=3\u0026url=http%3A%2F%2Fwww.t56qv7.czyjsosio.buzz%2Fchannel%2F\u0026urlref=http%3A%2F%2Fwww.t56qv7.czyjsosio.buzz%2F\u0026_id=9f5e0374c2a18f08\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=T8dDq2\u0026pf_net=0\u0026pf_srv=264\u0026pf_tfr=115\u0026pf_dm1=1037\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: js.matomotj.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: http://www.t56qv7.czyjsosio.buzz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Tue, 02 Jun 2026 06:04:04 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: http://www.t56qv7.czyjsosio.buzz\r\naccess-control-allow-credentials: true\r\nset-cookie: server_name_session=9e1bfb50896f8f3ab05a6368f5987a6f; Max-Age=86400; httponly; path=/\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2ByXLLcq1gwclT3zTSu6OOdVtZidbG8HD1W0yu%2Bq5NTqfcekDexqtr93NjnYWqEFlrSdC%2BiVhSgSH2jJXILYP1l%2FyAM4O6WgS27Uivb6%2B7rmygrTU%2BZBPunBScjeovi0JPg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a054422ae8c14e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"js.matomotj.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.cdn1.vip/i/6a06b76e883f1_1778825070.webp","fqdn":"img.cdn1.vip","domain":"cdn1.vip","tld":"vip"},"ip":{"addr":"178.236.38.1","port":443,"asn":38136,"as":"Akari Networks","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scdn.io","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 13:25:16 GMT","end":"Mon, 10 Aug 2026 13:25:15 GMT"},"fingerprint":{"sha1":"FE:E3:92:C6:BA:19:D1:FC:09:45:88:40:96:E1:32:AE:B5:FB:DF:E6","sha256":"83:7E:BC:43:35:A3:89:2A:47:DA:B0:A8:7A:75:3E:76:A9:B9:20:79:D7:18:32:13:52:6B:83:B1:E8:2C:61:CF"}}},"request":{"raw":"GET /i/6a06b76e883f1_1778825070.webp HTTP/1.1\r\nHost: img.cdn1.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:04:02 GMT\r\ncontent-type: image/webp\r\ncontent-length: 134368\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Fri, 15 May 2026 06:04:30 GMT\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 15 May 2027 07:12:44 GMT\r\ncontent-disposition: inline; filename=\"6a06b76e883f1_1778825070.webp\"\r\netag: \"6a06b76e-20ce0\"\r\nalt-svc: h3=\":443\"; ma=86400, quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nserver: nginx\r\nx-cache-status: HIT from L1:5856\r\nvia: L1:5856\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134368,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"252509a14cd8ecb56c783e84ac0e7d4b","sha1":"0a120808867f7dcf86521add46cb5db574068d14","sha256":"4953ad3beaf589000d0ec186e73ec99a92991d85086be7d72e65a5a29cf388f9","sha512":"6b13d73ae2155575852206ccd0f785c9f802bfe03b62ff444d76dcbaa8df7d8b812dbea9423d54199133817d435369b5c6725088db03e898c25ce68db944cc3c","ssdeep":"3072:fRGQIphvGoLWEj6CO4L2JelbCPlbOwCb6vc/edbxP99TO:IGEj6luNb6vcA/BO","tlshash":"ffd312daaf18b07df1769a6211e2b8fe72d4a85fac9db4375ce04d97923c2c2c4c1056","first_seen":"2026-06-02T06:04:36.857387Z","last_seen":"2026-06-02T06:04:36.857387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1181,"timings":{"blocked":541,"dns":482,"connect":23,"send":0,"wait":46,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:04.447Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1; _pk_id.27.5e61=9f5e0374c2a18f08.1780380244.; _pk_ses.27.5e61=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:17:45 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4d89-1c239\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pd9vQgmVqvxF6AIUKvjaIvzyZoUhawTDZ%2FxnkaV2dwF%2Fsb9G1bqz%2FCrl8HwrN2JsZQ8LLYhC%2Bz%2FgsycBsBMJ6WNPf2h%2BJHVFD6qkzdApn20u91N0s5HxOqVxMDm4fvsbWvZJWfA3%2F51mEjeo\"}]}\r\nCF-RAY: a05442302f530b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":115257,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 200, 8-bit/color RGB, non-interlaced","md5":"29082b60a9ecdb3e4651b8556ffd63e5","sha1":"0b84638b663faea22616f24b18537c107e4d6e19","sha256":"bde746cb9ce029c7783470ede238bde3634a10a5396c03cb6ef5f152e9a2db92","sha512":"8e7b66f1f545e78e3df99c5196847e15f6644b5b4ecca489ce12bb0f39121705d79d34f85a3c80e21f541a59317eb0a85c4530fb862196cc3c0b10dd0640bbbf","ssdeep":"3072:HBOoJoSNB1Z+8j4XZaxhZXX8vCDRlglJkN4bF+9Yn:HBvPFZ8XZaxPACtlGkWF+9Yn","tlshash":"d8b312069e079f036bbd0cb8037dc68c73f6911ee1d9bc52b8a93fe597016a4268161e","first_seen":"2026-06-02T06:04:36.858302Z","last_seen":"2026-06-02T06:04:36.858302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":55,"dns":0,"connect":1,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.106535+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2137},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":38,\"bytes_toserver\":3629,\"bytes_toclient\":40454,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.509679+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":676},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":842,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/jquery.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.112Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 02:59:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c1e85-17b8a\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OpvYbtM%2Bz7ee627F2H8z8GxuWIQwJti4oJ1oG%2FdrxcdkQA%2BZIu6UGLUPKHkOM6W5K8p1CwzdbjCumaDKkUZlsA%2BCthxGGX3yyc5Ue8bW5%2BgxQsG%2FEA8wQHxn2WH1bbRHmLEnQxFaUI85Ef%2B0\"}]}\r\nCF-RAY: a05442212adb3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97162,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32077)","md5":"0fca26b5a37a66d68d0f4406976be4b5","sha1":"ee000eb654b3bd37185665d3901e93b34ce1aa52","sha256":"8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18","sha512":"cf010995991a8f8b50cfb4b466d3b457b0a6addc4f2fd96c48c33d40ac251de400894828ccd99662b13fc9ca25c676ef0aee05faa4910530ff9996d03c411645","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp94:t4J+R3jL5TCOauTwD6FdnCVQNea98HrF","tlshash":"7a93d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","first_seen":"2023-03-07T01:06:51Z","last_seen":"2026-06-03T15:56:02.963749Z","times_seen":7323,"resource_available":true,"data":null}},"time_used":343,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":239,"receive":102,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.344121+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":672},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":703,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/static/js/home.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.116Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/home.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 02:59:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c1e85-926b\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SpI0VGOREPuF4FKJzRwj0yl6WeCV%2Fh1%2Bvzog3rcd9xz4vedqaKeOooq7IgIeq%2FEqOALmAmiUI5GEb%2F4blaNakJILvI11YvYN4plertNdRnUKq1XBTEWO2OwryENtOTQbMVn66T6Ui8DXq4em\"}]}\r\nCF-RAY: a05442212dd00b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37483,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2677)","md5":"2ee4a07d1d8a29b1139b1f3366413953","sha1":"6aadf5f8c72f7fdc9928b72089128d72b8e3b1fe","sha256":"909db584f9c933c475b26510266cdd41be56178a43ec23447b5c6341713ac9a7","sha512":"92e6f97c00561e0e5dfa1d2ae2ee9e6d685c0eb36bcd614097671a5ae743ba74597652fe8c005d096794a0759dfdca463e0c31ed50cda0ff8c251fefe3968bd3","ssdeep":"768:hR0cTTu8ehbZLbhpa6aeb7z9SsbhkeA5gr9GiSo5E7Iw4TQvD:hRZXdeC6URiGD","tlshash":"11f2b55d7af3146050b3317a4fbf59042276815f190ddd88fe2d11a48fc4a4eba62bbd","first_seen":"2023-03-07T16:10:40Z","last_seen":"2026-06-02T06:04:36.859868Z","times_seen":1645,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":270,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.377954+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/static/js/home.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":679},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":701,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/css/main.css","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.129Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/css/main.css HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:36 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c0730-2b7f4\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r27E2uBe1tliIObFLDE4GdOvbWYwx290qW4YDxfSLncRz7PdcD6p1k4mYBlt279QRYyRGr1jM2p7%2Brns6xetm0B60XGRucgFaGAw7LhRZEx1C4JLacQ4aM35OqKsS8rvDMJbjdpo2hi7nw5Y\"}]}\r\nCF-RAY: a05442229f153181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178164,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"dc1e9d237f03bc762dda6f4c7a882677","sha1":"587fe36a43927fd87a0f385c9419d1cf61eb8ad3","sha256":"f139a026a2c6b9300cbb7723686428e5f563c3268cfe3271c677eafb66d8d7c4","sha512":"733a708a2a60ff7d4c08d2c3427d4d04e4d2f4abdef912846918147f611536a71a99104173ef8ca92befe1dfe6c1a5534ee4d2f9d0893ddbc540dbb7fcc92a68","ssdeep":"1536:oQwQJSf45Pv0noMprEBfwyUr6yLgXOWKNCLdMMjHZTLR0ZSko4+E6cC6Ef:oQwQJSf45Pv0no7","tlshash":"ee045439b21f1109576f59947bf82aa5de38c42ad31302fff0d75405c3ca5481bbaaea","first_seen":"2026-06-02T06:04:36.860413Z","last_seen":"2026-06-02T06:04:36.860413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":204,"dns":0,"connect":0,"send":0,"wait":240,"receive":79,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.573269+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/css/main.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6490},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":20,\"bytes_toserver\":1632,\"bytes_toclient\":22130,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.133Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/css/fonts.css HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:34 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c072e-4bfe\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BY9e7tFf6%2B8uPFuTBQuBkyi8SoiW%2B6588LmISHLvfIRBVZBvk9hsMIcPqy6%2BlR7%2FvRDmrDOlMm2VD%2BfETnHFDQj0VJwMKCucGJQNdDJNWv2%2BlELLaR%2B73niBwcb5Zpl7tosrKkY9JOO3VCFe\"}]}\r\nCF-RAY: a0544222af593181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19454,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"798e97ca8801f158fe28fc226c6ab44f","sha1":"2b6451a6c9731818043dbf5ae76b0df40023bb58","sha256":"e2b733a39e582d17f8c97126e69be34652f0533fd7a19805f17136c460bea42d","sha512":"4f5809ab1fce3df5134aaee88692c9a14606da732419f10ce61a23bda3cbe10307b2aa9711a22784600ab092935ae9f2ca48408c66bd110d25eeb0bb8ef52e70","ssdeep":"384:J8W/78Ws8Wj8WW577535N5ZS47S4SESYYd7Y0YgYTEu7E6EOEyt67tutitWmb7mJ:WWAWZWwWQpJvk5hlHGj/QNx1w4sgj2W8","tlshash":"a292bd408c0ba107eb876cc6a3cd7f3bae0e656521004e355efe78d49d96ca353a2b5c","first_seen":"2023-05-21T22:23:38Z","last_seen":"2026-06-02T06:04:36.86134Z","times_seen":3,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":213,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.576235+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/css/fonts.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":956},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1360,\"bytes_toclient\":3254,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.easy-autocomplete3.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.139Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/jquery.easy-autocomplete3.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:42 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c0736-3dd5\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Op2%2F4oTOf5EPOKTzsKKFcB3mXUrKmMTjRH%2BQCSk70worh6S7iRZZr%2Fi8cWmhFVvl5IE5k8dRdQeCL56Fqr56phtdMZJpf1RovjTx5%2FMRUoJVPXH3%2BlgqIswBS2t7EJ9yNFuaXPDMcxPjrwn5\"}]}\r\nCF-RAY: a0544222dede0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15829,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15648)","md5":"49fe4dd996e575254f1bb5727d460ac9","sha1":"8b85d8c02c3015501d1698fccda9fc75f456f714","sha256":"96abf633475774ebf73bdc392217e4b8fe17809bbb443c43d67bc694bea501cb","sha512":"e3f67d4c98a5614228bbe1b3aa516d7840fdb0c4b148e392abe0f14815f7b594f365db4a4c36a52d8745d55f6e51450edfd6bdf506e64001766cd66845096a74","ssdeep":"384:BzPgWFxQKIM5KlmYVwYpYUTlmNpiMCMVl/qnBJ3GLxp2GoLFbc:BTTFxQKIM5KlmYVDYUTlmNpiMCMVMBSh","tlshash":"7b62a65c76d9710903a7717691ff000b713aece999094ca0e990c1e06db8eaf5277f2d","first_seen":"2023-04-17T04:07:28Z","last_seen":"2026-06-02T06:04:36.862549Z","times_seen":45,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":241,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.604125+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.easy-autocomplete3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4920},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":16,\"bytes_toserver\":1751,\"bytes_toclient\":16623,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.165Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.256671+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260410-1/b24d966c59643c796341a861fe484023.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":194,\"pkts_toclient\":334,\"bytes_toserver\":16111,\"bytes_toclient\":461554,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/favicon.ico","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/","date":"2026-06-02T06:03:59.872Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:00 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=afTRGdw6%2BS%2B3cy3ZkAT2VitPf9PWP%2F9BLozwhd5KCc6utwmXH%2FPnykuuBUMM0HiU5NNtmZGiPJCLdQmJLLok1F900BrFWX0bPLvHBNv9n%2FecUt6rhcK8kfQirBaQ%2FDGUsJyEGqAKuD6qe1ss\"}]}\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nContent-Encoding: gzip\r\nCF-RAY: a05442132b1f56c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:00Z","timestamp":1780380240,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:00.100433+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":366},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1383,\"bytes_toclient\":4086,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260331-1/c0bb4b287408e10b879ccaa45c871da7.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.162Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260331-1/c0bb4b287408e10b879ccaa45c871da7.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Tue, 31 Mar 2026 02:55:57 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69cb37bd-5c535\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j4zEInW6jrEDRa%2BJ5hxYCEM33si%2BuwiPGhhSkPrUqFeD6AetzAjlhr6QBWrz824lSnGwT7qmJPH3AOW03XrXg1EwoxGjTT11RQfgD2ddEtw%2BdC2pTabJxiisr0qgqnrpV4Zuz3QN65Vzv71D\"}]}\r\nCF-RAY: a054422a3b7a0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":378165,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"4c510a51d5729178b6f6212f93a25278","sha1":"38f0dd4b69c2984f559c0a5aab3ae2b9acca6153","sha256":"f6929ad892d85d085293432996c6def369fe159b5e88f3d5e16afee64e56cc7d","sha512":"8fee0d636544a9eaa4904db6215432a43e5cafdfbb533249e261abef65ec300ff02ff61fb3932953ba4b9df201e7d6ef71935b81f1569adaabfdc1692722cd31","ssdeep":"6144:jwvi1pmyqBEr+8okO6E4geSx4zuQkSPB5ImfaJTiu6kWyp05K/92FBpCV7fbyy57:jwa1pm0LOXKSYuQpRyJTr6Cl/sTezyFm","tlshash":"5d84234cea898d9cf4aeb0b2711107bddb7a35d91a286b87b012dc1139c9e3f2057d97","first_seen":"2025-04-07T19:49:12.493589Z","last_seen":"2026-06-02T06:04:36.863639Z","times_seen":48,"resource_available":false,"data":null}},"time_used":1974,"timings":{"blocked":1391,"dns":0,"connect":0,"send":0,"wait":235,"receive":348,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.788176+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260331-1/c0bb4b287408e10b879ccaa45c871da7.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":64,\"pkts_toclient\":137,\"bytes_toserver\":6638,\"bytes_toclient\":177652,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:59.441Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":34,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":6},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:03:59.749273+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":719},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":2957,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.119Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/jquery.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0hodW29Z75gYra%2BO7A3G8YF3uGqTZ7pIY43mB0qco3fk3to37CZUvsvZKmnEa5u5Eq7bMazlonSi0D8qsHYj4PPVAih1odUqD%2FibbsLNI2pD3nI26QjnTRmx3DZSKCoZYugmgKL5ErkZPZ6x\"}]}\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nContent-Encoding: gzip\r\nCF-RAY: a05442212ae93181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.345282+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":366},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":709,\"bytes_toclient\":1195,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.662143+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":369},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":33,\"bytes_toserver\":3005,\"bytes_toclient\":34332,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/site/20260130-1/051465130733f4c8f57aa863a9a5bf42.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.155Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/site/20260130-1/051465130733f4c8f57aa863a9a5bf42.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 10:27:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c877c-fdf\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gKjrLCRNIPsJw5Mifd6KuBJGpUboOTt0IvUb%2F3K8%2BXWl8FdgEdQ8ySOfGhoae34Qj3WuTuHfsSMh5D6%2Bsa1AW53kb5KkO%2BPmSoTJhHLp2CEbsDwf%2BO9A38xuIvF2Ky3J%2FvUBaZ7bGYWx0q3J\"}]}\r\nCF-RAY: a054422ebeee3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4063,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=Greenshot], baseline, precision 8, 198x44, components 3","md5":"24e24c6ab49fb17f5886f0a8ef1e344c","sha1":"07488662508df3c20be8f3fe21c98ff751599b52","sha256":"e1b3a7113bd510926e0527fe7ec7191104d6e48703ab6568340de489266b9f1c","sha512":"31a2e480ce64a73dfcf1a0d861c5dd427acf8aad8f86a863d3cbb94ce6b93b6a38a8e7e5c67c1004279506217d9935444aa6ecfdd7befc4ae55868cced12b62a","ssdeep":"","tlshash":"ca816d1d0a98fe04bc75d8f5585827d798194290b160360baf1cf7c0d15c1cb89ba2fc","first_seen":"2026-06-02T06:04:36.86468Z","last_seen":"2026-06-02T06:04:36.86468Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2351,"timings":{"blocked":2123,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.506029+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/site/20260130-1/051465130733f4c8f57aa863a9a5bf42.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":216,\"pkts_toclient\":395,\"bytes_toserver\":18574,\"bytes_toclient\":544493,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.170Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 15 May 2026 05:55:43 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a06b55f-1693d\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MopMKfQib7SoW%2FEIjW0okTUVz0wVtPSj%2FghAy%2F1AMjwaNNyVBFABzE%2FvPrz9Hq%2F7HUcJBWqUeumEHFlPULUQHZsZQpAN6AJgsdj4ow0Z6l7nd5skc9qxqA95hEq2WOF9rIZcnwvOIX3ftxov\"}]}\r\nCF-RAY: a0544225f9ae3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92477,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75\", baseline, precision 8, 1083x609, components 3","md5":"0755ee32e88b9e0e8f96f2bf6e4a8a48","sha1":"bd825503f9594ff43eec91e01f619746a971e6b7","sha256":"3086a0580de3412676063506de4f3599db8d78710c3e444371e5f929e30ef810","sha512":"849adba458e9fb10a4fe779619c046808313fbad997d0646f004a1f7b49a1bd7b355019ba8196c5af18599403e3b7309a567ca70e92105344e80011a65ed74c2","ssdeep":"1536:HlEAbWcm8lAv55LcC0/BJ26uZk+vwBZgAZ+2jHWSSMw0DuEjS0p1gqcw8zZKO2I:F7Wc1Gx0/T8vt2jGeDuE2Umg8z72I","tlshash":"5a93127b57b631155fc86066fe2b7e04169f0ab0f6c455f488fad8a2511ecf7d8a40b0","first_seen":"2026-06-02T06:04:36.865665Z","last_seen":"2026-06-02T06:04:36.865665Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1140,"timings":{"blocked":707,"dns":0,"connect":0,"send":0,"wait":241,"receive":192,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.117970+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":41,\"bytes_toserver\":3083,\"bytes_toclient\":48105,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.273194+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2130},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":200,\"pkts_toclient\":343,\"bytes_toserver\":17025,\"bytes_toclient\":469749,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/s/k2d/v4/J7aTnpF2V0EjcKUsvrQw7g.woff2","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.978Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/s/k2d/v4/J7aTnpF2V0EjcKUsvrQw7g.woff2 HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8ZeCQIGUKT5UyMAD8vVKU8Bt0hLFzl9a6Tn3q%2Fzd4SbacG37XPFpC6%2B%2FwKNCULNam4IBP73UYW8ubo8%2B75J3SquDjSb6EhyoIrnL52tjiKgzFJ1%2FYPlc4a2bhOjOakPcI%2Bzb0%2F8IQKJ1ra5u\"}]}\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nCF-RAY: a0544228a98f3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":567,"timings":{"blocked":332,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.544822+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aTnpF2V0EjcKUsvrQw7g.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":52,\"pkts_toclient\":108,\"bytes_toserver\":5333,\"bytes_toclient\":139338,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/channel/?mode=async\u0026action=js_stats\u0026rand=1780380243366","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.369Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /channel/?mode=async\u0026action=js_stats\u0026rand=1780380243366 HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fxEZGhW5YeDxKCvXF08ABvrB1eo%2BvRzxzt62I84l%2Bc%2BA4VL5D49JZoxMUP4xtl3CfrYTNdAGGRzOSoAb2GA3AhJgioNXNq4u%2BfWE3%2FMhmaeJc3Ts%2FFzh0gd96h31%2FNDk%2F02TPZ02HourF6Ht\"}]}\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: a054422f4ec00b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":111042,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2904), with CRLF, LF line terminators","md5":"ea833e72efb537b5b438bfa9b4e60598","sha1":"1c4fecd59b6d1ba670d9457ea97528603f5c1514","sha256":"e9801347496fd018bf7098b1f20587730f7b6ad622dfa0002261158564412822","sha512":"aeca8ebd86f9c38cdce847463ceb91e31deb39760d2e72f5303afe2e7f0d741538921ff40196cbccfa3916007e455203f38139662e5e99190a1523a7876a8ec5","ssdeep":"1536:BAweNBkZ3uDI08As3bAm/56+iNL4x3cG7rRrU9qUHFOQCF:BAweNBkws7","tlshash":"b0b3366019917055c2f2e18718b2c62ba2e1f137c79ec91477edae477b86fa2fc4606c","first_seen":"2026-06-02T06:04:36.866738Z","last_seen":"2026-06-02T06:04:36.866738Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1132,"timings":{"blocked":994,"dns":0,"connect":0,"send":0,"wait":135,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.497748+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/channel/?mode=async\u0026action=js_stats\u0026rand=1780380243366\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2256},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":241,\"pkts_toclient\":414,\"bytes_toserver\":19328,\"bytes_toclient\":578633,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/layer.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.152Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/layer.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 10:06:09 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c8291-5664\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rj%2BNoaOSDJUE%2FMtxinTa6XztwY9UjTkyQFwp5vKHkNZNdm6IhWFjioM24nhgRWYZ1QhgybkgOkooEeXozZXhbOlFlq63wkb2RcSd0X1Q09bC6CfT1xyfxQCQYPBrUH0ukkbJtf05mL6fZ43P\"}]}\r\nCF-RAY: a05442241c093181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22020)","md5":"d0c975e34297f3e44e99c9d83555ffc1","sha1":"7e465bd79e65428cf07e5991196cff512ce44a4b","sha256":"691aad750624d84b17f2fbb73a4982860edd18837f3000c5b660ac82bf408e82","sha512":"1d9dcd7e1afe695e5716ea55f9a5a3e3aa45852722b4e1a2653ebd3f3a85c8b7a34b15264751f5ee26ea56ee49c8683a00d771197d8b32d9ea53d842d6db3b79","ssdeep":"384:41xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:41EiV3i+WtXItqF13k8","tlshash":"56a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-06-03T07:54:38.149693Z","times_seen":5624,"resource_available":true,"data":null}},"time_used":679,"timings":{"blocked":425,"dns":0,"connect":0,"send":0,"wait":253,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.829607+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/layer.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7641},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":15,\"bytes_toserver\":1928,\"bytes_toclient\":12122,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/fonts/icomoon.ttf","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.972Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/fonts/icomoon.ttf HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/template/chu/css/main.css\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 12752\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:38 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nETag: \"644c0732-31d0\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SWSpQbYqf4rnVlBb1D%2BjnLIedoEaw7HJTzOObvIfB4zUsQVX3MiI5IsEMcWSEv3CzNnvqLPPGJ20oTGcKcqXn767qCqna4AXgLNa6R2aGZInM8ck57xDiJLm%2FV5H8YLxvATQmNXUlh39Fqtw\"}]}\r\nCF-RAY: a05442281a250b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12752,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, icomoon    ","md5":"fba3a0ccf68b2ccd46df597c578039cf","sha1":"ec2ca2c0d52bd1d38d703e89e5b26cd09ff3b989","sha256":"40ee5cf9bb8e8e2a7a7a97d1b555ab8dabc6a7cd3a338fab44a03786bc0a8db9","sha512":"f7efafd2c4c9c68900e6d90cbf0d2018e3d2a5849f8b877ebe1da451ecb0a2fa8a7186d0d05588fc39948568b93868e4f4e34e0a068c94708ae007cce30bcdca","ssdeep":"192:mRWk4nX8SA2/A+IVHl2JIv2r9vrv4BeS1dpy77Xryke6v5PX5if0JRDzDrfblPVb:e4XO2/1IdljeZXS1dI7r2W5PX5VjDd5","tlshash":"e242191a96dfcfdbd013ef75dc20e2316ed06922da3ae74964c58d98e00d8948d38f4a","first_seen":"2023-04-06T15:37:30Z","last_seen":"2026-06-02T06:04:36.868367Z","times_seen":194,"resource_available":false,"data":null}},"time_used":489,"timings":{"blocked":245,"dns":0,"connect":0,"send":0,"wait":243,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.460370+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/fonts/icomoon.ttf\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/octet-stream\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/main.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":12752},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":46,\"bytes_toserver\":3767,\"bytes_toclient\":51523,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.661Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Sun, 17 May 2026 15:55:28 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a09e4f0-d0cf\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N5mTpVmWDewORw7hE3ORMys7DAvSMbc6NypVz1IIY27QorPWT4RAl6VcTSA2LPiT04DjbQ9ie69u88tGqmMj%2FbYb5KUUSzLJ6%2FAQYuJnF1DdT9JKY%2FPyvJ3q0sSiYEehZEbTXT5h32t6KSDZ\"}]}\r\nCF-RAY: a054422eaebf3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 720x405, components 3","md5":"6259c0d67cd7020edb5b3f4cb462f04f","sha1":"dabfffe015fb7775332489d82b5d4ef2437f223e","sha256":"4138d07a01c4c98643a20a67d33a190320f079cdc3dfbeba97c50a4ce48f5a47","sha512":"a33167b1cf7ec14b73fe852b3cf973e593bdc59cd8255bf8be9768c36b517ac3a65a0ba6eb2bba01bb6b783dca0c51351460816acfba33d81c671327675b3c31","ssdeep":"1536:pGg+/ceKo0Wg/nVHgmpLYcJBrU7f3v2OfIX:prUKo0Wg/1gmRfrWf3OPX","tlshash":"6233f13e060e85ede57fa9b1c9b54216e612f6687e81213dc570d8e3a8366bf0c8dd1c","first_seen":"2026-06-02T06:04:36.8689Z","last_seen":"2026-06-02T06:04:36.8689Z","times_seen":1,"resource_available":false,"data":null}},"time_used":614,"timings":{"blocked":606,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.119873+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6481},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":97,\"bytes_toserver\":3892,\"bytes_toclient\":127483,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.274211+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":160,\"pkts_toclient\":282,\"bytes_toserver\":13888,\"bytes_toclient\":384288,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/theme/default/layer.css?v=3.1.1","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.154Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/theme/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 02:59:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c1e85-381f\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0dhZ0%2BW77fvO89mPsbWQ8TRCxiOHOTvLEi%2FWfmcn%2FWgbXaDs8b7ZHVSCJQRUr8nCyEi%2Bw5C3bdLe%2Fae9YcnvHUxNsegChMoX%2FtRLTc%2BF8mrxELu47khZTtyjdTQkIbUExt%2BqwbAWriM0iVi3\"}]}\r\nCF-RAY: a05442244fa60b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14367,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14367), with no line terminators","md5":"3d2e0d91c5c0b96abb8dbdc2234aba77","sha1":"9d55e153b30fd7414fada5718e20918e9c7f65e7","sha256":"e3144d018a6a24f733c6fc2a2ee603fb583f0030585e9d4b71bec471b78e31fc","sha512":"42bf3eff281998d088ce012b9a5910f72951c91715595572bb968fbfc5fa2b1cddacef3ca683a1734eb41114b302b6a4dad8b7432c5877b3563a080a2547ae05","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:1WmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"2e5221e144811299b0278721d6dc7eba32f88d43e5630daef257381f874c6dba2b6647","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-06-03T10:40:16.088617Z","times_seen":6490,"resource_available":false,"data":null}},"time_used":723,"timings":{"blocked":451,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.876443+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/theme/default/layer.css?v=3.1.1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2840},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":21,\"bytes_toserver\":2357,\"bytes_toclient\":20558,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260414-1/623ac2773c6d1c10228e0782cc135300.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.160Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260414-1/623ac2773c6d1c10228e0782cc135300.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Tue, 14 Apr 2026 09:55:45 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69de0f21-c137\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ziBA%2FXYo7PQ6mTPqwmtByB0EKTWHMMWPHnz9uJZXQtSrtc1EIKRij34%2FvNFAqY%2BJV27nsCJjBc24iM6h3HtPbfst6PvzyLEZk9Ucv1xAMZ8nGK9lrPbgMYhqgeIXo1xfDNAbKwj7UrJ4sa7Q\"}]}\r\nCF-RAY: a0544229aa4956c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49463,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 80 x 75","md5":"1857c82d64859177288146c2b4d04a3c","sha1":"755efb78de593a55debbfca96416df190a7d433b","sha256":"81b9b8fc755e4ac8abad620f6515f482faf10fb6ee3d9ba8e9b1a8d1c8541c36","sha512":"b112daded34ed61d9c55cc9b39da151c3889e8f4336c65a9a87f34751fd6b02f6db7d5213d45de325f7935b2ffb44acd799a3e59efd29cafc144f47935ba9858","ssdeep":"1536:5xgkgONV7aGhhnMRjL0YHdfm0B4mVGRdRYehrlLDBS2BsUgTL+53RRVJW:ckgOvmyhMh5tynlL1SAhM","tlshash":"9223e1b4de14f52705218fa5efe7fa96741021ea0e8ce28df0ae8ec8f53607d601529d","first_seen":"2023-05-22T17:27:11Z","last_seen":"2026-06-02T06:04:36.870471Z","times_seen":18,"resource_available":false,"data":null}},"time_used":1726,"timings":{"blocked":1309,"dns":0,"connect":0,"send":0,"wait":243,"receive":174,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.712011+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260414-1/623ac2773c6d1c10228e0782cc135300.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2140},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":47,\"pkts_toclient\":75,\"bytes_toserver\":6902,\"bytes_toclient\":84613,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.erpweb.eu.org/imgs/2026/05/23c6458aaf206bfe.gif","fqdn":"img.erpweb.eu.org","domain":"erpweb.eu.org","tld":"eu.org"},"ip":{"addr":"104.21.92.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erpweb.eu.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 10:58:08 GMT","end":"Sat, 01 Aug 2026 11:54:31 GMT"},"fingerprint":{"sha1":"D4:8C:C1:5F:22:48:80:9D:83:00:7D:44:29:06:C3:BE:FE:BC:08:78","sha256":"7D:1D:88:1D:51:32:2B:F8:09:61:0F:F4:C8:9A:D7:63:39:AB:4B:4E:5D:00:17:7B:06:F8:FB:B3:14:8C:6A:CA"}}},"request":{"raw":"GET /imgs/2026/05/23c6458aaf206bfe.gif HTTP/1.1\r\nHost: img.erpweb.eu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:04:02 GMT\r\ncontent-type: image/gif\r\ncontent-length: 472369\r\nlast-modified: Sun, 17 May 2026 17:37:19 GMT\r\netag: \"73531-65206e5d82e12\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nage: 32645\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\naccess-control-max-age: 86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F96inq%2FGIy%2BxgpBcL%2FGPZS93LgtdkaLb78DzIeIDyCXfp7u8%2FYick8lkLmaQM4HrhfyOT1FqHP5%2FmKYGvjBCNgFGXRkYgkZYFgdf755Yir2iXxMp2VMMB%2BMzOVPTjIhFmqbc2Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-methods: GET,HEAD,POST,OPTIONS\r\naccess-control-allow-origin: *\r\ncf-ray: a0544221aee3568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":472369,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 375 x 375","md5":"a668a09523c6458aaf206bfe2c390c70","sha1":"c99f51a892aa218ccd93a1ef87d35c49dfd5d637","sha256":"0c10e11323ef18108da1788910f4bec2ea335c41f9154f3564e338dee96c3759","sha512":"e7932d250cb00b267a7bb7520b8e445de89b9be2839ad5694e965136bb637e63c3458f96e23f5ba8ab33c920a716870277f45814c3bfb5385494db9475f28e16","ssdeep":"12288:1q6kulXf7I+sQBhSEQMnftVWJuqeHf2+H2ZpZmfcuEC4G:llXf7IAxtVWcqM2pZqJh","tlshash":"eba4235a88ce1714817e75f6546ab47b3f0f862313165e4b45334cc27cabeba08dbca4","first_seen":"2026-05-31T07:53:34.760656Z","last_seen":"2026-06-02T06:04:36.871552Z","times_seen":2,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":27,"dns":21,"connect":1,"send":0,"wait":12,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.168Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.361836+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/c95038dc9853c2033e56a4f50f5de91c.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":235,\"pkts_toclient\":401,\"bytes_toserver\":18430,\"bytes_toclient\":562190,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.lazyload.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.121Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/jquery.lazyload.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 10:04:35 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c8233-2360\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TAa6KGn3hNsHusprAL7Go1oUU6XxTBSCCW6UZZQ1Zc0kxTQAHMpGAYaOtzmlzqNIqEm5SsrLdrMiW0EnCWHMyZFYQO5%2BaLhSmfzpNh3x18QYLHhEx0JWZzQ5jUns3gOtkzG4b747DqFNp9FY\"}]}\r\nCF-RAY: a054422199a456c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9056,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"86480273870541651834dab2e9e488bf","sha1":"dfe2a7e89f04fb699763c98a9e3364733d9a70b8","sha256":"accd3b501496ebee2a781b90f289a7936e36f401d0a31a933d20ea133b09a302","sha512":"170a8d3dbf043455c0a4928d811818ab9a24ed5a0e7f922668e773c85ff17bf4f98dd77f4b4c6ad025c12c3869cda7a6c6943ad57de72d5967e8a69ccf084a80","ssdeep":"192:dZDJcN8nm2SMbtZ3/JydOwS3YJmesi7idSQVUMoA4UykYK2NEbN2OSTcTWZfTBT2:f6Cx3/kkwS3YI3dfA1LEbNn","tlshash":"6a12238a39d6642ea027743ddb5f1309333ac457116cdd307c7c4b84afe497652e1ada","first_seen":"2023-03-07T16:50:25Z","last_seen":"2026-06-03T03:12:10.623539Z","times_seen":231,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.427405+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.lazyload.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2133},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":34,\"pkts_toclient\":36,\"bytes_toserver\":4069,\"bytes_toclient\":38934,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/main5.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.148Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/main5.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:46 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c073a-23fd\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eKyCCzjAfFDRrngZDXBhU1bGlLJdUqc%2FOw%2BEj%2B2FBPI%2BLI3XWZeuPCJuHNXLj8tfRXq9F2vPfsEkVVuDM0CU1w4VFU5omEUzFNLX%2BFL7ql%2FYkKoT2WKXvxPzpFsrR2G3mxXKfSMJ%2Btx04G5Z\"}]}\r\nCF-RAY: a054422349753181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9213,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"1843392d7f38cc141b50fb03a3cf830f","sha1":"b32de91f7e13b9e8be43bc50de53974378627fd7","sha256":"e35374fbe8f6f0823f09f9dfdb252d27e58bc6e3e2d9ae01319c487acffcda8b","sha512":"8008ab529d56f0d1bb6ca16d5be8abebbf256c5ed1d9cdb8b38b75ac55cac7735de87b65c97c72d9cc69e66956720e51a5f09f8947f0d56870a98436e68661c8","ssdeep":"192:1zzJbyNuQxYw7NfFmAbVDTiZD8FIzQLaphTo7H+1QISaVH7Q1ylN:1cUOEAR/iZDnbEG","tlshash":"d3125309f9f224a160bb347b5bffb080392954171109df50bcec97945f8466ca6b3aaf","first_seen":"2023-03-07T12:58:08Z","last_seen":"2026-06-02T06:04:36.873413Z","times_seen":182,"resource_available":true,"data":null}},"time_used":542,"timings":{"blocked":299,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.689153+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main5.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":24,\"pkts_toclient\":35,\"bytes_toserver\":2459,\"bytes_toclient\":40469,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260506-1/535f393c35f065af21037da9c3cb4d6d.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.163Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260506-1/535f393c35f065af21037da9c3cb4d6d.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:17:46 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4d8a-218d3\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rGhfn7rZa9iqtWM%2FRl8jKbsuiWJGdQ5eFlSX%2F5fmK4UJRw4W8xMH230KVPmxLkjOqIfqvHDMTNEvquHCxUzNmPOX8ph0d82Qxd%2FWKm9lEhBH16y4W3eYHriB9I3VuOgRVyQmuRIjBEU4K9r7\"}]}\r\nCF-RAY: a054422bab973181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":137427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced","md5":"6b5fb59b70c9c042e8322680e8655a08","sha1":"b29b451313985f89ff71fbaa3fbb836dafb7adfa","sha256":"9bd792980a9bac276d06f04cf9c0ca2c3417280c126345b15a1cb0e3469cfc9d","sha512":"122e79bb2347b2070316af8bd90a613492deb3a702df5276131262effad2cdcddbf3c2ece1f91b65a059b172d619e75d5848edd00b6acb99d28a2acdd6366f4b","ssdeep":"3072:zv9XDp92EmvTKngbO2TBVazUqRVFZT+eE6/Cy5dTw9MBSDkve5:zNmbKngZ9V6Uq9Zy6/CAw9MAkvs","tlshash":"b8d31228d0b4f1974ebb183575102c7ffbfb087ba964bd21d53ed96eea29e078204449","first_seen":"2026-05-13T12:03:10.296677Z","last_seen":"2026-06-02T06:04:36.873969Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2103,"timings":{"blocked":1625,"dns":0,"connect":0,"send":0,"wait":227,"receive":251,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.015053+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260506-1/535f393c35f065af21037da9c3cb4d6d.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":145,\"pkts_toclient\":170,\"bytes_toserver\":12380,\"bytes_toclient\":226983,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/a721ebd75629663ab83bf9739760530e.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.169Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/a721ebd75629663ab83bf9739760530e.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.194Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:17:45 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4d89-1c239\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7jFbxNuOfqqp%2BsYzeO0n9yX3gNQ7zcMHn2MXP8B9ppe9zd5MGON1XJICqZCtxmlk31V8w1brJZbT6m4a0sZ75n24QiTrvJX%2FKHiduioyt%2B40t%2BuK76IkuaqLbqPSQV1DwAhY0R1e7eqdQIA4\"}]}\r\nCF-RAY: a0544225f9af3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":115257,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 200, 8-bit/color RGB, non-interlaced","md5":"29082b60a9ecdb3e4651b8556ffd63e5","sha1":"0b84638b663faea22616f24b18537c107e4d6e19","sha256":"bde746cb9ce029c7783470ede238bde3634a10a5396c03cb6ef5f152e9a2db92","sha512":"8e7b66f1f545e78e3df99c5196847e15f6644b5b4ecca489ce12bb0f39121705d79d34f85a3c80e21f541a59317eb0a85c4530fb862196cc3c0b10dd0640bbbf","ssdeep":"3072:HBOoJoSNB1Z+8j4XZaxhZXX8vCDRlglJkN4bF+9Yn:HBvPFZ8XZaxPACtlGkWF+9Yn","tlshash":"d8b312069e079f036bbd0cb8037dc68c73f6911ee1d9bc52b8a93fe597016a4268161e","first_seen":"2026-06-02T06:04:36.858302Z","last_seen":"2026-06-02T06:04:36.858302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":683,"dns":0,"connect":0,"send":0,"wait":229,"receive":252,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.106535+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2137},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":38,\"bytes_toserver\":3629,\"bytes_toclient\":40454,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.509679+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260305-1/8d56da3cdd81c84a07560d967a9ded12.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":676},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":842,\"bytes_toclient\":7710,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/loading.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.531Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/loading.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 30 Jan 2026 09:55:36 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"697c8018-b47a\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i373evvD1jw0Grk5MEwYVLe7AT19eNA7bJRZZEnzRMz%2F1Dtc3sMLp1zWWkOF42jeArho2s8Wq9MhsABKfe9%2BXsZwdqBRdz9zwN84iTLnxyjNut6AqEsv3%2F4suKCLSrr6qOXfDIdRM94n%2BBu9\"}]}\r\nCF-RAY: a054422c4ce456c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46202,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 800 x 600","md5":"b643d3d448b85128b36530a1a98fd6bd","sha1":"70fc7c4c001aa064721c3a0738ff7ed663e55fd5","sha256":"02ff3398e49dadd6761f22607242ebb74a1abe87b84d6fe9e3b885e09d8a537f","sha512":"2366d6352b6c2dd24a551509e6b7d64a029333b93a26b3019b0e785f5cd4874f93b89d8c4eabe92a054bb40f0cd1a2d0193217ee17631511c6e387640b545916","ssdeep":"768:JkK5g9HBCu/iVXLG3ymHWT4Mxb8x29MXOCcU8Rf2ST+/k3q+q9OvkxzETB:bu/iVXLG3yAQAg9WF5k+STAka+q9Fxzk","tlshash":"5023f159420c999e3e2c24f11a0fffef7a3f9e61521194d6802cf2b5114e13d468efaa","first_seen":"2025-12-24T06:53:58.038546Z","last_seen":"2026-06-02T06:04:36.875139Z","times_seen":40,"resource_available":false,"data":null}},"time_used":765,"timings":{"blocked":356,"dns":0,"connect":0,"send":0,"wait":236,"receive":173,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.122412+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/loading.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2138},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":81,\"pkts_toclient\":115,\"bytes_toserver\":9618,\"bytes_toclient\":138010,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/a721ebd75629663ab83bf9739760530e.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.659Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/a721ebd75629663ab83bf9739760530e.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Thu, 28 May 2026 16:49:14 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a18720a-1ac2b\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t1C2ivc0ydECC73nGRItwbneIeKRRVUsLzJLl78BeSWW%2BamoZ61aV8H17Ax4ohrc8nj2EuP6DVBtc1HRhMOOYYLEBuiLqI8asIczpl1fKMyJLcD8XNUXl6vt9lT2kVJ3H%2B2chLxwf19V9TON\"}]}\r\nCF-RAY: a054422eaeab3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109611,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced","md5":"217bfb787b7e1e3ed28416a1dd50b1d7","sha1":"11389061db6b2cd26ef446bb8eb5179e2d5e31fe","sha256":"3320c8cde41a664571cf2d7beb753ef08fed431feee0f27d88566e69a4168f1b","sha512":"ff24f0e61481b7f92560ea9c2ffb97a839c78c0be15c2d7e4e3f248ed09d91c14878fd1cc20dc36a4308a06de2d49a27c31203f64587f4601092a50937653a97","ssdeep":"3072:AbRdUKdaIkk3VbBsiT/CbVKdzWfW963c6Fa1N7j5:A3UHIPHsuzdyWgLe7j5","tlshash":"1eb312289023fe899b17b59d4806a048bece32de4146d853c8467afe8fd26cddd5858f","first_seen":"2026-06-02T06:04:36.876223Z","last_seen":"2026-06-02T06:04:36.876223Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1116,"timings":{"blocked":604,"dns":0,"connect":0,"send":0,"wait":251,"receive":261,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/jquery.star-rating-svg.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.142Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/jquery.star-rating-svg.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:42 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c0736-2e4a\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ffRs2J%2FXo5tupo7BavTuNr7DXIDt3rEHot6LKDBJIe7hLghZp4jGC%2BJ%2Bj8rcdf3gA4nq6n7RYENMaN17yelFIWCZiKCx6vVJOghMUNBDY3im6JfBzLjdF1rwqlFnw87urEBneEHOKWDE8na%2B\"}]}\r\nCF-RAY: a05442232b2856c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11850,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (661)","md5":"af607d2208a57968ab7047f42d2e82a5","sha1":"299c7600893333c708212f8b65689d748a148a8a","sha256":"32a1ee2fe595384779fa1dd2c03d8848ee19bf1cf52d3d71f688274e474bae2d","sha512":"08c1775e17dab988c03378ef2b83250098ee91b32c456340ba938b7a0de0abfe3d851e4f3b86244018db7c6e5c6ec322e8f3e6b342163ec6114540130ec9c939","ssdeep":"192:RXD+KRXk6nAzDEf6wuN4yiphcbqmnBOSC33LFheOBSPYZWjMtUxoMf1WHj3lmmnm:0Km6neoCFFASI2rPYZW6+","tlshash":"3b324219bbeb102dde63a1558f2f164532be405b0912ea0c7cbc91d0cf9685943aeef9","first_seen":"2023-03-07T01:25:11Z","last_seen":"2026-06-02T06:04:36.877411Z","times_seen":234,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":286,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.661549+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/jquery.star-rating-svg.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2127},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":37,\"pkts_toclient\":42,\"bytes_toserver\":4720,\"bytes_toclient\":44045,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260519-1/133738d9222d65d0573cb1b664ed0689.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.159Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260519-1/133738d9222d65d0573cb1b664ed0689.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Tue, 19 May 2026 09:46:42 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a0c3182-1cba9\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AE7YghQhyviD%2Fu5M2958oSXytR5hwD0kdO1GTPKoYzOhWKos%2BKcU67xTffcl8y2GitAX2v8gbX76TWmtlW%2BhvcJc7yKESLT9W9NM%2FvEXhEyPhTjgIsUhB45QSafQ0MlwXw%2Fk74TooFA%2FpAXI\"}]}\r\nCF-RAY: a0544229ab060b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117673,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 236 x 236","md5":"d3b06f026c9c4002df1c34ec8c4bc864","sha1":"69ec9c7fe4892ddc4ee3f75bc994b493c2b7cff8","sha256":"a0badc176f643d05cbfa02b501a497a5017c295cc3a3b13aa5c08e4788a63bb0","sha512":"a6d57c5f921c3175bf0e2d939a8eb1e11526c52702d20a4e4b44adff728e13ee8f7422bc269d6ae26edc1c669004800bb23b27e09ef3cafaf9b83571ab065352","ssdeep":"3072:/MMtGYeDqhZTC3WJ49O2Gn/iXpSJCrYwOLRT8P9j:/bwYxIA49O2Gn/i5selj","tlshash":"57b3126d7a69c0a0d4e0daba46e95f63172a8110e24d13e81c5378e6e1c74fc17ab4fe","first_seen":"2025-07-13T18:55:29.684285Z","last_seen":"2026-06-02T06:04:36.877847Z","times_seen":27,"resource_available":false,"data":null}},"time_used":1871,"timings":{"blocked":1303,"dns":0,"connect":0,"send":0,"wait":253,"receive":315,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.714547+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/133738d9222d65d0573cb1b664ed0689.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6477},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":58,\"bytes_toserver\":4391,\"bytes_toclient\":67221,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.196Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.721614+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260421-1/84f017e257d4405de7c711b5e568c4c4.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":219,\"pkts_toclient\":401,\"bytes_toserver\":19342,\"bytes_toclient\":552129,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/telegram.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.202Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/telegram.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:32 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c072c-4121\"\r\nExpires: Thu, 02 Jul 2026 06:04:04 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y%2FMdKFBhqN6517ySZ8yiIBaARIP4fHvb%2BehylIiE%2FMJpz8CuLWh%2BePNOFXGW2TADtZpLPIb0lsAXxexfwo7kCeENDGF2idg7ud5q79xoACDublFvkawQ0NAD7D%2FgWxnni5W%2BCc9JbnAymqa0\"}]}\r\nCF-RAY: a054422ecf243181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16673,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 504 x 504, 8-bit/color RGBA, non-interlaced","md5":"07f26fc2da5f442bf928073e2a77b4fd","sha1":"4a2ef4ad3ba06e3857a8b3c1201d0d741588697f","sha256":"a59e1fe881af7c996046c97815e130240d696e99364d022cf3c553aff987659f","sha512":"4a5e62ec6229fcb0e586338dec55539874702fdbc279ef3c6c68bd937f90510fa9ed997dac4230c6ff9693bde8032cb569c97d6faaec64d174102b02acf4dfd9","ssdeep":"384:WoR9bwJg/jLtkqF1bC/MhU2xynj1RAwFKV36lqmzAn:WoEutkqbbYMhNxynxRAwFmqin","tlshash":"ab72e09e002e78cc4eea5d19c8f25b85efc56440899124c2c644fbeca3f6605679d6c3","first_seen":"2023-05-02T12:24:43Z","last_seen":"2026-06-02T06:04:36.878373Z","times_seen":535,"resource_available":false,"data":null}},"time_used":2407,"timings":{"blocked":2081,"dns":0,"connect":0,"send":0,"wait":239,"receive":87,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.521874+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/telegram.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":171,\"pkts_toclient\":378,\"bytes_toserver\":15579,\"bytes_toclient\":523134,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.660Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 15 May 2026 05:55:43 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a06b55f-1693d\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kSAOvLKpGjdDUf6lEj75C%2BD36WJMyNs6AteB3vLQfgRYoHzDVuo6TJgIAb581sFyEm29EpSLNHwAxsJTJgKZkY0nFQU3ziG4Y%2Fo6Vuj0cgQl4n%2Fi8Ur4MdUG12BS6EjUPCHgIBYiEDUz9Wu%2B\"}]}\r\nCF-RAY: a054422eaebe3181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92477,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75\", baseline, precision 8, 1083x609, components 3","md5":"0755ee32e88b9e0e8f96f2bf6e4a8a48","sha1":"bd825503f9594ff43eec91e01f619746a971e6b7","sha256":"3086a0580de3412676063506de4f3599db8d78710c3e444371e5f929e30ef810","sha512":"849adba458e9fb10a4fe779619c046808313fbad997d0646f004a1f7b49a1bd7b355019ba8196c5af18599403e3b7309a567ca70e92105344e80011a65ed74c2","ssdeep":"1536:HlEAbWcm8lAv55LcC0/BJ26uZk+vwBZgAZ+2jHWSSMw0DuEjS0p1gqcw8zZKO2I:F7Wc1Gx0/T8vt2jGeDuE2Umg8z72I","tlshash":"5a93127b57b631155fc86066fe2b7e04169f0ab0f6c455f488fad8a2511ecf7d8a40b0","first_seen":"2026-06-02T06:04:36.865665Z","last_seen":"2026-06-02T06:04:36.865665Z","times_seen":1,"resource_available":false,"data":null}},"time_used":617,"timings":{"blocked":607,"dns":0,"connect":0,"send":0,"wait":6,"receive":4,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.117970+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":41,\"bytes_toserver\":3083,\"bytes_toclient\":48105,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56596,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.273194+0000\",\"flow_id\":1462019522991432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56596,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260515-1/0c0262715907b9dbb49909f29d148bd9.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2130},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":200,\"pkts_toclient\":343,\"bytes_toserver\":17025,\"bytes_toclient\":469749,\"start\":\"2026-06-02T06:04:02.103752+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:03:59.499Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:03:59 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nSet-Cookie: server_name_session=62fbe833350a29dc4476602b4105a841; Max-Age=86400; httponly; path=/\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MCDzMVVJtupocKxFBalJNpVKiw9BiYpDiqOf5DWL3H6oHMv3XmBP%2FIA5kQLFJCbD9S44alo3JpCOZ1ac3DwR99rQ2V62vUv9n7y3ihLfs9umsWjB12zggN5neOdZ%2Bintol9YObKDfnqz%2FU08\"}]}\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: a0544210d82f56c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4257,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (352)","md5":"ca03d5271f207009b89dc589c0e562b8","sha1":"6a7329364a559deb4ba9d7c7f12c8f52bb051c62","sha256":"46c14b2fd55b81f417d29c8101ae42544f70fa3b276a3a514f042de46087d550","sha512":"0004a63bfa4be43342e1e4cad9e5f4120659674fc5efc90367ad7e1a20fa5e412c8433f6b752d5f126e329667f4017671e97537fce09458b745c565f889b95cb","ssdeep":"96:quLjZwQLRspKW1h8fB/0X3iGqW0ltME1ibA2Gj:vLF79spKigJ0CnVltMcibA2Gj","tlshash":"c591762767416c3af31a4279af993b89351b8407ef07af91f2ad243cc741cba44366c4","first_seen":"2026-05-13T12:03:10.326185Z","last_seen":"2026-06-02T06:04:36.879228Z","times_seen":2,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":1,"dns":1,"connect":1,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:03:59Z","timestamp":1780380239,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:03:59.749273+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":719},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":682,\"bytes_toclient\":2957,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260513-1/25ce8cd3c62cfd14cd24621642ac937d.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.156Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260513-1/25ce8cd3c62cfd14cd24621642ac937d.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 13 May 2026 06:55:06 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a04204a-17e9a\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CJb7m7zecIjjjUbMq1NRjFENayRPYTEYIiRvGA3EFfUiODMtnZPaPucyg9Axs1kqeBafMONId6Bn8EcDPwgNn8ZKjz7rvQMUM4H0ro2Nd%2FLd6bBcPDVbbSKTK6kOXPYd8G5hG8COM3FBSbxd\"}]}\r\nCF-RAY: a0544228ea343181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97946,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 100","md5":"caf334a9d9bb128de5abb80adeb19656","sha1":"ebc5e646c95612cf2471387835d3f313f01eac80","sha256":"d805feade39608b03ab8351b5ecbb171833330d6d174f5600e3994c66645d157","sha512":"a919a2c31d8c8c1929665ec53c5758323c75615b995a5b37ba8338d27fdec7fc464590176485e886fe1882ba4f6a6b30aa035be4ffe67d4d7346a80341419eff","ssdeep":"1536:1+jugNcBIwPKWRyNxYV01vtSIUslLXLj0bgVJbmKGI3n0Wa76sycRJZOW2y5iFpq:1+juOu1P7KVS7s1j08VsI3syET2FFK4M","tlshash":"bfa30244cd5cbc12fe2f2bd648db3524f786cd5a07cce5ea92872cb6945207321a9b2d","first_seen":"2026-05-13T12:03:10.32963Z","last_seen":"2026-06-02T06:04:36.882287Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1631,"timings":{"blocked":1186,"dns":0,"connect":0,"send":0,"wait":253,"receive":192,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.595631+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260513-1/25ce8cd3c62cfd14cd24621642ac937d.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2143},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":77,\"pkts_toclient\":96,\"bytes_toserver\":7400,\"bytes_toclient\":124235,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.166Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T16:55:47.229708Z","times_seen":16084598,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.292216+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260529-1/5f4b9339ee630216fe628594d676ac51.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":65,\"pkts_toclient\":142,\"bytes_toserver\":7669,\"bytes_toclient\":183645,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:04.453Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1; _pk_id.27.5e61=9f5e0374c2a18f08.1780380244.; _pk_ses.27.5e61=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Tue, 19 May 2026 04:00:43 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a0be06b-78ad\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uIv8%2BLKxfx1dREwfdK4HmAKqqwSjmLIlu5n03yIOG5h%2FAh0aNpaXXDRqHv7YsKURtGIEyWUAyluIPwldSQ8gnrAlHzmXDYaGOuW8b0%2BJ3YlSq6Cenikx27iB3WWaUjjW0xPOXQtuSrl%2BhVYG\"}]}\r\nCF-RAY: a05442304f660b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30893,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 320x180, components 3","md5":"4bafc138f7919701bb79371ced63d60e","sha1":"2273a399347ffd5fb9c02235967ee2aec2ad2e81","sha256":"a1cb045f00d95c86fcf2d0001cc13be39b4f7c29ab6d1dcb3e66e841331db8dc","sha512":"349fdfd83035984f06f552d2f5421fc6ef80c9ec31084c0a23a0e5994dfcb4b69e2e79dcf0b46475d603a85e282e8fd9cd542e507c8679b1dbe9f0f2bd0e7ae0","ssdeep":"768:w4pLFkpp9muegKYbAYgLzjeHff55Ub5eP3NqPEUFH+EOu:wsmpPmyKEZiIHXUl6gcm3","tlshash":"0cd2f11fda6414c1ea27c672d22b50c6486b9701a76eb3826f59fcf23ed934f3105d89","first_seen":"2026-06-02T06:04:36.883812Z","last_seen":"2026-06-02T06:04:36.883812Z","times_seen":1,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":69,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.123737+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7931},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":40,\"pkts_toclient\":54,\"bytes_toserver\":5410,\"bytes_toclient\":59737,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.529369+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":58,\"pkts_toclient\":98,\"bytes_toserver\":5546,\"bytes_toclient\":141490,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260411-1/6f09b78fbb6d8cbbb96f2e35fccac082.gif","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.161Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260411-1/6f09b78fbb6d8cbbb96f2e35fccac082.gif HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Sat, 11 Apr 2026 10:40:35 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69da2523-7d673\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pPPSPr5iI5hBEnBqyHfgM0r16fUk202r0h%2FMpbMvOnVVg1lPyrd7aRYfETHF%2Bd1hm7ywUbIf8DXUFLlyWj%2BlQ%2FTFhY3lJM1xZPPIhmvq8TqC2X1SHlK2NOn%2Fzc7OX8SdjA1089oSdHn7V3dL\"}]}\r\nCF-RAY: a054422a2dc73181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":513651,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"d3c80376b5f8aaf27723df6e23a1ab8a","sha1":"e860520c52e01b36515bea3830f900765db884d0","sha256":"88283decf174eefc3c16d45edf6e2cdc9794ac4b95be528e5958a04b867e94e4","sha512":"218f8b709b1844a47f5eaa46aaead504371481ad513c34a7d629eda8d4a9998cdfd935bcb4e6f3268b745bfcb6e31392af5cca0f4053c5a3f1f08f954d051191","ssdeep":"12288:/rIm+BMyD8ZQByg3fN6G95LDtRh2hPmG96KLVjm4K:/kJBMyDhn3fHDtRYzvVjm4K","tlshash":"4cb42324c1550c48c1f2ace923cafefdb50a1da7e969d196eac0ff90940336e6cd99c5","first_seen":"2026-03-22T14:32:35.900495Z","last_seen":"2026-06-03T05:18:03.399839Z","times_seen":49,"resource_available":false,"data":null}},"time_used":2101,"timings":{"blocked":1384,"dns":0,"connect":0,"send":0,"wait":237,"receive":480,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56612,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.782528+0000\",\"flow_id\":2209320210176535,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56612,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260411-1/6f09b78fbb6d8cbbb96f2e35fccac082.gif\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/gif\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2135},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":54,\"pkts_toclient\":111,\"bytes_toserver\":5957,\"bytes_toclient\":142432,\"start\":\"2026-06-02T06:04:02.104983+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.193Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:17:44 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4d88-18161\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cVKrZjhuZES7BDaZsMUBIGlDs7e6S%2BtAmb%2BOFj1%2BiF0qXFuTR%2FjQ2jUI%2B%2Fy8mivBhUVgrVzR8ozzU2xYCKjBrdcBuFEW7aECQRaZHO5OCHK7Px6FkWO6FkZY%2BUY5y1e4gSAV7EvXuD9dJ7WU\"}]}\r\nCF-RAY: a0544225f9b03181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":98657,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced","md5":"3c01a14da2c973dc6ec861f081ca05e2","sha1":"687ebe56e498c95d6d5aab69ca4ae1725c2b47bc","sha256":"35d20fa4c3e1b9eb378b135c2255e7e1afa36c518dfe8a4033746a56dd1fb0b1","sha512":"b9a1003e4259b0fe1a36efe40dc768e6f4c9b2d4368e904a4f04524c42e0c091d10e816e60e0d087dbb8479b0425aef312342453d6a71cabaadf3dfd105f5950","ssdeep":"1536:r+XltQxYwaokBa0ZkahBKvwTE/ZVtI4Z4/lE51yeHLMubPHaZodZi:r+1yna3a0ZNL1T+ZVDK/65wu1vaZeZi","tlshash":"9da312b1ff2e9244ba2d500f41e8b45f191b2b2df87629a22246d4feff9040d495c8bd","first_seen":"2026-06-02T06:04:36.885992Z","last_seen":"2026-06-02T06:04:36.885992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1149,"timings":{"blocked":684,"dns":0,"connect":0,"send":0,"wait":253,"receive":212,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.130089+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":683},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":22,\"bytes_toserver\":2618,\"bytes_toclient\":19829,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.281105+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6482},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":163,\"pkts_toclient\":313,\"bytes_toserver\":14592,\"bytes_toclient\":428412,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:03.663Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:17:44 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4d88-18161\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IFv4PIEr4Xy2XOojiq75S9QeURsNkEH91wOhDTjlIeGFNh7AJPJhFboXbjE3ov22CoyYFqMjMXiy98GZmPMvOs7rXn1Ajcw6EfiF5NVoUsVOih7RAE63Qvk5y20Bu7GnLcQV9UkX0rAVpWHF\"}]}\r\nCF-RAY: a054422ebee33181-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":98657,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced","md5":"3c01a14da2c973dc6ec861f081ca05e2","sha1":"687ebe56e498c95d6d5aab69ca4ae1725c2b47bc","sha256":"35d20fa4c3e1b9eb378b135c2255e7e1afa36c518dfe8a4033746a56dd1fb0b1","sha512":"b9a1003e4259b0fe1a36efe40dc768e6f4c9b2d4368e904a4f04524c42e0c091d10e816e60e0d087dbb8479b0425aef312342453d6a71cabaadf3dfd105f5950","ssdeep":"1536:r+XltQxYwaokBa0ZkahBKvwTE/ZVtI4Z4/lE51yeHLMubPHaZodZi:r+1yna3a0ZNL1T+ZVDK/65wu1vaZeZi","tlshash":"9da312b1ff2e9244ba2d500f41e8b45f191b2b2df87629a22246d4feff9040d495c8bd","first_seen":"2026-06-02T06:04:36.885992Z","last_seen":"2026-06-02T06:04:36.885992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":620,"timings":{"blocked":613,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.130089+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":683},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":22,\"bytes_toserver\":2618,\"bytes_toclient\":19829,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.281105+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":7,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260204-1/277675d876c906ae7d6cea0dc87ec165.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6482},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":163,\"pkts_toclient\":313,\"bytes_toserver\":14592,\"bytes_toclient\":428412,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:04.451Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841; kt_tcookie=1; _pk_id.27.5e61=9f5e0374c2a18f08.1780380244.; _pk_ses.27.5e61=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:04 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 06 May 2026 14:15:23 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"69fb4cfb-3aff\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nAge: 1\r\ncf-cache-status: HIT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AJ5zOe3MU3u7vMfsChPzGWUdWOJveWb5IwcTMQWJHjZpvZJtSsSbkmtYl48e5WjsYDLznUYU1FafDVCL1sTfEoMB0Qz8pYk7PY0V3kMoyxV5q58JwR%2B%2F2iNwW4oQKzQ3GUyR%2BVDGPnWKJ5lb\"}]}\r\nCF-RAY: a05442303f5c0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15103,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x180, components 3","md5":"a17796bef68775c75d0aaddc7cb2ca62","sha1":"fbc5940e8dd19bc64f524014b6e4d4badb13269f","sha256":"f25812995d78b9d5299f8241bd351cb65044dd609d351d417be89645be469072","sha512":"f065f38de7aada402a4df6965c2b1a625d13aab9609a3ea0d4594a5f50e27e849bd30986d39b3f47e536637c2c081e34c66c8bedefb5472aaadac38ec22afb53","ssdeep":"384:EJpzUqdS350wwj02GET9rBeMU7bwNYjM1yMa0i6MWdvB:8pzw5/i0lkrBeN7NYyl0i6MWdvB","tlshash":"a162d0dfbf40c260832322fe6148d4bd32a79570be90f92f1d88ca1c0f61c842e9a498","first_seen":"2026-06-02T06:04:36.847306Z","last_seen":"2026-06-02T06:04:36.847306Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56640,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.120693+0000\",\"flow_id\":2196259214631679,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56640,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6475},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":17,\"pkts_toclient\":33,\"bytes_toserver\":2981,\"bytes_toclient\":36258,\"start\":\"2026-06-02T06:04:02.107263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.520745+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260427-1/9cf6bac300ab8591e9b41a3c71197bfa.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":51,\"pkts_toclient\":86,\"bytes_toserver\":4514,\"bytes_toclient\":124836,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/chu/js/main2.min.js","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.136Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/chu/js/main2.min.js HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:02 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Fri, 28 Apr 2023 17:49:46 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"644c073a-58c2d\"\r\nExpires: Tue, 02 Jun 2026 18:04:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WjuKdL2x4AVqtU6lVliQz4jQ5tmWmG0LFKTFgk%2F1MDtbSJ1HuPnRjzhgb2yNnZBVCZXLMyetAWujQ2fOqa%2BMkupDpCByQd7VtE3cvqiP%2Bz1XfxH4aWHCBLs7WWqfchEx%2F%2ByL9hS08tMJE0qx\"}]}\r\nCF-RAY: a0544222beca0b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":363565,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"4568c5491bf930ba319299ce27c83b67","sha1":"eec434aa926e6ca58e5953b292adfd393b64c379","sha256":"53c5840c77e5cba02e6765a74fc9481c75fa7c517d64079958ff2a97b660b72e","sha512":"fa4b6f97e4d587b0eb7a54c5b8ba20aac2cf467d8c535ebcf98fa2640aea6f07c3ccbd214e827d23955a87617b9925af381bb6f1b343c68e2318883d88920ab7","ssdeep":"6144:R8hXcF+BQwD7lXm7QK7VhFJKGuztZDpQHdKpx2dSgCesF2IcTA+E:RAcoBQw3IhDJKGKZDpQHdKwCesbcTA3","tlshash":"0f74c8c1f3dd25378656701a5c3e98cc713da43a9a848cefbd9cb0a528a483d5376e39","first_seen":"2023-03-07T18:50:38Z","last_seen":"2026-06-02T06:04:36.887261Z","times_seen":182,"resource_available":true,"data":null}},"time_used":606,"timings":{"blocked":222,"dns":0,"connect":0,"send":0,"wait":222,"receive":162,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:02Z","timestamp":1780380242,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:02.579463+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/chu/js/main2.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6468},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":20,\"bytes_toserver\":1618,\"bytes_toclient\":22624,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.187Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Sun, 17 May 2026 15:55:28 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a09e4f0-d0cf\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rzfahmaqhgy%2Ba4lyHXOJHj69kDXtF40JUgxfPCgtj38hUuhy86Dq9ojkvZo5XJU%2FpsRWBzcVfHwhMjyovrNU8oRAPpe1MRR5QGNhbWAciyhkCwjWn0%2BN4vkM%2F1Bw3VyheMtmseEamuGCK0EP\"}]}\r\nCF-RAY: a0544225f8c00b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 720x405, components 3","md5":"6259c0d67cd7020edb5b3f4cb462f04f","sha1":"dabfffe015fb7775332489d82b5d4ef2437f223e","sha256":"4138d07a01c4c98643a20a67d33a190320f079cdc3dfbeba97c50a4ce48f5a47","sha512":"a33167b1cf7ec14b73fe852b3cf973e593bdc59cd8255bf8be9768c36b517ac3a65a0ba6eb2bba01bb6b783dca0c51351460816acfba33d81c671327675b3c31","ssdeep":"1536:pGg+/ceKo0Wg/nVHgmpLYcJBrU7f3v2OfIX:prUKo0Wg/1gmRfrWf3OPX","tlshash":"6233f13e060e85ede57fa9b1c9b54216e612f6687e81213dc570d8e3a8366bf0c8dd1c","first_seen":"2026-06-02T06:04:36.8689Z","last_seen":"2026-06-02T06:04:36.8689Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1149,"timings":{"blocked":690,"dns":0,"connect":0,"send":0,"wait":243,"receive":216,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.119873+0000\",\"flow_id\":959317223317020,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56624,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6481},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":38,\"pkts_toclient\":97,\"bytes_toserver\":3892,\"bytes_toclient\":127483,\"start\":\"2026-06-02T06:04:02.106012+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56652,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.274211+0000\",\"flow_id\":571548248482814,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56652,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260517-1/740d2271d3012844de4b8b80c675b62a.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":6476},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":160,\"pkts_toclient\":282,\"bytes_toserver\":13888,\"bytes_toclient\":384288,\"start\":\"2026-06-02T06:04:02.107518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.199Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.t56qv7.czyjsosio.buzz/channel/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Tue, 19 May 2026 04:00:43 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nETag: W/\"6a0be06b-78ad\"\r\nExpires: Thu, 02 Jul 2026 06:04:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncf-cache-status: MISS\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D4I4XFTCrWWy9UDj5qualHhYHnCm4365SurfcylAjr80he8GIr053enTLLRZEhKCVkchnqz1qqPSgutErefSwS%2BPMjEqkH%2BYv04kD05SpMnBw8PONvheStBHFR%2FsW65VOEtmDd5xJOE5B3IY\"}]}\r\nCF-RAY: a0544225fe3756c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30893,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 320x180, components 3","md5":"4bafc138f7919701bb79371ced63d60e","sha1":"2273a399347ffd5fb9c02235967ee2aec2ad2e81","sha256":"a1cb045f00d95c86fcf2d0001cc13be39b4f7c29ab6d1dcb3e66e841331db8dc","sha512":"349fdfd83035984f06f552d2f5421fc6ef80c9ec31084c0a23a0e5994dfcb4b69e2e79dcf0b46475d603a85e282e8fd9cd542e507c8679b1dbe9f0f2bd0e7ae0","ssdeep":"768:w4pLFkpp9muegKYbAYgLzjeHff55Ub5eP3NqPEUFH+EOu:wsmpPmyKEZiIHXUl6gcm3","tlshash":"0cd2f11fda6414c1ea27c672d22b50c6486b9701a76eb3826f59fcf23ed934f3105d89","first_seen":"2026-06-02T06:04:36.883812Z","last_seen":"2026-06-02T06:04:36.883812Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1012,"timings":{"blocked":678,"dns":0,"connect":0,"send":0,"wait":247,"receive":87,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.123737+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7931},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":40,\"pkts_toclient\":54,\"bytes_toserver\":5410,\"bytes_toclient\":59737,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:04Z","timestamp":1780380244,"ip_dst":{"addr":"104.21.1.109","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":56656,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:04.529369+0000\",\"flow_id\":457697255532269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":56656,\"dest_ip\":\"104.21.1.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/upload/vod/20260519-1/1c8e743911519bdbb2c84b87b1a58214.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/channel/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":58,\"pkts_toclient\":98,\"bytes_toserver\":5546,\"bytes_toclient\":141490,\"start\":\"2026-06-02T06:04:04.501485+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.t56qv7.czyjsosio.buzz/template/s/k2d/v4/J7aenpF2V0Er24c5k5Y9xJlCGg.woff2","fqdn":"www.t56qv7.czyjsosio.buzz","domain":"czyjsosio.buzz","tld":"buzz"},"ip":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.t56qv7.czyjsosio.buzz/channel/","date":"2026-06-02T06:04:02.969Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /template/s/k2d/v4/J7aenpF2V0Er24c5k5Y9xJlCGg.woff2 HTTP/1.1\r\nHost: www.t56qv7.czyjsosio.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\r\nCookie: server_name_session=62fbe833350a29dc4476602b4105a841\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 06:04:03 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jxwD2%2B13yDympD3GkvkHKp2XckvikMvkle%2BjewnserE5P3MyaaGxfrPZPWqB21x6umGZvp9wHRznU%2FVf9GTYXwwqqEJrZmbQprpwYsrXplLDT5XHHifPLNd0nz1nlkSQYtWp7K3HADYJRpVj\"}]}\r\nCache-Control: max-age=300\r\ncf-cache-status: MISS\r\nCF-RAY: a0544228087f56c0-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-06-03T13:23:17.263814Z","times_seen":3393,"resource_available":true,"data":null}},"time_used":500,"timings":{"blocked":242,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-02T06:04:03Z","timestamp":1780380243,"ip_dst":{"addr":"172.67.129.44","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":44998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2026-06-02T06:04:03.467615+0000\",\"flow_id\":2136028740558785,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":44998,\"dest_ip\":\"172.67.129.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":6,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"www.t56qv7.czyjsosio.buzz\",\"url\":\"/template/s/k2d/v4/J7aenpF2V0Er24c5k5Y9xJlCGg.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.t56qv7.czyjsosio.buzz/template/chu/css/fonts.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":489},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":45,\"pkts_toclient\":70,\"bytes_toserver\":6278,\"bytes_toclient\":78491,\"start\":\"2026-06-02T06:03:59.499649+0000\"}}"}],"analyzer":null,"urlquery":null}}]}