{"report_id":"20b632de-02d9-44cb-9b8d-80ed561b9de2","version":6,"status":"done","tags":[],"date":"2026-02-22T12:45:33Z","url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"38.182.168.148","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"title":"请使用域名访问","dom":{"size":7269,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5a9303f09a62c0fdb76428e11fcdd44c","sha1":"db9d3c6e1e9290837e24c26e383d19a2a46b4d62","sha256":"75774b71e92ae7e1e4e6379f43e3e52fac4f25688e3164984120dbc39892495a","sha512":"e44151836310a49dbe4e471eafbd299421feb9cefb2cdf761cd8a441e10698e25e317b3d3bb44ac4bde2e68cb885c9b803471d5cb2a755947e611a2a2b778473","ssdeep":"96:xG/4XzO/z/47Ze2XVvVBAXMyyJ2MRT/3k:Q/Hb47Ze2XXidyJXL3k","tlshash":"97e11497a2f301672837b0995ff78b567a90e403c44fda593f9c238c8f89ad5a95324c","dom_hash":"domhashbefdb072ef6b0ce8dbb2fa21b89f8b78","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"38.182.168.148","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-29T12:45:33Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T12:45:12Z","timestamp":1771764312,"ip_dst":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":56472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-22T12:45:12.382737+0000\",\"flow_id\":860505192801193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":56472,\"dest_ip\":\"38.182.168.148\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www._9527._https.fd3g.sbl0926vcl.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":693,\"bytes_toclient\":413,\"start\":\"2026-02-22T12:45:12.074665+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www._9527._https.fd3g.sbl0926vcl.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":3,"received_data":15664,"sent_data":1323,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ea2ea578a9f25b02203077b090c6522","sha1":"d24c06c2f3e0fcb920d959d9d6ef4ae40d54aa2f","sha256":"d36d57db53fbd69953d1e8b46ee5bddce179a2ac00b5a36d524b022852ccd4e5","sha512":"188dfd1772800f39672e12eee196dcf1a00cfdd4ba57be9dbb18fbc50ee677704d0a68264bb4e4c81eae222eae7f2c3d623a83761c42feb925d57f1dfc93268c","ssdeep":"","tlshash":"76a012533748142086aa70564150538c6031500238819036691d0200454060190780c0","size":84,"data":"","first_seen":"2025-01-03T09:08:41.81888Z","last_seen":"2026-04-04T04:10:51.75871Z","times_seen":1146,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T12:45:12Z","timestamp":1771764312,"ip_dst":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.50","port":56472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-22T12:45:12.382737+0000\",\"flow_id\":860505192801193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":56472,\"dest_ip\":\"38.182.168.148\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www._9527._https.fd3g.sbl0926vcl.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":693,\"bytes_toclient\":413,\"start\":\"2026-02-22T12:45:12.074665+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T12:45:10.616Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www._9527._https.fd3g.sbl0926vcl.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T10:49:22.366716Z","times_seen":13328728,"resource_available":true,"data":null}},"time_used":1123,"timings":{"blocked":1123,"dns":0,"connect":155,"send":0,"wait":0,"receive":0,"ssl":158},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T12:45:12Z","timestamp":1771764312,"ip_dst":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.50","port":56472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-22T12:45:12.382737+0000\",\"flow_id\":860505192801193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":56472,\"dest_ip\":\"38.182.168.148\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www._9527._https.fd3g.sbl0926vcl.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":693,\"bytes_toclient\":413,\"start\":\"2026-02-22T12:45:12.074665+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T12:45:12.077Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www._9527._https.fd3g.sbl0926vcl.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 7286\r\nCache-Control: private, no-cache, must-revalidate\r\nContent-Type: text/html; charset=utf-8\r\nServer: Xcdn\r\nDate: Sun, 22 Feb 2026 12:45:12 GMT\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7286,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"e458195b3ef561ff1e67db5a25a581e9","sha1":"882cc776349e59489c9869f1e8f1d2589539f20e","sha256":"27ccd2cad96d39034995ae53277cc613bc62a88f7b25f1b6d3fc8f6c6aa4cb1d","sha512":"7847106f4e2daf24754c6449ea6879352822b67c04639b244c41a6c2fde98adcbb9009c40e744e551b17cba092552c5365b26d17d4a7c1960c8a35303a4b0d64","ssdeep":"96:9O/4XzO/z/47Ze2XVvVBAXMyyJ2MRT/3k:k/Hb47Ze2XXidyJXL3k","tlshash":"73e10397a2f301672827b0995fe78b567690e403c44fda593f9c238c8f89ad5a95324c","first_seen":"2026-02-22T12:45:37.997226Z","last_seen":"2026-02-22T12:45:37.997226Z","times_seen":1,"resource_available":true,"data":null}},"time_used":461,"timings":{"blocked":151,"dns":1,"connect":154,"send":0,"wait":154,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T12:45:12Z","timestamp":1771764312,"ip_dst":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.50","port":56472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-22T12:45:12.382737+0000\",\"flow_id\":860505192801193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":56472,\"dest_ip\":\"38.182.168.148\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www._9527._https.fd3g.sbl0926vcl.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":693,\"bytes_toclient\":413,\"start\":\"2026-02-22T12:45:12.074665+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www._9527._https.fd3g.sbl0926vcl.top/favicon.ico","fqdn":"www._9527._https.fd3g.sbl0926vcl.top","domain":"sbl0926vcl.top","tld":"top"},"ip":{"addr":"38.182.168.148","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www._9527._https.fd3g.sbl0926vcl.top/","date":"2026-02-22T12:45:12.529Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www._9527._https.fd3g.sbl0926vcl.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www._9527._https.fd3g.sbl0926vcl.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Xcdn\r\nDate: Sun, 22 Feb 2026 12:45:12 GMT\r\nContent-Length: 7927\r\nCache-Control: private, no-store\r\nContent-Type: text/html; charset=utf-8\r\nx-request-id: 019c8561-ea28-7520-a573-b16c1d73bd78\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":7927,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"162ac74a9867c2999b4d9755ead29967","sha1":"0b5d8005b38cd430a078efed0aed90c693ac20ce","sha256":"6bffe6c0d86660f43ba991b679c38982f1c84cbe14176c55f0e28df687aee851","sha512":"a7a15daaa205d48d54d6781632784d6905470934c4f3747141d5212eb4cce626971a8079f87dca9722b941d72fe3554537ff19619a52f38fe551d0ac9fb79825","ssdeep":"192:NY2sOGS1gpWh8l/XI+JnJByMpJ5I/POUi:u3bxFByMpJEs","tlshash":"b1f1122f6a9100113c03a4937bb66f94b5714543a156cdf57cece2c8ef8693ba6d3788","first_seen":"2026-01-17T06:26:51.07572Z","last_seen":"2026-04-03T20:52:22.564635Z","times_seen":144,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":155,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}