{"report_id":"37ffe49a-7d78-44c2-a85b-14c3844b2634","version":6,"status":"done","tags":[],"date":"2025-12-08T23:45:19Z","url":{"schema":"http","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.16.194","port":0,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"title":"This Page Does Not Exist","dom":{"size":4517,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (533)","md5":"a0e6f69884b7c7dcb30bf6bea3f6460a","sha1":"8793f756a8339cc6647c9c0af8a2dc2209c3f01c","sha256":"66b529e935dbb5ee2c0f97c6487e32df9b60017873cc3e84f83043b296fd7dc6","sha512":"60a0a6412612586bb91b51655043ab857323f9661f39b050bc74db5a42173d6381e55453956f267fce5356879bc2fe8b66b4c82514e9f81411dc7a68fc3f2bc4","ssdeep":"96:er+uKojsBwJG8YMVcMiLsL/GSrrLc62hroZeD:eydasBwJG8FVxOSf2hroZeD","tlshash":"8a91f98f25f381056643d9d077f9b5189a54400bfa85ecb4bdae9218cfc4bca45a3bdc","dom_hash":"domhash21bb93f5c1d1c5a8fd136bf9d77622b5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.16.194","port":0,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-12T23:45:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-08T23:44:57Z","timestamp":1765237497,"ip_dst":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.15","port":54394,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-08T23:44:57.758721+0000\",\"flow_id\":320921616845052,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":54394,\"dest_ip\":\"92.113.23.141\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"nekbj.top\",\"url\":\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"length\":795},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":737,\"bytes_toclient\":1495,\"start\":\"2025-12-08T23:44:57.526588+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-07T22:17:02.440237Z","alert_count":0,"request_count":2,"received_data":63827,"sent_data":959,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"nekbj.top","ip":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":8,"request_count":5,"received_data":1393367,"sent_data":2575,"comment":"","tags":null,"fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-07T22:16:37.28363Z","alert_count":0,"request_count":1,"received_data":393375,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-07T22:13:56.807982Z","alert_count":0,"request_count":1,"received_data":37767,"sent_data":553,"comment":"","tags":null,"fingerprints":null},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2025-12-08T00:25:17.96889Z","alert_count":0,"request_count":1,"received_data":122144,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"8c819feec6f0949d46b480103519d1e2","sha1":"af87637abad0432264ad6c83404f29c83f2c0e66","sha256":"a705043af6f3effd36fc1e600aef395c7af72a8553d918eeef1c12c16f98a23c","sha512":"aa165a6998ff6fc55a9fc57f435cf4c0d3adb6d9a8877e8569c1f34b98b68f22d191b054ecbd8afd0cb35d864b9e6e0ad76cb32aac43b338176a9e73901fc25d","ssdeep":"","tlshash":"0bf05c4a30b5356c9293f5ea53bf9c1ab629230f959465b3bc2cc6185f9056a0398b8c","size":523,"data":"","first_seen":"2025-04-24T13:29:21.913693Z","last_seen":"2026-04-04T05:07:10.177108Z","times_seen":1430,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-08T23:44:57Z","timestamp":1765237497,"ip_dst":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.15","port":54394,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-08T23:44:57.758721+0000\",\"flow_id\":320921616845052,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":54394,\"dest_ip\":\"92.113.23.141\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"nekbj.top\",\"url\":\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"length\":795},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":737,\"bytes_toclient\":1495,\"start\":\"2025-12-08T23:44:57.526588+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/sandbox%20eval%20code","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T14:47:47.336825Z","times_seen":772259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T14:47:47.338663Z","times_seen":770711,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF\u0026cx=c\u0026_slc=1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e1d4ed179be214fc924ffaa9cbc5b04","sha1":"36f668aac09d91c5ac577ed8dab4a30829d8e872","sha256":"ad59c85804a39e16359328d4839affe5ee4a9c6ff7c61ecbeb6c8cc7da39fd07","sha512":"e45ad79bc400bf4bd610012176107c49efe08b91f1f741d81a9e4797ba3e0b1785e13aa622680acbe09fd4fabbfc9edaf68c64a2395e603b49a7ebfb81900442","ssdeep":"6144:0yS9mynndgbw4GmPoiB0Mqtw0+TCyZ+QFYNxNHITSk:80EdZ4G8oIZ+ZfhIB","tlshash":"20841ace73ca74665392b478503f018ba57b68a2f44dc899f189cce42e7469a0277f7c","size":392771,"data":"","first_seen":"2025-12-08T23:45:24.699342Z","last_seen":"2025-12-08T23:45:24.699342Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/sandbox%20eval%20code","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T14:47:47.336825Z","times_seen":772259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-04T14:47:47.338663Z","times_seen":770711,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=DM+Sans:300,300i,400,400i,600,600i,700,700i,800,800i","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:57.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=DM+Sans:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 08 Dec 2025 23:44:58 GMT\r\ndate: Mon, 08 Dec 2025 23:44:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8455,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"67b8cc92ec2d46836bc0148557684907","sha1":"a542f6b26db1df20cca5967166c2204d03bf073e","sha256":"76edfc2dd95538695199830c0c3ae465f9fa2da5dfb5ae1f3b126575bf2eeb09","sha512":"e9cc93e58acbd5012427f37452bbef4e6b9e92be0830174cd5e28675919fcb7674d9747ef29ef78b83b9860d227a05f7b180d85072ca1e63f8ce579c688bfd53","ssdeep":"192:MlQVlkkQVkk2QV2kpQVpkIQVIzwo+2wx+kw3+PwM+qwF+3:MGevXZ1iSLno4qw3","tlshash":"0d02ee81083ba154a7932dc422de7d32ef1fa19464456c64abfe2888fc66c7e537274c","first_seen":"2025-09-12T01:35:37.061647Z","last_seen":"2026-04-02T11:00:25.952118Z","times_seen":1260,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":76,"dns":0,"connect":7,"send":0,"wait":19,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-08T23:44:57.527Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/ HTTP/1.1\r\nHost: nekbj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Mon, 08 Dec 2025 23:44:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 795\r\nConnection: keep-alive\r\nLocation: https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\r\nplatform: hostinger\r\npanel: hpanel\r\nContent-Security-Policy: upgrade-insecure-requests\r\nServer: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: e9ef105e8adb6ee36c48e7d2316a543c-fra-edge1\r\nx-hcdn-cache-status: DYNAMIC\r\nx-hcdn-upstream-rt: 0.184\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":24,"dns":1,"connect":24,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-08T23:44:57Z","timestamp":1765237497,"ip_dst":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.15","port":54394,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-08T23:44:57.758721+0000\",\"flow_id\":320921616845052,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":54394,\"dest_ip\":\"92.113.23.141\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"nekbj.top\",\"url\":\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"length\":795},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":737,\"bytes_toclient\":1495,\"start\":\"2025-12-08T23:44:57.526588+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,600,600i,700,700i,800,800i","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:57.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 08 Dec 2025 23:44:58 GMT\r\ndate: Mon, 08 Dec 2025 23:44:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54000,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"082a4bbbbcbbeb6f24f6c6147f85125f","sha1":"ce74c7674f4a3e83b5f179b693cd9bea62a09b15","sha256":"6c447235a21f9b6df44ead067126d548f26d59243fb5cd9e28919c92f4475c31","sha512":"68cbdd124fb0ce130e69b85878f85ba3a0ee8e393f779932a7f72a43d9e107cb3640e6e975c986f30c447f363a604867ca30edcc131b88fc525ecbf6065d04ca","ssdeep":"768:cmUzmz9FEoY+LNuLzEF95p0VjkVzOFTfPPq4/qz5FoE0afBKfzAFxVFw8XguBSi8:X6GdWKJxA9n","tlshash":"39330e61041b6040ab835ce223ce7e34fe0f92547141d075e7fdab6baddbda6526836c","first_seen":"2025-11-19T09:49:12.08159Z","last_seen":"2026-02-19T21:13:15.17424Z","times_seen":948,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":128,"dns":0,"connect":9,"send":0,"wait":21,"receive":0,"ssl":127},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/htdocs_error/page_not_found.svg","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:57.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nekbj.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 02:12:52 GMT","end":"Wed, 25 Feb 2026 02:12:51 GMT"},"fingerprint":{"sha1":"1A:0F:08:FE:DA:4D:11:78:82:6B:6C:7B:BF:B9:65:3E:D6:7C:96:33","sha256":"95:A0:87:83:68:61:8D:36:BD:7C:0A:B5:40:BF:1D:24:67:5F:11:B6:E3:DB:24:12:BD:AD:5A:4A:89:F8:C5:FB"}}},"request":{"raw":"GET /htdocs_error/page_not_found.svg HTTP/1.1\r\nHost: nekbj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 08 Dec 2025 23:44:58 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1008750\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 15 Dec 2025 23:44:58 GMT\r\nlast-modified: Tue, 22 Apr 2025 07:41:12 GMT\r\netag: \"14f3d8-68074818-6a5b78b75d7881f6;br\"\r\ncontent-encoding: br\r\ncontent-security-policy: upgrade-insecure-requests\r\nplatform: hostinger\r\npanel: hpanel\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: 97b4d611d6832d88f788fe079cbbc85d-fra-edge2\r\nx-hcdn-cache-status: MISS\r\nx-hcdn-upstream-rt: 0.281\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":1373144,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"36cb79f024aa3661890918de43f4a151","sha1":"b0e900c9264a9dc348af559ccf8483c5e23afdbf","sha256":"d463975aa0ba0de81d1b4e5f5f7a8ba2b85f631ebb50ceb1b9ee48b0bf828c32","sha512":"5bebd29e6aab4af7fc00c88a7114a4a65f69ab46c75b0f2e6f78af032d4d74354c026bbc0cb86fc9b7b12ffd42f368468a4dccb8a7fd00b9c850ff16a28b7c9e","ssdeep":"24576:KzRgf3MWQ9QJlR53oP/EAfXhm+k9xQxQmC64aDlLfn1Bb0arMeIwyignM+FF522x:3i5tL/flr/zgM+FaX4ntR","tlshash":"7c2523a4de31b85f47bc0970731b4e44f8f88cd6d5cb8ed9821cb64dc059b61a9bd88a","first_seen":"2025-07-28T21:37:14.789601Z","last_seen":"2026-04-04T05:07:10.175613Z","times_seen":1345,"resource_available":false,"data":null}},"time_used":1103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":521,"receive":582,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-9Q6H0QETRF\u0026cx=c\u0026_slc=1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:57.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=G-9Q6H0QETRF\u0026cx=c\u0026_slc=1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 08 Dec 2025 23:44:58 GMT\r\nexpires: Mon, 08 Dec 2025 23:44:58 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 134748\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":392771,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"8e1d4ed179be214fc924ffaa9cbc5b04","sha1":"36f668aac09d91c5ac577ed8dab4a30829d8e872","sha256":"ad59c85804a39e16359328d4839affe5ee4a9c6ff7c61ecbeb6c8cc7da39fd07","sha512":"e45ad79bc400bf4bd610012176107c49efe08b91f1f741d81a9e4797ba3e0b1785e13aa622680acbe09fd4fabbfc9edaf68c64a2395e603b49a7ebfb81900442","ssdeep":"6144:0yS9mynndgbw4GmPoiB0Mqtw0+TCyZ+QFYNxNHITSk:80EdZ4G8oIZ+ZfhIB","tlshash":"20841ace73ca74665392b478503f018ba57b68a2f44dc899f189cce42e7469a0277f7c","first_seen":"2025-12-08T23:45:24.699342Z","last_seen":"2025-12-08T23:45:24.699342Z","times_seen":1,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":127,"dns":1,"connect":22,"send":0,"wait":44,"receive":57,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:58.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://nekbj.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 03 Dec 2025 12:11:19 GMT\r\nexpires: Thu, 03 Dec 2026 12:11:19 GMT\r\ncache-control: public, max-age=31536000\r\nage: 473619\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36932,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-04-04T14:22:07.18223Z","times_seen":16805,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":91,"dns":2,"connect":21,"send":0,"wait":24,"receive":23,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/favicon.ico","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:58.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nekbj.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 02:12:52 GMT","end":"Wed, 25 Feb 2026 02:12:51 GMT"},"fingerprint":{"sha1":"1A:0F:08:FE:DA:4D:11:78:82:6B:6C:7B:BF:B9:65:3E:D6:7C:96:33","sha256":"95:A0:87:83:68:61:8D:36:BD:7C:0A:B5:40:BF:1D:24:67:5F:11:B6:E3:DB:24:12:BD:AD:5A:4A:89:F8:C5:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: nekbj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 08 Dec 2025 23:44:58 GMT\r\ncontent-type: text/html\r\ncontent-length: 1626\r\nlast-modified: Tue, 22 Apr 2025 07:41:12 GMT\r\netag: \"119f-68074818-fd719fa270b27690;br\"\r\ncontent-encoding: br\r\nplatform: hostinger\r\npanel: hpanel\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: 0e48dc6db9be8ece09add8c4e2f6203d-fra-edge2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-04-04T14:27:22.754819Z","times_seen":25562,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-08T23:44:56.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nekbj.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 02:12:52 GMT","end":"Wed, 25 Feb 2026 02:12:51 GMT"},"fingerprint":{"sha1":"1A:0F:08:FE:DA:4D:11:78:82:6B:6C:7B:BF:B9:65:3E:D6:7C:96:33","sha256":"95:A0:87:83:68:61:8D:36:BD:7C:0A:B5:40:BF:1D:24:67:5F:11:B6:E3:DB:24:12:BD:AD:5A:4A:89:F8:C5:FB"}}},"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/ HTTP/1.1\r\nHost: nekbj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Mon, 08 Dec 2025 23:44:57 GMT\r\ncontent-type: text/html\r\ncontent-length: 1626\r\nlast-modified: Tue, 22 Apr 2025 07:41:12 GMT\r\netag: \"119f-68074818-fd719fa270b27690;br\"\r\ncontent-encoding: br\r\nplatform: hostinger\r\npanel: hpanel\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: fe929f59ae7c451aadf3ea22913842c3-fra-edge2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-04-04T14:27:22.754819Z","times_seen":25562,"resource_available":true,"data":null}},"time_used":1103,"timings":{"blocked":400,"dns":352,"connect":19,"send":0,"wait":300,"receive":3,"ssl":27},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-08T23:44:57Z","timestamp":1765237497,"ip_dst":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.15","port":54394,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-08T23:44:57.758721+0000\",\"flow_id\":320921616845052,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":54394,\"dest_ip\":\"92.113.23.141\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"nekbj.top\",\"url\":\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"length\":795},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":737,\"bytes_toclient\":1495,\"start\":\"2025-12-08T23:44:57.526588+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","fqdn":"nekbj.top","domain":"nekbj.top","tld":"top"},"ip":{"addr":"92.113.23.141","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-08T23:44:57.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nekbj.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 02:12:52 GMT","end":"Wed, 25 Feb 2026 02:12:51 GMT"},"fingerprint":{"sha1":"1A:0F:08:FE:DA:4D:11:78:82:6B:6C:7B:BF:B9:65:3E:D6:7C:96:33","sha256":"95:A0:87:83:68:61:8D:36:BD:7C:0A:B5:40:BF:1D:24:67:5F:11:B6:E3:DB:24:12:BD:AD:5A:4A:89:F8:C5:FB"}}},"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/ HTTP/1.1\r\nHost: nekbj.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 08 Dec 2025 23:44:57 GMT\r\ncontent-type: text/html\r\ncontent-length: 1626\r\nlast-modified: Tue, 22 Apr 2025 07:41:12 GMT\r\netag: \"119f-68074818-fd719fa270b27690;br\"\r\ncontent-encoding: br\r\nplatform: hostinger\r\npanel: hpanel\r\nage: 0\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: 59c6e22e5b17e89c94c015a485a52b19-fra-edge2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-04-04T14:27:22.754819Z","times_seen":25562,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-08T23:44:57Z","timestamp":1765237497,"ip_dst":{"addr":"92.113.23.141","port":80,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.15","port":54394,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-08T23:44:57.758721+0000\",\"flow_id\":320921616845052,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.15\",\"src_port\":54394,\"dest_ip\":\"92.113.23.141\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"nekbj.top\",\"url\":\"/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/\",\"length\":795},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":737,\"bytes_toclient\":1495,\"start\":\"2025-12-08T23:44:57.526588+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"nekbj.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nekbj.top/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6516077\u0026pdata=https:/","date":"2025-12-08T23:44:57.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 04:05:50 GMT","end":"Thu, 05 Feb 2026 05:05:47 GMT"},"fingerprint":{"sha1":"CE:AE:8E:FE:2A:86:03:2B:16:43:FF:98:36:53:B2:ED:10:BF:FD:23","sha256":"95:CB:A8:7B:9C:88:98:F1:EF:D6:C9:79:E1:98:63:76:71:B7:BD:E2:89:6D:CD:55:61:DB:C0:4E:B1:1E:67:F7"}}},"request":{"raw":"GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nekbj.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 08 Dec 2025 23:44:57 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 9ab0223a09a8b4f9-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"ec3bb52a00e176a7181d454dffaea219\"\r\nlast-modified: Mon, 25 Jan 2021 22:03:59 GMT\r\ncdn-cachedat: 02/25/2025 23:55:13\r\ncdn-proxyver: 1.19\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1077\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 3d6d3e43a53f02c8432187205f960146\r\ncdn-cache: HIT\r\nage: 1459594\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":121200,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65371)","md5":"ec3bb52a00e176a7181d454dffaea219","sha1":"6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68","sha256":"f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c","sha512":"e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b","ssdeep":"768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh","tlshash":"2cc3c7a0f21031ea7333c55a75d0ed872219a153e56a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-04T14:28:29.080102Z","times_seen":56216,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":6,"dns":1,"connect":1,"send":0,"wait":13,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}