{"report_id":"3f3958aa-8ab8-4b67-b19e-1115333d6a66","version":6,"status":"done","tags":[],"date":"2026-02-06T17:32:30Z","url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":0,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"final":{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"title":"4605421475414966.updates-for-pc.top/","dom":{"size":266,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"dd71fbe6205b624e5ff6e8b4c3efebb8","sha1":"7d87cb058a9453af14102d15eb750bc9a377b3d1","sha256":"a4b65808af073d815f1322907a4ebee7568ebcd217029f7f238d4acaa62d2a94","sha512":"d81e528fef3ba628dda3c5aaf15b004bebf83ab36880c8e728ae5422621291af01c6e5371f34af6345d0236a4f47853d143111d1b24b608cdb37e9dde4867a20","ssdeep":"","tlshash":"fbd097ebbc01dc69a470bec0e0f0e07cc0aec208ee82d9b04ae419d431843c90e0b9c8","dom_hash":"domhashe7fe363182036db18174c1eafcff4d99","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":0,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-13T17:32:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-06","alert":"Sinkholed","trigger":"www.4605421475414966.updates-for-pc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"lokilokione.de","ip":{"addr":"202.61.204.169","port":10006,"asn":197540,"as":"netcup GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":3448419,"first_seen":"2025-03-21T03:01:55.076224Z","last_seen":"2026-02-06T09:05:18.469213Z","alert_count":0,"request_count":1,"received_data":129,"sent_data":582,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.4605421475414966.updates-for-pc.top","ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"domain_registered":"2023-01-08","domain_rank":0,"first_seen":"2026-02-06T17:32:31.40948Z","last_seen":"2026-02-06T17:32:31.40948Z","alert_count":6,"request_count":4,"received_data":899444,"sent_data":1746,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"thelifewillbefine.de","ip":{"addr":"202.61.204.169","port":443,"asn":197540,"as":"netcup GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":633623,"first_seen":"2024-03-01T09:07:05Z","last_seen":"2026-02-06T09:05:19.353139Z","alert_count":0,"request_count":2,"received_data":51204,"sent_data":1000,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"introduction_type":"Function","is_inline":false,"md5":"46227f3c1136cb9b5ada1bc21e938510","sha1":"ea1e8d457ff2dff2ff77dcfa27be2a4c0b59832c","sha256":"aad6756e8e2491c18b96e61d9b08ebe3df4931c6cdf202c36bf8b12b0b0365f8","sha512":"2b0a86e7392a39d6d4a7958cda5a17b06ad7017d6c80ebcdb9b5f4fd8e50919c5520857d26b2f4db923879f4f3be6737f718f46ed9c9dd47ddad389bfd0b255f","ssdeep":"","tlshash":"86119923165a049c8be054da0d6f27875cb5af314e88e0e84a62fc0358e47c0c2b9f24","size":916,"data":"","first_seen":"2025-11-05T13:41:33.242324Z","last_seen":"2026-04-03T19:26:29.22119Z","times_seen":1313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.3","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"introduction_type":"Function","is_inline":false,"md5":"ed6cfab4950fcd06f860a9a48e190359","sha1":"af69d3c50b2dd1e13cd73d4aa5b63bde910b70e5","sha256":"7c17465e6d3ab0f1e9459b96443b968c9801c50f0520c0351bc1c4f01f97a22f","sha512":"683146e5d27265ad645447129ca0a6f0025bb30d25c3b8f1b47d355a19e1eed5ab0a23e322b33f70d4c4bc6f0fa2d3e4cf37917c311c4d703c10901324f3e4e0","ssdeep":"768:Ighi4ZYPl9rrSK3BCLJO5XT9p6WFnCRi4Y7C/pIZwBkMPZBEIm7lNPzqRQB6T5M3:Isi4ZUzrrvhfFhSBheIxu","tlshash":"8753741037cb2cc25bb6c645b295802cb92f8362bd8b0ff500925d9a86abdd7cc9d5f5","size":63831,"data":"","first_seen":"2025-11-05T13:41:33.243102Z","last_seen":"2026-04-03T19:26:29.224657Z","times_seen":1313,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.3","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/sandbox%20eval%20code","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-03T20:31:06.466453Z","times_seen":770360,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/pit.js?tkefrep=bs?nosaj=mycustom:variant2","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"0a6bd2e30fe48768b0327a6b5db20cf2","sha1":"e43c5d4c330ec8834f57e0cd525271f2d5d90afb","sha256":"d50d37f2f265a187c3123de52fda11b939dd64b7880e3f10e54edb083a3d4074","sha512":"c911df24ecd7badecd44333aa309428242eb5dbcb5a39cd587396bc42dbf86b7e37fb1439dc7da2024649adc7faa01a760ed099bbf1b10284c9b43770a23f85f","ssdeep":"24576:rw7oURzpjGaP+x/vH4wM3FsWgGhy7yNwG6WVsWRYmBumWEzlsXV37YUIGu1R7GOF:MFHjGa4XH4w4FsHGhBNwpWOWR1BumWKt","tlshash":"7015f117b629bb19ced8a19afeaf2f5d0f04ad044242eb29c85d79fc2dc371d3665090","size":898216,"data":"","first_seen":"2025-11-05T13:41:33.236871Z","last_seen":"2026-04-03T19:26:29.214746Z","times_seen":1313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-03T20:31:06.46454Z","times_seen":768818,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"84764a18b52492281c0bdbc9d94892af","sha1":"1330fbb691a7ed93a3d0b9a165355efb83600f01","sha256":"3a6884496e4964b0a6099d649442b2f4a731437ee6fb4f8d4a4a04cbac7b92ff","sha512":"09e1de9823ac447db0cb94dd99156ec62c113427207419aa89b438e94c5e606d39754eb28243c09cb7e65b219d0161a3c62897c0a7b9f25202f715179c79fc77","ssdeep":"","tlshash":"959000332200b02c32b0cec0a0cb00ccc203820cbacff0b888a30ac8200c00a8facef0","size":41,"data":"","first_seen":"2025-03-03T15:59:53.755665Z","last_seen":"2026-04-03T19:26:29.223212Z","times_seen":2865,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.3","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-06T17:32:08.553Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.4605421475414966.updates-for-pc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 06 Feb 2026 17:32:08 GMT\r\nContent-Type: text/html\r\nContent-Length: 150\r\nLast-Modified: Sun, 08 Jan 2023 12:57:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nETag: \"63babdcb-96\"\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"bd056c5e20f4af62df7e89d4a373b0ba","sha1":"725d4920611005428c920d900fe86b375d4a6adb","sha256":"fb7f155c363573ade085a2697f19d3e1bc46355106bb23c226f57b2ffeb66fb2","sha512":"d98cdaf2426b211a597f5b886f1defdc7e361bc6caa16cb0332d3d7d50945671f2e8bbc2c2c4a00db1572cd0cd3b65c8846a8ae5b4f5b83bf645c917133a77ac","ssdeep":"","tlshash":"0bc02b035d01dca160608cc0f0b5d47cc0cac114fb5bc57446c58d5531c8bcc0f1ce50","first_seen":"2023-04-07T14:25:40Z","last_seen":"2026-04-03T11:22:16.871155Z","times_seen":2393,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":22,"dns":1,"connect":22,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.3","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-06","alert":"Sinkholed","trigger":"www.4605421475414966.updates-for-pc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/pit.js?tkefrep=bs?nosaj=mycustom:variant2","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.4605421475414966.updates-for-pc.top/","date":"2026-02-06T17:32:08.696Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pit.js?tkefrep=bs?nosaj=mycustom:variant2 HTTP/1.1\r\nHost: www.4605421475414966.updates-for-pc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.4605421475414966.updates-for-pc.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 06 Feb 2026 17:32:08 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 06 Feb 2026 17:32:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nVary: Accept-Encoding\r\nETag: W/\"69862591-db4a8\"\r\nExpires: Sat, 06 Feb 2027 17:32:08 GMT\r\nCache-Control: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":898216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (35709), with CRLF line terminators","md5":"0a6bd2e30fe48768b0327a6b5db20cf2","sha1":"e43c5d4c330ec8834f57e0cd525271f2d5d90afb","sha256":"d50d37f2f265a187c3123de52fda11b939dd64b7880e3f10e54edb083a3d4074","sha512":"c911df24ecd7badecd44333aa309428242eb5dbcb5a39cd587396bc42dbf86b7e37fb1439dc7da2024649adc7faa01a760ed099bbf1b10284c9b43770a23f85f","ssdeep":"24576:rw7oURzpjGaP+x/vH4wM3FsWgGhy7yNwG6WVsWRYmBumWEzlsXV37YUIGu1R7GOF:MFHjGa4XH4w4FsHGhBNwpWOWR1BumWKt","tlshash":"7015f117b629bb19ced8a19afeaf2f5d0f04ad044242eb29c85d79fc2dc371d3665090","first_seen":"2025-11-05T13:41:33.236871Z","last_seen":"2026-04-03T19:26:29.214746Z","times_seen":1313,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-06","alert":"Sinkholed","trigger":"www.4605421475414966.updates-for-pc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thelifewillbefine.de/karma/e_perf.ogg","fqdn":"thelifewillbefine.de","domain":"thelifewillbefine.de","tld":"de"},"ip":{"addr":"202.61.204.169","port":443,"asn":197540,"as":"netcup GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.4605421475414966.updates-for-pc.top/","date":"2026-02-06T17:32:09.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thelifewillbefine.de","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 21 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:62:11:92:AF:5E:E8:48:11:B8:AF:0C:13:1F:4A:5A:36:0F:EA:FE","sha256":"EC:2F:BB:6C:5D:2F:D4:E4:49:F2:1A:57:FF:AE:DB:48:30:4F:C3:E9:ED:9B:F0:53:88:31:1B:A9:04:97:04:45"}}},"request":{"raw":"GET /karma/e_perf.ogg HTTP/1.1\r\nHost: thelifewillbefine.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.4605421475414966.updates-for-pc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.4605421475414966.updates-for-pc.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=86400\r\ncontent-type: video/ogg\r\nlast-modified: Wed, 06 Nov 2024 11:43:28 GMT\r\naccept-ranges: bytes\r\netag: \"0f085184130db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\naccess-control-allow-origin: *\r\ndate: Fri, 06 Feb 2026 17:32:08 GMT\r\ncontent-length: 25273\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":25273,"size_decoded":0,"mime_type":"video/ogg","magic":"Ogg data, Vorbis audio, mono, 8000 Hz, ~30800 bps, created by: Xiph.Org libVorbis I (1.3.4)","md5":"602012950f88b8f5e8407e8d941fec40","sha1":"512806c8f714636ea95fdf1a3c318adb08e916c9","sha256":"831a3fb55d34d7e62527e360d6a54b13a082e6cb46b3504fcd6122c7d534b9b8","sha512":"98be1f57406c370140f4c9f28fa6b3342bacc43fed27bf6c8a95364205218f7a2f12b59ba27aeab2872bd113983f68938f23880edb8f842e53e3ab72294e05c3","ssdeep":"768:96qr9KRvEef8Kbu0MldDBl3ZkrdgFQTk2imHlfOB839O:jr9KhEeXbu0svlKRTTgPB8tO","tlshash":"adb2d0f1a5762b98f943ecfb7326b74d6378bde60bcc5611a21f10aa13bc5a72405413","first_seen":"2024-12-02T23:17:42.392611Z","last_seen":"2026-04-03T19:26:29.212895Z","times_seen":2920,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":78,"dns":27,"connect":22,"send":0,"wait":22,"receive":23,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thelifewillbefine.de/karma/e_perf.ogg","fqdn":"thelifewillbefine.de","domain":"thelifewillbefine.de","tld":"de"},"ip":{"addr":"202.61.204.169","port":443,"asn":197540,"as":"netcup GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.4605421475414966.updates-for-pc.top/","date":"2026-02-06T17:32:09.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thelifewillbefine.de","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 21 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:62:11:92:AF:5E:E8:48:11:B8:AF:0C:13:1F:4A:5A:36:0F:EA:FE","sha256":"EC:2F:BB:6C:5D:2F:D4:E4:49:F2:1A:57:FF:AE:DB:48:30:4F:C3:E9:ED:9B:F0:53:88:31:1B:A9:04:97:04:45"}}},"request":{"raw":"GET /karma/e_perf.ogg HTTP/1.1\r\nHost: thelifewillbefine.de\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.4605421475414966.updates-for-pc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.4605421475414966.updates-for-pc.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=86400\r\ncontent-type: video/ogg\r\nlast-modified: Wed, 06 Nov 2024 11:43:28 GMT\r\naccept-ranges: bytes\r\netag: \"0f085184130db1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\naccess-control-allow-origin: *\r\ndate: Fri, 06 Feb 2026 17:32:08 GMT\r\ncontent-length: 25273\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":25273,"size_decoded":0,"mime_type":"video/ogg","magic":"Ogg data, Vorbis audio, mono, 8000 Hz, ~30800 bps, created by: Xiph.Org libVorbis I (1.3.4)","md5":"602012950f88b8f5e8407e8d941fec40","sha1":"512806c8f714636ea95fdf1a3c318adb08e916c9","sha256":"831a3fb55d34d7e62527e360d6a54b13a082e6cb46b3504fcd6122c7d534b9b8","sha512":"98be1f57406c370140f4c9f28fa6b3342bacc43fed27bf6c8a95364205218f7a2f12b59ba27aeab2872bd113983f68938f23880edb8f842e53e3ab72294e05c3","ssdeep":"768:96qr9KRvEef8Kbu0MldDBl3ZkrdgFQTk2imHlfOB839O:jr9KhEeXbu0svlKRTTgPB8tO","tlshash":"adb2d0f1a5762b98f943ecfb7326b74d6378bde60bcc5611a21f10aa13bc5a72405413","first_seen":"2024-12-02T23:17:42.392611Z","last_seen":"2026-04-03T19:26:29.212895Z","times_seen":2920,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":80,"dns":29,"connect":22,"send":0,"wait":41,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.4605421475414966.updates-for-pc.top/favicon.ico","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.4605421475414966.updates-for-pc.top/","date":"2026-02-06T17:32:09.372Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.4605421475414966.updates-for-pc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.4605421475414966.updates-for-pc.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 06 Feb 2026 17:32:09 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-03T20:30:56.136291Z","times_seen":476972,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-06","alert":"Sinkholed","trigger":"www.4605421475414966.updates-for-pc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"lokilokione.de:10006/","fqdn":"lokilokione.de","domain":"lokilokione.de","tld":"de"},"ip":{"addr":"202.61.204.169","port":10006,"asn":197540,"as":"netcup GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"http://www.4605421475414966.updates-for-pc.top/","date":"2026-02-06T17:32:11.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lokilokione.de","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 28 Jan 2026 00:00:00 GMT","end":"Tue, 28 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:DB:B6:8C:BC:AE:F2:A1:65:AB:F7:18:15:14:4F:7F:C8:EA:96:35","sha256":"03:F0:F2:62:72:2E:7B:E9:55:17:11:76:16:48:3D:61:C2:80:FC:3E:42:7A:AB:11:DD:76:BB:A6:BD:D5:3F:B0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lokilokione.de:10006\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: http://www.4605421475414966.updates-for-pc.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: CPiFv62Ku75mZwlg76qZug==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: dtRVndzGqjrFm5ga7pvvRii5WG0=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T20:30:56.573385Z","times_seen":13302581,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":22,"send":0,"wait":22,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.4605421475414966.updates-for-pc.top/","fqdn":"www.4605421475414966.updates-for-pc.top","domain":"updates-for-pc.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-06T17:32:08.299Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.4605421475414966.updates-for-pc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T20:30:56.573385Z","times_seen":13302581,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":222,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-06T17:32:08Z","timestamp":1770399128,"ip_dst":{"addr":"62.138.18.13","port":80,"asn":29066,"as":"velia.net Internetdienste GmbH","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.3","port":54754,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-02-06T17:32:08.597040+0000\",\"flow_id\":1959895139643995,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":54754,\"dest_ip\":\"62.138.18.13\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.4605421475414966.updates-for-pc.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":150},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":696,\"bytes_toclient\":675,\"start\":\"2026-02-06T17:32:08.553563+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-06","alert":"Sinkholed","trigger":"www.4605421475414966.updates-for-pc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}