{"report_id":"46230725-fd30-49e0-87fb-4c55c922a767","version":6,"status":"done","tags":[],"date":"2026-04-08T11:37:36Z","url":{"schema":"http","addr":"ng8kp.top/archives/1909210248301461504","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"ip":{"addr":"156.251.205.104","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ng8kp.top/archives/1909210248301461504","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"title":"Please access via the domain name.","dom":{"size":7364,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"37135bf19ade1b5d84a3f3df6bb890a3","sha1":"0c9d4bb7ba1015ada81b6031bf9512267b89699a","sha256":"143f853e202090cb62f98a4a7fbae0b6c7415b49cd1537f66ff0214e58613c2c","sha512":"faa52d26d4897ad6ad0844862192c3ed84a5f694cf016201d656f172e6fd8f0285e7449f655106ac786a81efe28fad9d2b9aec71c58e57f6acb6baa5f14670f6","ssdeep":"96:nK/4XzO/z/47Ze2XVvVBAXMyyJNNLeumC737Y:K/Hb47Ze2XXidyJHLHD3E","tlshash":"c6e10e4ba2f301376827b0a95feb9b5677a0d413c50ada593f9c224c8fc99d4e96324c","dom_hash":"domhash479a67c6fb48d59a09dd87a2ead0ae99","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ng8kp.top/archives/1909210248301461504","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"ip":{"addr":"156.251.205.104","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-13T11:37:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-08T11:37:15Z","timestamp":1775648235,"ip_dst":{"addr":"156.251.205.104","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":42574,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-08T11:37:15.827613+0000\",\"flow_id\":1025443808107624,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":42574,\"dest_ip\":\"156.251.205.104\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ng8kp.top\",\"url\":\"/archives/1909210248301461504\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":694,\"bytes_toclient\":413,\"start\":\"2026-04-08T11:37:15.416872+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ng8kp.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-12","domain_rank":0,"first_seen":"2025-12-25T14:32:32.155663Z","last_seen":"2026-04-06T21:04:37.79225Z","alert_count":2,"request_count":3,"received_data":13695,"sent_data":1299,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ng8kp.top/archives/1909210248301461504","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T11:37:13.378Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /archives/1909210248301461504 HTTP/1.1\r\nHost: ng8kp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-02T10:30:44.699799Z","times_seen":14521028,"resource_available":true,"data":null}},"time_used":1594,"timings":{"blocked":1594,"dns":0,"connect":203,"send":0,"wait":0,"receive":0,"ssl":206},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-08T11:37:15Z","timestamp":1775648235,"ip_dst":{"addr":"156.251.205.104","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":42574,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-08T11:37:15.827613+0000\",\"flow_id\":1025443808107624,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":42574,\"dest_ip\":\"156.251.205.104\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ng8kp.top\",\"url\":\"/archives/1909210248301461504\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":694,\"bytes_toclient\":413,\"start\":\"2026-04-08T11:37:15.416872+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ng8kp.top/archives/1909210248301461504","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"ip":{"addr":"156.251.205.104","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T11:37:15.415Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /archives/1909210248301461504 HTTP/1.1\r\nHost: ng8kp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 7381\r\nCache-Control: private, no-cache, must-revalidate\r\nContent-Type: text/html; charset=utf-8\r\nServer: Xcdn\r\nDate: Wed, 08 Apr 2026 11:37:15 GMT\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7381,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5daceed8c33fa31622b2dc1b8794206e","sha1":"33567bc23525fb59854ab1997b3f1b43ca2421cd","sha256":"57df41126920fb6171da9ea700bd69eb1d755f51efdd6da4240f661da075fbbd","sha512":"017ff90ee9e2a53eea7ff8acb78509901ae4516d4c51546f5ab22f7fc576d4b85b8bf0cf96a002ed1c263582be203309f11dc09ac1a8409bc3f6051fe0166fa7","ssdeep":"96:U/4XzO/z/47Ze2XVvVBAXMyyJNNLeumC7374:U/Hb47Ze2XXidyJHLHD3E","tlshash":"d0e10f4ba2f301376827b0a95feb9b567790d413c50bda593f9c224c8fc99d4e96324c","first_seen":"2026-04-08T11:37:43.951934Z","last_seen":"2026-04-08T11:37:43.951934Z","times_seen":1,"resource_available":true,"data":null}},"time_used":624,"timings":{"blocked":208,"dns":4,"connect":205,"send":0,"wait":205,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-08T11:37:15Z","timestamp":1775648235,"ip_dst":{"addr":"156.251.205.104","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":42574,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-08T11:37:15.827613+0000\",\"flow_id\":1025443808107624,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":42574,\"dest_ip\":\"156.251.205.104\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"ng8kp.top\",\"url\":\"/archives/1909210248301461504\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":694,\"bytes_toclient\":413,\"start\":\"2026-04-08T11:37:15.416872+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ng8kp.top/favicon.ico","fqdn":"ng8kp.top","domain":"ng8kp.top","tld":"top"},"ip":{"addr":"156.251.205.104","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ng8kp.top/archives/1909210248301461504","date":"2026-04-08T11:37:15.904Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ng8kp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ng8kp.top/archives/1909210248301461504\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Xcdn\r\nDate: Wed, 08 Apr 2026 11:37:15 GMT\r\nContent-Length: 5863\r\nCache-Control: private, no-store\r\nContent-Type: text/html; charset=utf-8\r\nx-request-id: 019d6ce1-e1c4-7320-81a4-3dec324807d2\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":5863,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9a44bf58453be9e00fd9774d3d02adaa","sha1":"948b023132704b7d06a44d8d9ab7ebece725d959","sha256":"ab00db6f8f13b258715c7fd1036c55502b41732f77eb9230bc79b13a85b9cc5b","sha512":"0d4dc30e2625d6387fe598e48c335df7cc303ea42a063bc1c8ac4cf8a02b110b6679cd7f369bd7c7931031b820607ad954a1557c3dfd8847997699d0d0cfe9ca","ssdeep":"96:NY2hujyGSBrjUpWh8l/XKFXOJnnJ+CeddKp+msouEc:NY2sOGS1gpWh8l/XI+JnJByMpJ5c","tlshash":"16c1bd5faa5100053c0394937bb52fe4b6b50943a1658df278dde2c8ef8b93a66d3784","first_seen":"2026-04-05T17:55:37.926523Z","last_seen":"2026-05-02T09:48:08.236127Z","times_seen":136,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":205,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}