{"report_id":"511a4448-3628-4d19-bc0d-e89638372a2b","version":6,"status":"done","tags":[],"date":"2026-04-25T17:03:30Z","url":{"schema":"http","addr":"s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360","fqdn":"s11.up4ever.download","domain":"up4ever.download","tld":"download"},"ip":{"addr":"172.67.204.140","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360","fqdn":"s11.up4ever.download","domain":"up4ever.download","tld":"download"},"title":"400 The plain HTTP request was sent to HTTPS port","dom":{"size":244,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2a28eddb5fdafab6f16f9e2bc3a683b2","sha1":"fe1188a4037b8b642879cff9f8fcac1d3f79f017","sha256":"ba29287ae36f096ecf88bfe39872dd5354c1a4e04d7c116ee4d71d467e91ec4e","sha512":"c1115a014a3ab69d6fb4df860a3c904353fc4ff81efc4579171954e1359ac01e8e7dfdb841d8566198178be2327c01995ec21f5ba942c750ea5f2bf03aa77ce3","ssdeep":"","tlshash":"27d05ea628d33612941383244ac77640e4e2c236a5cc89a50583cbc724cb49fc582bd0","dom_hash":"domhash4f9f328ae0806ebc90a665e0a84580b7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360","fqdn":"s11.up4ever.download","domain":"up4ever.download","tld":"download"},"ip":{"addr":"172.67.204.140","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-30T17:03:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T17:03:07Z","timestamp":1777136587,"ip_dst":{"addr":"104.21.22.111","port":8443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59090,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.download domain","source":"{\"timestamp\":\"2026-04-25T17:03:07.894113+0000\",\"flow_id\":846443360001979,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":59090,\"dest_ip\":\"104.21.22.111\",\"dest_port\":8443,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858677,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.download domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"s11.up4ever.download\",\"http_port\":8443,\"url\":\"/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":400,\"length\":253},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":760,\"bytes_toclient\":686,\"start\":\"2026-04-25T17:03:07.892859+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T17:03:08Z","timestamp":1777136588,"ip_dst":{"addr":"172.67.204.140","port":8443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":50506,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.download domain","source":"{\"timestamp\":\"2026-04-25T17:03:08.000200+0000\",\"flow_id\":1977540177247744,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":50506,\"dest_ip\":\"172.67.204.140\",\"dest_port\":8443,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858677,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.download domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"s11.up4ever.download\",\"http_port\":8443,\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":400,\"length\":253},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":725,\"bytes_toclient\":620,\"start\":\"2026-04-25T17:03:07.998912+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"s11.up4ever.download","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"s11.up4ever.download","ip":{"addr":"104.21.22.111","port":8443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-12","domain_rank":0,"first_seen":"2023-12-16T05:56:24Z","last_seen":"2026-03-12T08:10:20.161268Z","alert_count":2,"request_count":2,"received_data":828,"sent_data":941,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360","fqdn":"s11.up4ever.download","domain":"up4ever.download","tld":"download"},"ip":{"addr":"104.21.22.111","port":8443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-25T17:03:07.880Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360 HTTP/1.1\r\nHost: s11.up4ever.download:8443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nServer: cloudflare\r\nDate: Sat, 25 Apr 2026 17:03:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 253\r\nConnection: close\r\nCF-RAY: -\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":253,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"20ad84d030031252141ca0b3fc0183f0","sha1":"108b6115dc6ebfde76aef4336126f605252d957f","sha256":"50e770b96bc49d107e17a982422d4eefea5bb4ad5bdb5bbb88fd6200ecf2f689","sha512":"39851b4946abaa4559b301ca7ba53e5dcd35c87ad580709699d91ea17c84121356c6ffc5104f66ff0528c589b3d81c9d6378eb9722f61593670ff41b47ef2cc0","ssdeep":"","tlshash":"ced05b6525d23d19805353345ac7b550e0f2923166dc59650481cb8724cb04e47c2bd1","first_seen":"2023-06-05T15:46:40Z","last_seen":"2026-05-30T06:36:32.954141Z","times_seen":991,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":14,"dns":17,"connect":1,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"s11.up4ever.download","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"s11.up4ever.download:8443/favicon.ico","fqdn":"s11.up4ever.download","domain":"up4ever.download","tld":"download"},"ip":{"addr":"172.67.204.140","port":8443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360","date":"2026-04-25T17:03:08.002Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: s11.up4ever.download:8443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://s11.up4ever.download:8443/d/h3oeg5nfpqy52ag4qfobkctfnncpszgkl6urojileq72irghhkgqybo62oyqphyjykjr6er4/360\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nServer: cloudflare\r\nDate: Sat, 25 Apr 2026 17:03:08 GMT\r\nContent-Type: text/html\r\nContent-Length: 253\r\nConnection: close\r\nCF-RAY: -\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":253,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"20ad84d030031252141ca0b3fc0183f0","sha1":"108b6115dc6ebfde76aef4336126f605252d957f","sha256":"50e770b96bc49d107e17a982422d4eefea5bb4ad5bdb5bbb88fd6200ecf2f689","sha512":"39851b4946abaa4559b301ca7ba53e5dcd35c87ad580709699d91ea17c84121356c6ffc5104f66ff0528c589b3d81c9d6378eb9722f61593670ff41b47ef2cc0","ssdeep":"","tlshash":"ced05b6525d23d19805353345ac7b550e0f2923166dc59650481cb8724cb04e47c2bd1","first_seen":"2023-06-05T15:46:40Z","last_seen":"2026-05-30T06:36:32.954141Z","times_seen":991,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"s11.up4ever.download","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}