{"report_id":"57b6ae54-54fe-478f-9fcf-3b4a8a8177f2","version":6,"status":"done","tags":[],"date":"2025-10-20T14:34:51Z","url":{"schema":"https","addr":"gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=","fqdn":"gogo22.byhot.top","domain":"byhot.top","tld":"top"},"ip":{"addr":"152.53.38.139","port":0,"asn":214996,"as":"netcup GmbH","country":"Austria","country_code":"AT"},"final":{"url":{"schema":"https","addr":"gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=","fqdn":"gogo22.byhot.top","domain":"byhot.top","tld":"top"},"title":"gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time="},"submit":{"url":{"schema":"https","addr":"gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=","fqdn":"gogo22.byhot.top","domain":"byhot.top","tld":"top"},"ip":{"addr":"152.53.38.139","port":0,"asn":214996,"as":"netcup GmbH","country":"Austria","country_code":"AT"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-24T14:34:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"gogo22.byhot.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"gogo22.byhot.top","ip":{"addr":"152.53.38.139","port":443,"asn":214996,"as":"netcup GmbH","country":"Austria","country_code":"AT"},"domain_registered":"2023-07-10","domain_rank":0,"first_seen":"2025-10-20T14:34:51.121495Z","last_seen":"2025-10-20T14:34:51.121495Z","alert_count":2,"request_count":2,"received_data":634,"sent_data":1094,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"gogo22.byhot.top/favicon.ico","fqdn":"gogo22.byhot.top","domain":"byhot.top","tld":"top"},"ip":{"addr":"152.53.38.139","port":443,"asn":214996,"as":"netcup GmbH","country":"Austria","country_code":"AT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=","date":"2025-10-20T14:34:30.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gogo22.byhot.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 02:42:47 GMT","end":"Fri, 12 Dec 2025 02:42:46 GMT"},"fingerprint":{"sha1":"7E:53:87:1E:02:1A:E9:B9:75:9A:FE:4C:F1:89:9F:33:AA:0A:84:80","sha256":"BE:E0:23:5D:4D:3F:97:E6:72:43:CE:DB:F0:E1:47:A9:4E:5F:EC:AB:EF:DC:72:B6:84:A5:79:19:10:F2:99:8E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gogo22.byhot.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=\r\nCookie: SITE_TOTAL_ID=261eb5d2e6da1155814e864aff70c1e7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 20 Oct 2025 14:34:30 GMT\r\ncontent-type: text/html\r\ncontent-length: 148\r\netag: \"676a6800-94\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"630e1f9fef1a483fe84154e2d0d046df","sha1":"f10e0cf39fb920a438116caaea80a71e0dcdc162","sha256":"9cad3cff676946810a81047247f12e4e51faccc01df4134edfd871aee8ba0956","sha512":"33f8257b60c25704f0856806337c13e8afe964c5b075d80f15abd87ffa59ff0329f12de0c4b5978d4640d5b70c0a997c0c239f422d4da5bbdcb3727c281cfcda","ssdeep":"","tlshash":"1ac02b0d346366448a03001023c33240d086833f78da8010380ec083f3cf39ac4c73ae","first_seen":"2024-07-21T17:05:04Z","last_seen":"2026-04-20T23:59:34.073504Z","times_seen":14723,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"gogo22.byhot.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gogo22.byhot.top/indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time=","fqdn":"gogo22.byhot.top","domain":"byhot.top","tld":"top"},"ip":{"addr":"152.53.38.139","port":443,"asn":214996,"as":"netcup GmbH","country":"Austria","country_code":"AT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-20T14:34:29.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gogo22.byhot.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 13 Sep 2025 02:42:47 GMT","end":"Fri, 12 Dec 2025 02:42:46 GMT"},"fingerprint":{"sha1":"7E:53:87:1E:02:1A:E9:B9:75:9A:FE:4C:F1:89:9F:33:AA:0A:84:80","sha256":"BE:E0:23:5D:4D:3F:97:E6:72:43:CE:DB:F0:E1:47:A9:4E:5F:EC:AB:EF:DC:72:B6:84:A5:79:19:10:F2:99:8E"}}},"request":{"raw":"GET /indexdoor.php?action=new_exec\u0026group_id=\u0026shell_type=\u0026time= HTTP/1.1\r\nHost: gogo22.byhot.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 20 Oct 2025 14:34:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nset-cookie: SITE_TOTAL_ID=261eb5d2e6da1155814e864aff70c1e7; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"4410ec34d9e6c1a68100ca0ce033fb17","sha1":"107004472b7ba4e5e31f3082ee1fb5a1239eec61","sha256":"f0cf39d0be3efbb6f86ac2404100ff7e055c17ded946a06808d66f89ca03a811","sha512":"35ed1aecd0496d4d2693bb2043c3f13dd7c4b213b7253c979babad8a129917db8c917752a5cc97506db0b7fd2d1cec2f3627a305155372e745e5c75009d113b1","ssdeep":"","tlshash":"2d3000000000000000000000000000000000000000000000000000000000000000000c","first_seen":"2023-03-11T11:48:22Z","last_seen":"2026-04-21T13:48:28.351538Z","times_seen":5231,"resource_available":true,"data":null}},"time_used":641,"timings":{"blocked":267,"dns":56,"connect":102,"send":0,"wait":106,"receive":0,"ssl":107},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-20","alert":"Sinkholed","trigger":"gogo22.byhot.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}