{"report_id":"7c88f090-ad08-4efb-b2d1-deabb4d4d789","version":6,"status":"done","tags":[],"date":"2026-04-24T07:12:30Z","url":{"schema":"http","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"dh-1.78881880a.top/demo/","fqdn":"dh-1.78881880a.top","domain":"78881880a.top","tld":"top"},"title":"导航网","dom":{"size":3981,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"71e877305cd3bdf8f7a4d27a3c47058d","sha1":"7096d45e62219b90bc0c24c75e6dbb92c3a18c5b","sha256":"55d2fd285e63add52a5a148459c8fb6d7e4a90ed63901d4973a075dfdc86a65d","sha512":"b28dd540ad8d8546cd6bea965612f5bce7558bce28b0fc94b800b1c589c4edeb219206e5276c1cd4d82b7885d6a878fed7a07140a41366068cef5be038ff6b73","ssdeep":"","tlshash":"1f81d9398b4310195643c2e63727335b6a96c12bc307c665be9f07c85fcfa6189217c9","dom_hash":"domhashfcfa17ef3c1cf892fcd8d330bc443d12","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-29T07:12:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:12:10Z","timestamp":1777014730,"ip_dst":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":46804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-24T07:12:10.036449+0000\",\"flow_id\":307363291188354,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":46804,\"dest_ip\":\"156.233.229.88\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.78881880dh-364xt.78881880a.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.78881880dh-364xt.78881880a.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":891,\"start\":\"2026-04-24T07:12:09.445570+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.78881880dh-364xt.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"dh-1.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.78881880dh-364xt.78881880a.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-09-10","domain_rank":0,"first_seen":"2026-04-24T07:12:30.068401Z","last_seen":"2026-04-24T07:12:30.068401Z","alert_count":8,"request_count":4,"received_data":4764,"sent_data":2052,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"dh-1.78881880a.top","ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2025-09-10","domain_rank":0,"first_seen":"2026-04-13T22:19:31.052537Z","last_seen":"2026-04-20T23:21:26.950612Z","alert_count":3,"request_count":3,"received_data":8904,"sent_data":1555,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"dh-1.78881880a.top/demo/","fqdn":"dh-1.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"79ea63f84e0227fdba656204cca53658","sha1":"d4b7cdf06ccc97209fa039e52c3b923f4721d717","sha256":"6d7c58db2e2f46a024b0694e40dd142d3ed8bb71330755c23ab337d1362fc387","sha512":"510546dfe171a5f23002b675fd7b2951562a3e5c5f1e619ae9590ec7268408d1c08c175e97f16a4388d527338e7c7de769f16ec38a490e98f26e5b67d5604a87","ssdeep":"","tlshash":"e6014cbd19b6253159039125a31f63193a3a80270306a6057d3c878c1fe0d198b7abd4","size":702,"data":"","first_seen":"2025-03-03T19:12:26.678504Z","last_seen":"2026-04-24T09:27:13.665938Z","times_seen":23526,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:07.716Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.78881880dh-364xt.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":1116,"timings":{"blocked":1116,"dns":0,"connect":299,"send":0,"wait":0,"receive":0,"ssl":304},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:12:10Z","timestamp":1777014730,"ip_dst":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.25","port":46804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-24T07:12:10.036449+0000\",\"flow_id\":307363291188354,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":46804,\"dest_ip\":\"156.233.229.88\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.78881880dh-364xt.78881880a.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.78881880dh-364xt.78881880a.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":891,\"start\":\"2026-04-24T07:12:09.445570+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.78881880dh-364xt.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:09.445Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.78881880dh-364xt.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:12:09 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://www.78881880dh-364xt.78881880a.top/\r\nSet-Cookie: server_name_session=f46dff89f72989978c69a23217816721; Max-Age=86400; httponly; path=/\r\nStrict-Transport-Security: max-age=31536000\r\nAlt-Svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":888,"timings":{"blocked":296,"dns":1,"connect":295,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:12:10Z","timestamp":1777014730,"ip_dst":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.25","port":46804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-24T07:12:10.036449+0000\",\"flow_id\":307363291188354,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":46804,\"dest_ip\":\"156.233.229.88\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.78881880dh-364xt.78881880a.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.78881880dh-364xt.78881880a.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":891,\"start\":\"2026-04-24T07:12:09.445570+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.78881880dh-364xt.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:10.040Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.78881880dh-364xt.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=f46dff89f72989978c69a23217816721\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":827,"timings":{"blocked":827,"dns":0,"connect":308,"send":0,"wait":0,"receive":0,"ssl":315},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:12:10Z","timestamp":1777014730,"ip_dst":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.25","port":46804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-24T07:12:10.036449+0000\",\"flow_id\":307363291188354,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":46804,\"dest_ip\":\"156.233.229.88\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.78881880dh-364xt.78881880a.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.78881880dh-364xt.78881880a.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":891,\"start\":\"2026-04-24T07:12:09.445570+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.78881880dh-364xt.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.78881880dh-364xt.78881880a.top/","fqdn":"www.78881880dh-364xt.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:12.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.78881880.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 07:16:33 GMT","end":"Sun, 12 Jul 2026 07:16:32 GMT"},"fingerprint":{"sha1":"50:6D:1E:E8:7F:C8:08:11:AA:A5:9F:FA:7D:7C:86:03:E5:F6:DF:C4","sha256":"BD:9A:66:E4:12:DC:76:85:6D:65:00:62:79:40:04:9C:A6:6E:4B:9D:DE:05:C2:52:3A:0F:A3:71:77:18:9E:FE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.78881880dh-364xt.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=f46dff89f72989978c69a23217816721\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 24 Apr 2026 07:12:13 GMT\r\ncontent-type: text/html; charset=gbk\r\nlocation: https://dh-1.78881880a.top/demo\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3855,"size_decoded":0,"mime_type":"text/html; charset=gbk","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":1449,"timings":{"blocked":581,"dns":1,"connect":287,"send":0,"wait":287,"receive":0,"ssl":291},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:12:10Z","timestamp":1777014730,"ip_dst":{"addr":"156.233.229.88","port":80,"asn":0,"as":"","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.25","port":46804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-24T07:12:10.036449+0000\",\"flow_id\":307363291188354,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":46804,\"dest_ip\":\"156.233.229.88\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"www.78881880dh-364xt.78881880a.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://www.78881880dh-364xt.78881880a.top/\",\"length\":162},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":891,\"start\":\"2026-04-24T07:12:09.445570+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.78881880dh-364xt.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dh-1.78881880a.top/demo","fqdn":"dh-1.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:13.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.78881880.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 07:16:33 GMT","end":"Sun, 12 Jul 2026 07:16:32 GMT"},"fingerprint":{"sha1":"50:6D:1E:E8:7F:C8:08:11:AA:A5:9F:FA:7D:7C:86:03:E5:F6:DF:C4","sha256":"BD:9A:66:E4:12:DC:76:85:6D:65:00:62:79:40:04:9C:A6:6E:4B:9D:DE:05:C2:52:3A:0F:A3:71:77:18:9E:FE"}}},"request":{"raw":"GET /demo HTTP/1.1\r\nHost: dh-1.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: nginx\r\ndate: Fri, 24 Apr 2026 07:12:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://dh-1.78881880a.top/demo/\r\nset-cookie: server_name_session=f46dff89f72989978c69a23217816721; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3855,"size_decoded":0,"mime_type":"text/html; charset=gbk","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":1436,"timings":{"blocked":577,"dns":7,"connect":281,"send":0,"wait":282,"receive":0,"ssl":286},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"dh-1.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dh-1.78881880a.top/demo/","fqdn":"dh-1.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:12:14.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.78881880.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 07:16:33 GMT","end":"Sun, 12 Jul 2026 07:16:32 GMT"},"fingerprint":{"sha1":"50:6D:1E:E8:7F:C8:08:11:AA:A5:9F:FA:7D:7C:86:03:E5:F6:DF:C4","sha256":"BD:9A:66:E4:12:DC:76:85:6D:65:00:62:79:40:04:9C:A6:6E:4B:9D:DE:05:C2:52:3A:0F:A3:71:77:18:9E:FE"}}},"request":{"raw":"GET /demo/ HTTP/1.1\r\nHost: dh-1.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=f46dff89f72989978c69a23217816721\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 24 Apr 2026 07:12:14 GMT\r\ncontent-type: text/html; charset=gbk\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3855,"size_decoded":0,"mime_type":"text/html; charset=gbk","magic":"HTML document, Unicode text, UTF-8 text","md5":"99aacdf373690580972816266003054a","sha1":"3295eb2acb1a244eb6f100ed622f42146f8f7b1f","sha256":"2ac76d3364e6432e87ecb4130ceceef0f0f25ba06a966dec28045731c1bec8ec","sha512":"69281165fc39de65c8abed67e5764fc99edde60df76f4ccd7f47a541c12747adc5d0a57f50b0ac5cb5f86e40be6aa950aac54fa174728cbb87bba9ded3869d41","ssdeep":"","tlshash":"db81d8398b431029564382e23b27339b6a96c12bc707c6a5be5f47c85fcfa6189217c9","first_seen":"2026-04-13T18:27:23.347203Z","last_seen":"2026-04-24T07:12:31.878578Z","times_seen":36,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"dh-1.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dh-1.78881880a.top/favicon.ico","fqdn":"dh-1.78881880a.top","domain":"78881880a.top","tld":"top"},"ip":{"addr":"156.233.229.88","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dh-1.78881880a.top/demo/","date":"2026-04-24T07:12:14.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.78881880.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 07:16:33 GMT","end":"Sun, 12 Jul 2026 07:16:32 GMT"},"fingerprint":{"sha1":"50:6D:1E:E8:7F:C8:08:11:AA:A5:9F:FA:7D:7C:86:03:E5:F6:DF:C4","sha256":"BD:9A:66:E4:12:DC:76:85:6D:65:00:62:79:40:04:9C:A6:6E:4B:9D:DE:05:C2:52:3A:0F:A3:71:77:18:9E:FE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: dh-1.78881880a.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dh-1.78881880a.top/demo/\r\nCookie: server_name_session=f46dff89f72989978c69a23217816721\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 24 Apr 2026 07:12:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"68c242ac-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-24T10:20:56.236579Z","times_seen":256513,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"dh-1.78881880a.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}