{"report_id":"88e18be0-2406-420d-8f36-037d2f6ca1b2","version":6,"status":"done","tags":[],"date":"2025-06-02T23:30:01Z","url":{"schema":"http","addr":"f.goodq.top/","fqdn":"f.goodq.top","domain":"goodq.top","tld":"top"},"ip":{"addr":"194.242.11.186","port":0,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"final":{"url":{"schema":"https","addr":"f.goodq.top/","fqdn":"f.goodq.top","domain":"goodq.top","tld":"top"},"title":"Database Error"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-11T23:30:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"f.goodq.top","ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"domain_registered":"2017-02-15","domain_rank":0,"first_seen":"2020-01-09T09:13:43Z","last_seen":"2025-05-26T02:57:06.966984Z","alert_count":1,"request_count":2,"received_data":4946,"sent_data":909,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-06-02T23:29:48Z","timestamp":1748906988,"ip_dst":{"addr":"194.242.11.186","port":80,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"ip_src":{"addr":"172.18.0.16","port":52436,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-06-02T23:29:48.623722+0000\",\"flow_id\":800696591356598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":52436,\"dest_ip\":\"194.242.11.186\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"f.goodq.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":500,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":778,\"start\":\"2025-06-02T23:29:42.299702+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"f.goodq.top/","fqdn":"f.goodq.top","domain":"goodq.top","tld":"top"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-06-02T23:29:39.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f.goodq.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 May 2025 19:09:46 GMT","end":"Sat, 23 Aug 2025 19:09:45 GMT"},"fingerprint":{"sha1":"AF:2F:D8:A1:22:2E:21:4D:42:B6:8A:C6:1E:43:A3:BA:16:A8:83:0D","sha256":"EC:4C:DD:B8:33:47:E8:8B:15:22:D5:54:75:A9:25:0D:16:A1:B8:8B:C4:5E:07:60:0C:E2:5F:69:83:AD:62:63"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: f.goodq.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ndate: Mon, 02 Jun 2025 23:29:46 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 2075130\r\ncdn-uid: fb8a9a02-6999-4344-a24d-e050b2541aca\r\ncdn-requestcountrycode: NO\r\ncache-control: no-cache\r\npragma: no-cache\r\ncdn-proxyver: 1.28\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 500\r\ncdn-cachedat: 06/02/2025 23:29:46\r\ncdn-edgestorageid: 830\r\ncdn-requestid: 12808b4ae1af4a9492f296b560915ecc\r\ncdn-cache: MISS\r\ncdn-status: 500\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":null,"data":{"size":334,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2dd88610e4f058464cc4f1155863c567","sha1":"51ef5f69fe9145678f708f5f13a8ff79dad9668d","sha256":"935dfa396ae5b489375e2f80123ae476186e59510f9d848a866695b2a51a3854","sha512":"a1ef9d59afcf4afcf5c92db6396f6fd4b9fa09d2887554aa118e20fa9d43b8065940d322c266699360b8b4839456ea7a11393f08666ed465255c528de96b1b74","ssdeep":"","tlshash":"27e07d9e3800651683e18ab066d6b10086d3bad1d19c0440e951e0ffdce1f40e593391","first_seen":"2025-06-02T23:30:02.765063Z","last_seen":"2025-10-31T13:49:08.892159Z","times_seen":2,"resource_available":false,"data":null}},"time_used":7091,"timings":{"blocked":369,"dns":359,"connect":1,"send":0,"wait":6353,"receive":0,"ssl":6},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-06-02T23:29:48Z","timestamp":1748906988,"ip_dst":{"addr":"194.242.11.186","port":80,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"ip_src":{"addr":"172.18.0.16","port":52436,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-06-02T23:29:48.623722+0000\",\"flow_id\":800696591356598,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":52436,\"dest_ip\":\"194.242.11.186\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"f.goodq.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":500,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":548,\"bytes_toclient\":778,\"start\":\"2025-06-02T23:29:42.299702+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"f.goodq.top/favicon.ico","fqdn":"f.goodq.top","domain":"goodq.top","tld":"top"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"https://f.goodq.top/","date":"2025-06-02T23:29:46.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f.goodq.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 May 2025 19:09:46 GMT","end":"Sat, 23 Aug 2025 19:09:45 GMT"},"fingerprint":{"sha1":"AF:2F:D8:A1:22:2E:21:4D:42:B6:8A:C6:1E:43:A3:BA:16:A8:83:0D","sha256":"EC:4C:DD:B8:33:47:E8:8B:15:22:D5:54:75:A9:25:0D:16:A1:B8:8B:C4:5E:07:60:0C:E2:5F:69:83:AD:62:63"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: f.goodq.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://f.goodq.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Jun 2025 23:29:46 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 2075130\r\ncdn-uid: fb8a9a02-6999-4344-a24d-e050b2541aca\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=2592000\r\netag: W/\"d6e-61a07b5e37594\"\r\nlast-modified: Tue, 04 Jun 2024 03:04:38 GMT\r\ncdn-proxyver: 1.28\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 06/02/2025 23:29:46\r\ncdn-edgestorageid: 830\r\ncdn-requestid: af506eef1900373e071ac69049b6974a\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3438,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 16x16, 32 bits/pixel","md5":"b273fecb9d2c2116c516100fed505262","sha1":"5699478aeb70b279b074e87b15f785a908122cc1","sha256":"76b2c7a841a96d51a62ed8f5422d6677f46eb870e20d6c58a74f67a4b58040e3","sha512":"3f267f57c9f3b2eec34f522e09a9c50096a0da04ab40584e01b51e23e888608d8bbac804a27579682e59c10da111a3f9b1aed9495e99ab472cc4b078148d454f","ssdeep":"","tlshash":"4761a787a50c1cebedab57311adca452f19d75a58d133413070ede330582e81ce60bee","first_seen":"2024-10-26T05:31:03.731392Z","last_seen":"2026-02-03T07:24:06.870922Z","times_seen":10,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}