{"report_id":"b2f6005b-b446-4edd-a6f5-e01efe3f5e61","version":6,"status":"done","tags":[],"date":"2025-09-13T02:19:53Z","url":{"schema":"http","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"134.122.147.29","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"http","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"title":"aquae-bella-17.com/"},"submit":{"url":{"schema":"http","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"134.122.147.29","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-18T02:19:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T02:19:31Z","timestamp":1757729971,"ip_dst":{"addr":"172.18.0.13","port":50434,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.147.29","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2025-09-13T02:19:31.285027+0000\",\"flow_id\":1601777261815586,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.147.29\",\"src_port\":443,\"dest_ip\":\"172.18.0.13\",\"dest_port\":50434,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":54,\"start\":\"2025-09-13T02:19:31.010018+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"hm.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-09-10T21:35:17.829796Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":435,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.aquae-bella-17.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":0,"first_seen":"2015-05-07T11:54:15Z","last_seen":"2023-06-07T14:33:26Z","alert_count":0,"request_count":3,"received_data":1470,"sent_data":1267,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"baoluojs.com","ip":{"addr":"15.235.119.2","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2025-05-06","domain_rank":4468025,"first_seen":"2025-05-16T03:40:32.490634Z","last_seen":"2025-09-05T06:39:28.376534Z","alert_count":0,"request_count":1,"received_data":1716,"sent_data":438,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T02:19:31Z","timestamp":1757729971,"ip_dst":{"addr":"172.18.0.13","port":50434,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.147.29","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2025-09-13T02:19:31.285027+0000\",\"flow_id\":1601777261815586,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.147.29\",\"src_port\":443,\"dest_ip\":\"172.18.0.13\",\"dest_port\":50434,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":54,\"start\":\"2025-09-13T02:19:31.010018+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"846ec421bd25458f76accae0dda7be46","sha1":"018cc2b1ef798853dc54c025bb5fc7d2d69a3aa8","sha256":"37c59b19fe88ab57cdb91cd5c0a037798f7fe2942323540a9d137ee9b91288f7","sha512":"9b19306a0086bd4097c20264c916b57bedaf99a9a8b4a5932b2e572e2985e40b43804e7e6a8a54fe3deffb0037a95bf45de2512401ce5bd57291ccd64aeca98c","ssdeep":"","tlshash":"9b11d07f0a72901c9326e00f7035958e35b484267b21db45e4f8fd3aace4f15546fa9c","size":921,"data":"","first_seen":"2025-07-02T06:00:02.927236Z","last_seen":"2025-12-08T08:40:17.434434Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"74312d9fd3d0d77a65b4edf6f7a9d543","sha1":"f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6","sha256":"e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08","sha512":"12b6bcebb7867a2385206e03146b39db530208a5265d2e19423d7072042b085c883f48ba1d0757d1c27e624ae66da318eef2727806baf1c8caaec3df92c16312","ssdeep":"","tlshash":"52c080a34153d81c5125c151f471705c155d4e7457674c835d536e3eccbca9484e94dc","size":169,"data":"","first_seen":"2023-03-07T12:43:11Z","last_seen":"2026-04-03T17:23:21.815242Z","times_seen":4960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"77d34dbdd30eb3655ab0cb3a2144675b","sha1":"722bd2f4020924bee57a3c30d72d080a7557d952","sha256":"d5f386ca5ed1e92488ac43708e2f03998092995ef45720c51712d0fc08c9d919","sha512":"b2ae2e46fc53867e20811312012f92656a4484bc3768ee1ad3499ef6b6621622c69753f34eb35c8781caee1d6fd44e8e98d5b10302e3c848d76d67c8893afb02","ssdeep":"","tlshash":"add072a08c8e1828802af0e0b030076d3b2b468aa7690a2420f23d61a20e2822012ce8","size":275,"data":"","first_seen":"2025-05-16T03:40:46.915588Z","last_seen":"2025-12-27T16:36:45.220449Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?21e09762cdad0bbce9717d70777a3644","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://baoluojs.com/","date":"2025-09-13T02:19:33.564Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /hm.js?21e09762cdad0bbce9717d70777a3644 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://baoluojs.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T02:19:31.002Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.aquae-bella-17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":537,"timings":{"blocked":537,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.aquae-bella-17.com/","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"134.122.147.29","port":80,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T02:19:31.836Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.aquae-bella-17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 13 Sep 2025 02:19:32 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":952,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"40c00b62f834ea21b48886fc2ed6f22a","sha1":"9ee7d3f68a195b2d2eddec0cfb71a574c8c5d239","sha256":"acd90a51fea4b5c52df46786a8ec27a756d6371c6945394e232c3db24c88d376","sha512":"3fa5b17620549e8989197d905963aeddd79cafde3776fa25b2f7a23312824098406592cedc7bd92310efc2e2308d314ad48ee2eb011b706b16ef4a5ccaad56cc","ssdeep":"","tlshash":"e711e17a0e31d01c9231e10e7234994d39b884257b219745f0f8bd2994e4f11446aad8","first_seen":"2025-07-02T06:00:02.925218Z","last_seen":"2025-12-27T16:36:45.217678Z","times_seen":21,"resource_available":true,"data":null}},"time_used":900,"timings":{"blocked":289,"dns":0,"connect":289,"send":0,"wait":322,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"baoluojs.com/","fqdn":"baoluojs.com","domain":"baoluojs.com","tld":"com"},"ip":{"addr":"15.235.119.2","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.aquae-bella-17.com/","date":"2025-09-13T02:19:32.518Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: baoluojs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.aquae-bella-17.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: FunCDN/2.0.4\r\nDate: Sat, 13 Sep 2025 02:19:33 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Fri, 12 Sep 2025 06:09:18 GMT\r\nETag: W/\"68c3b90e-52e\"\r\nExpires: Sat, 13 Sep 2025 04:19:33 GMT\r\nCache-Control: max-age=7200\r\nVia: edge-262-HIT\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1326,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"1f82cbcd4488bcd5b81267bba8d1ac2e","sha1":"77209458a2baaf526de7e3341093e4c511ecca7f","sha256":"8405a5efb4f3a162040dc6387f04768d50fa1ed5f0988cb702567b21fc8c2f49","sha512":"be09e426160e04d693250b606ab74543a69c84fb3335572f170b893a031af08c3bb998848cc64dcad8cc593efc9b31f7c189b9bb487788c4d6b188a093661eb0","ssdeep":"","tlshash":"4121dd8a889a2341265f40763f8a7008b1b7a4a70a4ce040fdcdc4422f54b5fceb7fc9","first_seen":"2025-09-13T02:19:54.546222Z","last_seen":"2025-09-13T02:19:54.546222Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1893,"timings":{"blocked":896,"dns":799,"connect":99,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.aquae-bella-17.com/favicon.ico","fqdn":"www.aquae-bella-17.com","domain":"aquae-bella-17.com","tld":"com"},"ip":{"addr":"134.122.147.29","port":80,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.aquae-bella-17.com/","date":"2025-09-13T02:19:32.524Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.aquae-bella-17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.aquae-bella-17.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 13 Sep 2025 02:19:32 GMT\r\nContent-Type: text/html\r\nContent-Length: 139\r\nConnection: keep-alive\r\nETag: \"6770fa33-8b\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9e59b9c910a7b85f21739c3c3147a565","sha1":"8833e56f550b564f968edafdf536b23716098810","sha256":"3edf046b457ed29e04c7f1ee6a261121a7b603766f2603e9b09f34680c7e6233","sha512":"98b50552c17ed9bfe46baa35116e9ee5e6d53678441fb43242e5fbb4e78640dadae2de6bdfe0e7c6ca70727a6e6bbea92ce3b6260994503fd0ed3d6e5a2cb9a2","ssdeep":"","tlshash":"c2c02b0d3413a6848903001022c33240c086833f689980100801c083f0cb28ae4c7369","first_seen":"2025-05-28T18:49:27.451948Z","last_seen":"2026-01-07T09:18:40.67215Z","times_seen":16,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}