{"report_id":"c31fd3a4-b6a2-4b50-af23-6a9e5252f629","version":6,"status":"done","tags":[],"date":"2023-10-27T12:50:53Z","url":{"schema":"http","addr":"clgt.top/proxy.php/http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg","fqdn":"clgt.top","domain":"clgt.top","tld":"top"},"ip":{"addr":"172.67.203.11","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"clgt.top/proxy.php/http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg","fqdn":"clgt.top","domain":"clgt.top","tld":"top"},"title":"clgt.top/proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T17:30:50Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"clgt.top","ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-03","domain_rank":0,"first_seen":"2017-05-12 00:36:11","last_seen":"2023-07-08 19:59:15","alert_count":0,"request_count":3,"received_data":2401,"sent_data":1729,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-10-27T12:50:37Z","timestamp":1698411037,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58961,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query to a *.top domain - Likely Hostile","source":"{\"timestamp\":\"2023-10-27T12:50:37.101050+0000\",\"flow_id\":2194576657713850,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":58961,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023883,\"rev\":4,\"signature\":\"ET DNS Query to a *.top domain - Likely Hostile\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_09_15\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":14957,\"rrname\":\"clgt.top\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":79,\"bytes_toclient\":0,\"start\":\"2023-10-27T12:50:37.101050+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"clgt.top/proxy.php/http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg","fqdn":"clgt.top","domain":"clgt.top","tld":"top"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-10-27T12:50:37.127Z","timestamp":1698411037127,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.clgt.top","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 29 Sep 2023 19:34:50 GMT","end":"Thu, 28 Dec 2023 19:34:49 GMT"},"fingerprint":{"sha1":"CF:6C:3D:2F:EB:78:8C:EA:9A:D2:40:FC:A1:CC:73:4B:FF:92:37:C8","sha256":"0F:7E:55:13:25:76:CA:63:44:31:A7:09:EE:8B:31:E9:52:77:90:84:AF:16:BB:E4:EA:37:64:CF:C4:6A:02:32"}}},"request":{"raw":"GET /proxy.php/http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg HTTP/1.1\r\nHost: clgt.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 27 Oct 2023 12:50:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: /proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: BYPASS\r\nset-cookie: PHPSESSID=pp6kjrpc75kci8tqse3p1mlfej; path=/\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=GbhL2BFL1yTM7T5WS7IKe97dvHWu5TYuP1hE%2BwDeFSjqiXpLDZ07JDN%2B3aNGXYRqX7pr3Jo%2FIeFNcb3rgOiLvuRYx2J221KrhnDbfmx0Qht2TWd7Hw7PiVRnxQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 81cb10d0ffcf56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T15:05:18.645181Z","times_seen":14641373,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":162,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clgt.top/proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg","fqdn":"clgt.top","domain":"clgt.top","tld":"top"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-10-27T12:50:37.343Z","timestamp":1698411037343,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.clgt.top","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 29 Sep 2023 19:34:50 GMT","end":"Thu, 28 Dec 2023 19:34:49 GMT"},"fingerprint":{"sha1":"CF:6C:3D:2F:EB:78:8C:EA:9A:D2:40:FC:A1:CC:73:4B:FF:92:37:C8","sha256":"0F:7E:55:13:25:76:CA:63:44:31:A7:09:EE:8B:31:E9:52:77:90:84:AF:16:BB:E4:EA:37:64:CF:C4:6A:02:32"}}},"request":{"raw":"GET /proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg HTTP/1.1\r\nHost: clgt.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=pp6kjrpc75kci8tqse3p1mlfej\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Oct 2023 12:50:37 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: BYPASS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ccmImGvK5KmYuTJkvNvpOzbkXbCshTJ%2Fzjl0LbD3m9dkIWWgx%2FuiMDXDqShj5NzwT6%2FVcQ9zgy71M6uhp97ovMa8AMgcopbJC3pXdTJHp985zihKQoUQR5u5Ag%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 81cb10d2390356c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T15:05:18.645181Z","times_seen":14641373,"resource_available":true,"data":null}},"time_used":671,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":670,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"clgt.top/favicon.ico","fqdn":"clgt.top","domain":"clgt.top","tld":"top"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://clgt.top/proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg","date":"2023-10-27T12:50:38.278Z","timestamp":1698411038278,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.clgt.top","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 29 Sep 2023 19:34:50 GMT","end":"Thu, 28 Dec 2023 19:34:49 GMT"},"fingerprint":{"sha1":"CF:6C:3D:2F:EB:78:8C:EA:9A:D2:40:FC:A1:CC:73:4B:FF:92:37:C8","sha256":"0F:7E:55:13:25:76:CA:63:44:31:A7:09:EE:8B:31:E9:52:77:90:84:AF:16:BB:E4:EA:37:64:CF:C4:6A:02:32"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: clgt.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://clgt.top/proxy.php/http://http:/tranhtangtangianhamoi.weebly.com/uploads/1/2/2/6/122621605/ma-dao-6_orig.jpg\r\nCookie: PHPSESSID=pp6kjrpc75kci8tqse3p1mlfej\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 27 Oct 2023 12:50:37 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ofe%2BCpX4ftXkmjjk5xReJTXFGMWVKONk9Uj7cnTD2QDnmp0rDwWERZJV%2FgC4JAQwSZF76%2BsNxv6aPNqRzstNfr0r9z0SECViYN8EYJnrfYMuXH0kCnXJCy5tOA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 81cb10d81cca0b55-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with no line terminators","md5":"40b3fc14254227ec5012d996bf90c4e1","sha1":"b0dd06eb5a779151151101337889ff09953f8ac0","sha256":"740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca","sha512":"23526121f81d22bdf929ae6d93210e7a7eb2f5f943c237bc732e1dd658be58cd058b34290d56d72e102c712c6c672ee14372fa75e0779409a01d827203fa6fc2","ssdeep":"","tlshash":"4dc08c1cb813304485030ba00bc33542c29aa22ba8ba802104884203e0ce2bac8ea3d5","first_seen":"2023-04-05T04:09:16Z","last_seen":"2025-04-06T22:43:34.098035Z","times_seen":107868,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}