{"report_id":"c87d9375-85a0-479b-97dd-70353580cac7","version":6,"status":"done","tags":[],"date":"2025-10-11T23:21:36Z","url":{"schema":"http","addr":"eu.funxxx.life/do?payload=Njk=","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"ip":{"addr":"104.21.69.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"eu.funxxx.life/do?payload=Njk=","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"title":"eu.funxxx.life/do?payload=Njk="},"submit":{"url":{"schema":"http","addr":"eu.funxxx.life/do?payload=Njk=","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"ip":{"addr":"104.21.69.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-15T23:21:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.196800+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/do?payload=Njk=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":503,\"length\":28},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":686,\"bytes_toclient\":790,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.402714+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://eu.funxxx.life/do?payload=Njk=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":52},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1186,\"bytes_toclient\":1680,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"eu.funxxx.life","ip":{"addr":"172.67.213.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-04-19","domain_rank":0,"first_seen":"2022-11-22T21:52:51Z","last_seen":"2025-09-27T10:53:45.463581Z","alert_count":3,"request_count":3,"received_data":1824,"sent_data":1280,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.196800+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/do?payload=Njk=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":503,\"length\":28},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":686,\"bytes_toclient\":790,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.402714+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://eu.funxxx.life/do?payload=Njk=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":52},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1186,\"bytes_toclient\":1680,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"eu.funxxx.life/do?payload=Njk=","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"ip":{"addr":"172.67.213.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-11T23:21:14.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"funxxx.life","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 02:11:39 GMT","end":"Fri, 21 Nov 2025 00:54:38 GMT"},"fingerprint":{"sha1":"2F:14:1A:D3:FA:16:47:19:3A:86:68:4F:64:E2:0B:71:D6:E0:53:F8","sha256":"D9:E3:26:E2:9A:29:6B:59:C3:E9:7F:74:F0:1E:B2:5E:96:8A:55:B0:0A:7E:2A:5F:E3:26:74:DB:6C:CD:F7:EC"}}},"request":{"raw":"GET /do?payload=Njk= HTTP/1.1\r\nHost: eu.funxxx.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 503 Service Unavailable\r\ndate: Sat, 11 Oct 2025 23:21:14 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 28\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=axn6yMvIQCv4G4fydmCvgVUGEu9hW%2FkUrIQTKjap7kBLAT0GPyZhmD1wjSd%2BNvxbfOFcZwav1F7ZC%2BFJ0EA550q9YtFbp6zR5VOMYphs\"}]}\r\ncf-ray: 98d217bbeea4a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"14b7317df239d0d17b6af383e1acb2af","sha1":"6a6552ef63182fb19b412db29b1910c25d3b39f6","sha256":"a0795682314d8da8e056aeb3f1104bf9e8844fedd0f9b16b29f6fd50bcaefd2f","sha512":"c4e6215eedb740c8f7e49c090f972b8fe7e6aaeb6f02282fd30319d0779eeb1b2d0e70b361fb44b21dbbe2df659b1d6569f4636e02afdb802e4bf679be1c183f","ssdeep":"","tlshash":"ca8000c300082022a0c3a2283a000a008208228008f2803008ba2f0022af2822220e83","first_seen":"2024-12-04T22:18:47.725124Z","last_seen":"2026-05-25T23:35:31.8123Z","times_seen":107,"resource_available":true,"data":null}},"time_used":520,"timings":{"blocked":216,"dns":15,"connect":1,"send":0,"wait":87,"receive":0,"ssl":197},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.196800+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/do?payload=Njk=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":503,\"length\":28},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":686,\"bytes_toclient\":790,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"eu.funxxx.life/do?payload=Njk=","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"ip":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-11T23:21:15.119Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /do?payload=Njk= HTTP/1.1\r\nHost: eu.funxxx.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 503 Service Unavailable\r\nDate: Sat, 11 Oct 2025 23:21:15 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 28\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LLtDAZhKmqdpnNcixHaPiY%2FIN5M%2BPuWyE628yudZyv5wYRdwXYlD0869EDihTTZfbyobpaz4cMeSthxg5orFlWXFXqprjusBSGT5wg%3D%3D\"}]}\r\nCF-RAY: 98d217bd7c05b50b-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"14b7317df239d0d17b6af383e1acb2af","sha1":"6a6552ef63182fb19b412db29b1910c25d3b39f6","sha256":"a0795682314d8da8e056aeb3f1104bf9e8844fedd0f9b16b29f6fd50bcaefd2f","sha512":"c4e6215eedb740c8f7e49c090f972b8fe7e6aaeb6f02282fd30319d0779eeb1b2d0e70b361fb44b21dbbe2df659b1d6569f4636e02afdb802e4bf679be1c183f","ssdeep":"","tlshash":"ca8000c300082022a0c3a2283a000a008208228008f2803008ba2f0022af2822220e83","first_seen":"2024-12-04T22:18:47.725124Z","last_seen":"2026-05-25T23:35:31.8123Z","times_seen":107,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.196800+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/do?payload=Njk=\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":503,\"length\":28},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":686,\"bytes_toclient\":790,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"eu.funxxx.life/favicon.ico","fqdn":"eu.funxxx.life","domain":"funxxx.life","tld":"life"},"ip":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://eu.funxxx.life/do?payload=Njk=","date":"2025-10-11T23:21:15.297Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: eu.funxxx.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://eu.funxxx.life/do?payload=Njk=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 11 Oct 2025 23:21:15 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nCache-Control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i5o9SbpVmHJawylKpwidYclq2u2FqDk526lai6%2BHJrTqCaLjSnrcssMwA5cc1yW3VhRU%2Fd%2FulxFZrtazbw18pFY%2F4Q5MvgRe2HCYIg%3D%3D\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 98d217be9c97b50b-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"a1e98aadc230cf5660718b96d5ff8268","sha1":"b49beea247a9217762590f712fc133071df242eb","sha256":"155636327b93f918eb3b6b057e5c98b24157c4a033755a5fbdb9faa86ebadc67","sha512":"f32c2eac29daf821e3838e625d5ad6e3b3c3776ba754cb0cf1fe4e427d79d9def8ba6ba09e08cfe916a46cd3f59ab90a48b1bccb1edd7663de71ca635104cfe8","ssdeep":"","tlshash":"3580008a82802800c00222c0280282308023f088200202a0020882ec028003030c0282","first_seen":"2023-05-11T15:52:40Z","last_seen":"2026-05-25T23:35:31.812855Z","times_seen":781,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-11T23:21:15Z","timestamp":1760224875,"ip_dst":{"addr":"172.67.213.133","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.19","port":49630,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-10-11T23:21:15.402714+0000\",\"flow_id\":508326130207886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":49630,\"dest_ip\":\"172.67.213.133\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"eu.funxxx.life\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://eu.funxxx.life/do?payload=Njk=\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":52},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1186,\"bytes_toclient\":1680,\"start\":\"2025-10-11T23:21:15.117902+0000\"}}"}],"analyzer":null,"urlquery":null}}]}