{"report_id":"f10a770c-d630-4b81-b18a-9423770012a2","version":6,"status":"done","tags":[],"date":"2025-08-28T03:35:23Z","url":{"schema":"http","addr":"web3-cldf.top","fqdn":"web3-cldf.top","domain":"web3-cldf.top","tld":"top"},"ip":{"addr":"104.21.45.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"http","addr":"web3-cldf.top","fqdn":"web3-cldf.top","domain":"web3-cldf.top","tld":"top"},"ip":{"addr":"104.21.45.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-02T03:35:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T03:35:13Z","timestamp":1756352113,"ip_dst":{"addr":"172.67.208.18","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":47390,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-28T03:35:13.819583+0000\",\"flow_id\":2124977187258940,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":47390,\"dest_ip\":\"172.67.208.18\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"web3-cldf.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":550,\"bytes_toclient\":140,\"start\":\"2025-08-28T03:35:03.787004+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"web3-cldf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"web3-cldf.top","ip":{"addr":"104.21.45.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-10-31","domain_rank":0,"first_seen":"2025-08-28T03:35:23.042331Z","last_seen":"2025-08-28T03:35:23.042331Z","alert_count":2,"request_count":1,"received_data":7625,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T03:35:13Z","timestamp":1756352113,"ip_dst":{"addr":"172.67.208.18","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":47390,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-28T03:35:13.819583+0000\",\"flow_id\":2124977187258940,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":47390,\"dest_ip\":\"172.67.208.18\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"web3-cldf.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":550,\"bytes_toclient\":140,\"start\":\"2025-08-28T03:35:03.787004+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"web3-cldf.top/","fqdn":"web3-cldf.top","domain":"web3-cldf.top","tld":"top"},"ip":{"addr":"104.21.45.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-28T03:35:00.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web3-cldf.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 13:26:21 GMT","end":"Fri, 21 Nov 2025 14:25:03 GMT"},"fingerprint":{"sha1":"9C:88:C6:29:78:14:D5:67:50:8C:74:3F:3C:96:F9:C5:3D:53:4C:57","sha256":"85:EF:BD:01:2C:D8:9C:34:9B:61:46:EA:BA:DD:6E:94:D0:EF:3E:B1:27:5F:80:16:51:A6:ED:80:FD:83:08:B6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: web3-cldf.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 522 No Reason Phrase\r\ndate: Thu, 28 Aug 2025 03:35:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7227\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nserver: cloudflare\r\ncf-ray: 9760c1981f3656b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7227,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (510)","md5":"a52c98764580e82edfed0dfa7fc08be3","sha1":"9866a922a9e9d6a564a540a0cafea654a2439498","sha256":"c9fae2faf04b60b97a6c104cbcb57e6cc4c597bdc4a18c646b2f8602391eae98","sha512":"cf49afb758b5101f1aff67459cc329bc9ba3cce81a008a895e1f70bcecfe0ddab44c46fd849aec5800797bfbcca419bf3c849cf695a1ad4597c498e1070a385f","ssdeep":"192:1j9jhjYjBhUK/BJVenjom0VyjoWQ+DQ71lIDeP:o/Bt/9+DQ71lmeP","tlshash":"99e17676b1f5127a00a381923695ff5abae0c613c7ef5594b3ddc1632f9ee81e903290","first_seen":"2025-08-28T03:35:25.304914Z","last_seen":"2025-08-28T03:35:25.304914Z","times_seen":1,"resource_available":false,"data":null}},"time_used":20246,"timings":{"blocked":320,"dns":303,"connect":1,"send":0,"wait":19603,"receive":1,"ssl":15},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-28T03:35:13Z","timestamp":1756352113,"ip_dst":{"addr":"172.67.208.18","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":47390,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-28T03:35:13.819583+0000\",\"flow_id\":2124977187258940,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":47390,\"dest_ip\":\"172.67.208.18\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"web3-cldf.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":550,\"bytes_toclient\":140,\"start\":\"2025-08-28T03:35:03.787004+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"web3-cldf.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}