{"report_id":"f40e529c-7609-44a2-850b-2170f5ee9a16","version":6,"status":"done","tags":[],"date":"2025-03-29T22:44:55Z","url":{"schema":"http","addr":"xhfdo.top/","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"ip":{"addr":"172.67.211.216","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xhfdo.top/","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"title":"xhfdo.top/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-07T22:44:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"xhfdo.top","ip":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-01","domain_rank":0,"first_seen":"2025-03-29T22:44:55.493635Z","last_seen":"2025-03-29T22:44:55.493635Z","alert_count":3,"request_count":4,"received_data":6966,"sent_data":1902,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-03-26T01:45:10.154727Z","alert_count":0,"request_count":1,"received_data":13315,"sent_data":503,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-29T22:44:33Z","timestamp":1743288273,"ip_dst":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":46560,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-03-29T22:44:33.886762+0000\",\"flow_id\":1516632271834468,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":46560,\"dest_ip\":\"172.67.211.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"xhfdo.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://xhfdo.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":718,\"bytes_toclient\":1230,\"start\":\"2025-03-29T22:44:33.871780+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"xhfdo.top/","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"ip":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-29T22:44:33.868Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xhfdo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=a76665404779df83d70be209b0c4c615\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sat, 29 Mar 2025 22:44:33 GMT\r\nContent-Type: text/html\r\nContent-Length: 167\r\nConnection: keep-alive\r\nCache-Control: max-age=3600\r\nExpires: Sat, 29 Mar 2025 23:44:33 GMT\r\nLocation: https://xhfdo.top/\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=21p1GAOlhjfvpsXjCAQNEl6nf8C0pJNqzWK0cUNLp0YKx7LrAPZUXTpB0%2Fc1a3lbAPF0nFFTe5jZH%2BaMhcV847RyQ%2B1GN48xbsjNzzSSFEjpSO47M3DSb6FVEkQ%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9282e47f9b9db4ed-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=474\u0026min_rtt=474\u0026rtt_var=237\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=446\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":1390,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T01:30:53.33799Z","times_seen":13310387,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":4,"dns":1,"connect":1,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-29T22:44:33Z","timestamp":1743288273,"ip_dst":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":46560,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-03-29T22:44:33.886762+0000\",\"flow_id\":1516632271834468,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":46560,\"dest_ip\":\"172.67.211.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"xhfdo.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://xhfdo.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":718,\"bytes_toclient\":1230,\"start\":\"2025-03-29T22:44:33.871780+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xhfdo.top/","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"ip":{"addr":"172.67.211.216","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-29T22:44:33.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhfdo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 19 Mar 2025 12:43:01 GMT","end":"Tue, 17 Jun 2025 13:41:45 GMT"},"fingerprint":{"sha1":"9A:3C:F8:87:3E:63:37:F3:FC:0D:95:03:E0:0C:55:5C:B6:71:77:5F","sha256":"C2:3C:00:79:0E:38:D4:9D:44:A0:FB:B2:AC:7D:6D:73:11:AF:0C:79:45:3E:03:EE:5E:F5:34:B4:B3:26:F7:A1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xhfdo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=a76665404779df83d70be209b0c4c615\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 29 Mar 2025 22:44:34 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nreferrer-policy: no-referrer\r\npriority: u=1,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=a76665404779df83d70be209b0c4c615; Path=/; Max-Age=1440; Expires=Sat, 29 Mar 2025 23:08:34 GMT\r\ncf-ray: 9282e47fde445691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1390,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1514), with no line terminators","md5":"0680b0d6d6e37efcad0e4989202f5f36","sha1":"8538991924bc1d6bf8d0a5a13c6c1792293659b3","sha256":"da83402d82bdb5bc5ea8af5e773e637be5d91d319303473e84c74d41fe6c3aaf","sha512":"f97e0a129d147910393675bfe72c62a15080f7ff2883f7fff3f5a36bd784f2325974be9600ba7be8a8ae2eabfdeb04e4d942fee305a0567abdcd0839cb9984f0","ssdeep":"","tlshash":"d33110ad0d093231af539dfa3d556331820e304768a20a347bfe2194d3c64a966a2b9c","first_seen":"2025-03-29T22:44:57.855319Z","last_seen":"2025-03-29T22:44:57.855319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":447,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-29T22:44:33Z","timestamp":1743288273,"ip_dst":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":46560,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-03-29T22:44:33.886762+0000\",\"flow_id\":1516632271834468,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":46560,\"dest_ip\":\"172.67.211.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"xhfdo.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://xhfdo.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":718,\"bytes_toclient\":1230,\"start\":\"2025-03-29T22:44:33.871780+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nVivM.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://xhfdo.top/","date":"2025-03-29T22:44:34.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 10 Mar 2025 08:37:01 GMT","end":"Mon, 02 Jun 2025 08:37:00 GMT"},"fingerprint":{"sha1":"63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B","sha256":"E5:08:EF:15:62:0C:70:BF:82:8A:23:7E:52:A0:03:CC:BF:47:9D:AB:89:97:C0:F6:BD:0C:85:14:3C:09:7F:AA"}}},"request":{"raw":"GET /s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nVivM.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xhfdo.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 12480\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 27 Mar 2025 09:20:11 GMT\r\nexpires: Fri, 27 Mar 2026 09:20:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 221063\r\nlast-modified: Tue, 02 May 2023 15:30:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12480,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 12480, version 1.0","md5":"a2e30588d7302dcec7df37c7ef1e858b","sha1":"92844846456a5df99e70f9a48d25b7b704425f7f","sha256":"5bd44fee71c38c481d5b546bf29a65b6a6e69dd4ab89acd8de2d49baeebb8317","sha512":"71330052a9496c4abd39a5c5e96a4b8696e54fa5f9da5c5887d35e9d46d766854fc6cb44d6f08bde686c08a09d875a9d95853d19cd36b8ba6df0351340cba792","ssdeep":"192:+AYLhjfgQvGHqmvWqNc5R8B2yeIm/MUGebJ2rOgaADKZu8ok+lBFg2DIt04kbvBF:tYhHvLmOfKeIm/LbMrOBu8ojlLFIGPZF","tlshash":"1842c0e65554c866d0f341f700129e479f8cfeace8670daac068b91b5a89436772f4b8","first_seen":"2023-05-08T13:22:05Z","last_seen":"2026-03-25T07:36:24.99359Z","times_seen":222,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":123,"dns":1,"connect":22,"send":0,"wait":23,"receive":4,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xhfdo.top/favicon.ico","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"ip":{"addr":"172.67.211.216","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://xhfdo.top/","date":"2025-03-29T22:44:34.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhfdo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 19 Mar 2025 12:43:01 GMT","end":"Tue, 17 Jun 2025 13:41:45 GMT"},"fingerprint":{"sha1":"9A:3C:F8:87:3E:63:37:F3:FC:0D:95:03:E0:0C:55:5C:B6:71:77:5F","sha256":"C2:3C:00:79:0E:38:D4:9D:44:A0:FB:B2:AC:7D:6D:73:11:AF:0C:79:45:3E:03:EE:5E:F5:34:B4:B3:26:F7:A1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xhfdo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=a76665404779df83d70be209b0c4c615\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1729,"data":"e=37dfbd8ee84e00126eedc53de2458f949225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ad7808d03286b1daf7b2101813cd962c6573002269056035a33000a97ec3e1e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c41730502a6dd7e672901a0af497e8fa2f57a91e958244f2df8f0f4c1ca22eacfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b02628b6d75323f098b92bcb59ac19eedb059b119d8d2e976b6cc9c7729b78c485aceddcb0be0638ea3de2eee8235028ae9136c1f71ded574c02d65e469783c39081d0a870866ad0deedd836ae6b7874dc2e65d484964a20c0f874bb41bfd30dd837ae77021314ef30ae2bdbc9a53df7c53eca13e484d09928cc574761fb5518566c4a7bc0ec2df449d7d88c21a6886ef09c6c82c2e5be33cfb5e47e68758fe5486fddf7511a4db4a2a230f649c6b309b1a457e66eaa238841c80695f42ecd7124e5ad8e673f3f6003360a5c17a8e9906dd202b447524229f8b747c39c0411ffbad7a6a16fcaeaf8e185feabed56493efb5b9bb1586f9f5e621ad37f40776cf767b27019c686dd71de258e7199a13ecca60c9e7f0c23280a7e1695de92de4d240aeb6d06c0d79ee8ee8312448cacaf3ed3962769d2c0132268fe95da5429bf258056814eb66d9c69bc8b6dace543b5d2fb9be7557efda47e3ad664ac9fb1b5179b6837140d9c6a4659afdb23da9f5ccdcce6b550afeee6550e4d55a22fe945fc47b8ea048a2001651828777ffd48dad07704c53093f6b16c86912fd9232af04f6e269df4c35e0fac63ff8d11d91b234017ed292683b3c52896027c888f10a0dcc1edc01f984f5f2209e0286601cd82065da62eb8bd9278cdc1e60d5c7fbe787f4b578d055ae685fc4147c5707bd28b95108ac6b0ca5921ba34a7152812950831758b95581dc6\u0026cri=V1f68UjO7z\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5008\u0026mo=0\u0026pn=6521\u0026spn=1513\u0026fp=628\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 29 Mar 2025 22:44:34 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Mon, 24 Mar 2025 10:25:33 GMT\r\netag: W/\"67e1331d-9e\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=kD%2FXZAZXQM9ONMP7N4iVFb3C5IaFsgc5%2BLB%2BsltRwAoKW%2BbhZzGuM5bXnOfYjvvtZZsAdifod1VlmoEyabu%2F7kEwvN2y72H%2BGD31vnL9CGeptTQqZdAm9Q7Oj88%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9282e483ea525691-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3568\u0026min_rtt=1739\u0026rtt_var=1829\u0026sent=14\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=5079\u0026recv_bytes=1586\u0026delivery_rate=1418\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=e89ffb28b31249e6\u0026ts=1279\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":158,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"24fccedb8a052422e21df1be8ca516eb","sha1":"c3b9a2fae9a5c9f615ae824bd68444caf2021d21","sha256":"e6946db111e521ec6cd5acdcf46c379a0c642df6606d8e86aebace226c1db291","sha512":"14c7f14f050903eff21eb863f5ec6ab08ea637853e0732ab8e22e8fcba6b40a2d943780bf54627fe89528c5d0eac16cf8b224eeddbdd50edf05fd1b9c4c7e622","ssdeep":"","tlshash":"35c0c0ca25041c3cc21d1463b4083400bc23341c05d14800535a44ac10aed08c050111","first_seen":"2025-03-29T22:44:57.857801Z","last_seen":"2026-03-24T12:11:39.699499Z","times_seen":19,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":399,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xhfdo.top/","fqdn":"xhfdo.top","domain":"xhfdo.top","tld":"top"},"ip":{"addr":"172.67.211.216","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-29T22:44:33.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhfdo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 19 Mar 2025 12:43:01 GMT","end":"Tue, 17 Jun 2025 13:41:45 GMT"},"fingerprint":{"sha1":"9A:3C:F8:87:3E:63:37:F3:FC:0D:95:03:E0:0C:55:5C:B6:71:77:5F","sha256":"C2:3C:00:79:0E:38:D4:9D:44:A0:FB:B2:AC:7D:6D:73:11:AF:0C:79:45:3E:03:EE:5E:F5:34:B4:B3:26:F7:A1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xhfdo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1732,"data":"e=37dfbd8ee84e00126eedc53de2458f949225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674ad7808d03286b1daf7b2101813cd962c6573002269056035a33000a97ec3e1e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c41730502a6dd7e672901a0af497e8fa2f57a91e958244f2df8f0f4c1ca22eacfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b02628b6d75323f098b92bcb59ac19eedb059b119d8d2e976b6cc9c7729b78c485aceddcb0be0638ea3de2eee8235028ae9136c1f71ded574c02d65e469783c39081d0a870866ad0deedd836ae6b7874dc2e65d484964a20c0f874bb41bfd30dd837ae77021314ef30ae2bdbc9a53df7c53eca13e484d09928cc574761fb5518566c4a7bc0ec2df449d7d88c21a6886ef09c6c82c2e5be33cfb5e47e68758fe5486fddf7511a4db4a2a230f649c6b309b1a457e66eaa238841c80695f42ecd7124e5ad8e673f3f6003360a5c17a8e9906dd202b447524229f8b747c39c0411ffbad7a6a16fcaeaf8e185feabed56493efb5b9bb1586f9f5e621ad37f40776cf767b27019c686dd71de258e7199a13ecca60c9e7f0c23280a7e1695de92de4d240aeb6d06c0d79ee8ee8312448cacaf3ed3962769d2c0132268fe95da5429bf258056814eb66d9c69bc8b6dace543b5d2fb9be7557efda47e3ad664ac9fb1b5179b6837140d9c6a4659afdb23da9f5ccdcce6b550afeee6550e4d55a22fe945fc47b8ea048a2001651828777ffd48dad07704c53093f6b16c86912fd9232af04f6e269df4c35e0fac63ff8d11d91b234017ed292683b3c52896027c888f10a0dcc1edc01f984f5f2209e0286601cd82065da62eb8bd9278cdc1e60d5c7fbe787f4b578d055ae685fc4147c5707bd28b95108ac6b0ca5921ba34a7152812950831758b95581dc6\u0026cri=V1f68UjO7z\u0026sf=0\u0026dc=\u0026cp=15\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=15023\u0026mo=0\u0026pn=16537\u0026spn=1513\u0026fp=628\u0026snt=1"}},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 29 Mar 2025 22:44:33 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=a76665404779df83d70be209b0c4c615; Path=/; Max-Age=1440; Expires=Sat, 29 Mar 2025 23:08:33 GMT\r\ncf-ray: 9282e47bda3a1c0e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1390,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1514), with no line terminators","md5":"0680b0d6d6e37efcad0e4989202f5f36","sha1":"8538991924bc1d6bf8d0a5a13c6c1792293659b3","sha256":"da83402d82bdb5bc5ea8af5e773e637be5d91d319303473e84c74d41fe6c3aaf","sha512":"f97e0a129d147910393675bfe72c62a15080f7ff2883f7fff3f5a36bd784f2325974be9600ba7be8a8ae2eabfdeb04e4d942fee305a0567abdcd0839cb9984f0","ssdeep":"","tlshash":"d33110ad0d093231af539dfa3d556331820e304768a20a347bfe2194d3c64a966a2b9c","first_seen":"2025-03-29T22:44:57.855319Z","last_seen":"2025-03-29T22:44:57.855319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":21,"dns":1,"connect":1,"send":0,"wait":403,"receive":0,"ssl":17},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-03-29T22:44:33Z","timestamp":1743288273,"ip_dst":{"addr":"172.67.211.216","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":46560,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-03-29T22:44:33.886762+0000\",\"flow_id\":1516632271834468,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":46560,\"dest_ip\":\"172.67.211.216\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"xhfdo.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://xhfdo.top/\",\"length\":167},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":718,\"bytes_toclient\":1230,\"start\":\"2025-03-29T22:44:33.871780+0000\"}}"}],"analyzer":null,"urlquery":null}}]}