Report - h.top4top.io/f_DfMEOQLiYKGRubJ8pGGETA/1731517297/320p428o1.rar

Report Overview

Visited public
2024-11-11 17:04:14
Tags
URL
h.top4top.io/f_DfMEOQLiYKGRubJ8pGGETA/1731517297/320p428o1.rar
Finishing URL
top4top.io/downloadf-320p428o1-rar.html
IP / ASN
135.181.63.70
#24940 Hetzner Online GmbH
Title
dxcpl | تحميل

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-11-06	426 B	34 kB	142.250.74.170
s.top4top.io	unknown	2019-11-19	2020-01-05	2024-11-11	11 kB	534 kB	104.21.5.137
h.top4top.io	995982	2019-11-19	2020-01-17	2024-10-27	516 B	342 B	135.181.63.70
top4top.io	118839	2019-11-19	2019-12-01	2024-11-11	7.0 kB	28 kB	188.165.137.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed
2024-11-11	medium	top4top.io	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	moz-extension://374908d2-0475-4f5d-b9f6-d1abf756a6ed/lib/shim_messaging_helper.js		1.7 kB	2023-05-05	2025-06-24
Pretty URL moz-extension://374908d2-0475-4f5d-b9f6-d1abf756a6ed/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-06-24 04:53 Times Seen58870 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47	ScriptElement	35 kB	2023-03-07	2025-06-23
Pretty URL s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 15:31 Times Seen630 Hash 281cd50dd9f58c5550620fc148a7bc39 dfb8410ffc10a57d69b81620087c5a0b6027765a 484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306 Loading...

	top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050	ScriptElement	0 B	0001-01-01	2025-06-24
Pretty URL top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050 IP 188.165.137.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-24 04:59 Times Seen5094449 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	top4top.io/sandbox%20eval%20code		147 B	2023-04-11	2025-06-24
Pretty URL top4top.io/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-24 04:59 Times Seen364402 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	top4top.io/downloadf-320p428o1-rar.html	ScriptElement	210 B	2023-04-05	2025-06-23
Pretty URL top4top.io/downloadf-320p428o1-rar.html IP 188.165.137.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 04:43 Last Seen2025-06-23 15:31 Times Seen211 Hash 2f2436df434fa32a100c86b0d469007e 7bc404f2561561c46dcf22496f23f552859694a0 8611685568658439deafe99b1cee806e82135b02ef9fa532bbb44519a24995a7 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-06-24
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-24 04:53 Times Seen26485 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	top4top.io/downloadf-320p428o1-rar.html	ScriptElement	385 B	2023-03-07	2025-06-23
Pretty URL top4top.io/downloadf-320p428o1-rar.html IP 188.165.137.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 15:31 Times Seen211 Hash 5c66b23713c34b41fcfd9c8d3859e3d7 effc676e205d0dc369d23b887bc65fdc63d707d4 61cd0091d8fe448723f9005c8571bd57c6311bd81642d8f66aa9f56d43d4cbd7 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-24
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-24 04:59 Times Seen363733 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	s.top4top.io/styles/default-new-reg/javascript.js?rev=47	ScriptElement	16 kB	2024-10-29	2025-06-23
Pretty URL s.top4top.io/styles/default-new-reg/javascript.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-29 18:06 Last Seen2025-06-23 15:31 Times Seen30 Hash dc52cee62c015e4abc6d4ce1da9238a9 caa5a19a1edd47c178c9b4eb5c0641002047bae8 d0b72e5ac7e5041381c1481e6eae72cd7fefc9e93561f8d61098915dce55ff3f Loading...

	connect.facebook.net/en_US/all.js#xfbml=1	ScriptElement	17 kB	2023-05-05	2025-06-24
Pretty URL connect.facebook.net/en_US/all.js#xfbml=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-06-24 04:53 Times Seen58175 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47	ScriptElement	562 B	2024-10-29	2025-06-23
Pretty URL s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47 IP 104.21.5.137 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-29 20:04 Last Seen2025-06-23 15:31 Times Seen30 Hash 215c1f7ec52ae6d5cca90c7347493c61 ed0bd7311ce627cd7b6e26dc6c5cc167f3191e42 40c9fbe99cfd1912879ec624692a5b4cdc88edec1142bf6717e4b82408467c9e Loading...

	top4top.io/share.js	ScriptElement	2.0 kB	2023-03-07	2025-03-29
Pretty URL top4top.io/share.js IP 188.165.137.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-03-29 19:53 Times Seen177 Hash d6b05c71ce92a4e0599cf8b731966510 8735a20d053e085fdfe0963cab19b9499e1be457 ff90fa92b304e071f41235a6e338e1e0588641156a765999852784a17523be9e Loading...

		Size	First Seen	Last Seen
	#1 Write - 18f960b58621b683705663ba11dadedf	191 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash 18f960b58621b683705663ba11dadedf 8b6bbf55120dccbe3b661c8da5eb1ad03c0d0e4c 63d7f1d39ac7d8d0c85357533ab8ba83f2efe0a6efe3e78b33687dcb0123faa5 Loading...

	#2 Write - 0f69db4075794d4bac1b4ca5276e9fe8	188 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash 0f69db4075794d4bac1b4ca5276e9fe8 8fb476201d8cd71fea3debcc23cf0186821352c0 241abee1887240fae897911c98385ee5ef3f474d7a21f7886067882e2851afe1 Loading...

	#3 Write - 617c309538083cba65547e5e41ab6e1c	213 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash 617c309538083cba65547e5e41ab6e1c b79b16707a9919e4d939b8d14a88724102493049 cf281a682a689c20952bdf9157a18b864a5dd939c9a049a77b280f68b293034a Loading...

	#4 Write - 6ed2b99ecd17708a124d0f6493d5c4a8	191 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash 6ed2b99ecd17708a124d0f6493d5c4a8 9ec28f9b1f9da5ececb2e1c951985ab77e2bf03e 846f8ab50ed816a383873259a51affe53b6842066c2b8c6ac5cea7573efb64b5 Loading...

	#5 Write - 4c81e11d952ca742ebe7a5934e4144b0	194 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash 4c81e11d952ca742ebe7a5934e4144b0 09df98b2c99749e943571d42ed72c4cfde1cdc24 5d118062aca41df11a8423ac9247eb037ef2fcbabb7e0358be4b92095334aece Loading...

	#6 Write - b415deee62deb484d4d47f29ecde30d0	182 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash b415deee62deb484d4d47f29ecde30d0 cf2711b2430efb73537fe7cc1665294dbf6fb15f dca1ed5b50219a9d14f40e01746e0e866632dfa7b4cc7a275440a4c96eb285c8 Loading...

	#7 Write - bcd53692e37fca9dbe2e7e268531bdf5	188 B	2024-11-11 17:04	2024-11-12 14:25
Pretty Observations First Seen2024-11-11 17:04 Last Seen2024-11-12 14:25 Times Seen2 Hash bcd53692e37fca9dbe2e7e268531bdf5 bd4eaf4baa9b08b7c7842887fd85b14a7b42513e 1cbf0bde8ffb9270388b4832b3a3dcce527d71b0e3f5e5b66e64cd771ba87d3c Loading...

HTTP Transactions (36)

URL IP Response Size

GET h.top4top.io/f_DfMEOQLiYKGRubJ8pGGETA/1731517297/320p428o1.rar

135.181.63.70

302 Found

138 B

URL User Request GET HTTP/2
h.top4top.io/f_DfMEOQLiYKGRubJ8pGGETA/1731517297/320p428o1.rar
IP
135.181.63.70:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f_DfMEOQLiYKGRubJ8pGGETA/1731517297/320p428o1.rar HTTP/1.1
Host: h.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/html
content-length: 138
location: https://top4top.io/f-320p428o1-rar.html
reason: Invalid
X-Firefox-Spdy: h2

GET top4top.io/f-320p428o1-rar.html

188.165.137.170

301 Moved Permanently

255 B

URL User Request GET HTTP/1.1
top4top.io/f-320p428o1-rar.html
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
HTML document, ASCII text
Size
255 B (255 bytes)
Hash
81dcc46745dbb50d1c83484063adf358
ca757dad75251deebd9aa303b2ac02b03d296edd
953acf90c806b043498ab89e4d39b13fd948c1b551585b50478ae2c1942d845a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f-320p428o1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 11 Nov 2024 17:03:49 GMT
Server: HotCores
Location: https://top4top.io/downloadf-320p428o1-rar.html
Content-Length: 255
Content-Type: text/html; charset=iso-8859-1

GET top4top.io/downloadf-320p428o1-rar.html

188.165.137.170

200 OK

18 kB

URL User Request GET HTTP/1.1
top4top.io/downloadf-320p428o1-rar.html
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (411)
Size
18 kB (17996 bytes)
Hash
cf6ef053124fb509b2be961e7892d77f
b785ed8009fde5e3eb2444bbfeb49024310c8b16
f249fd632bebefc7333bc77396fa654415ecb18198c5f4041c3f953a9038e1ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /downloadf-320p428o1-rar.html HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Nov 2024 17:03:49 GMT
Server: HotCores
Expires: 0
Cache-Control: private, no-cache="set-cookie"
Pragma: no-cache
P3P: CP="CUR ADM"
Set-Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; expires=Wed, 13-Nov-2024 17:03:49 GMT; path=/
klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e; expires=Wed, 13-Nov-2024 17:03:49 GMT; path=/; domain=.top4top.io; httponly
I-AM: US03
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111

188.165.137.170

200 OK

3 B

URL GET HTTP/1.1
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
Unicode text, UTF-8 text, with no line terminators
Size
3 B (3 bytes)
Hash
ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=33938111 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Nov 2024 17:03:49 GMT
Server: HotCores
I-AM: US03
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8

GET ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

142.250.74.170

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint74:3D:68:F7:64:93:DF:41:12:95:A6:69:57:38:7A:AF:75:38:44:2D
ValidityMon, 07 Oct 2024 08:25:41 GMT - Mon, 30 Dec 2024 08:25:40 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 08 Nov 2024 19:05:45 GMT
expires: Sat, 08 Nov 2025 19:05:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 251884
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET top4top.io/share.js

188.165.137.170

200 OK

2.0 kB

URL GET HTTP/1.1
top4top.io/share.js
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
2.0 kB (2045 bytes)
Hash
d6b05c71ce92a4e0599cf8b731966510
8735a20d053e085fdfe0963cab19b9499e1be457
ff90fa92b304e071f41235a6e338e1e0588641156a765999852784a17523be9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /share.js HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:49 GMT
Content-Type: application/javascript
Content-Length: 2045
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-7fd"
Expires: Mon, 18 Nov 2024 17:03:49 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050

188.165.137.170

200 OK

3 B

URL GET HTTP/1.1
top4top.io/ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
Unicode text, UTF-8 text, with no line terminators
Size
3 B (3 bytes)
Hash
ecaa88f7fa0bf610a5a26cf545dcd3aa
57218c316b6921e2cd61027a2387edc31a2d9471
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ads/adpull.php?n=1&w=728&h=90&call=js&t=banner&divid=330275050 HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Nov 2024 17:03:49 GMT
Server: HotCores
I-AM: US01
Content-Length: 3
Content-Type: text/javascript;Charset=UTF-8

GET top4top.io/styles/default-new-reg/images/zl.png

188.165.137.170

200 OK

673 B

URL GET HTTP/1.1
top4top.io/styles/default-new-reg/images/zl.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
Size
673 B (673 bytes)
Hash
5caf58a4705aa53b41535b86b18819a1
d38040f84c6dcc16c40519bf0249ea8097b8e969
20fac0020c1ca2b53c6132997d0b5ec25252b30ceedaf59b05679c73c0494e7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/zl.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:49 GMT
Content-Type: image/png
Content-Length: 673
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-2a1"
Expires: Mon, 18 Nov 2024 17:03:49 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET s.top4top.io/styles/default-new-reg/images/newlogo.png

104.21.5.137

200 OK

5.6 kB

URL GET
s.top4top.io/styles/default-new-reg/images/newlogo.png
IP
104.21.5.137:0
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
gzip compressed data, from Unix
Size
5.6 kB (5642 bytes)
Hash
c14ed83078bc1a2d75c7f787e8f3f6dd
8f6fc9ba108afa3ff18bfc6c83a117f8beb37879
db3734e8b3ea9dbb04d1c2a83c61c0bb44e6f25ed42acb747697ac6dc2a8093e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/newlogo.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: image/png
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
etag: W/"57e8eb5d-4a7c"
expires: Thu, 14 Nov 2024 20:10:03 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 334426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlNWiBBHuqqae%2BC%2FdPiUQ53QkFCUof9iAI6%2BpujKEpJsVWbCXyVGOzkejPTSEWFSfYbubIbyBYiVmWBo7BXKV7HOZ1kqfZi7uddEBhDs8QY8GV2FBn6MSbfEoSYuHRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba05a1ca863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16460&sent=68&recv=22&lost=0&retrans=0&sent_bytes=69640&recv_bytes=2411&delivery_rate=625423&cwnd=223&unsent_bytes=0&cid=1030e3ec998669bd&ts=61&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/images/line.png

104.21.5.137

200 OK

171 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/images/line.png
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
Size
171 B (171 bytes)
Hash
505b2d1a676e428a00d65723f5aad4a4
a09b9cc28e902bfd1aff1f37b66989802c89112d
fff1cb6423711237a2afb3cdb21782ad114b2c677cece866fec3af7c094cfb6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/line.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/png
content-length: 171
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-ab"
expires: Sun, 17 Nov 2024 18:34:42 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80948
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nO1vCihq9PZ%2FV5Cl1lc%2Fumoz9DWer7xTQjA5gxkYc3Ln%2BtR88zdwWvfNlyCJwmqZSyRtH24yoi3Z660icKUd9kbXyZjaXv4XwEhPnal08%2B%2Bi8vwxg3rD1DWW9CVdzPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba39e43a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20929&sent=16&recv=11&lost=0&retrans=0&sent_bytes=5065&recv_bytes=2675&delivery_rate=2216&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=514&x=1", cfHdrFlush;dur=0

GET s.top4top.io/styles/default-new-reg/images/bg_onlineall.gif

104.21.5.137

200 OK

275 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/images/bg_onlineall.gif
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
GIF image data, version 89a, 1 x 78
Size
275 B (275 bytes)
Hash
86be493af94bb51850f7eb3f35ea1760
6749fb422ca9b9028ebe31d5826a9f8e7fadc182
2a9495d320b7ca95878d73818f8ad0cc66962942394f849b3561113af2b47723

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/bg_onlineall.gif HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/gif
content-length: 275
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-113"
expires: Sun, 17 Nov 2024 18:34:41 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80949
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4voH0EVVtK27LApp3eX0LTH2Vi%2FjIlP9H0bjDkJD68Ie0euyVFJiHHDBOk7g3V3o9R8wmrU6gP19Bz9Eh3fJhIJo9WmuGdvpRgQg1Of3T4TJn6CzR5jtoqaatgy3w38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba39e46a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20929&sent=18&recv=12&lost=0&retrans=0&sent_bytes=5939&recv_bytes=3027&delivery_rate=2216&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=515&x=1", cfHdrFlush;dur=0

GET s.top4top.io/styles/default-new-reg/css/reset.css?rev=47

104.21.5.137

200 OK

835 B

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/reset.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
ASCII text, with very long lines (675), with no line terminators
Size
835 B (835 bytes)
Hash
a6176477a9dd27b6605ab73e976e3cf8
cd3b8201b938c26d98d45569997f029d1cd45f07
09a3259106934713084ea8e90baedf51a931703f888958e019e6ab3b3eb6467d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/reset.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=1013
etag: W/"57e8eb5d-3f5"
expires: Sat, 16 Nov 2024 00:03:57 GMT
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 233992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVlL0%2Fsyhs5TRhaAnPraSUBrBl7YbrxedEl8eVIkWv1fu4yV1WL%2BszIuikhYs5wHl1PQ7EzF8WYof3BcWwPMYSjVwOVQdfoubmWkiJZe3QR%2BM3iFChgIdAO0cV6eUQo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba039ffa863-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=8&recv=16&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=43&x=0"
X-Firefox-Spdy: h2

GET top4top.io/images/twitter.png

188.165.137.170

200 OK

385 B

URL GET HTTP/1.1
top4top.io/images/twitter.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
385 B (385 bytes)
Hash
cea04ecdecaebee1062f70f6c0377e9b
d8fc45f070c93f100423bb5e724c2394e0664d29
09661cea5a7ed3c20f10820b3b9c151a7415770d805172e0b76a09944d882680

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/twitter.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 385
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-181"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET top4top.io/images/facebook.png

188.165.137.170

200 OK

149 B

URL GET HTTP/1.1
top4top.io/images/facebook.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
149 B (149 bytes)
Hash
db3bdb7f62b49e285e9832638c69f900
de920205859fc86ee6f4f1f9094e5d18cb79a21c
2f14fca8d4650c0b03925d0fffbe73b1fe1ca4f2ad19768cd8ec9eed935c3734

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/facebook.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 149
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-95"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET top4top.io/images/live.png

188.165.137.170

200 OK

761 B

URL GET HTTP/1.1
top4top.io/images/live.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
761 B (761 bytes)
Hash
0c0038438c6e145f1a4dea683ce7cc28
c1ad87024ddba2eb6544dc7ee3c16b45ba9a3c63
5e5b288b52e9bbb8b9c2449b04da155054023d50ac2ded7954f912be02f4c484

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/live.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 761
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-2f9"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47

104.21.5.137

200 OK

121 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/animate.min.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
gzip compressed data, from Unix
Size
121 kB (121393 bytes)
Hash
549f4bd6004f90327a91db69f9c31aac
48099542b04627fbe6a28e0c5eec9cf5ed04659a
034b7341deea6aa3e502e10ac33e00bfa315f8f2f638bb13d7bd0ad4e6423632

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/animate.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
etag: W/"57e8eb5d-d0b7"
expires: Sat, 16 Nov 2024 00:03:57 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 233992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdF7qoDqTzRiawWCu96Jvgrt0m6TU8yeIKXF1KVxp3kZfDT6fMFUGkRnfPj8Gpust2Gtl70x1DpQGvyoEt%2FMReHrcRNnShq%2FNbyWJZ7Ova3y1WhaFEg8mqR9G3qG5M4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba03a05a863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15454&sent=37&recv=18&lost=0&retrans=0&sent_bytes=31176&recv_bytes=2304&delivery_rate=279608&cwnd=222&unsent_bytes=0&cid=1030e3ec998669bd&ts=48&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47

104.21.5.137

200 OK

84 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
gzip compressed data, from Unix
Size
84 kB (84109 bytes)
Hash
eec05ca9045b426b8a966c4d9bedebb8
54f32a5191bbd7319135dc6e42e639e5b3713bf0
b86bebd5ff6a8fcc1961eb39e607b5679787916ef1fef1f2abbb275b81680530

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/bootstrap.rtl.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
etag: W/"57e8eb5d-1bae7"
expires: Thu, 14 Nov 2024 20:10:03 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 334426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTA2bcL%2Fb9Brdc93zl7BoaMIY2LNqvcspTJl1GZ4nxLgtt5X4S5imGg%2B4Uf8vUW1quV4bIDcQcs%2BdFXwZfa8y6vklf86B69TSO7d8cDxGCSDaWwo2LQS%2BaJMvHEfP7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba06a36a863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16116&sent=73&recv=26&lost=0&retrans=0&sent_bytes=75476&recv_bytes=2411&delivery_rate=2880580&cwnd=223&unsent_bytes=0&cid=1030e3ec998669bd&ts=66&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/images/bg_onlinevisitor.gif

104.21.5.137

200 OK

275 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/images/bg_onlinevisitor.gif
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
GIF image data, version 89a, 1 x 78
Size
275 B (275 bytes)
Hash
feb63ca3007ca9689f3b9abd21fdf6c0
dc82e752f70b476a619f36dde5579dda250d524b
ef90fc7ea0a75b1ea8fba22a00c358abf41d9fcb07effc3d1f35dec35ee9a785

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/bg_onlinevisitor.gif HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/gif
content-length: 275
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-113"
expires: Sun, 17 Nov 2024 18:34:42 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80948
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nioXxCF2IFsNOZcl%2FS1ESjK5hXfR1d1iulOGtGKF018ulGqa1StlVQ%2BgGThk%2FQvwIeWP7AnOXATmIc%2B1wjdF%2Bozerd8lZxAhK0t641mfVhMPBAQzyY%2BHCEJjtsRXXsc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba3eeb1a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22892&sent=79&recv=17&lost=0&retrans=0&sent_bytes=76212&recv_bytes=3909&delivery_rate=842547&cwnd=36000&unsent_bytes=0&cid=96791da17d294560&ts=563&x=1", cfHdrFlush;dur=10

GET s.top4top.io/styles/default-new-reg/images/bg_datafile.gif

104.21.5.137

200 OK

291 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/images/bg_datafile.gif
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
GIF image data, version 89a, 1 x 78
Size
291 B (291 bytes)
Hash
1601a316901f386a26677da067ade96b
028e80746cdd5f2ac74494b1f5e20371df59790f
948377f80cffbf97c3670f541b1902e4bc5b05c498ac6653d7ba08711875832e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/bg_datafile.gif HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/gif
content-length: 291
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-123"
expires: Sun, 17 Nov 2024 18:34:41 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80949
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qIHAg41kE3jWcpJHy3%2BDROCrtXN7rGb3S0Le2EPlnEZZ66%2BgXkzUNGFYzyftqZbzqDB1dTII6ngWq8Zq%2BUxGmcdyAf8s00TKtzC4lYk4VAf%2BrCQdwncUALRctRGxjFY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba3eeb4a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22892&sent=79&recv=17&lost=0&retrans=0&sent_bytes=76212&recv_bytes=3909&delivery_rate=842547&cwnd=36000&unsent_bytes=0&cid=96791da17d294560&ts=564&x=1", cfHdrFlush;dur=9

GET s.top4top.io/styles/default-new-reg/css/fonts.css

104.21.5.137

200 OK

463 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/css/fonts.css
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (408), with no line terminators
Size
463 B (463 bytes)
Hash
a7ab9c19d301f7907222493d621d3ce3
06a1508d8556b37fc4630dfbf4780b5836fc4235
bd5ccd6efa22c6716ade5b112694151c08f1526b4dcb38cdfcad94227df46212

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/fonts.css HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=5356800
cf-bgj: minify
cf-polished: origSize=487
etag: W/"5e0bab24-1e7"
expires: Sat, 16 Nov 2024 00:03:57 GMT
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
cf-cache-status: HIT
age: 233993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FSsJhh7gDNqAKtKWJs0cXvM5AeTv7gZJHbfGOW5h54OA49JoJ4ZK2Ko7tz4f%2FdsSxJzwu%2BBDpH%2BDVCGJkUeSgIihSklsE0WGgNVz4MrXvhLT4IIkHU3qUiC3owlIps0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba30d8ea87b-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20121&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4036&recv_bytes=1177&delivery_rate=31914&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=428&x=1", cfHdrFlush;dur=0

GET top4top.io/images/reddit.png

188.165.137.170

200 OK

645 B

URL GET HTTP/1.1
top4top.io/images/reddit.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGB, non-interlaced
Size
645 B (645 bytes)
Hash
2a94deb80f88d3f76f263d134b0b1af6
7ef18707f538b89f59cfdb647d2f4f4efe29e23e
38b5f357b4afe9b318ff9bf0806bf69856b80bac27671321097f9840c27e47c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/reddit.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 645
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-285"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET top4top.io/images/myspace.png

188.165.137.170

200 OK

776 B

URL GET HTTP/1.1
top4top.io/images/myspace.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
776 B (776 bytes)
Hash
35578456cc898dfd8aa2112c223cdced
1d342dae525f04e2dfc7e097bba4a6881b414b35
956189a17826806990967d4836472550d6ed3a8192c2bc1e679dc3cabe440edf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/myspace.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 776
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-308"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET top4top.io/images/sphinn.png

188.165.137.170

200 OK

308 B

URL GET HTTP/1.1
top4top.io/images/sphinn.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
308 B (308 bytes)
Hash
95aa9375cbb4bedb87f719c412297b73
0819cdf8762d0d0a8e7187e6838bc8fbc9de51be
5db0d66ddbaf1f37bf7df750e5a86621f5963d836200b6bc9befc140d67f346d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/sphinn.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 308
Last-Modified: Mon, 26 Sep 2016 09:33:17 GMT
ETag: "57e8eb5d-134"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47

104.21.5.137

200 OK

7.3 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/fonts.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
Unicode text, UTF-8 (with BOM) text
Size
7.3 kB (7266 bytes)
Hash
95f1819e3376f55010ba45507f0ab5b0
4ddbd04b23bd936d42b24ad2111123543287c185
cc5205d8dfaa6766cfc8ba9db176c003e9faab96a9900da365d50174b94d1131

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/fonts.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
etag: W/"5e0bab24-1e7"
expires: Mon, 18 Nov 2024 14:57:58 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 7551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o58V0mqF6PwfoV96I6bo1D6nseL4nQNu30woY0%2FTdRzawXLKnAjestJopairEXSH4HJJ2cdRdoYbVjpGw93kIeafvtSsGFN%2FiXY1xLe2qNrHgl6mT%2BbXKpGjnHfBnY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba03a06a863-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=15&recv=16&lost=0&retrans=0&sent_bytes=10147&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=45&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/fonts/NeoSansArabic.woff

104.21.5.137

200 OK

118 kB

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/fonts/NeoSansArabic.woff
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
Web Open Font Format, CFF, length 117704, version 0.0
Size
118 kB (117704 bytes)
Hash
b498aa3e1216f4535f9151fae24411c9
29cd31dbe5f513ec673b64314f257a8bb736b17b
788559c056a4f64455d4208befee3e58bd6f5d4a92fdb4af84f0fdd23cc32278

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/fonts/NeoSansArabic.woff HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://top4top.io
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: font/woff
content-length: 117704
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-1cbc8"
expires: Thu, 14 Nov 2024 20:10:04 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 334426
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuxEiokNqRx8akhYnUYDaRd8cLLtLQpEmnXCNqimiJ8YB9k53dS6LLtQ%2FHm8ykg1ZgJZO7xQO9EI7f6I6dc1gRAvfk%2B3i1tnjW0VIJylX5TPeKQIXqpH%2F0IO4NDdDSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba3ae51a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20929&sent=28&recv=12&lost=0&retrans=0&sent_bytes=17091&recv_bytes=3027&delivery_rate=2216&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=525&x=1", cfHdrFlush;dur=9

GET s.top4top.io/styles/default-new-reg/fonts/fontawesome-webfont.woff?v=4.2.0

104.21.5.137

200 OK

66 kB

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/fonts/fontawesome-webfont.woff?v=4.2.0
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
Web Open Font Format, TrueType, length 65452, version 1.0
Size
66 kB (65452 bytes)
Hash
d95d6f5d5ab7cfefd09651800b69bd54
7d65e0227d0d7cdc1718119cd2a7dce0638f151c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://top4top.io
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: font/woff
content-length: 65452
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-ffac"
expires: Tue, 12 Nov 2024 10:39:21 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 541469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRRg6dvU8g1%2F1PEmWYYV46LtwVjRmvaAvfk6NyQzx13tSX0jfNYs56GiY8R1tC13P7cLs1iW56rEpwOLyCKWpE%2FYEXCDVMyEaf%2Fh12ZotmUimjRgPXuJDa9x0mRy0vs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba3ae55a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20929&sent=20&recv=12&lost=0&retrans=0&sent_bytes=8024&recv_bytes=3027&delivery_rate=2216&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=522&x=1", cfHdrFlush;dur=0

GET s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47

104.21.5.137

200 OK

24 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
assembler source, ASCII text
Size
24 kB (23881 bytes)
Hash
06de85831c5f76801c2f73a0dafcd4bc
5c75031de8c36d833204e9c4da044ff4036f1194
5ba6f771ae350dfd816bdc94839c1b98f8cea02a9b8951bb148e0ccd1803aad3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/stylesheet-3.3.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
etag: W/"5e0bab24-5d49"
expires: Mon, 18 Nov 2024 14:57:58 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 7551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gw400%2FXnVSPHsDjWHRhW6a3R%2Br8ymIy58eUcTnBGm%2FO6jfUJqdgebIRwMbYS1v4k3OHYU4ghly0P8d%2BHikiSp%2B3OLcvR08B31HT2IWQ%2FF3QVBZpiiSDLVPFtfqkoSvM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba05a1ea863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15454&sent=41&recv=18&lost=0&retrans=0&sent_bytes=35430&recv_bytes=2304&delivery_rate=279608&cwnd=222&unsent_bytes=0&cid=1030e3ec998669bd&ts=55&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47

104.21.5.137

200 OK

562 B

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/js/the220px.js?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
JavaScript source, ASCII text, with very long lines (651), with no line terminators
Size
562 B (562 bytes)
Hash
549e909b6f44a14b9cdd55fc750a2edd
5c364df9e1095fc37051b6e25faebf9076c916b1
3f7dd294cbf10151388df05af3f7cbad8122eacaa8f2d35f9ba2b2a12c93e85a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/js/the220px.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-232"
expires: Sun, 17 Nov 2024 18:34:40 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80949
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CB4%2BJ2RoQCtFQxYPjoXHuB8gXSMNaem6yCm06TsMSPmxxCEx7AXzrNUcnyg38F03%2FwDy3G5mF3paK0FJZUP3qQZg9m%2FNeg4Y7Uuqi5Sw73kPt5c4lafLR6z51xIAHWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba03a0aa863-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=21&recv=16&lost=0&retrans=0&sent_bytes=14190&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=46&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47

104.21.5.137

200 OK

35 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/js/bootstrap.min.js?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
JavaScript source, ASCII text, with very long lines (32108)
Size
35 kB (34653 bytes)
Hash
281cd50dd9f58c5550620fc148a7bc39
dfb8410ffc10a57d69b81620087c5a0b6027765a
484081bfe6c76d77610eb71a6e71206fe5304d62c037f058b403592192069306

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/js/bootstrap.min.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-875d"
expires: Sun, 17 Nov 2024 18:34:40 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80949
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLZK4ERqSXTLcwmWaeAc2Ugby6N9ZSm%2BwgCgkYFbOpoChqxbjU9Q%2BIUXupTqVgZEbIWw1cvduyDxegGDLtMD4H8ND8S0jwFx6M0XR8rGPQcxtZc4Pzo06TN2%2BYKch%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba03a09a863-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15454&sent=29&recv=18&lost=0&retrans=0&sent_bytes=20942&recv_bytes=2304&delivery_rate=279608&cwnd=222&unsent_bytes=0&cid=1030e3ec998669bd&ts=48&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/javascript.js?rev=47

104.21.5.137

200 OK

16 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/javascript.js?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
ASCII text
Size
16 kB (16039 bytes)
Hash
dc52cee62c015e4abc6d4ce1da9238a9
caa5a19a1edd47c178c9b4eb5c0641002047bae8
d0b72e5ac7e5041381c1481e6eae72cd7fefc9e93561f8d61098915dce55ff3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/javascript.js?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: W/"57e8eb5d-3ea7"
expires: Sun, 17 Nov 2024 18:34:40 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 80949
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ut7OnQqAOtQIqv2ejf9W5ZTFaQDqMrGpkaVK%2BqEJBXYcS5QGhcbj9u2qQRLGsdwprbqv%2FOFyIN2CNddQqynNKocR3YaTRvR%2Bks3p%2FfMJcksnIovdFAXS%2Fz%2F7q5AlRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba03a0ba863-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=23&recv=16&lost=0&retrans=0&sent_bytes=14873&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=46&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/images/soft.png

0.0.0.0

200 OK

0 B

URL GET
s.top4top.io/styles/default-new-reg/images/soft.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/soft.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: image/png
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
etag: W/"57e8eb5d-a120"
expires: Thu, 14 Nov 2024 20:10:03 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 334426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPYvGx4JCprUbyCik4Zy09Ub3CwGSbCeBKh4AzX8%2Fer5vD7j5%2FccXfv86E7RZUJI8hiTkhZkr9TdlgUWmfXNqWh%2Bs9Q5bHw2Pi21X2uX8GnHcnszeVOqmxlKt8OnLTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba05a1da863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15454&sent=46&recv=18&lost=0&retrans=0&sent_bytes=41551&recv_bytes=2304&delivery_rate=279608&cwnd=222&unsent_bytes=0&cid=1030e3ec998669bd&ts=56&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/css/font-awesome.min.css?rev=47

104.21.5.137

200 OK

22 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/font-awesome.min.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type

Size
22 kB (22415 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/font-awesome.min.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Tue, 31 Dec 2019 20:10:12 GMT
vary: Accept-Encoding
etag: W/"5e0bab24-578f"
expires: Thu, 14 Nov 2024 20:10:03 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 334426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOokfEfm5Sc%2BKs%2FZ4JzTdPdmjXQA8WFUl5y0Ko5Jslg7DzcUdXRfLzNBkxZA%2BtVPp2TqA78mmLTeOfjYiDy6muOpEuvKVv1wUTaGPXgPMXPog7Wc4TOT0rQMG0YCPEc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba03a03a863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=10&recv=16&lost=0&retrans=0&sent_bytes=4388&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=44&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47

104.21.5.137

200 OK

12 kB

URL GET HTTP/2
s.top4top.io/styles/default-new-reg/css/the220px.css?rev=47
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type

Size
12 kB (11662 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/css/the220px.css?rev=47 HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Nov 2024 17:03:49 GMT
content-type: text/css
last-modified: Thu, 16 Mar 2017 23:54:29 GMT
vary: Accept-Encoding
etag: W/"58cb25b5-2d8e"
expires: Sun, 17 Nov 2024 18:34:40 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 80949
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tst5GeMHxCCU1%2BW9pPyhfpA%2BjjIs94QV8o3hRAQD4U%2FlFkP5ump7lhAA9C62lA%2Fz6MhKzsVP86Wx8TVZo%2BoVDos3%2BSDDqCQoB3GjRImhgXGwcoQXVXkr0tDdQST%2Fqxk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba03a08a863-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15457&sent=17&recv=16&lost=0&retrans=0&sent_bytes=10854&recv_bytes=1949&delivery_rate=279608&cwnd=221&unsent_bytes=0&cid=1030e3ec998669bd&ts=46&x=0"
X-Firefox-Spdy: h2

GET s.top4top.io/styles/default-new-reg/images/headline_bg.png

104.21.5.137

200 OK

465 B

URL GET HTTP/3
s.top4top.io/styles/default-new-reg/images/headline_bg.png
IP
104.21.5.137:443
ASN
#13335 CLOUDFLARENET

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type
PNG image data, 170 x 32, 8-bit/color RGBA, non-interlaced
Size
465 B (465 bytes)
Hash
2e31597149c220b3b8e9a0fcb4799a30
bf7d1b22e8d1c89006abd41633c61f95de86c72f
0b253c917d058b5de22e0406013790f78d7f048d8bc0aad31ae3b090ac8c170c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/default-new-reg/images/headline_bg.png HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.top4top.io/styles/default-new-reg/css/stylesheet-3.3.css?rev=47
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/png
content-length: 465
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
etag: "57e8eb5d-1d1"
expires: Thu, 14 Nov 2024 20:10:03 GMT
cache-control: max-age=5356800
access-control-allow-origin: *
cf-cache-status: HIT
age: 334427
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B1c4jGeR2XXcG07RxWXw7APu%2FCIuRqBOrQDxeCtLSvp18woT%2Bjxjinj41IzmP8MxTUpOuew68qHXbfylu42eW3bsHmLmrWgFOaLVgD6l7cB9Q%2FTiNk9tiagOlo2mCJk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e0fdba39e48a87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20929&sent=19&recv=12&lost=0&retrans=0&sent_bytes=6885&recv_bytes=3027&delivery_rate=2216&cwnd=12000&unsent_bytes=0&cid=96791da17d294560&ts=517&x=1", cfHdrFlush;dur=0

GET top4top.io/images/technorati.png

188.165.137.170

200 OK

283 B

URL GET HTTP/1.1
top4top.io/images/technorati.png
IP
188.165.137.170:443
ASN
#16276 OVH SAS

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint03:60:FB:23:F0:74:D1:DD:00:44:F1:4C:88:9A:6D:A6:9B:F2:8D:29
ValidityThu, 29 Aug 2024 23:23:41 GMT - Wed, 27 Nov 2024 23:23:40 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
283 B (283 bytes)
Hash
f120938135c52cd80b7f37bd5b17daf4
1cb99566ca564dd8a8273a616d072739c58b4290
6cd07b1a71bf03f25556bc801c306419a255ec5b47751fcdcda5efbdb08766c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/technorati.png HTTP/1.1
Host: top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/downloadf-320p428o1-rar.html
Cookie: sid=e19Vd-Fsfg9vVnhUcFFOtTGnmF6; klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: HotCores
Date: Mon, 11 Nov 2024 17:03:50 GMT
Content-Type: image/png
Content-Length: 283
Last-Modified: Mon, 26 Sep 2016 09:33:16 GMT
ETag: "57e8eb5c-11b"
Expires: Mon, 18 Nov 2024 17:03:50 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET s.top4top.io/images/favicon.ico

0.0.0.0

200 OK

0 B

URL GET
s.top4top.io/images/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://top4top.io/downloadf-320p428o1-rar.html
Certificate
IssuerGoogle Trust Services
Subjecttop4top.io
Fingerprint6A:94:CA:D5:7E:E9:49:C2:12:F1:E6:10:1D:DD:A8:19:17:37:6E:4E
ValidityMon, 30 Sep 2024 15:44:16 GMT - Sun, 29 Dec 2024 15:44:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: s.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://top4top.io/
Cookie: klj_40d147_fdkey=33d47d4702b807739756362c05d1f5976c984a4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 11 Nov 2024 17:03:50 GMT
content-type: image/x-icon
last-modified: Mon, 26 Sep 2016 09:33:17 GMT
vary: Accept-Encoding
etag: W/"57e8eb5d-7d26"
x-cache: People I know, Are serving You!
content-encoding: gzip
cache-control: max-age=5356800
cf-cache-status: HIT
age: 322
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RtQqRxqzpiUIyUl0kPSD69twtRG5OrTz4ew%2F7T7MkEg%2F9NZG7shkYwGuX2dGN2%2B5tcMJ3UxXaTQXXyPPY4e0n3ELFa0Lv7OTZD%2B4Qrweeh%2B63%2FPuAMPKhjSo2%2FXvN3E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e0fdba4bfaba87b-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21681&sent=186&recv=24&lost=0&retrans=0&sent_bytes=199165&recv_bytes=4490&delivery_rate=1611415&cwnd=102000&unsent_bytes=0&cid=96791da17d294560&ts=694&x=1", cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by