{"report_id":"33ff5210-9e93-419b-92c4-e6203938520b","version":6,"status":"done","tags":[],"date":"2025-09-03T11:46:15Z","url":{"schema":"http","addr":"bta.whatsweet.xyz/","fqdn":"bta.whatsweet.xyz","domain":"whatsweet.xyz","tld":"xyz"},"ip":{"addr":"3.164.240.60","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"bta.whatsweet.xyz/","fqdn":"bta.whatsweet.xyz","domain":"whatsweet.xyz","tld":"xyz"},"title":"bta.whatsweet.xyz/"},"submit":{"url":{"schema":"http","addr":"bta.whatsweet.xyz/","fqdn":"bta.whatsweet.xyz","domain":"whatsweet.xyz","tld":"xyz"},"ip":{"addr":"3.164.240.60","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-08T11:46:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-03","alert":"Sinkholed","trigger":"bta.whatsweet.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"bta.whatsweet.xyz","ip":{"addr":"54.240.174.127","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-10-13","domain_rank":0,"first_seen":"2025-08-31T15:56:34.505216Z","last_seen":"2025-08-31T15:56:34.505216Z","alert_count":2,"request_count":2,"received_data":61789,"sent_data":927,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft Word:14","description":"MS Word is a word-processing program used primarily for creating documents.","website":"https://office.microsoft.com/word","common_platform_enumeration":"cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*","icon":"Microsoft Word.svg","categories":["Editors"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"bta.whatsweet.xyz/favicon.ico","fqdn":"bta.whatsweet.xyz","domain":"whatsweet.xyz","tld":"xyz"},"ip":{"addr":"54.240.174.127","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bta.whatsweet.xyz/","date":"2025-09-03T11:45:53.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.whatsweet.xyz","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 23 Dec 2024 00:00:00 GMT","end":"Thu, 22 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"83:F6:F0:9A:BB:53:26:12:A7:AA:D7:35:57:DA:AA:80:52:47:E8:1D","sha256":"70:28:B2:1F:16:27:B8:E2:3B:C6:7B:14:BB:38:E2:0A:7E:F1:80:A3:4E:9F:18:1E:65:D5:7A:9D:DE:05:33:78"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bta.whatsweet.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bta.whatsweet.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: 162\r\nserver: nginx\r\ndate: Wed, 03 Sep 2025 11:45:53 GMT\r\nx-cache: Error from cloudfront\r\nvia: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Mi9FTuNnxnnr4kLfCnonS_24rTCDTEzAu-r1MGN_vdO67D2FRDfzTw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"70461da8b94c6ca5d2fda3260c5a8c3b","sha1":"994bc667720c21257500e29038c1a5f61e25da1e","sha256":"f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee","sha512":"ee993842123fa9b1905fe6b111aca70c1ea3e7f4fefeff889cb803887c6ccdccbc9a8e1025cc98528b7790e973436ac650c733421a168d0cd0dba22141b43179","ssdeep":"","tlshash":"aac08c6d6513ac8dca53223827c3a180c1a6832baaaa451105809143b0cb2998ac239a","first_seen":"2023-03-07T16:03:30Z","last_seen":"2026-04-17T16:12:30.270233Z","times_seen":25507,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-03","alert":"Sinkholed","trigger":"bta.whatsweet.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bta.whatsweet.xyz/","fqdn":"bta.whatsweet.xyz","domain":"whatsweet.xyz","tld":"xyz"},"ip":{"addr":"54.240.174.127","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-03T11:45:52.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.whatsweet.xyz","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 23 Dec 2024 00:00:00 GMT","end":"Thu, 22 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"83:F6:F0:9A:BB:53:26:12:A7:AA:D7:35:57:DA:AA:80:52:47:E8:1D","sha256":"70:28:B2:1F:16:27:B8:E2:3B:C6:7B:14:BB:38:E2:0A:7E:F1:80:A3:4E:9F:18:1E:65:D5:7A:9D:DE:05:33:78"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bta.whatsweet.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nserver: nginx\r\ndate: Wed, 03 Sep 2025 11:45:52 GMT\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 15 Jul 2025 06:17:00 GMT\r\nvary: accept-encoding\r\netag: W/\"6875f25c-edba\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: xVjJMEudZ_2-SByyATanjcBjMRQfVpJbpEMGTG0TIUx0xY9h3U3mZA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft Word:14","description":"MS Word is a word-processing program used primarily for creating documents.","website":"https://office.microsoft.com/word","common_platform_enumeration":"cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*","icon":"Microsoft Word.svg","categories":["Editors"]}],"data":{"size":60858,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1822)","md5":"9de8f3a7d8e240b38db60937c7bf24a4","sha1":"00dd40ab1b567e1362cc31dfc0e2caa3291c9c1d","sha256":"0f6d46c41e2f77acae4d27a038dabf173c577286fae13746c81e0a078d6e3e8f","sha512":"96f58e707a6be80dffbf1786173d5625dc55b1687ee9da5b773b6417783b74ae88243c22cf2fc489137893508f66bd7772bd1c418a35a6840daee94400e15a17","ssdeep":"768:A6WawQmMGw5rhoeHg0epe4DePe+eLJeXeNe3e3eU:jWCrhoeHg0epeCePe+eLJeXeNe3e3eU","tlshash":"5253a088f4548d4b73b2a2e6fd20e1b826e75739c44a4357d0d1eb287cc7ceac562297","first_seen":"2025-08-31T15:56:35.430281Z","last_seen":"2025-10-07T07:53:24.066923Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1313,"timings":{"blocked":577,"dns":152,"connect":1,"send":0,"wait":157,"receive":0,"ssl":422},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-03","alert":"Sinkholed","trigger":"bta.whatsweet.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}