{"report_id":"4c13a5a9-4e79-493e-a39f-f89a129586a9","version":6,"status":"done","tags":[],"date":"2025-12-26T13:00:25Z","url":{"schema":"http","addr":"46xy.cc","fqdn":"46xy.cc","domain":"46xy.cc","tld":"cc"},"ip":{"addr":"54.215.31.113","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","fqdn":"93zpc.wthpf.cn","domain":"wthpf.cn","tld":"cn"},"title":"93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","dom":{"size":7265,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6519)","md5":"02a3f27be5b0418b04377e25b265b441","sha1":"5d7f3dd62015c7609e537447dadb6d0840b053c9","sha256":"1bb7dc39fcab97fd31d739f41bad7f86e3445df50822e71458276996b249efce","sha512":"c4f15918f2234655fcc16dcaf4dfdc840724b7ef26a330a696e70624e6f2b92132222624c1cd568c6daba3d0849ac61494e293fcc313a5e9af275e363ef0f881","ssdeep":"192:fJhn6/SMCT7AZpCAfEa1RSnKdjdso7Y9boAFS6:TnCavGfDbwKd5h0JDFS6","tlshash":"0ae1b6682f91b1e18b874dd3a636b0d0f93a855ff9014989e50878986fb0b28d7c1b39","dom_hash":"domhash2c136832da4fd7d2a21f507fad678685","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"46xy.cc","fqdn":"46xy.cc","domain":"46xy.cc","tld":"cc"},"ip":{"addr":"54.215.31.113","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-30T13:00:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"sebjtb.noznfn.cn","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-03-30","domain_rank":0,"first_seen":"2025-12-25T13:07:12.445549Z","last_seen":"2025-12-25T13:07:12.445549Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":557,"comment":"","tags":null,"fingerprints":null},{"fqdn":"46xy.cc","ip":{"addr":"54.215.31.113","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-05-08","domain_rank":0,"first_seen":"2025-12-26T12:58:58.556315Z","last_seen":"2025-12-26T12:58:58.556315Z","alert_count":0,"request_count":1,"received_data":7411,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"93zpc.wthpf.cn","ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2024-09-11","domain_rank":0,"first_seen":"2025-12-26T12:58:58.536883Z","last_seen":"2025-12-26T12:58:58.536883Z","alert_count":0,"request_count":2,"received_data":8013,"sent_data":962,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","fqdn":"93zpc.wthpf.cn","domain":"wthpf.cn","tld":"cn"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"c08849bc26f1ab473bb06a6b3db03e4e","sha1":"ee0ed03f058ce148d66f22de2c7bdfe21652c639","sha256":"2a6ea833c5624a9dd93241efb88702f9563679abd14a9f06cbf2b5e291e41ce3","sha512":"5d1794c1ebb079f3ebb629b58ed9c9916fb236e9d942b32ee1a8ec31f596a0564fbe6b53d6d9e15bef205a07a2c135eedc8e3a0a93f131de56b27d4340898e09","ssdeep":"192:gn6/SMCT7AZpCAfEa1RSnKdjdso7Y9boAFSz:gnCavGfDbwKd5h0JDFSz","tlshash":"73d186683b80b1e28bc70dd7a736b4d0f57a859ff8450989c50479986eb1a39d7c0e35","size":6521,"data":"","first_seen":"2025-12-26T12:59:03.270208Z","last_seen":"2025-12-26T13:04:40.249621Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"46xy.cc/","fqdn":"46xy.cc","domain":"46xy.cc","tld":"cc"},"ip":{"addr":"54.215.31.113","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-26T13:00:02.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"46xy.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Dec 2025 16:29:27 GMT","end":"Mon, 16 Mar 2026 16:29:26 GMT"},"fingerprint":{"sha1":"70:EA:40:49:B7:F2:61:22:ED:49:85:AD:B7:F8:C4:6F:DE:14:61:86","sha256":"9E:D6:9B:12:91:FD:CC:23:3B:D0:D8:A1:14:4F:16:0E:7A:F3:95:11:DC:BB:51:3D:32:F1:BE:15:A9:D6:A4:32"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 46xy.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/plain\r\ncontent-length: 0\r\ndate: Fri, 26 Dec 2025 13:00:02 GMT\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=2592000\r\ncache-control: private, no-cache, no-store, max-age=0\r\nexpires: Mon, 01 Jan 1990 0:00:00 GMT\r\nlocation: https://93zpc.wthpf.cn/login.php?t=vPpUmqtvcI\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7053,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":799,"timings":{"blocked":322,"dns":1,"connect":153,"send":0,"wait":154,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","fqdn":"93zpc.wthpf.cn","domain":"wthpf.cn","tld":"cn"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-26T13:00:02.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wthpf.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 17:57:21 GMT","end":"Wed, 18 Mar 2026 17:57:20 GMT"},"fingerprint":{"sha1":"DE:2A:53:F5:0A:33:5F:A0:BB:7C:40:39:0C:A9:EF:60:5F:D4:53:2B","sha256":"BB:75:B0:D3:F6:39:08:3A:F5:DE:6D:6D:E5:AC:85:16:6C:A0:A1:FD:FD:0B:50:08:CD:12:24:5B:A5:AD:0B:69"}}},"request":{"raw":"GET /login.php?t=vPpUmqtvcI HTTP/1.1\r\nHost: 93zpc.wthpf.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 26 Dec 2025 13:00:03 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Wed, 24 Dec 2025 14:38:02 GMT\r\nETag: W/\"694bfaca-1b8d\"\r\nContent-Encoding: gzip\r\nVia: 1.1 dianxun143:3 (W), 1.1 PSdgflkfFRA1bc200:19 (W), 1.1 PSrdsdgemSTO1sw92:11 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 10261\r\nx-ws-request-id: 694e86d3_PSrdsdgemSTO1sw92_21523-29397\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7053,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (6519)","md5":"403b8120527b503fd7769a9f80c6c73b","sha1":"1b4455d326150de09f3bc8c228c5b36842f24bc0","sha256":"559a7fd712b86d47c390ebd0960c1e7c07eea50c629f49a70ca8b07ca18576e3","sha512":"c4033b113e2a2620a3f3232909d1420fc963e911c0d544124322401300872b151e1a009115457a5f4abdae2b9d36a856e56c0a69e8b2b1de8dbde4e277a19134","ssdeep":"192:bJmn6/SMCT7AZpCAfEa1RSnKdjdso7Y9boAFSC:YnCavGfDbwKd5h0JDFSC","tlshash":"f2e1b6682f81b1d18bc70dd7a736b0d0fa7a859ff9414989e50878986fb0b28d7c1b35","first_seen":"2025-12-26T12:59:03.268614Z","last_seen":"2025-12-26T13:04:40.248159Z","times_seen":3,"resource_available":false,"data":null}},"time_used":891,"timings":{"blocked":433,"dns":382,"connect":21,"send":0,"wait":23,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sebjtb.noznfn.cn/x6cgwlay6b/vPpUmqtvcI/1766754003535.html","fqdn":"sebjtb.noznfn.cn","domain":"noznfn.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","date":"2025-12-26T13:00:03.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.noznfn.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Dec 2025 13:30:55 GMT","end":"Tue, 24 Mar 2026 13:30:54 GMT"},"fingerprint":{"sha1":"95:3F:31:E7:B3:39:CC:E9:30:E8:BC:27:C8:24:8B:AE:2B:ED:84:A7","sha256":"D5:97:23:EB:96:CB:86:09:BB:59:01:AF:8A:B4:DD:96:FD:C7:3A:54:D7:7B:24:E1:A4:C1:8E:95:9C:8D:C4:FE"}}},"request":{"raw":"GET /x6cgwlay6b/vPpUmqtvcI/1766754003535.html HTTP/1.1\r\nHost: sebjtb.noznfn.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://93zpc.wthpf.cn/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":1545,"timings":{"blocked":367,"dns":551,"connect":570,"send":627,"wait":0,"receive":0,"ssl":650},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"93zpc.wthpf.cn/favicon.ico","fqdn":"93zpc.wthpf.cn","domain":"wthpf.cn","tld":"cn"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://93zpc.wthpf.cn/login.php?t=vPpUmqtvcI","date":"2025-12-26T13:00:03.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wthpf.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Dec 2025 17:57:21 GMT","end":"Wed, 18 Mar 2026 17:57:20 GMT"},"fingerprint":{"sha1":"DE:2A:53:F5:0A:33:5F:A0:BB:7C:40:39:0C:A9:EF:60:5F:D4:53:2B","sha256":"BB:75:B0:D3:F6:39:08:3A:F5:DE:6D:6D:E5:AC:85:16:6C:A0:A1:FD:FD:0B:50:08:CD:12:24:5B:A5:AD:0B:69"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 93zpc.wthpf.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://93zpc.wthpf.cn/login.php?t=vPpUmqtvcI\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Fri, 26 Dec 2025 13:00:03 GMT\r\nContent-Type: text/html\r\nContent-Length: 130\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nETag: \"68b97f15-82\"\r\nvia: 1.1 dx141:9 (W), 1.1 PSdgflkfFRA1bc200:6 (W), 1.1 PSrdsdgemSTO1sw92:11 (W)\r\nX-Px: ms PSrdsdgemSTO1sw92ARN, ms PSdgflkfFRA1bc200FRA, ms dx141HKG(origin)\r\nx-ws-request-id: 694e86d3_PSrdsdgemSTO1sw92_21523-29408\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":130,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"38fd9129885a19f7caa296ee2f929add","sha1":"1220f952376702a0d27126d44f340380994d9577","sha256":"7a50dcaa62ecb3ba63d3f2e6f62c821f54f40e5f6b8fa78a594cd6834c50b4fb","sha512":"645bc135e9541dd231680805032fc8e5a6d115dff706eedba0d6bb67aa236753970b310a498b7ff6826650bd09027931e16a244debca3f220e5d70a5c06fa627","ssdeep":"","tlshash":"35c09b1d655365449913115163c33541d195833f689a84110901c543b0cf196c4c63a9","first_seen":"2023-05-31T06:15:15Z","last_seen":"2026-04-05T07:31:28.094183Z","times_seen":1710,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}