{"report_id":"5fc33cd5-083c-4f03-af83-c0f407387767","version":6,"status":"done","tags":[],"date":"2026-01-25T02:43:14Z","url":{"schema":"https","addr":"tr00113.cc/","fqdn":"tr00113.cc","domain":"tr00113.cc","tld":"cc"},"ip":{"addr":"192.252.182.16","port":0,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"tr00113.cc/","fqdn":"tr00113.cc","domain":"tr00113.cc","tld":"cc"},"title":"USDT 支付中心","dom":{"size":71631,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2508)","md5":"af792c77f32fbd9be9449275c331cfa9","sha1":"626763b1bab4a7728ec31f2e0294a6f587b45c08","sha256":"6826697194c7da6efe5b0b16fb08c56439319f00ca8a54026580d14ff937b03c","sha512":"ffca84c9b32a6aa84bd9afb8dfefebc7dd2259cfaa96e472636b39ccfc668b7b9c3cb9bbca0031ad3eec40e720f086f7fc58c1ce5ab39372f6806d22d2e78c9b","ssdeep":"768:KPnWgbzrU2QAD1vZx4Bgsn8fTmKf0dE1Kk1VQRPFxqw/xwwzb9JckO6ouDa:1mXD94YfTDf0dc1QRP/qw3zb9k6ba","tlshash":"ad63185936f315612123b0b857eb671637209807d40ddd68bb8c93948fc9ea6acb3bcd","dom_hash":"domhash66c96516f5bf5ac857c112bda01be998","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"tr00113.cc/","fqdn":"tr00113.cc","domain":"tr00113.cc","tld":"cc"},"ip":{"addr":"192.252.182.16","port":0,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-01T02:43:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-25T02:42:53Z","timestamp":1769308973,"ip_dst":{"addr":"Client IP","port":46602,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.252.182.16","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-01-25T02:42:53.076015+0000\",\"flow_id\":969964729953955,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.252.182.16\",\"src_port\":443,\"dest_ip\":\"172.18.0.50\",\"dest_port\":46602,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-01-25T02:42:52.749219+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"tr00113.cc","ip":{"addr":"192.252.182.16","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"domain_registered":"2025-07-29","domain_rank":0,"first_seen":"2026-01-24T19:10:50.962502Z","last_seen":"2026-01-24T19:10:50.962502Z","alert_count":0,"request_count":1,"received_data":73699,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-18T22:30:25.777558Z","alert_count":0,"request_count":1,"received_data":955594,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/tronweb/dist/TronWeb.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"86d41956b27b5a77c284a123d6bb0903","sha1":"3f4fdb34a72216cb55e47a9bbc384e314323862b","sha256":"5219008eb0e2bfa5bec05b3df719eee22265145be3dbd13d2e9ec9e00db88a89","sha512":"d2cb568ebb039418f9b6a7dd51276ebd2b4367135f5287aaa361ec3cf77e01a178cbe5011d21dbd04dbd2b5abed47094dfef4d966357efd1e19e39607abbe04c","ssdeep":"6144:jSWo13UO8Mlf4HOmDEbj8BI66XV2vCR8PwIo3/w80fl1kRpVmr1kAVlyxmuwUvz5:uAHbDEbj8BI6UIQ/9RlAV2muXz8DoaKb","tlshash":"8f15f84476c6f5a6439110e0053b540eb33d6b6ce41ca684f398e8e37df9eda826bb34","size":954819,"data":"","first_seen":"2025-12-21T04:14:54.699234Z","last_seen":"2026-01-30T06:09:42.657682Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tr00113.cc/","fqdn":"tr00113.cc","domain":"tr00113.cc","tld":"cc"},"ip":{"addr":"192.252.182.16","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5667a6e5e817989d482a99b86d96d78","sha1":"7d2d545c846635963d8487581a5dcdca5bf110e0","sha256":"589b43ab5c04166c969d0ec71c57b630dc87704ff5182257be6c17dd63c26002","sha512":"3e99d01e84b72879eddd185377bda4a9e3f932533e46041377cae5725e3792a7778ff50417f0297fb16d446bacc111ae14e2e0d9c9bf028be3debbf0dbcec01f","ssdeep":"384:XskNE1Kk1bygQIzC2LssGqkFxmRX/2jeT8Hkq/xwgLzb07my0GGJA5H3xS4kV7th:m1Kk1VQRPFxqw/xwwzb9JckO6ouDD","tlshash":"0603c41836f36664016370be57db65193220540b2808dd64fb8dc3504fd9ebaaeb3bce","size":39371,"data":"","first_seen":"2026-01-24T19:10:54.906406Z","last_seen":"2026-01-25T02:43:16.313676Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tr00113.cc/","fqdn":"tr00113.cc","domain":"tr00113.cc","tld":"cc"},"ip":{"addr":"192.252.182.16","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-25T02:42:52.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tr00113.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 11:37:02 GMT","end":"Wed, 25 Feb 2026 11:37:01 GMT"},"fingerprint":{"sha1":"A1:96:63:02:39:CC:E6:7A:49:31:E4:F8:52:3F:99:4C:3B:6F:6B:7A","sha256":"71:DA:CE:0D:B8:D5:8D:E0:FE:B5:50:70:0F:E1:18:36:EB:F3:00:DF:B9:17:2C:3B:DC:A5:8C:5B:04:BD:DE:0B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tr00113.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0 (Ubuntu)\r\ndate: Sun, 25 Jan 2026 02:42:53 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 20 Sep 2025 22:12:17 GMT\r\netag: W/\"68cf26c1-11ecb\"\r\nx-powered-by: BuyAll-Payment\r\nx-domain-type: payment\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73419,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2508), with CRLF, LF line terminators","md5":"9fafc08a8c49b909aed1f63354d61a2a","sha1":"9344cee5c2d408b64bf2a28a98e96d43d6222868","sha256":"22f419ebdca1acc902b342e9f382f2cbed2b090ae1b5a086dce316a6621e64ce","sha512":"7d14da0b1ea298607234f2fbf711ced257eaa4bdf880905074c4bf251fc446c16c045a8736c1b29c4d8c1b64b35a2d6a5f8d9e735959f3b408ecfa976a9934a7","ssdeep":"768:OkTD054SYgsnWfF3Mf8WJiKd8CvORI3UKqfQvGYMePKryUmPO+:OfF8f8WgWvORI3XqJYMe3UL+","tlshash":"6f731628b65265115033a3b89fb35b1efb16051bc105c269bbdc93920ffae219863fdd","first_seen":"2026-01-24T19:10:54.900923Z","last_seen":"2026-01-25T02:43:16.312043Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2139,"timings":{"blocked":904,"dns":241,"connect":327,"send":0,"wait":327,"receive":0,"ssl":335},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/tronweb/dist/TronWeb.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tr00113.cc/","date":"2026-01-25T02:42:54.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/tronweb/dist/TronWeb.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tr00113.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 6.1.1\r\nx-jsd-version-type: version\r\netag: W/\"e91c3-P0/bNKciFstV5HqbvDhOMUMjhis\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 22466\r\ndate: Sun, 25 Jan 2026 02:42:54 GMT\r\nx-served-by: cache-fra-etou8220076-FRA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 221955\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":954819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65471)","md5":"86d41956b27b5a77c284a123d6bb0903","sha1":"3f4fdb34a72216cb55e47a9bbc384e314323862b","sha256":"5219008eb0e2bfa5bec05b3df719eee22265145be3dbd13d2e9ec9e00db88a89","sha512":"d2cb568ebb039418f9b6a7dd51276ebd2b4367135f5287aaa361ec3cf77e01a178cbe5011d21dbd04dbd2b5abed47094dfef4d966357efd1e19e39607abbe04c","ssdeep":"6144:jSWo13UO8Mlf4HOmDEbj8BI66XV2vCR8PwIo3/w80fl1kRpVmr1kAVlyxmuwUvz5:uAHbDEbj8BI6UIQ/9RlAV2muXz8DoaKb","tlshash":"8f15f84476c6f5a6439110e0053b540eb33d6b6ce41ca684f398e8e37df9eda826bb34","first_seen":"2025-12-21T04:14:54.699234Z","last_seen":"2026-01-30T06:09:42.657682Z","times_seen":10,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":72,"dns":10,"connect":26,"send":0,"wait":54,"receive":72,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}