{"report_id":"6f608151-b975-4aa2-801e-fc79b7ff4f74","version":6,"status":"done","tags":[],"date":"2026-02-02T16:43:27Z","url":{"schema":"http","addr":"welb3matemask.sbs","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":0,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"final":{"url":{"schema":"http","addr":"welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"title":"Default Web Site Page","dom":{"size":6938,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"6310c39241920e2377ca8707aae8a5ea","sha1":"1737517951cf22c7c16c27afda01293e90ca0f39","sha256":"e893da850ffa8ca41d2c927e59f079df4cd92a47a5712f2bc6b93d1a5f2d61f8","sha512":"509cf680b94b9e933dad3d91524ff521fa200462330b0d4891010c148c3dc6150bd7db4638241a5f217dc24f7650257dc99aade653cc008dea933dd62e28a38f","ssdeep":"192:9lYHC+H1U7ydPJq5AtyhhuT9w3y4E9SyJqxl9VRsQ:t9blhsQ","tlshash":"12e1fe572af200276043a4b56bab3711af24e053c25ecd547e5c53d8df86992cde3b9c","dom_hash":"domhashf766092b73388dfad28e8ada2a02caa6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"welb3matemask.sbs","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":0,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-09T16:43:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-02T16:43:06Z","timestamp":1770050586,"ip_dst":{"addr":"Client IP","port":44508,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"111.90.157.35","port":443,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 22","source":"{\"timestamp\":\"2026-02-02T16:43:06.526500+0000\",\"flow_id\":1163179486487267,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"111.90.157.35\",\"src_port\":443,\"dest_ip\":\"172.18.0.11\",\"dest_port\":44508,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400021,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 22\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-02-02T16:43:06.271075+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"welb3matemask.sbs","ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"domain_registered":"2026-01-31","domain_rank":0,"first_seen":"2026-02-02T12:32:00.411177Z","last_seen":"2026-02-02T12:32:00.411177Z","alert_count":10,"request_count":10,"received_data":42992,"sent_data":4215,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"welb3matemask.sbs/img-sys/server_moved.png","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:08.981Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img-sys/server_moved.png HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Feb 2026 16:43:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 09 Aug 2023 19:34:12 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3327\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3327,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"f6590a396da81a8e4cce7ca046874ffd","sha1":"7e68db322c32ca079b2c836812d3a25204ab93cc","sha256":"3a22057583d3e17bc94990d92a3425d5510dc5bdb60fe40fafeb405a38f8ed28","sha512":"cf4ae5e172feb6923bfd5ad4f302bf63250f4072774fb29efb0846167ea95d708299047cb18e4c72deffc5d24040a35049d778685f7cf96801ee8d4769a25fa1","ssdeep":"","tlshash":"486139d62986504a264a0c61eaf5ec963065301b28789a3e8527cbcc96c8a9e698c317","first_seen":"2023-04-07T07:55:56Z","last_seen":"2026-06-08T07:59:18.691651Z","times_seen":27689,"resource_available":false,"data":null}},"time_used":758,"timings":{"blocked":249,"dns":1,"connect":252,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/img-sys/powered_by_cpanel.svg","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:08.982Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img-sys/powered_by_cpanel.svg HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Feb 2026 16:43:09 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 09 Aug 2023 19:34:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 2550\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5617,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c47b4b5200566a2a496a11ba472ec5da","sha1":"3bd0da9a6ffd62217d3e781fa1356f40d9f91d4c","sha256":"179a9aa9fff4c52850d9ce34a4c435404ddfd4fefa8aab9a6eb4f47b83f922d9","sha512":"b67659bfb2f94cc1124eb88f7582ae2ee1c983210577edc9aaf6fdb65f6b0e2b9fd786169a91fc72a1ac0e8556bc09c7cf35395c7a038a6f6419660b7b64545f","ssdeep":"96:BDol4IVL19t2mY5Ib0Va4FALs/k2eerILEKQhnEIsFGFB/aStUY0NuhHkzTUgCgM:BGjR19tU5Ib0tCY8jeSEptRPFESt70NW","tlshash":"77c174f9c7a053f47ac38f5deb2966d0b0ebf8bd1ea082c451759368c4c0ad9e948874","first_seen":"2023-04-05T04:59:52Z","last_seen":"2026-06-08T07:59:18.697669Z","times_seen":43194,"resource_available":false,"data":null}},"time_used":757,"timings":{"blocked":249,"dns":1,"connect":252,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/img-sys/error-bg-left.png","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:08.983Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img-sys/error-bg-left.png HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Feb 2026 16:43:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 09 Aug 2023 19:34:12 GMT\r\naccept-ranges: bytes\r\ncontent-length: 8072\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8072,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 410 x 400, 8-bit/color RGBA, non-interlaced","md5":"cdbe46a0178886162bdedff35336154e","sha1":"f5acc131f7d3fdfbebfc4a55be73cf51c7638937","sha256":"862885b79bef22ad5716b2dbfa714d52f628a439f2921bb9520a4630bbea5d4e","sha512":"cd75baa25c17945a25381d08d30887ddcb4a42dda676f6189bd2e25c91e390197d2ebf68a86b74995a32483445aeeee3df7c0ff6bec9e8b69f1d84f3ee3423b4","ssdeep":"192:4FWzRDmuPuPjEAWYgZgwuJGaY8o84ntC6K0GrD7tSHzN:4FGRDmumPgAWLslY8o8yCjzr/tk","tlshash":"6bf1af71ca2b86519ebb4f95c1fa8397b851c92ecc03b3f68c2716376dd61b6452ac0c","first_seen":"2023-04-12T19:49:10Z","last_seen":"2026-06-08T07:59:18.698694Z","times_seen":27702,"resource_available":false,"data":null}},"time_used":755,"timings":{"blocked":247,"dns":0,"connect":252,"send":0,"wait":255,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-02T16:43:06.794Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\nlast-modified: Tue, 13 Jan 2026 17:15:01 GMT\r\naccept-ranges: bytes\r\ncontent-length: 163\r\ndate: Mon, 02 Feb 2026 16:43:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":163,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f1fb042c62910c34be16ad91cbbd71fa","sha1":"5bc7aceba9a8704ef4b1d427d7d08b140afcd866","sha256":"9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24","sha512":"d4b2f435a14e915ec8c36364ef6be6dd810883b5c9c8e337573a114d36257186fae92ead623ac5ef7812b0ff2cc4973842e994f2f7fcd510d3c5a9c5c33a369b","ssdeep":"","tlshash":"71c08cd8009c383c7124b888dfc102c284669009a4a03ec154dbb62cc27ca27c88e2e4","first_seen":"2023-03-08T15:50:46Z","last_seen":"2026-06-08T03:00:49.608666Z","times_seen":25693,"resource_available":true,"data":null}},"time_used":762,"timings":{"blocked":253,"dns":0,"connect":253,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-02T16:43:07.384Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /cgi-sys/defaultwebpage.cgi HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T08:34:25.719765Z","times_seen":16234652,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":768,"dns":0,"connect":252,"send":0,"wait":0,"receive":0,"ssl":259},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-02T16:43:08.674Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cgi-sys/defaultwebpage.cgi HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ntransfer-encoding: chunked\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Mon, 02 Feb 2026 16:43:08 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6952,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"a5157f9f15eb3e2cccf8380ce46280f0","sha1":"a91b8b5e40a5b47ccb5730d5f538846de94ce2e6","sha256":"4e9fb6d1e32c4d396bcff456a0249f4e2eecebd7e5cb3df6b9238dc685f1b7d8","sha512":"039c198a60b892a25ae0b7fb183c23a4bca40ca7a474ec80dc44124ab496df6b7a427cd1953fe2dfd39fabc5f71f224e888f9541e8880edccaf4444e57f48198","ssdeep":"192:LlYHC+H1U7ydPJq5AtyhhuT9w3y4E9SyJqx296aSQ:/9b2rSQ","tlshash":"28e10f572af200276043a4b56bab2712af24e043c25fcd543e5c57d8df86992cde3b9c","first_seen":"2026-02-02T12:32:03.6408Z","last_seen":"2026-02-02T16:43:27.889581Z","times_seen":2,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":274,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/img-sys/server_misconfigured.png","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:08.980Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img-sys/server_misconfigured.png HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Feb 2026 16:43:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 09 Aug 2023 19:34:12 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3164\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"f79adaf00f83dc9757086cdbe8645ff0","sha1":"82f37b8be7668eab8e1a06de828cb336799c8134","sha256":"944120fb6962c7484d769d645e6d830850eead9394f6a84090aed489cfc0c41f","sha512":"eb7db97a73d4fd8ff7acc027582a2564636ee9d92f19365da11ec4c80be62418450fd0b37ed1462d56489c52fa1ab69008b040fad7795151dc1d26ac59293f6a","ssdeep":"","tlshash":"54513b80a9156c08aed83aacb51d109b84003ce5a8372cc480728fffb61e8b36aa55dd","first_seen":"2023-04-05T04:59:52Z","last_seen":"2026-06-08T07:59:18.690967Z","times_seen":42890,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/favicon.ico","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:09.493Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncontent-type: text/html\r\ntransfer-encoding: chunked\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10368,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4070)","md5":"97fa452c13559d68a3ff8493ed2043ed","sha1":"d1198f4e0ca6534558bf5948460a90fcefc4862a","sha256":"c0a55bf5445d530f8d143824be89e3e5803c85f56ea1dfb51fd9e003f9da92b4","sha512":"2d204d85460f453705f29729b79b04c493866356bb7c7fbdc68e416a525416442d2fc322c3716f06de6c6ea2dbcf131657268ed382b296efe484cef58d5bb1e2","ssdeep":"192:rlYHC0HNXGZkHQU7ydPJq5S2KqQVX/uTK3w3DK+tMy47R/Ga0kVhFuPwf8Pn93Jz:FVGaRF8I89nx3","tlshash":"db22959716e3000b744760ba6baa3211ab68e553d12fcd607f4db3e8cf865819d93b4e","first_seen":"2026-02-02T16:43:27.895378Z","last_seen":"2026-02-02T16:43:27.895378Z","times_seen":1,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":255,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"welb3matemask.sbs/","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-02T16:43:06.233Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T08:34:25.719765Z","times_seen":16234652,"resource_available":true,"data":null}},"time_used":553,"timings":{"blocked":0,"dns":38,"connect":256,"send":0,"wait":0,"receive":0,"ssl":257},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"welb3matemask.sbs/img-sys/IP_changed.png","fqdn":"welb3matemask.sbs","domain":"welb3matemask.sbs","tld":"sbs"},"ip":{"addr":"111.90.157.35","port":80,"asn":55639,"as":"Asia Web Service Ltd","country":"Malaysia","country_code":"MY"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi","date":"2026-02-02T16:43:08.978Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img-sys/IP_changed.png HTTP/1.1\r\nHost: welb3matemask.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://welb3matemask.sbs/cgi-sys/defaultwebpage.cgi\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Feb 2026 16:43:09 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 09 Aug 2023 19:34:12 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2939\r\ndate: Mon, 02 Feb 2026 16:43:09 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2939,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"ec081653bd4c836483e6d612588d18ec","sha1":"91c7e4cfa061808881575a875741773a949a9e0a","sha256":"b19da51b5e9c9b29cd8523d85d92e99e4812c891c394929c9bf67557f560672c","sha512":"b1cc98149afc9d9041bfc4e91a0990728f3f1a2c944e8819d4b131b60f8a2a03f831e855ce6efd478a651c2dce8fe715645bfe3d59699a442a4a6dc898bb406c","ssdeep":"","tlshash":"33513aaaf91e6c50834215dfa1e6402a2ed1e84e751430b326287afe53df8036a32f80","first_seen":"2023-04-13T09:27:24Z","last_seen":"2026-06-08T07:59:18.696858Z","times_seen":27697,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"welb3matemask.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}