{"report_id":"75092047-21a6-4e22-bfc7-5273812f3d1b","version":6,"status":"done","tags":[],"date":"2026-02-08T06:09:52Z","url":{"schema":"http","addr":"60fst.top/","fqdn":"60fst.top","domain":"60fst.top","tld":"top"},"ip":{"addr":"194.41.58.26","port":0,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"wcwx.paradisemall.net/app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top","fqdn":"wcwx.paradisemall.net","domain":"paradisemall.net","tld":"net"},"title":"403 Forbidden","dom":{"size":1791,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1732)","md5":"a079dffc87d630180da668a0a190232b","sha1":"2904e1289befcec8c3dcfbd2d8dbfff18ea75ed8","sha256":"59a3d0d191b958787c6d79ab1981cdac3f378a84b51fde9e45c90efe37536ead","sha512":"488becea8ba22ce7ecde2db366e00534059cd663fa456ee4c11530cf30e9de577b4d6992951d7e51815fa7466c21eceb4b95f3d384cf9d197c91b2e239017634","ssdeep":"","tlshash":"5131519361666036ab3328dd25fa93c571a49412fdd74b2cfe5cc380a2f844a761fb58","dom_hash":"domhashc0622583c63bd0cb5420788e0f73da76","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"60fst.top/","fqdn":"60fst.top","domain":"60fst.top","tld":"top"},"ip":{"addr":"194.41.58.26","port":0,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-15T06:09:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"60fst.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"60fst.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"wcwx.paradisemall.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"60fst.top","ip":{"addr":"206.119.188.30","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2025-12-09","domain_rank":0,"first_seen":"2026-02-08T06:09:52.563384Z","last_seen":"2026-02-08T06:09:52.563385Z","alert_count":2,"request_count":1,"received_data":288,"sent_data":478,"comment":"","tags":null,"fingerprints":null},{"fqdn":"wcwx.paradisemall.net","ip":{"addr":"14.0.60.37","port":443,"asn":54994,"as":"ML-1432-54994","country":"India","country_code":"IN"},"domain_registered":"2021-07-19","domain_rank":2251609,"first_seen":"2025-03-01T03:00:14.21055Z","last_seen":"2026-02-06T03:23:36.507244Z","alert_count":2,"request_count":2,"received_data":3935,"sent_data":1063,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wcwx.paradisemall.net/app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top","fqdn":"wcwx.paradisemall.net","domain":"paradisemall.net","tld":"net"},"ip":{"addr":"14.0.60.37","port":443,"asn":54994,"as":"ML-1432-54994","country":"India","country_code":"IN"},"introduction_type":"scriptElement","is_inline":true,"md5":"541cf560dce5885113262a126c06b5e0","sha1":"d9973961257d3436713b15107235979dcbb18dca","sha256":"e0e16d229bc98e8e067803d2da0ba1f8c705d09f8edeb41b0d3ba1c673cf167a","sha512":"4fc89b22fbc5876dbbdf7ac7e3c28f0f6347084901ed7e0d87c29e4b6855a12c200ba1d59e8823b7156351abc872ac736632480a44de18ce09aea7300fe7bba5","ssdeep":"","tlshash":"3c11bd4730826975ae33296e257d82c6653894523cda4a1cfd25cb8032b958e072ffad","size":923,"data":"","first_seen":"2026-02-08T06:09:56.744627Z","last_seen":"2026-02-08T06:09:56.744627Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"60fst.top/","fqdn":"60fst.top","domain":"60fst.top","tld":"top"},"ip":{"addr":"206.119.188.30","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-08T06:09:30.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"60fst.top","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 24 Dec 2025 00:00:00 GMT","end":"Tue, 24 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8D:AB:9E:49:C1:9C:C3:19:52:81:43:8A:D2:FC:8E:81:5B:37:34:E0","sha256":"25:46:03:7C:7D:91:86:C4:56:EA:2F:22:26:A3:2A:6D:D7:01:D0:AE:66:07:41:1D:BD:CF:98:85:ED:7B:57:7D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 60fst.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: text/html\r\ndate: Sun, 08 Feb 2026 06:09:31 GMT\r\ncontent-length: 136\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":136,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"5844a9a9d63f409d1422f2130c35c976","sha1":"512c92aa7d34b4f0ce5d4102f171dc254fe4c8fa","sha256":"7fa807bb0a946537b593edf1d74f2c9a8a3294790384a15ef3d6ae9de0c3495d","sha512":"09a0694eb98b5e721ed65998e60bcc9cf95813835ea37753e8fc5a213b40ced94280bdcad9bc7d6e8c4411d536365d09da46b496a13deca3c0c53bf520db5364","ssdeep":"","tlshash":"edc02bebc4007e3340b377546e61b026600b8400c8c50b71c21000c408f9904a283061","first_seen":"2026-02-08T06:09:56.738545Z","last_seen":"2026-02-08T06:09:56.738545Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2456,"timings":{"blocked":1098,"dns":550,"connect":257,"send":0,"wait":259,"receive":0,"ssl":289},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"60fst.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"60fst.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcwx.paradisemall.net/app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top","fqdn":"wcwx.paradisemall.net","domain":"paradisemall.net","tld":"net"},"ip":{"addr":"14.0.60.37","port":443,"asn":54994,"as":"ML-1432-54994","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-08T06:09:31.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcwx.paradisemall.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 15:50:00 GMT","end":"Sun, 05 Apr 2026 15:49:59 GMT"},"fingerprint":{"sha1":"EC:4D:E2:BC:03:4C:86:12:94:61:80:F2:E4:D0:27:59:E4:54:CB:6A","sha256":"61:90:35:F6:45:C7:EB:C5:2F:F2:82:3A:2E:14:5D:E7:14:A8:1F:FA:39:25:64:CF:39:99:54:A1:89:F2:59:41"}}},"request":{"raw":"GET /app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top HTTP/1.1\r\nHost: wcwx.paradisemall.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 08 Feb 2026 06:09:31 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nvia: 1.1 bl21:1 (W)\r\nServer: PWS/8.3.1.0.8\r\nX-Px: ht bl21CDG\r\nx-ws-request-id: 6988289b_bl21_19950-25810\r\nWs-Action: com\r\nCache-Control: no-store\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1686,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1641)","md5":"fe3c66119b5c7a87726bb30e03c2ec6a","sha1":"fdb9538f3d6c04db28fc9067595bfdf929a18583","sha256":"296bb83aff7989bb45c175b966e2c78858cf423d3ef9d573f59856d29662fc83","sha512":"e375e3469c04938751276d6b8e06ae208373c96032648f1f689197bfe5ea735375a69ced6e1bf99ff9f085745e86a6f842ec6fafc0243e0d143797d157d87e03","ssdeep":"","tlshash":"f531745b20526436aa7328ec11bba38531149011fdd74b2cee5cc790a7f804b261bb58","first_seen":"2026-02-08T06:09:56.739387Z","last_seen":"2026-02-08T06:09:56.739387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":67,"dns":1,"connect":26,"send":0,"wait":29,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"wcwx.paradisemall.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wcwx.paradisemall.net/favicon.ico","fqdn":"wcwx.paradisemall.net","domain":"paradisemall.net","tld":"net"},"ip":{"addr":"14.0.60.37","port":443,"asn":54994,"as":"ML-1432-54994","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wcwx.paradisemall.net/app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top","date":"2026-02-08T06:09:31.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wcwx.paradisemall.net","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 15:50:00 GMT","end":"Sun, 05 Apr 2026 15:49:59 GMT"},"fingerprint":{"sha1":"EC:4D:E2:BC:03:4C:86:12:94:61:80:F2:E4:D0:27:59:E4:54:CB:6A","sha256":"61:90:35:F6:45:C7:EB:C5:2F:F2:82:3A:2E:14:5D:E7:14:A8:1F:FA:39:25:64:CF:39:99:54:A1:89:F2:59:41"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: wcwx.paradisemall.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wcwx.paradisemall.net/app/register.php?site_id=1058\u0026topId=28406\u0026sourceLink=60fst.top\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sun, 08 Feb 2026 06:09:31 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nvia: 1.1 bl21:1 (W)\r\nServer: PWS/8.3.1.0.8\r\nX-Px: ht bl21CDG\r\nx-ws-request-id: 6988289b_bl21_19950-25823\r\nWs-Action: com\r\nCache-Control: no-store\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1627,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1582)","md5":"c950cde233468fabbf1ebe2b2da47d4c","sha1":"9e514f3a6200f05b05788565c172ff50180ec0da","sha256":"943607dcfa7bcb03b2f046222f8e60c828d5eca4662351c87b72b99128320bb2","sha512":"1c4675d721c7f8b619ddf86e6ca28ac6a7d23de393051b07a36ff117932b3d59dfa06446198f59f0cacdfddf8434507b155841b9422d5fd9ab16bcaeae1b36f4","ssdeep":"","tlshash":"fc31865b20635036ba3318ec11bba38531148011fdd78b2cee9dc790a7f804b261bb4c","first_seen":"2026-02-08T06:09:56.740089Z","last_seen":"2026-02-08T06:09:56.740089Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-08","alert":"Sinkholed","trigger":"wcwx.paradisemall.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}