{"report_id":"7a908acb-a841-4c05-a430-16c9804c0a2f","version":6,"status":"done","tags":[],"date":"2026-03-22T21:56:17Z","url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"title":"44118太阳成城(中国集团)有限公司","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-26T21:56:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":24,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"Client IP","port":33382,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.936013+0000\",\"flow_id\":42955669539621,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33382,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/pf_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":596},\"files\":[{\"filename\":\"/Skins/16581/images/pf_tel.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":596,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2517,\"start\":\"2026-03-22T21:55:56.428837+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"Client IP","port":33344,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.944535+0000\",\"flow_id\":1302158476347996,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33344,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/side_ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":587},\"files\":[{\"filename\":\"/Skins/16581/images/side_ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":587,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2011,\"start\":\"2026-03-22T21:55:56.428636+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"Client IP","port":33372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.966438+0000\",\"flow_id\":405055772330725,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33372,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/footlogo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":126},\"files\":[{\"filename\":\"/Skins/16581/images/footlogo.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":126,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2686,\"start\":\"2026-03-22T21:55:56.428773+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"Client IP","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.972492+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":667,\"bytes_toclient\":2619,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.009029+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/side_ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":666,\"bytes_toclient\":2628,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.014860+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2620,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.177935+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":594},\"files\":[{\"filename\":\"/skins/16581/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":3148,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.195634+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":2562,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.255490+0000\",\"flow_id\":405055772330725,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33372,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":11,\"bytes_toserver\":1336,\"bytes_toclient\":9206,\"start\":\"2026-03-22T21:55:56.428773+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.307845+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":616,\"bytes_toclient\":2564,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.645454+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1603},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1603,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":21,\"bytes_toserver\":2355,\"bytes_toclient\":22057,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.673067+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":24,\"bytes_toserver\":2421,\"bytes_toclient\":24986,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.690659+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/btn.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":51,\"pkts_toclient\":64,\"bytes_toserver\":3558,\"bytes_toclient\":88922,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"Client IP","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.985484+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/fx.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2056},\"files\":[{\"filename\":\"/Skins/16581/images/fx.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2056,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":139,\"pkts_toclient\":155,\"bytes_toserver\":8283,\"bytes_toclient\":226100,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"Client IP","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.099738+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/cp_jt3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1086},\"files\":[{\"filename\":\"/Skins/16581/images/cp_jt3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1086,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":33,\"pkts_toclient\":43,\"bytes_toserver\":2932,\"bytes_toclient\":56784,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"Client IP","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.194438+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1704},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1704,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":21,\"bytes_toserver\":2348,\"bytes_toclient\":21723,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"Client IP","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.257319+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/footer-email.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":23,\"bytes_toserver\":2402,\"bytes_toclient\":23011,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:59Z","timestamp":1774216559,"ip_dst":{"addr":"Client IP","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:59.443927+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/jt_left.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1510},\"files\":[{\"filename\":\"/Skins/16581/images/jt_left.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1510,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":144,\"pkts_toclient\":160,\"bytes_toserver\":8937,\"bytes_toclient\":231691,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:07Z","timestamp":1774216567,"ip_dst":{"addr":"Client IP","port":33382,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:07.626327+0000\",\"flow_id\":42955669539621,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33382,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon4.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1523},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon4.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1523,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":1256,\"bytes_toclient\":5120,\"start\":\"2026-03-22T21:55:56.428837+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"Client IP","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.249359+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about_line.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/Skins/16581/images/idx_about_line.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1223,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":28,\"bytes_toserver\":3019,\"bytes_toclient\":27288,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"Client IP","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.319738+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/news_tb1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1155},\"files\":[{\"filename\":\"/Skins/16581/images/news_tb1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1155,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":56,\"pkts_toclient\":69,\"bytes_toserver\":4216,\"bytes_toclient\":92675,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"Client IP","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.365598+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/jt_right.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1509},\"files\":[{\"filename\":\"/Skins/16581/images/jt_right.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1509,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":36,\"pkts_toclient\":46,\"bytes_toserver\":3094,\"bytes_toclient\":58455,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:09Z","timestamp":1774216569,"ip_dst":{"addr":"Client IP","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:09.730327+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/foter-position.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":353},\"files\":[{\"filename\":\"/Skins/16581/images/foter-position.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":353,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":145,\"pkts_toclient\":161,\"bytes_toserver\":9001,\"bytes_toclient\":231378,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:09Z","timestamp":1774216569,"ip_dst":{"addr":"Client IP","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:09.733377+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/QRcde_light.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1251},\"files\":[{\"filename\":\"/Skins/16581/images/QRcde_light.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1251,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":146,\"pkts_toclient\":163,\"bytes_toserver\":9045,\"bytes_toclient\":233976,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"89tongji.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-08-03","domain_rank":3345724,"first_seen":"2023-08-03T16:00:12Z","last_seen":"2026-03-17T20:28:47.577827Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":413,"comment":"","tags":null,"fingerprints":null},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-03-16T04:41:01.468216Z","alert_count":0,"request_count":2,"received_data":728,"sent_data":792,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.zyzhan.com","ip":{"addr":"180.163.146.43","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":7308161,"first_seen":"2013-02-06T20:53:34Z","last_seen":"2026-02-27T12:41:57.403766Z","alert_count":0,"request_count":1,"received_data":1312,"sent_data":639,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"test.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2021-06-25T14:04:50Z","last_seen":"2026-03-21T06:33:27.022221Z","alert_count":10,"request_count":10,"received_data":201705,"sent_data":4757,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img70.zyzhan.com","ip":{"addr":"218.11.1.241","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2019-03-19T06:33:52Z","last_seen":"2024-12-04T06:31:48.960113Z","alert_count":0,"request_count":2,"received_data":334,"sent_data":846,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jiuyaofa999.com","ip":{"addr":"143.92.57.21","port":31188,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2024-10-08","domain_rank":6268466,"first_seen":"2024-10-21T06:54:01.214917Z","last_seen":"2026-03-21T12:22:43.46324Z","alert_count":0,"request_count":1,"received_data":2710,"sent_data":761,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"img51.zyzhan.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2013-10-30T08:45:27Z","last_seen":"2025-01-03T04:30:16.143556Z","alert_count":0,"request_count":2,"received_data":405,"sent_data":998,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2026-03-17T00:31:00.03382Z","alert_count":2,"request_count":1,"received_data":3645,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"epswc8o.scupx.com","ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"domain_registered":"2024-11-11","domain_rank":0,"first_seen":"2026-03-22T21:56:18.172928Z","last_seen":"2026-03-22T21:56:18.172928Z","alert_count":117,"request_count":39,"received_data":995235,"sent_data":15002,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}]},{"fqdn":"img59.zyzhan.com","ip":{"addr":"116.153.39.128","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2025-06-27T03:23:01.40032Z","last_seen":"2025-06-27T03:23:01.40032Z","alert_count":0,"request_count":2,"received_data":405,"sent_data":998,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.bjztht.net","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":24,"request_count":25,"received_data":662574,"sent_data":9393,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2026-03-19T01:54:50.296368Z","alert_count":0,"request_count":2,"received_data":0,"sent_data":680,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img44.zyzhan.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2006-01-21","domain_rank":0,"first_seen":"2025-06-27T03:23:01.411172Z","last_seen":"2025-06-27T03:23:01.411172Z","alert_count":0,"request_count":2,"received_data":403,"sent_data":998,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cf5828a020ac8ecdee84adfcbbb61bdf","sha1":"053c9a453564dfe807312d533eca1aed907d597f","sha256":"a7042a76d18bd55d1947c386e69661f7ab1bec10d666406673b92c8c0d4a6000","sha512":"18ce8661d9189022a0df8aa91ea6510d51172102eb7af00f52efcc2fb5f13871bad45bdb66f7e895195e66bf4e562452507fc336911b755d184501755acb0110","ssdeep":"","tlshash":"676000020a000020002308002008800220800820002882202802a08c20000000a82800","size":17,"data":"","first_seen":"2023-03-10T14:21:57Z","last_seen":"2026-04-04T05:59:34.951906Z","times_seen":320,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/swiper.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"55dfa40f2efbb761f30b620ad9687b64","sha1":"fbe60d9355cacfe4459614579d443b84860b3fc5","sha256":"fa00600fbc2769c50e908d4e555014f35b0575302336bd92da780f305e88d895","sha512":"63dbf9e95258281cc25a6f31b3895580165f7e4233a037dc3a6b352e8b1ad1f398357b57dda579b9468fde2d85df2940e0f1dd54d4d6748a356b8fdc844092c7","ssdeep":"1536:nArVAiT53aBXr1nuNraK8h78lucfbyyDk5PJVzD5vp0XvH7WcWUwcPqojsE8EtOE:5BXr0rJ27URmvD5ufH7WcWUwcPqmz1L","tlshash":"06c31949b35071d551e72256539ed601a3b62805b90ac0a831b2dcdbadbde8c03bfefd","size":124670,"data":"","first_seen":"2023-03-07T12:26:02Z","last_seen":"2026-03-28T16:48:59.273083Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aafad4aea10866ea5f49262b4c5d8c4e","sha1":"412ac8200928fe47cbee3a69ef6a2c5385384136","sha256":"8e6389ec11c31bc48e3e1efbf9605149f5a6222d2c16ad74fb05c338604b61f3","sha512":"a74b01b2d9853a9d9a2512cbc72d613eec739ee5184bfa6880ac26f35f43050bfb67bb41f1ad3f5f50610e11b22448edd0c3784bb96ac7bc77e5fdf45a79d2b9","ssdeep":"","tlshash":"fcf09eaee841e9582ad335b8979bd649d1ae4024d409c417a4d9c5cd3c38fcd043534c","size":502,"data":"","first_seen":"2025-03-25T22:27:11.988594Z","last_seen":"2026-04-01T22:04:15.702123Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/jquery.la.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"23427e5eabe2dd0e4c3af97ce43b59d8","sha1":"646719d5278d450984ab3d0542345b766e500664","sha256":"f98905d0075788822868d529059521c7624a9417f03446ceed07eca11ded7795","sha512":"32a718dd95481c4787c6d3322694f6af5a1fae93c5f8da324a0732df5ebee435acf705ab6760f5a666d65910e2f5c5d57ce1f9884f94fd943e0f5aa3b500c920","ssdeep":"","tlshash":"e321f15fbc06e2546b52396633b7ddaca9fe00325409dc0668eec16c3c15ff84126b4c","size":1221,"data":"","first_seen":"2025-03-25T22:27:11.993929Z","last_seen":"2026-04-01T22:04:15.521934Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd4e18d598403934c50933af46aad5aa","sha1":"5e76cef62811d52ae873c08f2dddc6f22c689fca","sha256":"b69ff9934c7a8fd6817b3aa636ca43ac054bed64649a808666403a0b8174800d","sha512":"7e203ebae66858f55ab943caa3b30975ce7c8207177eadcb399fde05782e27ff2b57aa0693697518be95bd9b29c51e415a5b3cffd930c4f019853c0aabae3b1d","ssdeep":"","tlshash":"35f09e6ed845a6541ac635f9579bd648d16e0024d149ec17e4d6c8cd2c38fc8042538c","size":502,"data":"","first_seen":"2023-05-24T02:28:07Z","last_seen":"2026-04-02T08:48:35.646633Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f4fd7995fa35b336d1ab9a8e21dfb05","sha1":"6182642fdfc934281235f5675727ba0148cf4a19","sha256":"f82693abdb74814168917272cad5f5c460e8ab7dcdd1ac3ee81291856b9b80c0","sha512":"ce460fdabf2f0886a630385d0a91cedb761468b3dbda47e0f1e192648367bbdb98f9766c336ec6b6b27317c9838af8052d36803d311464d8ad4582cb6936da8c","ssdeep":"","tlshash":"5411e6f7e6d644b20ae7d2f7b37047b8e8d1401fcd5259d2e5bd12604654e42b112e89","size":984,"data":"","first_seen":"2026-03-22T21:56:47.160178Z","last_seen":"2026-03-22T21:56:47.160178Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/kfc/musk/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a692dc4bfc4e1f2ba6cba48935345be6","sha1":"93b0fa260cf2615da3669693a9bee893bdb6462e","sha256":"eb8398efb312906ed5950dc731d9ac177fe5adae0a090edca2d2f65e9254b8eb","sha512":"2e9395aac0bdcc60a069fcbaad7d4f39156fd6fb1b9e69c7b0fa51fd7fab303f2a14437a5d7b0230e114a8805537febd6a36220662d8ca4b2d31234e7e48ca27","ssdeep":"","tlshash":"6f612e54ff8d20338e133165ae6f958c24be68177948eca7f80c64d44fa0d38852beac","size":3364,"data":"","first_seen":"2024-10-12T13:47:38.403922Z","last_seen":"2026-04-02T08:48:35.631105Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/jquery.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"093e5af3d9dbd71444e5d4ecb06fe0cd","sha1":"a4ab8ce8e5115ed53ffbae9179f38867eaf98c44","sha256":"05a002b85d553336f95f92dcf6a067dfd847e83116a375f32a51b9a9152b8204","sha512":"4da95d59bde3be0a625e2c0d66d73c1358d95c2753cd8fcdb4422bb770774952b5a566baa0558671d6a1bbb9217a2fefda9fb7feea726efc6944727719194a6f","ssdeep":"","tlshash":"1901e8d8cbc4d85b6ecc5d43ea14deca22b3813b97d972c38328fe8d05a9152d45c449","size":722,"data":"","first_seen":"2023-09-09T20:10:51Z","last_seen":"2026-04-02T08:48:35.6317Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/jquery.SuperSlide.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1c53512246991077e740257db046609","sha1":"323a390519d9b1c5a022ef6a37701f6c6fa423eb","sha256":"78823b226d6452b8f91d89cc03a295c63cad98d3f4d3beb0acf4aee2fbf2c2f0","sha512":"62d6d6d59db476686b9dcabd527d6208d168a39b61ac12f416b82bc9ab115c1253a4cfabc08ee83533c7a0b37e93bdd870973535eee7fa0fc484fe355cb33de3","ssdeep":"192:5F4KrJkbCsk866kssYNnn5sF+si7VRRL7jOf7sftQAYB/FvSgRgir:sb1K6ks5Nn5sx/FgI","tlshash":"80124356f30cd9d9b4ff22b109df858c683e40338d4998827e5cc5945be8618b22fbb9","size":9795,"data":"","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-04-02T16:01:36.343914Z","times_seen":105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d838c71da5b3074e555880c8f4b8c667","sha1":"3f3a3196bfbc709b1848ef011b3eb0ccb02aa63b","sha256":"a08988e436039662315d0fafdac60e52c4cc55ffa6b8fe38cb0add83fb476cb1","sha512":"0a13ae4e4c3974232b9d31da9faa8bf3813c0e88f0b7bee9b4b740c553967b19ffccdaa637da6562a44462d265f53448466f7784406a6593428a6e5e1492f440","ssdeep":"","tlshash":"c6a02417315f0c3001c73173000c53403c04c3534fd01d0150341111cc30d01c347f54","size":83,"data":"","first_seen":"2024-12-07T23:59:59.395357Z","last_seen":"2026-03-27T02:37:13.083188Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/apple.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"24d5d57d5ef233918b4e31b4a4a42db0","sha1":"dc93a03844229ee03b5fbcfc22952df315633aa5","sha256":"8cf1d359c59b2956038795751456fe546ea31a193bf30436642f6021a5351390","sha512":"c5b10a253eb150c560ad3e771e4a319a8fa97c22ad0d962c4b13f8f26d9974a01554700fb3034e2735d4c35923289edca7f243d87acaaabc5be5c5ef1a8b3686","ssdeep":"","tlshash":"af411f2a52a52439c40bf83dc6ff610069784607ad29ed88728c71514f6e43850feffa","size":2016,"data":"","first_seen":"2023-05-22T11:49:21Z","last_seen":"2026-03-28T16:48:59.252209Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=bjztht\u0026referer=\u0026title=44118%u592A%u9633%u6210%u57CE%28%u4E2D%u56FD%u96C6%u56E2%29%u6709%u9650%u516C%u53F8","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.43","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"5c6455cd15043eb3d3aab255702a6b19","sha1":"25b5f1695ad1837ebe66a04994863e6e7790d4a8","sha256":"9518b43339a1a812880ddf68b964d4f0d8f111706ce501cdf3879e9f3336b25a","sha512":"0e688cabbc00588121d4ec8924fbb601c24b285ff8aa9f2473d81459284ecf23a443d35350e28ef11f34eddad65e4a509684add59675f647b966177a6f3c1691","ssdeep":"","tlshash":"89f097a74504e3ee8801aabdeea2c744d04b0f7b30a1d633a12310812520477b0ac8db","size":488,"data":"","first_seen":"2026-03-22T21:56:47.162223Z","last_seen":"2026-03-22T21:56:47.162223Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/jquery.pack.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1dcefcd517d1ef793e290defb52879e","sha1":"6441f7a43e8e97fb8f1fc61ce4a2ed834da6d5ce","sha256":"c081342e7606f4f513d6411d396dfcf5015e5178b0798ebe2303857417ad587b","sha512":"8b49ce1ee419d9a66fddbd5c1192c0c5f16cb1e660c12094239fecdbf830dba78452af8e715589683e803ab87247a8e5ad78dbca09166f64ea2e4213a07eb44a","ssdeep":"1536:jYRKUfAjtled3TmtaFyQHGvCXsedOgRc9izzr4yff8teLvHHEjam7W5X3ytSiLns:SUbCGvCu09S2I2skAieW","tlshash":"bd93e7d9b2d6712387b731bc50af510bb17698aa784c8c50f068d8e4be74a48907bf7d","size":94853,"data":"","first_seen":"2026-03-22T21:56:47.114248Z","last_seen":"2026-03-22T21:56:47.114248Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/setRem.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d02987ff470a67fcba408562e9039b72","sha1":"d9a56758e1c65a60adb5cdc5b85ba0da758b4ea3","sha256":"bc3a6655986e2078c03be02da0f14deb28a2849aaa1c28683498ff618ce3b2f2","sha512":"38ed9474ecfc476b2743f05765cabd7abba0c2e8d37ed23e6968e5405c5f3fcda1714ebcfafdf3262ea426f8afb385f8460e6e0c3dd4896abe591614f88571f0","ssdeep":"","tlshash":"ebe0927d6a9263317d27615c733f924c38b383271007de00bd1d92980fe19956244b9c","size":396,"data":"","first_seen":"2023-05-10T11:34:44Z","last_seen":"2026-03-26T22:11:35.472571Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/mystat.aspx?u=bjztht","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9d7c0978409e6b85c16452d1f23ca68","sha1":"336c5b3a78ba014668a5667226892bf1c439118a","sha256":"17cee35fb4f964169747c58cd3103853c682c970211c00463d5a1e5c248319d3","sha512":"c72b3f4679777cabcaabdbc3be15504dfe7c7b1a75dfa2ff81454f5b5160a6b8aea48cac74f8aabefda8346aa65e30b0ff491a71d8d3a2a1b39cf6b686901fa3","ssdeep":"","tlshash":"8a217d541d02c0a4bc36713d89bbc13cd2a11a273869d73278cca9084f78fa425deeea","size":1357,"data":"","first_seen":"2026-03-22T21:56:47.164405Z","last_seen":"2026-03-22T21:56:47.164405Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/qq.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"eaf13e93011880bf8e0891a82bdc283b","sha1":"d2a8d9f0afd8031074a8da67a6bdf46f51761edb","sha256":"dbf2017b93e3d67efbc8380858af7413c0fb0609491fae55ffce82c1be8f23dc","sha512":"07b5a34367ce85579f7b70cbdc89621268b98a3951b8e7092f5cf9f02d2681c582dd8e703d7890937ee55a8862c52eb818969e4a498674088a543e75d363685b","ssdeep":"","tlshash":"5131bcd8f78e152150b1b2bd893fd7cc713e1023b853a867ac6d84b808f967b1325d98","size":1464,"data":"","first_seen":"2023-08-05T07:44:19Z","last_seen":"2026-03-29T19:34:53.460649Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/pt_js.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"221e1a1773751e1de6a3e5d6c550cd3b","sha1":"196e61390a2c43492e26c1f2fb2024d65a6865b1","sha256":"3aadb367874ce555e0d447bdb7a1825cbb4943968cdc885c55328246ecf02e5d","sha512":"8a55a4a3bfc29b75966847ebb678012f4bcbc16bf6358a1196ebe811aeabefc4bc012bbb803577f6f4e6c3b98d3df0f327b6a5ce922ece5ac4d3c916fa357eb5","ssdeep":"96:lOsG6+zdwzZjQNsRy6VyxjCP2WQlmreJvAKpjRfRT+:lDGVzdw1jQNsRy6Vyx+PHQlmreJvAKpG","tlshash":"36a13226f3623ab800bbb13b347f692917354057a5414d22bc3d50e46f643b8a57bfad","size":5037,"data":"","first_seen":"2026-03-22T21:56:47.131207Z","last_seen":"2026-03-22T21:56:47.131207Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"ab2532f75c4ebc8be60ecc48bf304aec","sha1":"bc02df3d4df1341275872750514459e0eb74009b","sha256":"f5e05ab376b6ebc0acb893274c7572ab786989125a79ee80622ce5f9258662fb","sha512":"806082288bdc75a0b254bfbd510d1673bdcc885c71fb69c713845584c670bc5015904f9bbbf9d8850828da3a084c31f854a7f1cd81bd397ebae961780a2ad428","ssdeep":"","tlshash":"48f04c761880580e5370c135f8d9f595e9429947926c9492f48830df5ff0f68d4c365d","size":610,"data":"","first_seen":"2024-10-12T13:47:38.430677Z","last_seen":"2026-04-02T08:48:35.649622Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"085a3125d70d13535be2949408face46","sha1":"1320660c05c2128a1c39e772f20a9eff5b96a931","sha256":"4fabd52cfafbec83641335ed0a6e9bae10faaa6b0fbb41cef39c250083e0c353","sha512":"625c0263a00309eb108c48bd74dff66d8e94847067b3b368b72e37fdc729ba8c954a2592bf5feaa932c4aad7520c1066db47e5ccfb8b90e98d8f646d52335f59","ssdeep":"","tlshash":"bcf097ae9c45e6581ad739e9ababd64cd16e0024114aec17f4e6c8cd3c38fd8082938c","size":508,"data":"","first_seen":"2023-05-24T02:28:07Z","last_seen":"2026-04-02T08:48:35.650283Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4004b8d367540ce2c0e94769c6a3cefd","sha1":"ace823722356c5a8fcadf4579e7a0a02a1bb08c1","sha256":"eb141442f5d05725b2f99d478c3b1c5ba32e7c8b109a0c1baa8bd7a5ccbfa9c0","sha512":"8b1b3ace65c3ee4a50e7bcf6e5bebc85ad1712596565d6dcc4fc32af3489e7bfa9d55eac2d6f68d8a44b5bb6dc828758386a05555983f5465f72c4c4694d452b","ssdeep":"","tlshash":"d1f09eae6c81e9581ad3359897afd24dd1ae40241409c417a4e9c5cd3c38fdd043534c","size":508,"data":"","first_seen":"2025-03-25T22:27:12.001067Z","last_seen":"2026-04-01T22:04:15.736695Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b18d661dd1dd4f6db164362a63cbb5d7","sha1":"7b529b0f87a50046be30740884aa0b32d7c04dfb","sha256":"05c3befc606bdf951827cafea5d35dbdfc59a4d7af9970be5491636fc4f857f8","sha512":"6f63d2490a6ccb117211ab39a8c909b42fd2e8effa0b4958ff87bf3376f5a7a81a1b6c9f170d7976c7dc5d4e7905fecaddaa8c58c80e2ecde7b0fbe6acc8489e","ssdeep":"","tlshash":"7fa011032e0280a8ac0200eaa0a0f828a0a2a020ac82ec08ccb0002828822c88a00002","size":78,"data":"","first_seen":"2024-05-26T11:56:59Z","last_seen":"2026-04-02T08:48:35.65153Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b772d4aa5a9acdfad7fbe8271f173bcf","sha1":"96b82e612ca2ab93b6e965965a1a0b5b11bcb667","sha256":"3cc9ebd4ba3b83eb1d0053d7ef2e36214729451fbdd01393b9ecedbd397b7286","sha512":"902350863f4de1a609611dfa464b8c75dfce66088f9578cf63c8e22da90e8af9644a3a63088d35635fd9c292cbe76a60fa4ab3c97a05a3aa6db3ba1d62b019c9","ssdeep":"","tlshash":"17c02b432d01c80c41000ac4e0a3fc1dd090f13e0114ec8dc4d130cc31409cd08015c0","size":134,"data":"","first_seen":"2023-09-09T20:10:51Z","last_seen":"2026-04-02T08:48:35.647861Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"082dd6b30f075d52c17f24e55f4c2848","sha1":"2e06bc4c99ffd44da4c7e4dbf6d5832022169833","sha256":"8e061274702eb5ceda9e0d05d25aa5419bc0d4c9e03799e6fa65853ccb0305c8","sha512":"e20092f127a21cd5db877b5a96d18931929ca5830e2a2da892ad06938007f0c4fe18eaf22266a2ff09fe21cd57cf9715fb7aaf457b4bb8e635f1f36e7e390ee0","ssdeep":"","tlshash":"30d023e78501011449182385f0d2ff3771ab14076bd0077c1bfd2474f104545d553355","size":217,"data":"","first_seen":"2026-03-22T21:56:47.16956Z","last_seen":"2026-03-22T21:56:47.16956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/jquery.SuperSlide.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.220Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/js/jquery.SuperSlide.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":9795,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (310)","md5":"a1c53512246991077e740257db046609","sha1":"323a390519d9b1c5a022ef6a37701f6c6fa423eb","sha256":"78823b226d6452b8f91d89cc03a295c63cad98d3f4d3beb0acf4aee2fbf2c2f0","sha512":"62d6d6d59db476686b9dcabd527d6208d168a39b61ac12f416b82bc9ab115c1253a4cfabc08ee83533c7a0b37e93bdd870973535eee7fa0fc484fe355cb33de3","ssdeep":"192:5F4KrJkbCsk866kssYNnn5sF+si7VRRL7jOf7sftQAYB/FvSgRgir:sb1K6ks5Nn5sx/FgI","tlshash":"80124356f30cd9d9b4ff22b109df858c683e40338d4998827e5cc5945be8618b22fbb9","first_seen":"2023-03-07T14:18:31Z","last_seen":"2026-04-02T16:01:36.343914Z","times_seen":105,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":293,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/css/swiper.min.css","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.224Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/css/swiper.min.css HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":15600,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (15298)","md5":"e230db97c0f8f4e0bc2c10183118716b","sha1":"65ecea7d5c90049b5d3bc0a5e5656e18bb487883","sha256":"11db75f0380db1188b4aadabd235ae6f4f3c195e3ca8b8e6f43bbc31a9ebf71b","sha512":"2b22b85996baf985fe0e02198166cab53c50db83120c77a534b7f92174bf15ad10274a28204c0f9ea71b50c2026f96e081083c70a49f106719982f9005914d19","ssdeep":"192:bgGnsCkyJyCO8QrfM5HmXyy/Kf6C1B4wq:bgGnsDC4fM5HJy/G6CP6","tlshash":"9962831c17002067ea324f1a87d9d77c9715c8939e4328ee6a50de08c7bf979326f7a6","first_seen":"2023-05-22T11:49:21Z","last_seen":"2026-03-28T16:48:59.269996Z","times_seen":47,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":113,"dns":0,"connect":137,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img59.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace43916e7e4e50da8740d468782c5d2ecd412f575f4fba64ea9695_320_320_5.png","fqdn":"img59.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"116.153.39.128","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.237Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace43916e7e4e50da8740d468782c5d2ecd412f575f4fba64ea9695_320_320_5.png HTTP/1.1\r\nHost: img59.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img59.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace43916e7e4e50da8740d468782c5d2ecd412f575f4fba64ea9695_320_320_5.png\r\nX-CCDN-REQ-ID-46B1: 21edfcba0ea2d247679c1d1544a33bb1\r\nvia: CHN-JXnanchang-AREACUCC1-CACHE42[7]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1782,"timings":{"blocked":564,"dns":705,"connect":253,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/down.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.130Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/down.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/2.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 85884\r\nLast-Modified: Fri, 22 Oct 2021 07:29:23 GMT\r\nConnection: keep-alive\r\nETag: \"61726853-14f7c\"\r\nExpires: Tue, 21 Apr 2026 21:56:13 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3","md5":"6613a23f1fecfc5aad23df7cce06f1b0","sha1":"3a3bcb377568add492170212e90d7a1f633f5e27","sha256":"657c5a2c773ed927afc61fbce4bc522bd8190ed82cb2c15ff0e9baac320749ca","sha512":"511438a9f958104610211db26c5b44cba19e27ca89ff256f83e298aeb094118e094752fac5d3591304df00f7d9e5d205c6d6c04c3997dd8358d16b77eba1dad3","ssdeep":"1536:QEDtAN5nPlYihG1VH9qvmhrcn+mcKHvQ8vDBXj4Jka:Q0AN5PlYp1Vdy6oSmI8v1z46a","tlshash":"0f83f17bc7560be3e618077a90b7053efb564439661e1f17ad280026c8e07b9fd672a2","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-05T06:37:51.34884Z","times_seen":1340,"resource_available":false,"data":null}},"time_used":911,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":597,"receive":314,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/2_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:14 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11115\r\nLast-Modified: Fri, 22 Oct 2021 07:29:25 GMT\r\nConnection: keep-alive\r\nETag: \"61726855-2b6b\"\r\nExpires: Tue, 21 Apr 2026 21:56:14 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11115,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"088afa1a19d8f98fe3808e2471d9666e","sha1":"c5580afe6796b562e0cb6ca80516f4fb57504a39","sha256":"e311225d391d6c060f288026fcaf5f70c87230a6a86b16f7acf36e33c29ae14c","sha512":"42258aa415ece74bb59b31813b3bec7c2e39c8d638224e147ff77ca357c63a8f2d9fcc6dada5c4845d38ce450e13b6195274f8b6ffcc7231a18e5e932ad010b1","ssdeep":"192:mE56ohr2Gml8mR9gSc/ucAtPrmZo7/KKmUWNLnWk91PNu/Hm9kzJ:SoJs9EgDmZ0QhNykVuO4","tlshash":"70328e3d6bb1571ae187ec3370ba83ab596e20c1f14f3035b632caeb45751913742d99","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.069306Z","times_seen":1329,"resource_available":false,"data":null}},"time_used":2160,"timings":{"blocked":922,"dns":1,"connect":304,"send":0,"wait":304,"receive":1,"ssl":624},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T21:55:54.430Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/idx_about.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.240Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/idx_about.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83350,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":717,"timings":{"blocked":561,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/cp_jt3.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.752Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/cp_jt3.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/cp_jt3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1086,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/ys_icon2.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.763Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon2.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/ys_icon2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1603,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":140,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/jt_left.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.768Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/jt_left.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/jt_left.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1510,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":366,"timings":{"blocked":213,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/cp_jt3.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.916Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/cp_jt3.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1086\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:06 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0cbb61bb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache33.l2cn9026[16,16,200-0,M], ens-cache8.l2cn9026[20,0], kunlun3.cn7174[30,29,200-0,M], kunlun5.cn7174[32,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165576398528e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1086,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 11 x 7, 8-bit/color RGBA, non-interlaced","md5":"e7819c767831a8b4971e44e451bf08ff","sha1":"6c22dee96dddb41f14d0d29be940c946fd8e3bf6","sha256":"313072c1de8f180d6a095167c26bb6f59ccefda89b5b006f3c8aac64bf72273d","sha512":"c03aea91d6931dfe6c6006e31e2499ddace367aa25ae9c2bb137935f4b3c5b3205986c0d0dae4841835b56448aa88f42ff664fb3920f978618775fef5a374d18","ssdeep":"","tlshash":"0b11204efb90b842a188958214fa50378c164cc49990e566be8ecc0aa8744fd101dbdb","first_seen":"2023-06-20T10:39:00Z","last_seen":"2026-03-29T08:48:33.592062Z","times_seen":25,"resource_available":false,"data":null}},"time_used":909,"timings":{"blocked":639,"dns":0,"connect":0,"send":0,"wait":269,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"172.18.0.12","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.099738+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/cp_jt3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1086},\"files\":[{\"filename\":\"/Skins/16581/images/cp_jt3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1086,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":33,\"pkts_toclient\":43,\"bytes_toserver\":2932,\"bytes_toclient\":56784,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/26_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/26_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 22936\r\nLast-Modified: Thu, 29 Sep 2022 10:16:32 GMT\r\nConnection: keep-alive\r\nETag: \"63357080-5998\"\r\nExpires: Tue, 21 Apr 2026 21:56:13 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22936,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"ce42bf92c86c558c9b16045328f51abe","sha1":"8775d77ae4bfcb40285876e6e99c9fd238df4976","sha256":"627bdc513407920656341f0c334ef6eda80604e98f0f1b706960b76e25946095","sha512":"5dae7dfb4049db9988cae7ac255673eb754b5a5dbcd4a4c232bdde49b1cc6b6199f573379f5fa3a949e873b632c611185e6b1ae8b4b2d473700e34ede43f8c1c","ssdeep":"384:096JUHVMtZg3jGr23KkaFRLg4vjSu8jQShAr6HYEFaJip92nXpuwyD71NCLK2ihG:E6JU1MDgCDNFaMjvkmgkO92n5uwyD71E","tlshash":"77a2d0e7e64141ced83b7375be805f08f60f1726f2557edfd8a26677e2928d50444228","first_seen":"2023-05-07T19:08:48Z","last_seen":"2026-04-04T22:45:47.070459Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":599,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":597,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/css/style.css","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.212Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/css/style.css HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":67797,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (369)","md5":"edc0a2e33d9dfce357853780cffc9246","sha1":"fa84039d2e84b90a759b672a5e4f9bb15ff649ca","sha256":"5bf8551b7f1c4c24784ec213b2207f86ddde1adeb86938c510555883027fcbc1","sha512":"1543af5d071c030d70a2f5f51cc8f2349b618f162aadcde8c9af2aba059d5e01d332f9c3f21ccd9aa253e401607665ae35207666a3ec882d15000f75cd74d553","ssdeep":"768:A40flNPd0Jd1exxfcsDMFbXjthUkXaQ6vX:Wflkd1ep4fMQ6v","tlshash":"9963a732e360201df137d573b941fb9d3564c01be26b4be9ea9a7535d58f09e2632388","first_seen":"2026-03-22T21:56:47.111313Z","last_seen":"2026-03-22T21:56:47.111313Z","times_seen":1,"resource_available":false,"data":null}},"time_used":527,"timings":{"blocked":84,"dns":1,"connect":142,"send":0,"wait":158,"receive":142,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/jquery.pack.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.219Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/js/jquery.pack.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":94904,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)","md5":"a1dcefcd517d1ef793e290defb52879e","sha1":"6441f7a43e8e97fb8f1fc61ce4a2ed834da6d5ce","sha256":"c081342e7606f4f513d6411d396dfcf5015e5178b0798ebe2303857417ad587b","sha512":"8b49ce1ee419d9a66fddbd5c1192c0c5f16cb1e660c12094239fecdbf830dba78452af8e715589683e803ab87247a8e5ad78dbca09166f64ea2e4213a07eb44a","ssdeep":"1536:jYRKUfAjtled3TmtaFyQHGvCXsedOgRc9izzr4yff8teLvHHEjam7W5X3ytSiLns:SUbCGvCu09S2I2skAieW","tlshash":"bd93e7d9b2d6712387b731bc50af510bb17698aa784c8c50f068d8e4be74a48907bf7d","first_seen":"2026-03-22T21:56:47.114248Z","last_seen":"2026-03-22T21:56:47.114248Z","times_seen":1,"resource_available":true,"data":null}},"time_used":581,"timings":{"blocked":287,"dns":0,"connect":0,"send":0,"wait":156,"receive":138,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img70.zyzhan.com/1/20230620/638228580999613130107.png","fqdn":"img70.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"218.11.1.241","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.241Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /1/20230620/638228580999613130107.png HTTP/1.1\r\nHost: img70.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img70.zyzhan.com/1/20230620/638228580999613130107.png\r\nX-CCDN-REQ-ID-46B1: 44968ada472a8f1d076180671cf04c3a\r\nvia: CHN-HEshijiazhuang-AREACUCC12-CACHE28[7]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1760,"timings":{"blocked":560,"dns":703,"connect":245,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/side_ewm.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.986Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/side_ewm.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 17550\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache2.l2cn9014[21,21,200-0,M], ens-cache16.l2cn9014[23,0], kunlun3.cn7174[62,61,200-0,M], kunlun8.cn7174[64,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921c17742165567462733e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":8210,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x180, components 3","md5":"08a82707c9d694ee20dadafc96a129b7","sha1":"cd6c35a455a1cff2af978760c412ce37cbe00588","sha256":"65e58502cf7d395c14b31fd27636ba7c72a777bf1ecc6c18a8ecc2f3e59caa7b","sha512":"ecc21ecd98cedcd7cc6e20fdd54f2a520490b175aee282aefa5aa6dceafb188ab9456bc51b7829a2d762970c395bb4200dab04f541c24328501c01641820b86b","ssdeep":"192:QuqPgLQbSkGtWkQTWJz0RZx4TRZQWszndt8bWB:QuqPgLQbSkOkWJz4ZxN5zdtVB","tlshash":"de02bf0e38158fd6ccc967b0b8fae67aead483c425cbba330d5ebd0039322f29405944","first_seen":"2026-03-22T21:56:47.117048Z","last_seen":"2026-03-22T21:56:47.117048Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1945,"timings":{"blocked":-1,"dns":445,"connect":226,"send":0,"wait":290,"receive":984,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"172.18.0.12","port":33344,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.944535+0000\",\"flow_id\":1302158476347996,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33344,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/side_ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":587},\"files\":[{\"filename\":\"/Skins/16581/images/side_ewm.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":587,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2011,\"start\":\"2026-03-22T21:55:56.428636+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jiuyaofa999.com:31188/fcl.php?keyword=44118%E5%A4%AA%E9%98%B3%E6%88%90%E5%9F%8E(%E4%B8%AD%E5%9B%BD%E9%9B%86%E5%9B%A2)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026from=pc\u0026originUrl=http%3A%2F%2Fepswc8o.scupx.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=9291","fqdn":"jiuyaofa999.com","domain":"jiuyaofa999.com","tld":"com"},"ip":{"addr":"143.92.57.21","port":31188,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"jiuyaofa999.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:05:40 GMT","end":"Sat, 02 May 2026 22:05:39 GMT"},"fingerprint":{"sha1":"84:35:81:18:BD:CF:7A:62:E6:12:07:11:5C:07:F9:42:82:5A:F6:F6","sha256":"87:9C:B1:61:C2:3A:98:B0:0F:67:B2:D7:00:25:06:6E:7C:5C:CD:77:FF:E5:A2:23:83:13:84:BA:30:49:04:51"}}},"request":{"raw":"GET /fcl.php?keyword=44118%E5%A4%AA%E9%98%B3%E6%88%90%E5%9F%8E(%E4%B8%AD%E5%9B%BD%E9%9B%86%E5%9B%A2)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026from=pc\u0026originUrl=http%3A%2F%2Fepswc8o.scupx.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=9291 HTTP/1.1\r\nHost: jiuyaofa999.com:31188\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://epswc8o.scupx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":2443,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"4b1f9f0d1bb1b14829224904055aed4e","sha1":"0fbed1d13170afd9fe500438e540f97f9951efbd","sha256":"28d8f02b34231e8edf8b44851259119477c3fc069da4205b563edd919269a7ed","sha512":"ba30d982bc9440ec26356c8a119bf48562b8ffaa4020d52b915d1a5e92a3d15ac293d1b3fc12275d914adf963bd5d3e10fe228bd755f40da02924010f1c5e136","ssdeep":"","tlshash":"7a51b2b7a6cd18660673c1e6b5b0b7b8fce3900fce55a582f47c119b4b60e61b44364d","first_seen":"2026-03-21T12:22:57.130933Z","last_seen":"2026-03-22T21:56:47.119427Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1277,"timings":{"blocked":-1,"dns":59,"connect":298,"send":0,"wait":315,"receive":0,"ssl":605},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.746Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1083,"timings":{"blocked":-1,"dns":823,"connect":259,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/foter-position.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.771Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/foter-position.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/foter-position.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":353,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":458,"timings":{"blocked":297,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/idx_about.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.962Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 83350\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 21 Mar 2024 05:06:58 GMT\r\nAccept-Ranges: bytes\r\nETag: \"08591994d7bda1:0\"\r\nX-Powered-By: AN-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache42.l2cn3130[14,13,200-0,M], cache41.l2cn3130[15,0], kunlun5.cn7174[21,21,200-0,M], kunlun1.cn7174[23,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165567987188e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":83350,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=245, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=432], progressive, precision 8, 432x245, components 3","md5":"df8c0d750f4fdc596f512ed9dc5fc877","sha1":"5b883370907400a7621448a7617db4f21859da60","sha256":"ffb7c40e6b87f4e19bfec76872356324719364cb2b02b776c601fee15054b6b1","sha512":"d15a419bb24c2bf11a45b9c1127888d47c1bf8e6cff64ce54e5ed7a5bcc7ea9e11064ea50db692567b573e358d4a390ee9f44e0b94abc6ca053019f3d9a86590","ssdeep":"1536:ZPimOaimHqJm2jaZcBp3iyhKis+oDm7/piOGv1rJXmVs/L5d3s40RyTBZ0x/:M/4cBpiEw+smNiOaos/1ZsK/0J","tlshash":"a183f119b6248c77e5e423b08891d2b63712ecf45ab36aa27dcc0c273f61764ed5a706","first_seen":"2026-03-22T21:56:47.121203Z","last_seen":"2026-03-22T21:56:47.121203Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1308,"timings":{"blocked":2,"dns":464,"connect":261,"send":0,"wait":283,"receive":298,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"172.18.0.12","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.972492+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":667,\"bytes_toclient\":2619,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/images/banner2.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.751Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/banner2.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/skins/16581/images/banner2.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":212472,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/ys_icon1.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.760Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon1.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/ys_icon1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1700,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":69,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/idx_about_bg.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.935Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about_bg.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 50755\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:08 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f8e71cb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache66.l2cn7329[32,31,200-0,M], ens-cache88.l2cn7329[33,0], kunlun5.cn7174[134,133,200-0,M], kunlun5.cn7174[136,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165570186862e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":50755,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=484, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x484, components 3","md5":"a3d8b4b24e4cf9f8286e8668138a204c","sha1":"96a725103a0d7f3bf79bc145ec8e7e04a7e5c992","sha256":"d49419ab5d267c2f9c3f8a12e3549676e240b334285c1dbacb89a389a18319bd","sha512":"3818dc7771f497468f206238fd8e2b2fc38cc85b17fe1b615504e98f3e16f1066b36c5adbfa0a76cfb4ff4cd35d5d0ff70aeee577381b6a151fb90ff87184e50","ssdeep":"1536:QpIffd8SGCIIlo7vByBMl45kxbhMvS2NV:agySVC7vINMo3","tlshash":"d533ae26be698ed0cbc061775255cfa282305fe847033672fdad3398b7adc665c28257","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.032176Z","times_seen":23,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":247,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.307845+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":616,\"bytes_toclient\":2564,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img51.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace4391161aa660029970b34cd4f7477caf8b054ae71ed05b7ce212_320_320_5.png","fqdn":"img51.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace4391161aa660029970b34cd4f7477caf8b054ae71ed05b7ce212_320_320_5.png HTTP/1.1\r\nHost: img51.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":577,"timings":{"blocked":0,"dns":1,"connect":274,"send":0,"wait":0,"receive":0,"ssl":301},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/jt_right.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.769Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/jt_right.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/jt_right.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1509,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":291,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/fx.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.773Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/fx.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/fx.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7247,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/ys_icon3.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.078Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon3.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1704\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache20.l2cn1813[27,27,200-0,M], cache32.l2cn1813[28,0], kunlun3.cn7174[46,46,200-0,M], kunlun9.cn7174[52,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165571866288e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1704,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"a046563f45f4a3cdf646c129b68bb895","sha1":"967fcae0a196764c0783df9411be58ba7d9e1d5b","sha256":"08a04c687925551c7eb472159d8e4ce992cce930f172b3ab831ce6c9672f66ee","sha512":"0a941374796a5c8c7b532f8369c4c1f90d586fec3ac8ffcf1d3f1d2657073543178571795c992568c971d862f37f3e2aec07337c479d5383627ee2fa842d6b5e","ssdeep":"","tlshash":"7931ba58f552bd80d45bd4c734fab62744d34b4286f0f0a2789ec42e5973571c834ae6","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.037986Z","times_seen":24,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"172.18.0.12","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.194438+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1704},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1704,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":21,\"bytes_toserver\":2348,\"bytes_toclient\":21723,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/jt_right.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/jt_right.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 1509\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:08 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f8e71cb976d61:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache47.l2cn8003[19,18,200-0,M], cache2.l2cn8003[20,0], kunlun3.cn7174[31,30,200-0,M], kunlun5.cn7174[33,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165579131205e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1509,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 25x30, components 3","md5":"0f7f0feaf41e2decd462e12822fff45d","sha1":"23bb1d19e3c5f3be13e860bfec145ec274949646","sha256":"2ad624c4dfa4243c6c1ddca702f84a88ba3fb87ee3b8a75072167feade0a7056","sha512":"4fec5c2195ce2e9875f4b863c6bcdfb53c883e0f1f736e4b06e444dd0edc1cc9eff7ce1d70ec6e7425593dcaf0f003f2a4ad1d1fe1e9114e4a585da8e25812f1","ssdeep":"","tlshash":"9531660eae137880d45d9df214e37027e1331bc1d9e3e661a5ceb14bc5752f754291e5","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.074795Z","times_seen":13,"resource_available":false,"data":null}},"time_used":871,"timings":{"blocked":596,"dns":0,"connect":0,"send":0,"wait":274,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"172.18.0.12","port":42530,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.365598+0000\",\"flow_id\":196294591930481,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42530,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/jt_right.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1509},\"files\":[{\"filename\":\"/Skins/16581/images/jt_right.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1509,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":36,\"pkts_toclient\":46,\"bytes_toserver\":3094,\"bytes_toclient\":58455,\"start\":\"2026-03-22T21:55:56.680049+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/foter-position.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.235Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/foter-position.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 353\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:07 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80614f1cb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache54.l2cn7857[23,22,200-0,M], ens-cache9.l2cn7857[26,0], kunlun9.cn7174[58,57,200-0,M], kunlun1.cn7174[61,0]\r\nAli-Swift-Global-Savetime: 1774216559\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:59 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165592575876e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":353,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 13, 8-bit/color RGBA, non-interlaced","md5":"62452568dc5df17b984c37ecdf87f3c7","sha1":"d8935230d58df1a1e1ce3c2cad9c6b757aaaf0fa","sha256":"4d8db54a60a969afd64f70faaadab3c82f030a537eb5194279bcfadb49fb398b","sha512":"abcac938d88ecf44431a703e9ee7af98b7b97b23d4c3324def4f37ec8a160d4a1e4d55c1c3e17d1981f63fab025adafe9562a8d39fc2e54e0d188afe33053d86","ssdeep":"","tlshash":"09e0c0d352807de1c045d47742670444b7b78529a71f39d9966b69182db05cad8dd700","first_seen":"2023-07-04T12:15:00Z","last_seen":"2026-03-27T02:37:13.044346Z","times_seen":55,"resource_available":false,"data":null}},"time_used":2230,"timings":{"blocked":1937,"dns":0,"connect":0,"send":0,"wait":292,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:09Z","timestamp":1774216569,"ip_dst":{"addr":"172.18.0.12","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:09.730327+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/foter-position.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":353},\"files\":[{\"filename\":\"/Skins/16581/images/foter-position.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":353,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":145,\"pkts_toclient\":161,\"bytes_toserver\":9001,\"bytes_toclient\":231378,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/images/side_ewm.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.244Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/side_ewm.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/skins/16581/images/side_ewm.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":17550,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":867,"timings":{"blocked":713,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/logo.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.988Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/logo.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 17131\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache74.l2cn8786[39,39,200-0,M], cache90.l2cn8786[40,0], kunlun10.cn7174[59,58,200-0,M], kunlun9.cn7174[60,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165568045238e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":17131,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 120, 8-bit/color RGBA, non-interlaced","md5":"e106090ab3808690c365fbc0277a0f1c","sha1":"db808bdc601d50a387272625ff5e99c3e1a3a24a","sha256":"22493aea29272418a1bd4d8a1c0743cda49ead01021c3a6cf2d6d78ebfa739c7","sha512":"408ca9312e9b5b26cdc51ed2dfc755721d8367da9fc1304bfb650acd781b9bd8408ce6b8c3b971c5d031fa038977b5336982420c4cfd7ec9c07cfc728aa50327","ssdeep":"384:7rFl0nXf3QQUJkVwXK00Oe84gZTA5R+K/0+Tw/YbehcB2bArzf708:7rFl0P3QYbT84gZA5RD/fTAwehcV708","tlshash":"c872bff0e41de664db197016c7a3b783aa024af1a8c9b92523da44e32d76d5d01dafc1","first_seen":"2026-03-22T21:56:47.125833Z","last_seen":"2026-03-22T21:56:47.125833Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1046,"timings":{"blocked":-1,"dns":442,"connect":262,"send":0,"wait":324,"receive":18,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.014860+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":662,\"bytes_toclient\":2620,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/idx_about_line.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.757Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about_line.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/idx_about_line.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1223,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":171,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/ys_icon3.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.765Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon3.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/ys_icon3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1704,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":138,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img44.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace439100a9e9f644a832b211200e2de000e8f62c8e39605a98ac81_320_320_5.png","fqdn":"img44.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace439100a9e9f644a832b211200e2de000e8f62c8e39605a98ac81_320_320_5.png HTTP/1.1\r\nHost: img44.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":599,"timings":{"blocked":0,"dns":1,"connect":289,"send":0,"wait":0,"receive":0,"ssl":309},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/favicon.ico","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:58.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3066\r\nLast-Modified: Fri, 22 Oct 2021 08:11:14 GMT\r\nConnection: keep-alive\r\nETag: \"61727222-bfa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"00b726752e8713453d31b694d4f74b89","sha1":"122742a4ce71b668801ddcc8db72f07730db290c","sha256":"45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37","sha512":"75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367","ssdeep":"","tlshash":"e9515d9712b1080bc4797cb20f41bc5e95251237402dfaa57cf332d5ba80e9d629bed1","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.066966Z","times_seen":1723,"resource_available":false,"data":null}},"time_used":811,"timings":{"blocked":511,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/news_tb1.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.768Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/news_tb1.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/news_tb1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1155,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":313,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/down.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/down.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/down.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":894,"timings":{"blocked":735,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/jquery.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.210Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 722\r\nLast-Modified: Wed, 11 Mar 2026 14:17:30 GMT\r\nConnection: keep-alive\r\nETag: \"69b1797a-2d2\"\r\nExpires: Sun, 22 Mar 2026 22:55:55 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":722,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (722), with no line terminators","md5":"093e5af3d9dbd71444e5d4ecb06fe0cd","sha1":"a4ab8ce8e5115ed53ffbae9179f38867eaf98c44","sha256":"05a002b85d553336f95f92dcf6a067dfd847e83116a375f32a51b9a9152b8204","sha512":"4da95d59bde3be0a625e2c0d66d73c1358d95c2753cd8fcdb4422bb770774952b5a566baa0558671d6a1bbb9217a2fefda9fb7feea726efc6944727719194a6f","ssdeep":"","tlshash":"1901e8d8cbc4d85b6ecc5d43ea14deca22b3813b97d972c38328fe8d05a9152d45c449","first_seen":"2023-09-09T20:10:51Z","last_seen":"2026-04-02T08:48:35.6317Z","times_seen":62,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/setRem.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.225Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/js/setRem.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":396,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"d02987ff470a67fcba408562e9039b72","sha1":"d9a56758e1c65a60adb5cdc5b85ba0da758b4ea3","sha256":"bc3a6655986e2078c03be02da0f14deb28a2849aaa1c28683498ff618ce3b2f2","sha512":"38ed9474ecfc476b2743f05765cabd7abba0c2e8d37ed23e6968e5405c5f3fcda1714ebcfafdf3262ea426f8afb385f8460e6e0c3dd4896abe591614f88571f0","ssdeep":"","tlshash":"ebe0927d6a9263317d27615c733f924c38b383271007de00bd1d92980fe19956244b9c","first_seen":"2023-05-10T11:34:44Z","last_seen":"2026-03-26T22:11:35.472571Z","times_seen":13,"resource_available":true,"data":null}},"time_used":420,"timings":{"blocked":113,"dns":1,"connect":137,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/index_cache.html","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index_cache.html HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1576,"timings":{"blocked":549,"dns":0,"connect":0,"send":0,"wait":1027,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/btn.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.620Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/btn.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/btn.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1823,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/images/banner1.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.749Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/banner1.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/skins/16581/images/banner1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":219783,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/footer-email.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.231Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/footer-email.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 309\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:58 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:07 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80614f1cb976d61:0\"\r\nX-Powered-By: AN-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache30.l2cn7329[32,32,200-0,M], ens-cache37.l2cn7329[33,0], kunlun1.cn7174[60,60,200-0,M], kunlun9.cn7174[62,0]\r\nAli-Swift-Global-Savetime: 1774216558\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:58 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165580448478e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":309,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 10, 8-bit/color RGBA, non-interlaced","md5":"d4b3c25b286cb9955589a1e27477b304","sha1":"6da00b5954caa7f5e5402a9ff4acef277cee61a7","sha256":"1c1facb08a1bc733e8582907096fc2d2c12fcb37323a45c04cb54396556e2972","sha512":"2a325c474a7779d6dc793d9b0901b48686c780fd5a05ec181014d36a69c77ad55b619d6b68a843137b8dccc34c5eda5308439af45df0e8bbbd56da228919715f","ssdeep":"","tlshash":"74e072d25a19b8abc00b0a2b41678882f9329883426b189cba89a41d3c287c172a0303","first_seen":"2023-07-04T12:15:00Z","last_seen":"2026-03-27T02:37:13.043501Z","times_seen":53,"resource_available":false,"data":null}},"time_used":1027,"timings":{"blocked":699,"dns":0,"connect":0,"send":0,"wait":327,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:58Z","timestamp":1774216558,"ip_dst":{"addr":"172.18.0.12","port":33360,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:58.257319+0000\",\"flow_id\":727208384301733,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33360,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/footer-email.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":23,\"bytes_toserver\":2402,\"bytes_toclient\":23011,\"start\":\"2026-03-22T21:55:56.428709+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/tel.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.621Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/tel.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/tel.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1905,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/QRcde_light.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.241Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/QRcde_light.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1251\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:09 GMT\r\nAccept-Ranges: bytes\r\nETag: \"808e801db976d61:0\"\r\nX-Powered-By: AN-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache44.l2cn7329[32,31,200-0,M], ens-cache66.l2cn7329[33,0], kunlun5.cn7174[59,58,200-0,M], kunlun9.cn7174[61,0]\r\nAli-Swift-Global-Savetime: 1774216559\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:59 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165592603684e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 102 x 30, 8-bit/color RGBA, non-interlaced","md5":"7990cc2542d39013c4ecc9f3b0a5f64d","sha1":"1c557bce105c0b6ec148114cecee137704fb76e6","sha256":"99471eedd9986cfb1b03c00d2ad2bd6697f5a91ef249ce3f67c0fd6ae756d91c","sha512":"cbe59441897f9138f37eefb2f1d6511f4bafcf6b6f860b194683e1532ccf03af947e7b59eb7d4ff1cfd534e975c23b415fc8b8e70aebd683b05a61415eb3941c","ssdeep":"","tlshash":"b321b74df9862842e14dd96229eb811b9f224e40ced4f098b9cdf4656e671b28c3f4c7","first_seen":"2023-07-04T12:15:00Z","last_seen":"2026-03-27T02:37:13.027637Z","times_seen":52,"resource_available":false,"data":null}},"time_used":2226,"timings":{"blocked":1931,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:09Z","timestamp":1774216569,"ip_dst":{"addr":"172.18.0.12","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:09.733377+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/QRcde_light.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1251},\"files\":[{\"filename\":\"/Skins/16581/images/QRcde_light.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1251,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":146,\"pkts_toclient\":163,\"bytes_toserver\":9045,\"bytes_toclient\":233976,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"89tongji.com/tj.js?id=41","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:59.217Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tj.js?id=41 HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":7246,"timings":{"blocked":7246,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:59.575Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 359\r\nOrigin: http://epswc8o.scupx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://epswc8o.scupx.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nEO-LOG-UUID: 6455733489164258383\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":312,"timings":{"blocked":25,"dns":1,"connect":24,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/pt_js.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.250Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/js/pt_js.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5040,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"221e1a1773751e1de6a3e5d6c550cd3b","sha1":"196e61390a2c43492e26c1f2fb2024d65a6865b1","sha256":"3aadb367874ce555e0d447bdb7a1825cbb4943968cdc885c55328246ecf02e5d","sha512":"8a55a4a3bfc29b75966847ebb678012f4bcbc16bf6358a1196ebe811aeabefc4bc012bbb803577f6f4e6c3b98d3df0f327b6a5ce922ece5ac4d3c916fa357eb5","ssdeep":"96:lOsG6+zdwzZjQNsRy6VyxjCP2WQlmreJvAKpjRfRT+:lDGVzdw1jQNsRy6Vyx+PHQlmreJvAKpG","tlshash":"36a13226f3623ab800bbb13b347f692917354057a5414d22bc3d50e46f643b8a57bfad","first_seen":"2026-03-22T21:56:47.131207Z","last_seen":"2026-03-22T21:56:47.131207Z","times_seen":1,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":253,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/apple.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.227Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/js/apple.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2016,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (378)","md5":"24d5d57d5ef233918b4e31b4a4a42db0","sha1":"dc93a03844229ee03b5fbcfc22952df315633aa5","sha256":"8cf1d359c59b2956038795751456fe546ea31a193bf30436642f6021a5351390","sha512":"c5b10a253eb150c560ad3e771e4a319a8fa97c22ad0d962c4b13f8f26d9974a01554700fb3034e2735d4c35923289edca7f243d87acaaabc5be5c5ef1a8b3686","ssdeep":"","tlshash":"af411f2a52a52439c40bf83dc6ff610069784607ad29ed88728c71514f6e43850feffa","first_seen":"2023-05-22T11:49:21Z","last_seen":"2026-03-28T16:48:59.252209Z","times_seen":42,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":114,"dns":1,"connect":142,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/pf_tel.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.008Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/pf_tel.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1425\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:09 GMT\r\nAccept-Ranges: bytes\r\nETag: \"808e801db976d61:0\"\r\nX-Powered-By: AN-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache12.l2cn8813[15,15,200-0,M], cache52.l2cn8813[16,0], kunlun5.cn7174[27,26,200-0,M], kunlun3.cn7174[30,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742165567525738e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced","md5":"2d278a0d7b5a8edf75edcc06c3c7d750","sha1":"d237b4e2ba43a754727a57da2d97b32574f8bab9","sha256":"9e02c452b61d5ffe141c12fc66dbf246d283cb043ab0f7eef4ed179a557ef0ed","sha512":"a5e39b3547ff18f546b753d6b40b4683d3c60a7b7bf956983ad30060e059df16863a41d933d23dac2e3fd6e8f99cdce33a529faee2ee92d4c6f8fb88c8f93939","ssdeep":"","tlshash":"3021b98eff587801898799c114fb521dcc778d4190d8b6faace6d97b4c710a928096cf","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-29T10:58:41.593305Z","times_seen":22,"resource_available":false,"data":null}},"time_used":928,"timings":{"blocked":0,"dns":421,"connect":239,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"172.18.0.12","port":33382,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.936013+0000\",\"flow_id\":42955669539621,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33382,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/pf_tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":596},\"files\":[{\"filename\":\"/Skins/16581/images/pf_tel.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":596,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2517,\"start\":\"2026-03-22T21:55:56.428837+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/skins/16581/images/banner2.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.911Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/banner2.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 212472\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:19:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"018a4dbb976d61:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache51.l2cn2655[22,21,200-0,M], cache68.l2cn2655[22,0], kunlun3.cn7174[35,35,200-0,M], kunlun1.cn7174[38,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165569977764e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":212472,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x550, components 3","md5":"652fe480b01d6b5238892da5aa9c3b5b","sha1":"b5d46105d43c73ad4698238f9f2c2a3de94203d2","sha256":"b52eb682c8f0924326f81b2a13b58ccdf1d8e3b3795e397f6e51680393e3700a","sha512":"4a2931ed58443ea515054cf1ca2a71873424231806027361c3e7769df499124531512617c068883cb1b86a0784abb854ca0407137d8ff3ca17b3f25a618dcf9a","ssdeep":"6144:gHb6K6eXsQRQu5h34vKZXrYlSmma62Y8JpPTVQXzz:KVX/RQ8uvIYtma6l837Kn","tlshash":"172412003c93c462cd96440f27c56be987bf2d2a96c235f6b13a88f7787b5855c722a7","first_seen":"2026-03-22T21:56:47.134727Z","last_seen":"2026-03-22T21:56:47.134727Z","times_seen":1,"resource_available":false,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":542,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.177935+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":594},\"files\":[{\"filename\":\"/skins/16581/images/banner2.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":3148,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img70.zyzhan.com/1/20230620/638228580999613130107.png","fqdn":"img70.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /1/20230620/638228580999613130107.png HTTP/1.1\r\nHost: img70.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":597,"timings":{"blocked":0,"dns":1,"connect":289,"send":0,"wait":0,"receive":0,"ssl":307},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/news_tb1.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.097Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/news_tb1.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 1155\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:09 GMT\r\nAccept-Ranges: bytes\r\nETag: \"808e801db976d61:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache37.l2cn8014[29,28,200-0,M], cache17.l2cn8014[30,0], kunlun8.cn7174[101,101,200-0,M], kunlun1.cn7174[102,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165578032178e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1155,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 8x8, components 3","md5":"e19f9a2d8c86011ab56ad0b05f857197","sha1":"eee54d62a3cdf0ec59248eb5f4566b04c306d8b8","sha256":"833b53c25285734499ac02c7c85f9c8793de384de2b847c5b67d79b371dac821","sha512":"474df79d7ffc9cb471f0c45550a42bfa68e6a792417e0d7017acf8f7326e76ead09d93578a271da90bb1bbcfdf1f07d079cf920b60c8dae069c5c107de844183","ssdeep":"","tlshash":"fb21200efe616c10f0d5ddb120ebc2276a2208a0d5e3ac52bcc99406b8a10fe4e657df","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.03311Z","times_seen":25,"resource_available":false,"data":null}},"time_used":961,"timings":{"blocked":595,"dns":0,"connect":0,"send":0,"wait":365,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"172.18.0.12","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.319738+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/news_tb1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1155},\"files\":[{\"filename\":\"/Skins/16581/images/news_tb1.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1155,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":56,\"pkts_toclient\":69,\"bytes_toserver\":4216,\"bytes_toclient\":92675,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img51.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace4391161aa660029970b34cd4f7477caf8b054ae71ed05b7ce212_320_320_5.png","fqdn":"img51.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"120.52.95.237","port":80,"asn":133119,"as":"China Unicom IP network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.236Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace4391161aa660029970b34cd4f7477caf8b054ae71ed05b7ce212_320_320_5.png HTTP/1.1\r\nHost: img51.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img51.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace4391161aa660029970b34cd4f7477caf8b054ae71ed05b7ce212_320_320_5.png\r\nX-CCDN-REQ-ID-46B1: 7bd9754029bec9861321524c6094431d\r\nvia: CHN-HElangfang-AREACUCC1-CACHE18[8]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1756,"timings":{"blocked":589,"dns":680,"connect":239,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/side_ewm.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.244Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/side_ewm.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/side_ewm.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8210,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":721,"timings":{"blocked":557,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/idx_about_bg.jpg","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.754Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about_bg.jpg HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/idx_about_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50755,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/btn.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.803Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/btn.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 1823\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:04 GMT\r\nAccept-Ranges: bytes\r\nETag: \"09e851ab976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache10.l2cn1813[17,17,200-0,M], cache31.l2cn1813[18,0], kunlun6.cn7174[39,39,200-0,M], kunlun1.cn7174[41,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165574981369e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1823,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x28, components 3","md5":"38a351de45e855f818efc57039097698","sha1":"5044f50d5c9916b073fc5ee5df03af9692165d9f","sha256":"6b71100ee1245b527b6b8fa64bc002329ce480e56a37d5dd66411182f0ff5318","sha512":"f14ed99a9b288ee090527c0c28eeb25feb983496795a22d9951462894376171a44d66c8c87d570aa27bf83dcb6816571cf25dd47eaee9bc13babe0849034124e","ssdeep":"","tlshash":"aa31d808fedabe92e9ea697024f7c56a452b0844e4b3b612b8ddc07e305047b01155fb","first_seen":"2024-12-07T23:59:59.342084Z","last_seen":"2026-03-27T02:37:13.071086Z","times_seen":18,"resource_available":false,"data":null}},"time_used":888,"timings":{"blocked":586,"dns":0,"connect":0,"send":0,"wait":301,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33332,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.690659+0000\",\"flow_id\":779360024693169,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33332,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/btn.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":51,\"pkts_toclient\":64,\"bytes_toserver\":3558,\"bytes_toclient\":88922,\"start\":\"2026-03-22T21:55:56.428465+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/skins/16581/images/banner1.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.912Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/banner1.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 219783\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:12 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0524a1fb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache40.l2cn7857[26,25,200-0,M], ens-cache48.l2cn7857[27,0], kunlun3.cn7174[52,52,200-0,M], kunlun9.cn7174[54,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165569995756e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":219783,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x550, components 3","md5":"bf5ee988c7504a2ad35828afba9e1073","sha1":"5638d7a9a4d56dd71ee3e6eddb5bdd436039b34e","sha256":"a2147d30cf442f7cf6dab0442ddd54a1c806a2272872b6a9d3636f7edfaf44c9","sha512":"58db0d2d833705d8b72774844f072f82870d6d0c8da7c9e2bb00b8dfa7cbf04f69939b58bc7b441d76aec7409e9de2d44431f25004f021fe2d5745325831f119","ssdeep":"6144:/rdB6NOewLM1uDLGIc+5hH9guMHoQHSN+C42rG5G:/p8NpICM2oQHSND42n","tlshash":"b624233a480237a9f8559e393a1ae5c4f5bc63dd0de0452db5ca5a85eb3723c233c663","first_seen":"2026-03-22T21:56:47.137652Z","last_seen":"2026-03-22T21:56:47.137652Z","times_seen":1,"resource_available":false,"data":null}},"time_used":847,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":560,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.195634+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":2562,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/idx_about_line.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.937Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/idx_about_line.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 1223\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:08 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f8e71cb976d61:0\"\r\nX-Powered-By: AN-115.4.173\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache50.l2cn1800[26,26,200-0,M], cache2.l2cn1800[27,0], kunlun3.cn7174[47,46,200-0,M], kunlun5.cn7174[49,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165577848920e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1223,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2x154, components 3","md5":"cecd676c381d76abd1be7b1b9593472c","sha1":"3d45586307e134b60cf5987784b6182c9fc88885","sha256":"a138056c03d49f84c9ef2d4e83c137d2a57a71fecc8365c3d854ca3a48d66d7d","sha512":"4e88609bad1e7eaf76ba6ea1d2e187d737810d98ac5f3b83e591f90f9f10d32a996aff811c49faf97b72a0d032e6247931cb6c9318a0afa8247ccaafe8b96f8b","ssdeep":"","tlshash":"a621330af8816c21f4d8ea7110f3d52b0b064890f9e3ed42a8cdc00afdb01f7196a6cb","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.024753Z","times_seen":25,"resource_available":false,"data":null}},"time_used":1042,"timings":{"blocked":736,"dns":0,"connect":0,"send":0,"wait":305,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:08Z","timestamp":1774216568,"ip_dst":{"addr":"172.18.0.12","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:08.249359+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/idx_about_line.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1223},\"files\":[{\"filename\":\"/Skins/16581/images/idx_about_line.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1223,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":28,\"bytes_toserver\":3019,\"bytes_toclient\":27288,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/style1.css","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/style1.css HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 24 Apr 2023 11:24:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"644666d1-2acf\"\r\nExpires: Sun, 22 Mar 2026 22:55:59 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10959,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (465), with CRLF line terminators","md5":"9dcee9f3e3a9adc3a8fd044d18aff03a","sha1":"222a22156013ec694b2088c0a92e22e95cadfeb0","sha256":"53143bf9cab52824338170fc6c349fddcec4f52dd1cb999c83f7865365445d8a","sha512":"782456493e261dc963ab94961e51482abd496641b98dc345b87bd8f6d220abddc3b747fd3bad55aefc2d89435f82eccb5bb08438ad29379d05b1094c0c2445e9","ssdeep":"192:YttDBv+hilwO09z0GgvfmLkyGtKwk6NxCiGgxE3M3EEVuo0Kkzxl8AjnHI0rGLd4:YttDBoilwO09z0GgvfmLkyGtKwk6NxCp","tlshash":"48327b2b9340288f745bc77868d77599f639c064fe3dd95ea31a33a6422298e1037fc5","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.057064Z","times_seen":1714,"resource_available":false,"data":null}},"time_used":2159,"timings":{"blocked":928,"dns":31,"connect":298,"send":0,"wait":296,"receive":0,"ssl":603},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/footer-email.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.771Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/footer-email.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/footer-email.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":309,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":291,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/jt_left.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.139Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/jt_left.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 1510\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:08 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0f8e71cb976d61:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache16.l2cn9014[17,16,200-0,M], ens-cache16.l2cn9014[18,0], kunlun8.cn7174[33,32,200-0,M], kunlun9.cn7174[34,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921d17742165578498000e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1510,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 25x30, components 3","md5":"ad467991cdba0e6befcca4339632dd95","sha1":"9a4040e71966ed8ded3cadc8afc50dc6af165048","sha256":"38dbfb3d66f2257071f3771aca122414a65e5cf9a0efe6d0589d6834eb7b7a83","sha512":"e2c0050aad69797c17bbc3e06161bfa80371e36e55fec56beb0bc3837e4a38b8c53be71e192ba7e13fb207e9f43827e8d52ae48e645eade4701595dfbd213861","ssdeep":"","tlshash":"b6316309aa0359c5d848d9b038f320b7d6332bc0dad3995968cb9817ca74273251a7fb","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.049038Z","times_seen":13,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":619,"dns":0,"connect":0,"send":0,"wait":277,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:59Z","timestamp":1774216559,"ip_dst":{"addr":"172.18.0.12","port":42538,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:59.443927+0000\",\"flow_id\":453079949140122,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42538,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/jt_left.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1510},\"files\":[{\"filename\":\"/Skins/16581/images/jt_left.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1510,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":144,\"pkts_toclient\":160,\"bytes_toserver\":8937,\"bytes_toclient\":231691,\"start\":\"2026-03-22T21:55:56.680090+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/5_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/5_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:14 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9132\r\nLast-Modified: Fri, 22 Oct 2021 07:29:28 GMT\r\nConnection: keep-alive\r\nETag: \"61726858-23ac\"\r\nExpires: Tue, 21 Apr 2026 21:56:14 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9132,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"a0175d738a1002bc3533d496bfd4cc8d","sha1":"82a4b1d855e51c2f3be325f5f3368cc254934479","sha256":"908a0f4cf34ca2dd0e638ef1bf08f637a29757610ae1b65628ab8cbb22345a5e","sha512":"c115e96a214f15a90c0f66db5b514431ff4577a4f80ea1ae01afae1cc49b65dc37c0fa5d34e10ec477d9a21c78d38b9405eef4cd04a01475bd2365542366954f","ssdeep":"192:/+kSJEbg/KDV2kjb3q3/damug8BGUJYx3fxGD:2GgmVpjb3qvda1gRyYXK","tlshash":"2e125b29b2013becef6fed5311f2d772e73580b2b0b9d6061cbd45530d691906005bd9","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071897Z","times_seen":1334,"resource_available":false,"data":null}},"time_used":2135,"timings":{"blocked":911,"dns":1,"connect":307,"send":0,"wait":297,"receive":1,"ssl":616},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/js/qq.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.249Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/js/qq.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1464,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"eaf13e93011880bf8e0891a82bdc283b","sha1":"d2a8d9f0afd8031074a8da67a6bdf46f51761edb","sha256":"dbf2017b93e3d67efbc8380858af7413c0fb0609491fae55ffce82c1be8f23dc","sha512":"07b5a34367ce85579f7b70cbdc89621268b98a3951b8e7092f5cf9f02d2681c582dd8e703d7890937ee55a8862c52eb818969e4a498674088a543e75d363685b","ssdeep":"","tlshash":"5131bcd8f78e152150b1b2bd893fd7cc713e1023b853a867ac6d84b808f967b1325d98","first_seen":"2023-08-05T07:44:19Z","last_seen":"2026-03-29T19:34:53.460649Z","times_seen":65,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":92,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/kfc/musk/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 02:39:06 GMT","end":"Mon, 15 Jun 2026 02:39:05 GMT"},"fingerprint":{"sha1":"9C:02:BC:FD:E6:FD:6F:73:A8:FF:02:17:D8:7B:9B:7F:1C:15:3C:76","sha256":"C8:B1:53:77:6B:D6:88:15:FD:58:31:16:AE:D3:12:44:08:D5:BD:EF:E6:F5:9E:D4:9A:66:25:E8:50:22:88:B1"}}},"request":{"raw":"GET /kfc/musk/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 08 Oct 2024 16:32:51 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67055eb3-d27\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3367,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"a692dc4bfc4e1f2ba6cba48935345be6","sha1":"93b0fa260cf2615da3669693a9bee893bdb6462e","sha256":"eb8398efb312906ed5950dc731d9ac177fe5adae0a090edca2d2f65e9254b8eb","sha512":"2e9395aac0bdcc60a069fcbaad7d4f39156fd6fb1b9e69c7b0fa51fd7fab303f2a14437a5d7b0230e114a8805537febd6a36220662d8ca4b2d31234e7e48ca27","ssdeep":"","tlshash":"6f612e54ff8d20338e133165ae6f958c24be68177948eca7f80c64d44fa0d38852beac","first_seen":"2024-10-12T13:47:38.403922Z","last_seen":"2026-04-02T08:48:35.631105Z","times_seen":61,"resource_available":true,"data":null}},"time_used":2204,"timings":{"blocked":951,"dns":40,"connect":300,"send":0,"wait":301,"receive":0,"ssl":607},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/footlogo.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.989Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/footlogo.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 5164\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:12 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0524a1fb976d61:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache11.l2cn9014[17,17,200-0,M], ens-cache19.l2cn9014[19,0], kunlun5.cn7174[61,61,200-0,M], kunlun10.cn7174[63,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742165567545922e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":5164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 198 x 65, 8-bit/color RGBA, non-interlaced","md5":"01df2777f942f4d0bf099c6a9e4784bd","sha1":"20a0e8975640b118ab2444f35706bc15f796f204","sha256":"687085d5292b7dad91080dc3158a50a27bb7084fbe579b3ffa770c0c7761d7d4","sha512":"016d48fc41cb80286d5fe07ca26ea2f21bb83319d67aea1c7230fee27bafae61e518ef53d0a16cc9c1c6593890a98c3c7626eab46538100d9c799e6ff1e578e7","ssdeep":"96:dQ2Cr2cr/YBW6RGbAupfDp9Crca7R48opfpVkoLqjHe584U0rg:d/CrHz8ef6cabUZcHeq0U","tlshash":"a2b18e2889d1f444ab1e1d8831e1a017df7714d0faf133ead4b9c6a71a110b92d4dacf","first_seen":"2026-03-22T21:56:47.143625Z","last_seen":"2026-03-22T21:56:47.143625Z","times_seen":1,"resource_available":false,"data":null}},"time_used":979,"timings":{"blocked":-1,"dns":440,"connect":237,"send":0,"wait":300,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:56Z","timestamp":1774216556,"ip_dst":{"addr":"172.18.0.12","port":33372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:56.966438+0000\",\"flow_id\":405055772330725,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33372,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/footlogo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":126},\"files\":[{\"filename\":\"/Skins/16581/images/footlogo.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":126,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2686,\"start\":\"2026-03-22T21:55:56.428773+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.614Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1217,"timings":{"blocked":0,"dns":952,"connect":265,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/ys_icon1.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.987Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon1.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1700\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:10 GMT\r\nAccept-Ranges: bytes\r\nETag: \"025191eb976d61:0\"\r\nX-Powered-By: AN-115.4.172\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache54.l2cn2655[17,17,200-0,M], cache44.l2cn2655[18,0], kunlun8.cn7174[29,29,200-0,M], kunlun10.cn7174[31,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921e17742165570746723e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1700,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"a02f05566241ae57ea7137ba739ea58c","sha1":"66b61aeb1aa430ebde5685092a1f155be02cac87","sha256":"f38ca7b3b718b4a026ea6526a813619c8986d188132ba75dad82dbbc63774d86","sha512":"7e5a33a0e3fc0d04ef4dc70be79fa180a675d40f58588143efb702df1ed5c94671d66d93e63be606ebb47588f1085d368aa3b58c174e0063302e4ed7e5485b55","ssdeep":"","tlshash":"3331b204fd7369c1939df88818f0842b98268894dfe0a4a0b48ecc982b395e060b45df","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.058621Z","times_seen":24,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.255490+0000\",\"flow_id\":405055772330725,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33372,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":11,\"bytes_toserver\":1336,\"bytes_toclient\":9206,\"start\":\"2026-03-22T21:55:56.428773+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/fx.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.098Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/fx.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 7247\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:07 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80614f1cb976d61:0\"\r\nX-Powered-By: AN-115.4.174\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache30.l2cn2655[18,18,200-0,M], cache69.l2cn2655[19,0], kunlun3.cn7174[30,30,200-0,M], kunlun1.cn7174[34,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921517742165578082192e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":7247,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 90, 16-bit/color RGBA, non-interlaced","md5":"15bcc9297619074cb373e44d6a8cbb5c","sha1":"36e7c2e14a0c45123a169826fafefe4d369b741a","sha256":"0db30ceb45fd4085320793544642d7f1a40eaada6c72cdf4ae952cbc8f6cbc8e","sha512":"4cb8806e55331601eef0c0bd1fc84b66a251ccf1871f335d0d228e54e8f7d18de70dd68322dad5199d7a80cc9fb20ebc340f8738f5f3ebec7288e78649db699f","ssdeep":"192:rSHIIHUCD4wacyuBa8la1tnS71HsF7jLNqg4NXP3rR2R5vOWE8rVa:e50wRyu4F1tS71HsxBqtP4RxhEF","tlshash":"9ce1afc20c93055458460e5d143f4b40095aefd8860e3f9cdcaed34eab21cb27e2bb67","first_seen":"2023-05-25T10:42:37Z","last_seen":"2026-04-01T01:07:14.403534Z","times_seen":200,"resource_available":false,"data":null}},"time_used":890,"timings":{"blocked":623,"dns":0,"connect":0,"send":0,"wait":264,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":42514,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.45","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.985484+0000\",\"flow_id\":1809574502621214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.45\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":42514,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/fx.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2056},\"files\":[{\"filename\":\"/Skins/16581/images/fx.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2056,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":139,\"pkts_toclient\":155,\"bytes_toserver\":8283,\"bytes_toclient\":226100,\"start\":\"2026-03-22T21:55:56.679966+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/logo.png","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nContent-Type: image/png\r\nContent-Length: 27927\r\nLast-Modified: Fri, 22 Oct 2021 07:29:32 GMT\r\nConnection: keep-alive\r\nETag: \"6172685c-6d17\"\r\nExpires: Tue, 21 Apr 2026 21:55:59 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 85, 8-bit/color RGBA, non-interlaced","md5":"1555066b01ba12346071989c467ccf25","sha1":"50c92c270ddc54e309f1499dde7e04fddcdee8c4","sha256":"a8102cc2e6a32d0e128a3757c711489f1d7426123617283cf8d3cb1fd838f101","sha512":"859208a96a6ea1d6030470c159a9dda03a06203d106e19bd71885909d8b329ea6bba0b9068629fbf8d5a1ef693d36239dbde79788f082177e745b9584af1f319","ssdeep":"768:OVmJDb1mQ/HASD6KkXkbJzKyV3Tp1I+JZ:fJD5r4S2KjzKylI+JZ","tlshash":"d5c2e189f1e16d8c20d1e40d5f916979b7d7e0c19554f6f2a0c8f8266e3a249ed08cd7","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.064391Z","times_seen":1726,"resource_available":false,"data":null}},"time_used":3053,"timings":{"blocked":1223,"dns":30,"connect":298,"send":0,"wait":597,"receive":2,"ssl":601},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/logo.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.222Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/logo.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/logo.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17131,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":746,"timings":{"blocked":578,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/footlogo.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/footlogo.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/footlogo.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5164,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":726,"timings":{"blocked":558,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/skins/16581/images/side_ewm.jpg","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.115Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/images/side_ewm.jpg HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 17550\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.175\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache25.l2cn7857[34,34,200-0,M], ens-cache33.l2cn7857[35,0], kunlun5.cn7174[70,70,200-0,M], kunlun5.cn7174[72,0]\r\nAli-Swift-Global-Savetime: 1774216556\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:56 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165567916230e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":17550,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x180, components 3","md5":"52d8ff68a3ff7388313227ba9f0e5575","sha1":"91cbc69fd9f1906341cff7f96198ee922d9cc67c","sha256":"f16e0cda1c01cac7c364a4735529b1d7851d4c9252a3f41b0d90537625e904bf","sha512":"a78fad9c19f947cb83215ad9fe32bc8f6871ddc1d838b828e6a7ebeb6c96bc6e0bb01c9556e3003225e981e9645a5a15b30e4eadbb72ea181b08275894370ecd","ssdeep":"384:QuqPgLQbSkOkWJz4ZxN5zdtVvYqkmxA7AiZbH7fhtvboqj8e:QuqPgMbSkOkY4P3dtVsmQjlPou","tlshash":"d272c00678187ed1dccb2bb4d9e6d233f0f44ac871dabbb70559b2581613bf60151a15","first_seen":"2026-03-22T21:56:47.14739Z","last_seen":"2026-03-22T21:56:47.14739Z","times_seen":1,"resource_available":false,"data":null}},"time_used":923,"timings":{"blocked":0,"dns":313,"connect":254,"send":0,"wait":326,"receive":30,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.009029+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/skins/16581/images/side_ewm.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":666,\"bytes_toclient\":2628,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/jquery.la.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.948Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:58 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 11 Mar 2026 14:17:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69b1797a-4c5\"\r\nExpires: Sun, 22 Mar 2026 22:55:58 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1221,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (554), with CRLF line terminators","md5":"23427e5eabe2dd0e4c3af97ce43b59d8","sha1":"646719d5278d450984ab3d0542345b766e500664","sha256":"f98905d0075788822868d529059521c7624a9417f03446ceed07eca11ded7795","sha512":"32a718dd95481c4787c6d3322694f6af5a1fae93c5f8da324a0732df5ebee435acf705ab6760f5a666d65910e2f5c5d57ce1f9884f94fd943e0f5aa3b500c920","ssdeep":"","tlshash":"e321f15fbc06e2546b52396633b7ddaca9fe00325409dc0668eec16c3c15ff84126b4c","first_seen":"2025-03-25T22:27:11.993929Z","last_seen":"2026-04-01T22:04:15.521934Z","times_seen":8,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/skins/16581/js/swiper.min.js","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.226Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /skins/16581/js/swiper.min.js HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":124670,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65268)","md5":"55dfa40f2efbb761f30b620ad9687b64","sha1":"fbe60d9355cacfe4459614579d443b84860b3fc5","sha256":"fa00600fbc2769c50e908d4e555014f35b0575302336bd92da780f305e88d895","sha512":"63dbf9e95258281cc25a6f31b3895580165f7e4233a037dc3a6b352e8b1ad1f398357b57dda579b9468fde2d85df2940e0f1dd54d4d6748a356b8fdc844092c7","ssdeep":"1536:nArVAiT53aBXr1nuNraK8h78lucfbyyDk5PJVzD5vp0XvH7WcWUwcPqojsE8EtOE:5BXr0rJ27URmvD5ufH7WcWUwcPqmz1L","tlshash":"06c31949b35071d551e72256539ed601a3b62805b90ac0a831b2dcdbadbde8c03bfefd","first_seen":"2023-03-07T12:26:02Z","last_seen":"2026-03-28T16:48:59.273083Z","times_seen":45,"resource_available":true,"data":null}},"time_used":558,"timings":{"blocked":113,"dns":1,"connect":138,"send":0,"wait":167,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img44.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace439100a9e9f644a832b211200e2de000e8f62c8e39605a98ac81_320_320_5.png","fqdn":"img44.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"218.60.101.80","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.233Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace439100a9e9f644a832b211200e2de000e8f62c8e39605a98ac81_320_320_5.png HTTP/1.1\r\nHost: img44.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 21:55:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img44.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace439100a9e9f644a832b211200e2de000e8f62c8e39605a98ac81_320_320_5.png\r\nX-CCDN-REQ-ID-46B1: 78e5b9af26c8f2372a1e9f201f40c1b7\r\nvia: CHN-LNdalian-AREACUCC6-CACHE23[3]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1889,"timings":{"blocked":567,"dns":707,"connect":306,"send":0,"wait":309,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/pf_tel.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:55.245Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/pf_tel.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/pf_tel.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":758,"timings":{"blocked":606,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/ys_icon4.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.087Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon4.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1523\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.171\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache26.l2cn3059[38,38,200-0,M], cache30.l2cn3059[40,0], kunlun5.cn7174[49,49,200-0,M], kunlun3.cn7174[51,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921717742165571696857e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1523,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"3953bfd431c324a9c33e637ccaa2232a","sha1":"cdf4004804e9d3eea769733d379ab066114d5f81","sha256":"52d8984514006b28630c85532f04945df635a5a2eac46f48687a15a751a8852e","sha512":"cb07b99157ffbd1a13c80f71a3303e7be3010ee13cca37ce3e35edba5426b1f83a4701eeca01f61054ba1e06372a282e13e5166afb2fcee17d4493a872b420a1","ssdeep":"","tlshash":"d131b54bb611ac01b0a8d8e274faa12fb8128841c9c1fa85bdcfc8235e691b00c1d1ef","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.054872Z","times_seen":24,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:56:07Z","timestamp":1774216567,"ip_dst":{"addr":"172.18.0.12","port":33382,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:56:07.626327+0000\",\"flow_id\":42955669539621,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33382,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon4.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1523},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon4.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1523,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":1256,\"bytes_toclient\":5120,\"start\":\"2026-03-22T21:55:56.428837+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/3_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/3_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:14 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8660\r\nLast-Modified: Fri, 22 Oct 2021 07:29:26 GMT\r\nConnection: keep-alive\r\nETag: \"61726856-21d4\"\r\nExpires: Tue, 21 Apr 2026 21:56:14 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"bd5b31f1e7d18e29d6c10312eb6661da","sha1":"73d597ea109cd53140943270b6629ab8ebd3e69c","sha256":"62f4ab1a75135e43fb19419972b6ec12b8ba3ac8337feae4023bd7b9b0e9d59a","sha512":"eef274c9b0fa072a6039e3bb58653792462653c97df74d609b5f491918d94341af6e11b9f9a396d61cb45d73636a4cade653d36b8dfc8b6c08a42df25326105e","ssdeep":"192:xChGKgyRvOj4GUHxnizS7NobBIEkgOOhyKAKU5ny:kh5OvUHBR7UBhBhGny","tlshash":"8c026c01a6912fdecf4f256365b3c339e6c91d30f062fa692abd54931e125715012b9a","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.070951Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":2101,"timings":{"blocked":900,"dns":1,"connect":299,"send":0,"wait":295,"receive":0,"ssl":603},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.zyzhan.com/asyncstat.aspx?u=bjztht\u0026referer=\u0026title=44118%u592A%u9633%u6210%u57CE%28%u4E2D%u56FD%u96C6%u56E2%29%u6709%u9650%u516C%u53F8","fqdn":"www.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"180.163.146.43","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /asyncstat.aspx?u=bjztht\u0026referer=\u0026title=44118%u592A%u9633%u6210%u57CE%28%u4E2D%u56FD%u96C6%u56E2%29%u6709%u9650%u516C%u53F8 HTTP/1.1\r\nHost: www.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 530\r\ndate: Sun, 22 Mar 2026 21:55:56 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=ybzy0ocsbre3vum2csyn2k4k; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_ybzy0ocsbre3vum2csyn2k4k=10.115.3.122:9715; domain=.zyzhan.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-4.91\r\nvia: ens-cache30.l2cn7368[55,55,200-0,M], ens-cache68.l2cn7368[56,0], kunlun5.cn7174[67,66,200-0,M], kunlun1.cn7174[69,0]\r\nali-swift-global-savetime: 1774216556\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Sun, 22 Mar 2026 21:55:56 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921517742165567997195e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":530,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (504), with CRLF line terminators","md5":"00bd7abf579e95b0569b5ee851f68a20","sha1":"5bba490f920e54fedcc5d74c10483976853c6f13","sha256":"5104f457b725a073da0790219b4afa0a607733df72bdf2bc97dabfecad869990","sha512":"8933476dfc3af043e31a579831a9789ca4f37168fccd6c944d600be1a021caccec3504c0fc2ec2ffad8709c9a98bec5833e6f974f82fe74436f2ac70bc7018bd","ssdeep":"","tlshash":"f0f059674d05e2e9c801aafddea2d798d04b0f7b3161da73a163108536209b7b4ac9db","first_seen":"2026-03-22T21:56:47.151661Z","last_seen":"2026-03-22T21:56:47.151661Z","times_seen":1,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/ys_icon4.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.767Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon4.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/ys_icon4.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1523,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":140,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/Skins/16581/images/QRcde_light.png","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.772Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/QRcde_light.png HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/Skins/16581/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.bjztht.net/Skins/16581/images/QRcde_light.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":464,"timings":{"blocked":309,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/tel.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:56.804Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/tel.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1905\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:10 GMT\r\nAccept-Ranges: bytes\r\nETag: \"025191eb976d61:0\"\r\nX-Powered-By: AN-115.4.176\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: cache39.l2cn3130[10,9,200-0,M], cache35.l2cn3130[11,0], kunlun6.cn7174[25,24,200-0,M], kunlun5.cn7174[26,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165575008134e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1905,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 49 x 46, 8-bit/color RGBA, non-interlaced","md5":"f09832434e88a0b3ad971bae0eaf451e","sha1":"7e25bff6926f2ce1c7f81ae13aa8ce89bf6f4210","sha256":"1675ad70eb0e73dcb5c40f8a529d56a6defb76a1a3cb51848ccbc55ef20161e6","sha512":"915be34d8b41e223bd19fa355a9720e6dc02edc5357ddbd9541927a71c323279465c855e3c7c2744c110cf3866def39ce554996152c7bc3201d6a6136c3b5e6b","ssdeep":"","tlshash":"4541d98dded52841a2cef64714ee8107c5028d45c6c5f4a2f9cdc4a66bd04eec94adcf","first_seen":"2024-12-07T23:59:59.33819Z","last_seen":"2026-03-27T02:37:13.065892Z","times_seen":17,"resource_available":false,"data":null}},"time_used":869,"timings":{"blocked":585,"dns":0,"connect":0,"send":0,"wait":283,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.673067+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/tel.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":24,\"bytes_toserver\":2421,\"bytes_toclient\":24986,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img59.zyzhan.com/gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace43916e7e4e50da8740d468782c5d2ecd412f575f4fba64ea9695_320_320_5.png","fqdn":"img59.zyzhan.com","domain":"zyzhan.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.zyzhan.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 25 Sep 2025 07:19:01 GMT","end":"Sun, 25 Oct 2026 07:19:00 GMT"},"fingerprint":{"sha1":"E6:3E:BF:20:AD:44:FD:77:47:8E:5F:AB:FB:9D:06:6D:F3:0D:9B:46","sha256":"D0:76:31:48:88:6B:F3:4D:10:17:7A:D3:F3:3A:FF:4B:F1:0C:82:E5:64:DB:1C:87:F3:8C:84:1B:53:A0:6B:53"}}},"request":{"raw":"GET /gxhpic_3c9f37c357/3b2c6b54ba15b92489af0e94eace43916e7e4e50da8740d468782c5d2ecd412f575f4fba64ea9695_320_320_5.png HTTP/1.1\r\nHost: img59.zyzhan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":1,"connect":289,"send":0,"wait":0,"receive":0,"ssl":296},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.bjztht.net/Skins/16581/images/ys_icon2.png","fqdn":"www.bjztht.net","domain":"bjztht.net","tld":"net"},"ip":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:57.074Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/16581/images/ys_icon2.png HTTP/1.1\r\nHost: www.bjztht.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://epswc8o.scupx.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1603\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:57 GMT\r\nLast-Modified: Thu, 20 Aug 2020 06:14:11 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80bbb11eb976d61:0\"\r\nX-Powered-By: AN-115.4.177\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nContent-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nX-Content-Type-Options: nosniff\r\nVia: ens-cache30.l2cn7329[37,36,200-0,M], ens-cache58.l2cn7329[38,0], kunlun3.cn7174[64,64,200-0,M], kunlun5.cn7174[66,0]\r\nAli-Swift-Global-Savetime: 1774216557\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 22 Mar 2026 21:55:57 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: b4a3921917742165571777282e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1603,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"545b63b3519a95bae99df0a310d1d27b","sha1":"fc87125a983e28223c31cdc03acdb3c228aeff56","sha256":"85cded15434ab87870d524fe118875bef106290f130918b1a9804b11643bc751","sha512":"99522af15a17a7a85df8899e14541edfdda2640a592685e8286ce38b6330500fde87f3cba82b9cd6e43920af3d4c314fa6da523fc144a734dde49b86ce582e74","ssdeep":"","tlshash":"e531831ca6456c43918dd68204f6a01bce670ec0faf0a175beeecc355a3e2b55b1879f","first_seen":"2023-05-11T09:11:42Z","last_seen":"2026-03-27T02:37:13.067053Z","times_seen":24,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T21:55:57Z","timestamp":1774216557,"ip_dst":{"addr":"172.18.0.12","port":33384,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"180.163.146.40","port":80,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2026-03-22T21:55:57.645454+0000\",\"flow_id\":1331686376508258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"180.163.146.40\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":33384,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.bjztht.net\",\"url\":\"/Skins/16581/images/ys_icon2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://epswc8o.scupx.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1603},\"files\":[{\"filename\":\"/Skins/16581/images/ys_icon2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1603,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":21,\"bytes_toserver\":2355,\"bytes_toclient\":22057,\"start\":\"2026-03-22T21:55:56.428898+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:55:59.552Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 358\r\nOrigin: http://epswc8o.scupx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://epswc8o.scupx.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://epswc8o.scupx.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 21:55:59 GMT\r\nEO-LOG-UUID: 8655873005742300988\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":533,"timings":{"blocked":28,"dns":1,"connect":27,"send":0,"wait":477,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"epswc8o.scupx.com/","fqdn":"epswc8o.scupx.com","domain":"scupx.com","tld":"com"},"ip":{"addr":"23.231.118.233","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T21:55:54.750Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: epswc8o.scupx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:55:54 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}],"data":{"size":20192,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (603), with CRLF, LF line terminators","md5":"5ef364d7b3694f65fddbe44a98fdf9f5","sha1":"95afe30c084a04b35d93c3a6c430ef33ee51358d","sha256":"3199f10f38dc15b19eaf1357727930053ac24f7820ffa8c429867fb94762d149","sha512":"15e7e0c0af0a5533af3c4bc3dec827e9a96d2343f19e84e79886cf0a7f04b85d9942e70e73b061fb54f9c05b9863adc6e0fe60a44d3caf8dda700aa3de60658a","ssdeep":"192:m4ImWGKxe1kBGsFGpGvYUq/QtLlP9rx4BhBijOejxLvIk0W1pZkTyRBc7c6TmmKT:mjGUYp4qItLlcO+OLkTy7C5+d","tlshash":"4192961686e9191b42b242de75b5af2ff0c292baf61b5e0233fc57ca9bc4dc15e0214d","first_seen":"2026-03-22T21:56:47.154542Z","last_seen":"2026-03-22T21:56:47.154542Z","times_seen":1,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":141,"dns":1,"connect":144,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"epswc8o.scupx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/4_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/4_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9010\r\nLast-Modified: Fri, 22 Oct 2021 07:29:27 GMT\r\nConnection: keep-alive\r\nETag: \"61726857-2332\"\r\nExpires: Tue, 21 Apr 2026 21:56:13 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9010,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"fda80dce60b7652bc25d8050e874fc5e","sha1":"af999552eb2effe20b9bb6548bd3b40bf6b82fce","sha256":"86872602a83d5e41e9bf331e3f16f87d4631bd2a5f9f141c665eb00d6c20db92","sha512":"33271a5336643c30b2f6c91f3b9e9a88c68f5820de79ce486430643f0676cf6ab3ae2733e4ef796399656ea921e00afc609fc26beef03d0e033f3b25069b3e40","ssdeep":"192:HY0nSEeZkjRaPNWM7JHKm/4aqQP3vwHYKhU:znSReValWMV9nqQPoHYt","tlshash":"09027c11d2566f0cffcee55221b64738305a86f2f4e9e818bcffe1ab846001d251572b","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.0634Z","times_seen":1359,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/1_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://epswc8o.scupx.com/","date":"2026-03-22T21:56:13.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/1_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 21:56:13 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9995\r\nLast-Modified: Fri, 22 Oct 2021 07:29:22 GMT\r\nConnection: keep-alive\r\nETag: \"61726852-270b\"\r\nExpires: Tue, 21 Apr 2026 21:56:13 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9995,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"b28d56b08ae1c39178b7ed387cfd1297","sha1":"e1eede6d5d7351d6e98b7afb188c6e1615233027","sha256":"ef09e72ae4d2d62570afb35c6b39a540b3f52db05b3e5e8e8c4cf81c5ff15810","sha512":"e1f4351e2077a20e516a77161dea0f713134f9dce57744a808c7e6ba341a2edb96c30f0bd3c0b790d044fd129caf460d76c1211faad3e2d990f9c1bc1515aafb","ssdeep":"192:g0JO5368nQnrIOA7ob5HWY9Udd7iaNDHecz3avA7ofV:giO5368nC0O+o4C6dnNVrav8ofV","tlshash":"46228c386a36138bd4ce1da2e1fc16e343778b42148a51b9f5b5c5c315333a430a6eee","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071438Z","times_seen":1347,"resource_available":false,"data":null}},"time_used":610,"timings":{"blocked":295,"dns":0,"connect":0,"send":0,"wait":309,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}