{"report_id":"84f4d43c-550d-46ea-a3a1-77228d4abfa0","version":6,"status":"done","tags":[],"date":"2025-10-16T16:16:53Z","url":{"schema":"http","addr":"ctt-pt.shop/","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"ip":{"addr":"43.162.113.223","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ctt-pt.shop/","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"title":"ctt-pt.shop/"},"submit":{"url":{"schema":"http","addr":"ctt-pt.shop/","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"ip":{"addr":"43.162.113.223","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T16:16:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"ctt-pt.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"ctt-pt.shop","ip":{"addr":"43.162.113.223","port":80,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"2025-09-29","domain_rank":0,"first_seen":"2025-10-16T16:16:53.265333Z","last_seen":"2025-10-16T16:16:53.265333Z","alert_count":3,"request_count":3,"received_data":741,"sent_data":1223,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"ctt-pt.shop/favicon.ico","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"ip":{"addr":"43.162.113.223","port":80,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ctt-pt.shop/","date":"2025-10-16T16:16:31.978Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ctt-pt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ctt-pt.shop/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.26.3\r\nDate: Thu, 16 Oct 2025 16:16:32 GMT\r\nContent-Type: text/html\r\nContent-Length: 74\r\nConnection: keep-alive\r\nETag: \"68368bf0-4a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"49b6a4d9fbfdd7f28d6aab0ca47d4f3c","sha1":"ba7776bd78ba330bf7f9282e7ba9f66eecab4f6e","sha256":"f72742bd9209fab9279417668bc31ca875c31e0fd2706264f11b7caeae7737ce","sha512":"13d0555f5057acd12271bad970d285516c7ab8b677717c65ad605c16078dd6ab0d58f232f1bd49a75e7eeff7c9a145a2325b48a6b8ebc0ee17861bc0c05a6003","ssdeep":"","tlshash":"eba0222ac002ca8c8f300030c08af8303c8c820fc3232ab808b0c200b008cb300c22cc","first_seen":"2025-05-31T12:28:05.008738Z","last_seen":"2026-03-28T04:58:51.928707Z","times_seen":2800,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"ctt-pt.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ctt-pt.shop/","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"ip":{"addr":"43.162.113.223","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T16:16:30.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ctt-pt.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 12:30:56 GMT","end":"Sun, 28 Dec 2025 12:30:55 GMT"},"fingerprint":{"sha1":"1F:3C:D5:A3:7C:E5:14:EB:54:32:DB:94:B2:0E:5A:6B:D4:10:51:B9","sha256":"A4:FD:0D:3A:B0:9E:DF:A7:C5:BA:AE:C2:73:FF:33:BD:86:F9:65:EB:17:A5:2F:05:F1:C8:10:35:8F:F9:67:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ctt-pt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx/1.26.3\r\ndate: Thu, 16 Oct 2025 16:16:31 GMT\r\ncontent-type: text/html\r\ncontent-length: 74\r\netag: \"68368bf0-4a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"49b6a4d9fbfdd7f28d6aab0ca47d4f3c","sha1":"ba7776bd78ba330bf7f9282e7ba9f66eecab4f6e","sha256":"f72742bd9209fab9279417668bc31ca875c31e0fd2706264f11b7caeae7737ce","sha512":"13d0555f5057acd12271bad970d285516c7ab8b677717c65ad605c16078dd6ab0d58f232f1bd49a75e7eeff7c9a145a2325b48a6b8ebc0ee17861bc0c05a6003","ssdeep":"","tlshash":"eba0222ac002ca8c8f300030c08af8303c8c820fc3232ab808b0c200b008cb300c22cc","first_seen":"2025-05-31T12:28:05.008738Z","last_seen":"2026-03-28T04:58:51.928707Z","times_seen":2800,"resource_available":true,"data":null}},"time_used":852,"timings":{"blocked":350,"dns":36,"connect":152,"send":0,"wait":151,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"ctt-pt.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ctt-pt.shop/","fqdn":"ctt-pt.shop","domain":"ctt-pt.shop","tld":"shop"},"ip":{"addr":"43.162.113.223","port":80,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T16:16:31.601Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ctt-pt.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.26.3\r\nDate: Thu, 16 Oct 2025 16:16:31 GMT\r\nContent-Type: text/html\r\nContent-Length: 74\r\nConnection: keep-alive\r\nETag: \"68368bf0-4a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"49b6a4d9fbfdd7f28d6aab0ca47d4f3c","sha1":"ba7776bd78ba330bf7f9282e7ba9f66eecab4f6e","sha256":"f72742bd9209fab9279417668bc31ca875c31e0fd2706264f11b7caeae7737ce","sha512":"13d0555f5057acd12271bad970d285516c7ab8b677717c65ad605c16078dd6ab0d58f232f1bd49a75e7eeff7c9a145a2325b48a6b8ebc0ee17861bc0c05a6003","ssdeep":"","tlshash":"eba0222ac002ca8c8f300030c08af8303c8c820fc3232ab808b0c200b008cb300c22cc","first_seen":"2025-05-31T12:28:05.008738Z","last_seen":"2026-03-28T04:58:51.928707Z","times_seen":2800,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":146,"dns":1,"connect":152,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"ctt-pt.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}