{"report_id":"8ceac6a4-040b-4858-a956-8bd948c8747b","version":0,"status":"done","tags":[],"date":"2026-06-12T01:59:52Z","url":{"schema":"http","addr":"zhengfu666.com","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"zhengfu666.com/","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"title":"zhengfu666.com/","dom":{"size":7472,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"f10763df061df76888216cdcc0c86313","sha1":"c52f97061ee12297c7391eb45235fbb907c270e1","sha256":"b72884856951f7dd056d709f030e141bc54d62ac5241b19c88ebf2333a2c0fab","sha512":"a057a11233c9618d2dbb31dba5229b2f144b1fb76768593461fe6e790af49465daab2a0d0b79f7809599a129f3bddac8521b7667a242959b444c2dac6fdc1686","ssdeep":"192:nfxaR8tCLKnCRcbO4FbIleUaRJY3SkA1L:FCaNZbIlQY+","tlshash":"eaf1741eeb3e3662210d34d9763c1ff7a0af69339b0281b23ca17369b7c4c644a56319","dom_hash":"domhash2da293252ba2101c3ef11d447e494e76","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"zhengfu666.com","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-17T01:59:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"zhengfu666.com","ip":{"addr":"154.221.20.110","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"domain_registered":"2026-05-13","domain_rank":0,"first_seen":"2026-06-12T01:59:52.586448Z","last_seen":"2026-06-12T01:59:52.586448Z","alert_count":9,"request_count":3,"received_data":85581,"sent_data":1499,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"zhengfu666.com/","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"16a7385d1fc8e0170754144983788f7d","sha1":"733d61231fa3f581d8793ac129e393f33cc17448","sha256":"bc665f98e5e9c37dde9c0e789e37eea774e6ba1816775e10559c6c22be8e9cb6","sha512":"fdf40560e0fd12e1bbe5e586606b3c875febf5b1dcdc531240c081074c8dfb760f82894e7d1c8a3237f414b2268d438fcaaa8c7000b4381c22553e6259f942ac","ssdeep":"","tlshash":"7ee0686fc32d5334a3a9cc8878713b52657f209928018c25bdac8d38b378d0989f68ed","size":419,"data":"","first_seen":"2026-06-12T01:59:56.127147Z","last_seen":"2026-06-12T01:59:56.127147Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"zhengfu666.com/","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T01:59:25.552Z","timestamp":1781229565552,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zhengfu666.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 08:00:16 GMT","end":"Wed, 12 Aug 2026 08:00:15 GMT"},"fingerprint":{"sha1":"10:44:EA:0B:09:B5:21:54:9B:BC:AB:3F:19:E3:3B:5D:F5:1D:27:1C","sha256":"FC:3C:D2:1A:F8:D1:83:7A:7A:90:95:30:00:D6:13:07:73:55:C8:4E:6A:44:E5:F0:7B:79:ED:35:C0:48:5F:F7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zhengfu666.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 12 Jun 2026 01:59:26 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 14 May 2026 08:59:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a058ee8-1d45\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7493,"size_decoded":2946,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"682aab905706a0682af39333d0c4931a","sha1":"58f74027d21886a6d215ca1d68c1d67eb88042dd","sha256":"876d40739c1664723a3da44de0cd4d026688bf1812ad3d159e1f4b6e9dc1f442","sha512":"f5cb5dcc84b49e219288091ade50327888107c2f781e80ec07b8d2c1c906283338a6c1df67da34405e7f6f49b0d5fe0818e3c23a6e6cd7cb2cc653f177d50856","ssdeep":"192:tfxaR8tCLKnCRcbO4FbIleZaRJY3SkA1W:bCaNZbIlzYt","tlshash":"b0f1731deb3e3662214d34d9763c1ff7a0af69339b4281b23ca17369bbc4c644a56319","first_seen":"2026-06-12T01:59:56.119393Z","last_seen":"2026-06-12T01:59:56.119393Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1514,"timings":{"blocked":-1,"dns":89,"connect":289,"send":0,"wait":582,"receive":0,"ssl":554},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zhengfu666.com/images/img22.png","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zhengfu666.com/","date":"2026-06-12T01:59:27.280Z","timestamp":1781229567280,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zhengfu666.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 08:00:16 GMT","end":"Wed, 12 Aug 2026 08:00:15 GMT"},"fingerprint":{"sha1":"10:44:EA:0B:09:B5:21:54:9B:BC:AB:3F:19:E3:3B:5D:F5:1D:27:1C","sha256":"FC:3C:D2:1A:F8:D1:83:7A:7A:90:95:30:00:D6:13:07:73:55:C8:4E:6A:44:E5:F0:7B:79:ED:35:C0:48:5F:F7"}}},"request":{"raw":"GET /images/img22.png HTTP/1.1\r\nHost: zhengfu666.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zhengfu666.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Fri, 12 Jun 2026 01:59:27 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 14 May 2026 09:00:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a058f3a-12d75\"\r\nexpires: Sun, 12 Jul 2026 01:59:27 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77173,"size_decoded":77444,"mime_type":"image/png","magic":"PNG image data, 847 x 128, 8-bit/color RGB, non-interlaced","md5":"b98d9486d9d1c89ee7bfc8ff8e52d5eb","sha1":"908d54dc3b70a641ecbe2a3df3ebe1dce46892e3","sha256":"cbdc1c5384d692c299569c2da8d4e99f4fca861ae725cd1b79e67ab8c39e6758","sha512":"e37466fed19df3ab8671ab5fa403c4aa1fbcbd93df0912e69b622f481de1830bdae2ba7f6f03b330d6cde61495a9939d8021dbf2fc60611a5455a7fa112f434d","ssdeep":"1536:Xd2Dott6xKNnLGkMFj0TyP5Oe6FARy7RKWZqdhvi9aN32d7azQRJpawGgp7:trz6xKNqkuj0T+H6FARIKZG7a0RJAxgl","tlshash":"8f730271e2071dadd8af830ad8de147797186b139993696b9d94cc93d0cc20015aef7f","first_seen":"2026-06-12T01:59:56.123992Z","last_seen":"2026-06-12T01:59:56.123992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zhengfu666.com/favicon.ico","fqdn":"zhengfu666.com","domain":"zhengfu666.com","tld":"com"},"ip":{"addr":"154.221.20.110","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zhengfu666.com/","date":"2026-06-12T01:59:27.420Z","timestamp":1781229567420,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zhengfu666.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 May 2026 08:00:16 GMT","end":"Wed, 12 Aug 2026 08:00:15 GMT"},"fingerprint":{"sha1":"10:44:EA:0B:09:B5:21:54:9B:BC:AB:3F:19:E3:3B:5D:F5:1D:27:1C","sha256":"FC:3C:D2:1A:F8:D1:83:7A:7A:90:95:30:00:D6:13:07:73:55:C8:4E:6A:44:E5:F0:7B:79:ED:35:C0:48:5F:F7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: zhengfu666.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zhengfu666.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: nginx\r\ndate: Fri, 12 Jun 2026 01:59:27 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"6a058df4-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":292,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-12T04:56:07.126508Z","times_seen":280003,"resource_available":true,"data":null}},"time_used":2805,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2805,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"zhengfu666.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}