{"report_id":"8efa1237-4293-426c-8fde-08afafb6a8d0","version":6,"status":"done","tags":[],"date":"2025-10-09T23:34:10Z","url":{"schema":"http","addr":"1de8e8276202.com","fqdn":"1de8e8276202.com","domain":"1de8e8276202.com","tld":"com"},"ip":{"addr":"23.225.61.236","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.3c9n6.com/","fqdn":"www.3c9n6.com","domain":"3c9n6.com","tld":"com"},"title":"3c9n6.com/"},"submit":{"url":{"schema":"http","addr":"1de8e8276202.com","fqdn":"1de8e8276202.com","domain":"1de8e8276202.com","tld":"com"},"ip":{"addr":"23.225.61.236","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-13T23:34:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T23:34:00Z","timestamp":1760052840,"ip_dst":{"addr":"43.251.56.44","port":80,"asn":7483,"as":"Skycloud Computing co., Ltd.","country":"Taiwan","country_code":"TW"},"ip_src":{"addr":"172.18.0.20","port":43264,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2025-10-09T23:34:00.138402+0000\",\"flow_id\":1564986322783277,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":43264,\"dest_ip\":\"43.251.56.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"54138.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":577,\"bytes_toclient\":174,\"start\":\"2025-10-09T23:31:37.068653+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"1de8e8276202.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"3c8x9.com","ip":{"addr":"172.247.173.156","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-04T17:54:08.195007Z","last_seen":"2025-10-04T17:54:08.195007Z","alert_count":0,"request_count":1,"received_data":4593,"sent_data":513,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mjs.szaction.cc","ip":{"addr":"138.113.181.2","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2020-11-13","domain_rank":7166640,"first_seen":"2025-04-01T06:50:24.794391Z","last_seen":"2025-10-08T08:52:19.164881Z","alert_count":0,"request_count":3,"received_data":2045172,"sent_data":1334,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1de8e8276202.com","ip":{"addr":"23.225.228.116","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2023-04-28","domain_rank":0,"first_seen":"2025-10-09T03:34:22.966561Z","last_seen":"2025-10-09T03:34:22.966561Z","alert_count":2,"request_count":2,"received_data":1956,"sent_data":886,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.3c9n6.com","ip":{"addr":"172.247.173.196","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-09T23:34:10.819024Z","last_seen":"2025-10-09T23:34:10.819024Z","alert_count":0,"request_count":1,"received_data":4653,"sent_data":517,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"unsgdtem3.kugutech.com","ip":{"addr":"23.225.228.116","port":8443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2018-07-18","domain_rank":0,"first_seen":"2025-05-10T06:07:45.860279Z","last_seen":"2025-10-03T21:42:22.741238Z","alert_count":0,"request_count":1,"received_data":4615,"sent_data":573,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T23:34:00Z","timestamp":1760052840,"ip_dst":{"addr":"43.251.56.44","port":80,"asn":7483,"as":"Skycloud Computing co., Ltd.","country":"Taiwan","country_code":"TW"},"ip_src":{"addr":"172.18.0.20","port":43264,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.buzz domain","source":"{\"timestamp\":\"2025-10-09T23:34:00.138402+0000\",\"flow_id\":1564986322783277,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":43264,\"dest_ip\":\"43.251.56.44\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032991,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.buzz domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"54138.buzz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":577,\"bytes_toclient\":174,\"start\":\"2025-10-09T23:31:37.068653+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"1de8e8276202.com/","fqdn":"1de8e8276202.com","domain":"1de8e8276202.com","tld":"com"},"ip":{"addr":"23.225.228.116","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e3bf0e633316bd011e10f417aadc7c40","sha1":"aa2b7669ffc9e15d66800686a48f7d3b0fd1cf78","sha256":"3da8bc586e1c1ca1e3584d55f32bb06c90b538bb3ada645dfadd36673e696e34","sha512":"b6bf658cd44b714337ddbab928e4e33b8c559d59ed140bd79b8e7a892ba54214ea03d771291bb8669858ec2904847cea668a2ae7791797f7a86c94ae2e323a6a","ssdeep":"","tlshash":"b0f097b73082187099fe024ba36bbb0b7aa903ca1d21b00110191841e578f0bc96dfe9","size":461,"data":"","first_seen":"2025-10-09T23:34:15.609583Z","last_seen":"2025-10-09T23:34:15.609583Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"unsgdtem3.kugutech.com:8443/?u=aHR0cDovLzFkZThlODI3NjIwMi5jb20=\u0026p=Lw==","fqdn":"unsgdtem3.kugutech.com","domain":"kugutech.com","tld":"com"},"ip":{"addr":"23.225.228.116","port":8443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:33:52.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kugutech.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 19 Dec 2024 00:00:00 GMT","end":"Fri, 19 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D8:36:B7:6C:AC:9C:3C:06:FC:5A:F5:F3:DF:D8:6E:E5:1D:E2:AA:C9","sha256":"DC:DB:25:8F:0C:B5:BD:5E:5C:C9:04:63:FA:8B:2E:2B:28:99:FD:7A:07:A3:99:E0:4B:91:56:C5:96:47:7A:6A"}}},"request":{"raw":"GET /?u=aHR0cDovLzFkZThlODI3NjIwMi5jb20=\u0026p=Lw== HTTP/1.1\r\nHost: unsgdtem3.kugutech.com:8443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1de8e8276202.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: openresty/1.25.3.1\r\nDate: Thu, 09 Oct 2025 23:33:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 151\r\nConnection: keep-alive\r\nLocation: https://3c8x9.com\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4417,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":1504,"timings":{"blocked":624,"dns":58,"connect":247,"send":0,"wait":255,"receive":0,"ssl":316},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3c8x9.com/","fqdn":"3c8x9.com","domain":"3c8x9.com","tld":"com"},"ip":{"addr":"172.247.173.156","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:33:53.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"3c8x9.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Sep 2025 15:12:10 GMT","end":"Thu, 25 Dec 2025 15:12:09 GMT"},"fingerprint":{"sha1":"23:59:28:E1:D6:53:CE:F0:76:EE:14:E4:61:E6:58:37:12:A9:6C:2D","sha256":"C3:D8:E0:0A:21:CC:8C:C6:62:6C:A2:97:C7:91:DB:77:F0:44:79:74:4B:98:4F:9D:F6:D6:90:0E:64:9A:27:79"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 3c8x9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1de8e8276202.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 09 Oct 2025 23:33:53 GMT\r\ncontent-type: text/html\r\ncontent-length: 142\r\nlocation: https://www.3c9n6.com/\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4417,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":1171,"timings":{"blocked":508,"dns":38,"connect":154,"send":0,"wait":155,"receive":0,"ssl":313},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mjs.szaction.cc/build3/static/css/main.f59a4bd8.css","fqdn":"mjs.szaction.cc","domain":"szaction.cc","tld":"cc"},"ip":{"addr":"138.113.181.2","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.3c9n6.com/","date":"2025-10-09T23:33:54.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mjs.szaction.cc","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 11 Sep 2025 00:00:00 GMT","end":"Tue, 09 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5E:03:90:0F:C2:7C:15:B4:86:88:96:08:72:C0:94:3F:1F:04:A5:AC","sha256":"71:F7:20:77:68:98:EB:BD:19:A0:58:88:37:EC:21:BB:65:B7:30:1C:E1:96:6C:B2:D9:8F:19:B8:91:FA:3A:EA"}}},"request":{"raw":"GET /build3/static/css/main.f59a4bd8.css HTTP/1.1\r\nHost: mjs.szaction.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.3c9n6.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 09 Oct 2025 23:33:54 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: openresty/1.27.1.2\r\nLast-Modified: Thu, 09 Oct 2025 03:41:49 GMT\r\nVary: Accept-Encoding\r\nETag: \"68e72efd-1d09e\"\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccept-Ranges: bytes\r\nx-via: 1.1 PSrbdbOSA2vr114:0 (Cdn Cache Server V2.0), 1.1 PSygldLON4bk22:2 (Cdn Cache Server V2.0), 1.1 PS-ARN-04kSW118:2 (Cdn Cache Server V2.0)\r\nContent-Encoding: br\r\nAge: 1779\r\nx-ws-request-id: 68e84662_PS-ARN-04kSW118_14066-53864\r\nCache-Control: no-cache\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118942,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"84eb4ed1088006ca10e15d0b04b238af","sha1":"36d932af248cec5b7216db6f574e938c0a114f10","sha256":"2064859756adf2046e891a70c5ef95079c8ba991b4b13e6024f6053662ed67b7","sha512":"c4baafbcbce28241f5a370121f5d8d45b44f1a991bf4b4ebd875f8c0ef2233269c3c78610242a04801a6abb7321db60385ba18417252992f14d52d9ac3a57de0","ssdeep":"1536:m4W4DId5fDK+7otTHiU8wMRkR/1Kq9wPF0:g4MH2BpM6B9wPF0","tlshash":"03c3c7236210713d703fd9a5a9d06bee71648013a6634bedfa80b635c6d79f7273a309","first_seen":"2025-10-09T04:14:17.113288Z","last_seen":"2025-10-11T17:57:41.04855Z","times_seen":18,"resource_available":false,"data":null}},"time_used":468,"timings":{"blocked":216,"dns":117,"connect":21,"send":0,"wait":26,"receive":8,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1de8e8276202.com/","fqdn":"1de8e8276202.com","domain":"1de8e8276202.com","tld":"com"},"ip":{"addr":"23.225.228.116","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:33:51.589Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1de8e8276202.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 1811\r\nCache-Control: max-age=600\r\nConnection: close\r\nServer: three01\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1811,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (912), with CRLF, LF line terminators","md5":"51235a66646eb6ccd5006d9f447ebde9","sha1":"f4715e2d4762b8b4f83d73e441e788ebdbd47e62","sha256":"074201a60ecf63a5428f74afdf412058f34665c2f9d0913e8fcc708b1401e005","sha512":"e25bfc74b131ffc8a3263f74ae9fbd209b1c615e619423f8eace6e9c4721536eb68ffce77122446edf0f4a0b52881e0dd1cb077b892fc56015bd4fd817f34003","ssdeep":"","tlshash":"913142b70443152e64270aa143ecbb0b9078c9d78a12695af039291bc7d5f8ea5e772e","first_seen":"2025-10-09T23:34:15.603103Z","last_seen":"2025-10-09T23:34:15.603103Z","times_seen":1,"resource_available":false,"data":null}},"time_used":751,"timings":{"blocked":246,"dns":0,"connect":252,"send":0,"wait":252,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"1de8e8276202.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.3c9n6.com/","fqdn":"www.3c9n6.com","domain":"3c9n6.com","tld":"com"},"ip":{"addr":"172.247.173.196","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:33:53.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3c9n6.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Oct 2025 01:07:15 GMT","end":"Sat, 03 Jan 2026 01:07:14 GMT"},"fingerprint":{"sha1":"AD:D8:C8:8E:2F:F5:00:77:B0:B1:55:1E:63:5A:43:EF:A0:8D:AC:B0","sha256":"A0:82:1B:40:DB:EE:76:7F:6B:9A:CD:8D:F7:EF:05:EB:51:EB:A9:D9:6E:15:97:D5:01:F9:BB:EF:9D:E9:54:13"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.3c9n6.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1de8e8276202.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 09 Oct 2025 23:33:54 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Oct 2025 03:41:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e72efd-1141\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4417,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4369), with no line terminators","md5":"76c83efcae557aa8184f2a9fa027cb99","sha1":"c6aa4372a25b553d8d9722ae1a5463f0bcd19008","sha256":"9a3adecb1b323fe7e241779ddf961baf29c7f9842ce53e675301a79d4df11aa9","sha512":"9db9f26d4b067238617c6b6c55ce909411510fa0d5fd2b91e4d22a368208399eea1cff7f323f7069046690124fdae61f5971e7af4886ef869e50e75fc048d987","ssdeep":"48:0EPyAaTjdXNQHXvM2DaaaaaaaakondTFLfIXN6o5hLnNWsnNWEnXoNk34bww1wBn:zP94XAM25ndTFLfQ6wKu6fyV/","tlshash":"0b9113f13ceb5db5c32905af09e78608f22b3fa5590d9610e0484dd53ca794dc23ae4d","first_seen":"2025-10-09T04:14:17.109898Z","last_seen":"2025-10-11T17:57:41.041911Z","times_seen":18,"resource_available":false,"data":null}},"time_used":905,"timings":{"blocked":373,"dns":50,"connect":155,"send":0,"wait":159,"receive":0,"ssl":164},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mjs.szaction.cc/build3/static/js/main.3d6cc9d9.js","fqdn":"mjs.szaction.cc","domain":"szaction.cc","tld":"cc"},"ip":{"addr":"138.113.181.2","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.3c9n6.com/","date":"2025-10-09T23:33:54.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mjs.szaction.cc","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 11 Sep 2025 00:00:00 GMT","end":"Tue, 09 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5E:03:90:0F:C2:7C:15:B4:86:88:96:08:72:C0:94:3F:1F:04:A5:AC","sha256":"71:F7:20:77:68:98:EB:BD:19:A0:58:88:37:EC:21:BB:65:B7:30:1C:E1:96:6C:B2:D9:8F:19:B8:91:FA:3A:EA"}}},"request":{"raw":"GET /build3/static/js/main.3d6cc9d9.js HTTP/1.1\r\nHost: mjs.szaction.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.3c9n6.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 09 Oct 2025 23:33:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 1923008\r\nConnection: keep-alive\r\nServer: openresty/1.27.1.2\r\nLast-Modified: Thu, 09 Oct 2025 03:41:49 GMT\r\nVary: Accept-Encoding\r\nETag: \"68e72efd-1d57c0\"\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccept-Ranges: bytes\r\nx-via: 1.1 PSrbdjTYO3mk54:11 (Cdn Cache Server V2.0), 1.1 PSygldLON4bk22:4 (Cdn Cache Server V2.0), 1.1 PS-ARN-04kSW118:7 (Cdn Cache Server V2.0)\r\nAge: 1656\r\nx-ws-request-id: 68e84662_PS-ARN-04kSW118_14508-2127\r\nCache-Control: no-cache\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1923008,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"53c244ac09a47cde3a4de92344da4669","sha1":"498a79b6876fe08235a81ccefa1bad6bc0fde676","sha256":"b070634f817c2915d5ce7a597a8f68b1d27d3326720cf0c6da65a75a87b5d523","sha512":"3e594394e627f9dfe0cd95eb5d171ae1268186322631ab085d50fd3511ec972917f5ae32418a9151c460d3667e58c1a7e4c3d01e51b2509ef07ccd69ef8a1f0a","ssdeep":"6144:M1HOmbpxnLFkX2opky7wVOgw7C/zPhcVn5hEFvL6e+/m0bExWlb/H6qPfwMkz0ge:9mrbopky7wVOoLhUhYTLOvp","tlshash":"8a254ab9768270a5037366f940af190abe392b13541e8624f21df8de6f78909d533f78","first_seen":"2025-10-09T04:14:17.111782Z","last_seen":"2025-10-11T17:57:41.050166Z","times_seen":14,"resource_available":false,"data":null}},"time_used":569,"timings":{"blocked":207,"dns":120,"connect":8,"send":0,"wait":9,"receive":142,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mjs.szaction.cc/build3/favicon_orange.ico","fqdn":"mjs.szaction.cc","domain":"szaction.cc","tld":"cc"},"ip":{"addr":"138.113.181.2","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.3c9n6.com/","date":"2025-10-09T23:33:55.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mjs.szaction.cc","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 11 Sep 2025 00:00:00 GMT","end":"Tue, 09 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5E:03:90:0F:C2:7C:15:B4:86:88:96:08:72:C0:94:3F:1F:04:A5:AC","sha256":"71:F7:20:77:68:98:EB:BD:19:A0:58:88:37:EC:21:BB:65:B7:30:1C:E1:96:6C:B2:D9:8F:19:B8:91:FA:3A:EA"}}},"request":{"raw":"GET /build3/favicon_orange.ico HTTP/1.1\r\nHost: mjs.szaction.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.3c9n6.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 09 Oct 2025 23:33:55 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nConnection: keep-alive\r\nServer: openresty/1.27.1.2\r\nLast-Modified: Thu, 09 Oct 2025 03:40:57 GMT\r\nETag: \"68e72ec9-47e\"\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccept-Ranges: bytes\r\nx-via: 1.1 PSrbdjTYO3lk159:2 (Cdn Cache Server V2.0), 1.1 PSygldLON4mu28:4 (Cdn Cache Server V2.0), 1.1 PS-ARN-04kSW118:7 (Cdn Cache Server V2.0)\r\nAge: 1601\r\nx-ws-request-id: 68e84663_PS-ARN-04kSW118_14508-2137\r\nCache-Control: no-cache\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"dc100faec1a9356cc7d3abeaa54f1aa9","sha1":"d23f2b07b5da4307e00d151b2c31eacb22349eda","sha256":"fa1ddd7ed26f067e3a50eae6da1391371c66b45a9a8220d25c19ad644fff6a25","sha512":"d25af40838881ba21f1074ff7b3a965aa283ff0d6416c1e9c1c3474e5b4a4dac9a5410287b2260031cb9c9a9b8c7934a447db5c0af18ab7648cb825a24777a21","ssdeep":"","tlshash":"aa21c2b771218505f4311fb08d5e97bd3d956d122d115a0a38a97c03363ffa0ca734a1","first_seen":"2024-10-02T09:40:05Z","last_seen":"2026-03-31T15:42:15.610666Z","times_seen":153,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1de8e8276202.com/","fqdn":"1de8e8276202.com","domain":"1de8e8276202.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T23:33:47.971Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1de8e8276202.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T09:11:47.12615Z","times_seen":13415969,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":0,"dns":26,"connect":250,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-09","alert":"Sinkholed","trigger":"1de8e8276202.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}