{"report_id":"95ca6601-98f9-45c2-bd42-fb551e0dbe2c","version":6,"status":"done","tags":[],"date":"2026-05-14T10:27:42Z","url":{"schema":"http","addr":"55218.app/","fqdn":"55218.app","domain":"55218.app","tld":"app"},"ip":{"addr":"137.220.227.94","port":0,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"final":{"url":{"schema":"https","addr":"8876000003com.vip/?a=3720","fqdn":"8876000003com.vip","domain":"8876000003com.vip","tld":"vip"},"title":"403 Forbidden","dom":{"size":1736,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1677)","md5":"1423be0e61cc56e618b79f1051f66cfd","sha1":"f6bad6e0878a4730fe252a63a5d986ada65e4f16","sha256":"13f1945f7d1deab3b79b73176b516229fcd9631af9d3d0def8886384ba1b17c2","sha512":"9fcf62263b929800e732ccad489e4f8b7744eefdf0a8d0832a8c1890b6f56dd9040a503cbc6633e14560980acf0965f7e36cb0be1d8e3a65b130b8f162cdabff","ssdeep":"","tlshash":"c431639321a66025e73318e921ff93c575949412fed78a2cfe58d380a2f944a720fb18","dom_hash":"domhashc0622583c63bd0cb5420788e0f73da76","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"55218.app/","fqdn":"55218.app","domain":"55218.app","tld":"app"},"ip":{"addr":"137.220.227.94","port":0,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-18T10:27:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-14T10:27:21Z","timestamp":1778754441,"ip_dst":{"addr":"Client IP","port":47872,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.160.199","port":46080,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2026-05-14T10:27:21.401757+0000\",\"flow_id\":1142807641829111,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.160.199\",\"src_port\":46080,\"dest_ip\":\"172.18.0.4\",\"dest_port\":47872,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-05-14T10:27:21.175863+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-14","alert":"Sinkholed","trigger":"55218.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"134.122.160.199","ip":{"addr":"134.122.160.199","port":46080,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1899,"sent_data":431,"comment":"","tags":null,"fingerprints":null},{"fqdn":"8876000003com.vip","ip":{"addr":"174.35.102.189","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-04-15","domain_rank":0,"first_seen":"2026-04-27T19:32:58.721136Z","last_seen":"2026-05-13T23:54:30.991598Z","alert_count":0,"request_count":2,"received_data":3952,"sent_data":941,"comment":"","tags":null,"fingerprints":null},{"fqdn":"55218.app","ip":{"addr":"137.220.227.94","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":1199,"sent_data":478,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"8876000003com.vip/?a=3720","fqdn":"8876000003com.vip","domain":"8876000003com.vip","tld":"vip"},"ip":{"addr":"174.35.102.189","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"691f070ac51ef0939337ca407688b790","sha1":"9106cb2a702022fdf6266f35b0a7c8becf1d585f","sha256":"a385ef7dbd615bfa0840ba93d1e89ce23d8cfface4e147fea2d8ff50c6c04423","sha512":"5bfd330dfd344e151a2f1fc95a547a7203883a43697181a6fb8e090ffbd811616f76f49fdb271ab67e081aab49e12dbcbec67aded1a20aa762386eec409d5083","ssdeep":"","tlshash":"6b11d44730827975bf33256a157d42c56538d4523cd9461cfd25c78031b558e072ffad","size":923,"data":"","first_seen":"2026-05-14T10:27:48.728115Z","last_seen":"2026-05-14T10:27:48.728115Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"55218.app/","fqdn":"55218.app","domain":"55218.app","tld":"app"},"ip":{"addr":"137.220.227.94","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"ed8b230c0f53e1f74a6a40b9862aebe6","sha1":"134295451e2c83ab9b1faabbc8309bb74263e6ec","sha256":"5e8ab1f31eaada8c5c427d175e4ecee5a549ee9f140b0c782eb3c41426cbf74a","sha512":"0b4181dcd03c4632f7657ac0e1e09e2bede82aeee011da92f09693686246705882baba772b21b8760281fa44340eabc3891bb9605370fe5078d3d3d725956aa3","ssdeep":"","tlshash":"fbf02b9a218305b99eb3617a676bb74b756220e32540e0017b1c7841df3ce0f557dae4","size":590,"data":"","first_seen":"2025-09-25T08:10:39.371684Z","last_seen":"2026-05-14T10:27:48.729871Z","times_seen":231,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"8876000003com.vip/favicon.ico","fqdn":"8876000003com.vip","domain":"8876000003com.vip","tld":"vip"},"ip":{"addr":"174.35.102.189","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8876000003com.vip/?a=3720","date":"2026-05-14T10:27:21.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8876000003com.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 13:21:49 GMT","end":"Tue, 14 Jul 2026 13:21:48 GMT"},"fingerprint":{"sha1":"74:AD:F8:66:D0:06:6B:00:A7:D9:D7:62:D9:58:E7:48:56:56:E6:53","sha256":"28:7C:AB:81:0D:14:16:E6:1B:38:4E:BE:35:F5:D2:38:25:63:34:4B:B5:95:CC:A7:E0:CD:ED:3F:58:75:0E:AF"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 8876000003com.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8876000003com.vip/?a=3720\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Thu, 14 May 2026 10:27:21 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nvia: 1.1 PS-CDG-04h2Q194:1 (W)\r\nServer: PWS/8.3.1.0.8\r\nX-Px: ht PS-CDG-04h2Q194CDG\r\nx-ws-request-id: 6a05a389_PS-CDG-04h2Q194_30607-64264\r\nWs-Action: com\r\nCache-Control: no-store\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1634,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1589)","md5":"22b0147e32dcf8ab82342ba971e4e5c6","sha1":"1b89a32f5d64da20f706e8f234748dd1aa22e8fa","sha256":"6701c9e9767dd84974c7674396689266341bf532ffc9cd4ef35348cfe7738859","sha512":"742a7443ec6e922ea649bcc2f088a8168c0dfbfebf35d29a1cdafa021e6a2cc2e75f78e2469fe33cc5df302d8d3db129e972f843bbeb4040a60148f59bd94b08","ssdeep":"","tlshash":"d431745720a25035aa3318ed21bb538530549012fed78a2cee5dd790a6f804b361bb4c","first_seen":"2026-05-14T10:27:48.721749Z","last_seen":"2026-05-14T10:27:48.721749Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"55218.app/","fqdn":"55218.app","domain":"55218.app","tld":"app"},"ip":{"addr":"137.220.227.94","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-14T10:27:20.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"55218.app","organization":""},"issuer":{"commonName":"ZeroSSL ECC DV SSL CA 2","organization":"ZeroSSL GmbH"},"validity":{"start":"Wed, 06 May 2026 00:00:00 GMT","end":"Tue, 04 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:34:37:32:F3:4C:D3:AA:48:94:76:EF:00:BF:03:49:28:B8:A2:29","sha256":"A5:33:A9:4C:BD:88:31:47:CC:65:50:18:72:03:B9:F0:D9:1E:7C:B0:41:DC:3F:AF:25:70:BA:21:78:BD:5B:38"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 55218.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1063\r\ndate: Thu, 14 May 2026 10:27:20 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1063,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"dffe84c5e9697f8ebc6cd37a415b44f5","sha1":"8febb1d9ca16b1bd8e6287d9c73042eb2c5680bd","sha256":"a5880cd1696ab1ba07b8f8610174563832f768e1be6792c979ee19da55277683","sha512":"9eedf12ac49f34f896c08e99026df7578d5aaccf25b33b927fc5c9a5f087b5c1269ac36f5c736b17acb739bd84aff54c922b6ca929329aa9ff8599b75f0c756c","ssdeep":"","tlshash":"3311ed5610d3007a4aa392615ba6f30f799261d36642d000b7ac69829fa8e4fc8fb5e8","first_seen":"2025-09-25T08:10:39.348588Z","last_seen":"2026-05-14T10:27:48.724081Z","times_seen":233,"resource_available":true,"data":null}},"time_used":1462,"timings":{"blocked":614,"dns":44,"connect":234,"send":0,"wait":235,"receive":0,"ssl":333},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-14","alert":"Sinkholed","trigger":"55218.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"134.122.160.199:46080/?r=NTUyMTguYXBw\u0026rest=Lw==","fqdn":"134.122.160.199","domain":"134.122.160.199","tld":""},"ip":{"addr":"134.122.160.199","port":46080,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-14T10:27:21.176Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?r=NTUyMTguYXBw\u0026rest=Lw== HTTP/1.1\r\nHost: 134.122.160.199:46080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nContent-Type: text/html; charset=utf-8\r\nExpires: 0\r\nLocation: https://8876000003com.vip/?a=3720\r\nPragma: no-cache\r\nDate: Thu, 14 May 2026 10:27:21 GMT\r\nContent-Length: 68\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":1630,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T11:59:10.722731Z","times_seen":15165707,"resource_available":true,"data":null}},"time_used":679,"timings":{"blocked":227,"dns":0,"connect":227,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8876000003com.vip/?a=3720","fqdn":"8876000003com.vip","domain":"8876000003com.vip","tld":"vip"},"ip":{"addr":"174.35.102.189","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-14T10:27:21.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8876000003com.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 13:21:49 GMT","end":"Tue, 14 Jul 2026 13:21:48 GMT"},"fingerprint":{"sha1":"74:AD:F8:66:D0:06:6B:00:A7:D9:D7:62:D9:58:E7:48:56:56:E6:53","sha256":"28:7C:AB:81:0D:14:16:E6:1B:38:4E:BE:35:F5:D2:38:25:63:34:4B:B5:95:CC:A7:E0:CD:ED:3F:58:75:0E:AF"}}},"request":{"raw":"GET /?a=3720 HTTP/1.1\r\nHost: 8876000003com.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Thu, 14 May 2026 10:27:21 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nvia: 1.1 PS-CDG-04h2Q194:1 (W)\r\nServer: PWS/8.3.1.0.8\r\nX-Px: ht PS-CDG-04h2Q194CDG\r\nx-ws-request-id: 6a05a389_PS-CDG-04h2Q194_30607-64263\r\nWs-Action: com\r\nCache-Control: no-store\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1630,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1585)","md5":"a3e4500a778f3882aa73396a5b62a7cc","sha1":"e8aac8ea0e939fea730143fa589f5b73876d2cad","sha256":"99d780d82109ebc273cf4e01d45b1bf7ea8d20d03ef430cf3da318031acbcea4","sha512":"dfe6aef5ef26302b9cfc38f91d79aaf9bb52f8b955c7ce5f52217029766d7605405c25c0224401d9c3af196c854374cd2e235e9dac5ca69ff6ad6ae1cf47a0ea","ssdeep":"","tlshash":"1431869720a25035eb3318ec21bb53c530549012fed78a2cee5dd390a6f804b361fb5c","first_seen":"2026-05-14T10:27:48.726183Z","last_seen":"2026-05-14T10:27:48.726183Z","times_seen":1,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":122,"dns":62,"connect":27,"send":0,"wait":29,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}