{"report_id":"a31072ff-7b2a-41ea-ae2f-ff436fa27fbc","version":6,"status":"done","tags":[],"date":"2026-02-21T21:50:06Z","url":{"schema":"http","addr":"yktex.cn","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"128.14.20.153","port":0,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"yktex.cn/","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"title":"Coming Soon","dom":{"size":1083,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"5dc94cbf87dc3f59b31f785ff6261b1a","sha1":"71353f25aa3ec68b28aafd30a3d5a045f3fb3209","sha256":"5409eb326aebea32dbcc87c39a442499e94466f4ff87a4556da720c86f89106f","sha512":"512db25bb27b64737f7f06f0a971f5478d6dee4a33fe6f900eeaf18ef9b50b9fdd699303f1b7bfcc39ab4d401c91d316438404f521fdaebc23485461dbd85517","ssdeep":"","tlshash":"1d11c00856e34107759bac532fa5b60426f3d417448efe233acdb784cf8926584eb75c","dom_hash":"domhash029390b9a5aba26c7071d27b7c824792","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"yktex.cn","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"128.14.20.153","port":0,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-28T21:50:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"yktex.cn","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-02-24","domain_rank":0,"first_seen":"2026-02-21T20:32:27.672445Z","last_seen":"2026-02-21T20:32:27.672445Z","alert_count":6,"request_count":3,"received_data":6470,"sent_data":1277,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"yktex.cn/","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cf2fcd03d24d27e71bbfdea731ed0701","sha1":"51ef71117189c689b15ffb1fb2e6a6e79a26be86","sha256":"0cc8a7a684d6469e12774fbfca8310b66896ddcd474f3d7edec5ab2f0811661f","sha512":"325347dc7184ef5ea46e25bd2381f0196e307a2b0d1c0fb7d2a1a97a1b11311f8de85f2b6f06f3200bfe2118c92c2723f5e5ee392c4384a2ac143ac873d20332","ssdeep":"","tlshash":"dfe0204c67e79113279f7853ad0db60412f3406754957e03766cbf444f9931a40bbd04","size":371,"data":"","first_seen":"2026-02-21T21:50:13.171043Z","last_seen":"2026-02-21T21:50:13.171043Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"yktex.cn/","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-21T21:49:45.311Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: yktex.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T07:09:43.766629Z","times_seen":16169314,"resource_available":true,"data":null}},"time_used":1051,"timings":{"blocked":1051,"dns":0,"connect":146,"send":0,"wait":0,"receive":0,"ssl":162},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"yktex.cn/","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"128.14.20.153","port":80,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-21T21:49:46.679Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: yktex.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 21 Feb 2026 21:49:46 GMT\r\nServer: Apache\r\nX-Powered-By: PHP/7.4.16\r\nSet-Cookie: security_session_verify=72dec1bd3160e4d4eea9d4554e48d6ac; expires=Wed, 25-Feb-26 05:49:46 GMT; path=/; HttpOnly\nsecurity_session_verify=72dec1bd3160e4d4eea9d4554e48d6ac; expires=Wed, 25-Feb-26 05:49:46 GMT; path=/; HttpOnly\nsecurity_session_verify=72dec1bd3160e4d4eea9d4554e48d6ac; expires=Wed, 25-Feb-26 05:49:46 GMT; path=/; HttpOnly\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 551\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.16","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1100,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"98e6fc1fdd77eae4c85b8a002c309842","sha1":"c24478347188a6c74aea363e1980101b3deecb19","sha256":"7629f4f0a7bfda2a81fa23e513c7b382341ff168e367711b92a303f82afd1640","sha512":"c00ac9cf40ebe03f6a615d1f18955a97d25f252ba93801a7286e8d0b73bc507b271062d39acd33d59aa7727b9d5a8e23c9fff8542363a37741c8a0c08f75b478","ssdeep":"","tlshash":"f911dc4856e34107658ba8132fa5b60426e39453448afe233acdb780cf8926984eb74c","first_seen":"2026-02-21T21:50:13.169054Z","last_seen":"2026-02-21T21:50:13.169054Z","times_seen":1,"resource_available":false,"data":null}},"time_used":517,"timings":{"blocked":149,"dns":1,"connect":149,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"yktex.cn/favicon.ico","fqdn":"yktex.cn","domain":"yktex.cn","tld":"cn"},"ip":{"addr":"128.14.20.153","port":80,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://yktex.cn/","date":"2026-02-21T21:49:47.125Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: yktex.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yktex.cn/\r\nCookie: security_session_verify=72dec1bd3160e4d4eea9d4554e48d6ac\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 21 Feb 2026 21:49:47 GMT\r\nServer: Apache\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nLast-Modified: Mon, 29 Aug 2022 07:23:04 GMT\r\nETag: \"c43cca-10be-5e75c226b0600\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 2852\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/x-icon\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"f62f956f92a5a089b09ddd96d13429c5","sha1":"39e364fb5d651f9e052d4f8409d09f386534ccc7","sha256":"5a9e5c0b51f153d52708848e54b37b275dada3e095c4452a8a901370e60199d3","sha512":"a467c519a9a117e892fc22a5570328260589daab3b2cdc410d03febde8155d79573f8e7d058fea002f71248e1bb57c62dd0432861c6f9bd787036e536e7945fa","ssdeep":"96:frHL0+DcmN6tRbiXFmAjuHABoeVB4ts/BLMxH:frHLuWwgB6kM","tlshash":"2d9128823a4cc4adfdb66db9401672f9f17c09cbec4d80af40c2e17959303d8a642bda","first_seen":"2026-02-21T21:50:13.169946Z","last_seen":"2026-05-22T04:24:57.056061Z","times_seen":3,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-21","alert":"Sinkholed","trigger":"yktex.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}