{"report_id":"c6cb524b-7f10-4771-82ed-7a593783034a","version":6,"status":"done","tags":[],"date":"2025-12-12T18:33:01Z","url":{"schema":"http","addr":"03355.com/","fqdn":"03355.com","domain":"03355.com","tld":"com"},"ip":{"addr":"172.67.185.243","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"title":"访问成功","dom":{"size":859,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"380985e181348e2df509b9ba3c9c872d","sha1":"6e9faf001012c9ff7aca53107bea6a6c9df23217","sha256":"0124164c9d01c8598857cec76d596b0774fd26a079c792d2770f1ee66e3f7aa5","sha512":"f0225ede6206f19bd1c8f92199e0172fe008c610872288c9c787efd6eb57359b4c4544a0db100200c0eea34a02b207b7834fdc623bf6ed756ca26dd33a64e073","ssdeep":"","tlshash":"6911258da853c24e54b3e1955cf3f314656421133381fc40794c5279afdcf1d45474ac","dom_hash":"domhash117ed33f000205266b21bc6889be01a3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"03355.com/","fqdn":"03355.com","domain":"03355.com","tld":"com"},"ip":{"addr":"172.67.185.243","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-16T18:33:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"dash-1.xiao222.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-12T18:33:02.003426Z","last_seen":"2025-12-12T18:33:02.003426Z","alert_count":0,"request_count":5,"received_data":7325,"sent_data":2756,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"03355.com","ip":{"addr":"172.67.185.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":985,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"dash-1.xiao222.cc","ip":{"addr":"38.60.250.187","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Germany","country_code":"DE"},"domain_registered":"2025-11-11","domain_rank":0,"first_seen":"2025-11-14T15:09:15.042664Z","last_seen":"2025-11-30T16:37:11.686956Z","alert_count":1,"request_count":1,"received_data":409,"sent_data":540,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"www.buakt.cn","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-11-11","domain_rank":0,"first_seen":"2025-10-16T20:12:39.110349Z","last_seen":"2025-10-16T20:12:39.11035Z","alert_count":0,"request_count":3,"received_data":1667,"sent_data":1325,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"03355.com/","fqdn":"03355.com","domain":"03355.com","tld":"com"},"ip":{"addr":"172.67.185.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"21e3934edf42eedc139cc3f4091d469d","sha1":"9f8d7e1a7a89c1955ac93249f7fd69bcbb23f101","sha256":"fd260a8b60a0fe362fc285c13fbcdddf5ae62c73f6b0397f54eefd3c172996a9","sha512":"e9ac4288d095399b3a4574c4d619cb3e322e938deec6d4290723da68ffeaf126440c67bad3a51b0dd7253bda57180908bcc292dd3964625d8d57a706d9c45aeb","ssdeep":"","tlshash":"fce086f72451493056fe225bab177b553d2360c72e52700540185c51a11cf9ac63dea9","size":319,"data":"","first_seen":"2025-11-14T15:09:26.83297Z","last_seen":"2026-01-18T16:36:59.13519Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee82ce27a2b95082068caa0a2f1983d0","sha1":"542b333c6215f3d8bfdfd4a596fb2587196af513","sha256":"b4e730156f934497d929f5c8aabf7cbe07261bba0c6e8b414542bce83040a9db","sha512":"17b34a26a71bf907f612f4f6771d97a59b1297498ebcf00e4c9249095c9d31257074f4ef24fd43b0b11973f3b2a3281f4c5f21e10fa94bcd0d5e843a43f86588","ssdeep":"","tlshash":"5ad0528a8023a3c844f722d99a832600a03a42937a00e460760cd2004f6af1e8a8acae","size":280,"data":"","first_seen":"2025-12-12T18:33:09.443247Z","last_seen":"2025-12-12T18:33:09.443247Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:45.616Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /9420/index.html HTTP/1.1\r\nHost: xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/?v=03355.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=ad458904bb04360680d80b86ae1e8a04\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 12 Dec 2025 18:32:45 GMT\r\nContent-Type: text/html\r\nLast-Modified: Wed, 07 Aug 2024 20:21:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"66b3d731-363\"\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":867,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"c2b73ed586662dfacf069beea6e1a4a9","sha1":"392dda965c12f255f11028545b941436f41694ca","sha256":"4d16fad529438babb565f98f8114e317f4945d9e8827d0d95ca7427d66c51917","sha512":"070bd67e6489cb1d6281cf60d17ad94d41e098b6edb9bbcf541a0fef2b85fc73b56d2e7d214c9cfcdacf23a3a9b1e2fed232addd06cd4ed2cc8cb129c875ef33","ssdeep":"","tlshash":"4611258cac53c64a1473d1555cf3f324756521533385fc40b98c9279afd8f1d458749c","first_seen":"2025-12-12T18:33:09.435967Z","last_seen":"2025-12-12T18:33:09.435967Z","times_seen":1,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/favicon.ico","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html","date":"2025-12-12T18:32:45.862Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html\r\nCookie: server_name_session=ad458904bb04360680d80b86ae1e8a04\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 12 Dec 2025 18:32:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 479\r\nConnection: keep-alive\r\nETag: \"63395b62-1df\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-04-25T10:33:50.129481Z","times_seen":3110,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"03355.com/","fqdn":"03355.com","domain":"03355.com","tld":"com"},"ip":{"addr":"172.67.185.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:39.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"03355.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 09:56:37 GMT","end":"Fri, 06 Mar 2026 10:53:11 GMT"},"fingerprint":{"sha1":"AD:60:32:EB:91:FD:AB:FB:88:29:0D:40:AC:CA:F6:20:1B:FD:F2:FC","sha256":"82:5B:3E:D8:70:FA:68:6E:4D:69:04:E2:15:34:CB:F3:26:07:E0:E1:04:12:D0:AE:E4:2D:B6:E7:44:4C:8B:98"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 03355.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 12 Dec 2025 18:32:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=259200\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UrXvOCHCNsyUnIJGbawJP20vlXW3ZcDUvJs87qZh6QlAPHG6KnUtlbleCRaSH%2BleeXzHFW%2B%2FEPbCsdXW4iz3joipBd1tQcw%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9acf4e40081256c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":425,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (425), with no line terminators","md5":"57687c312077f3ae8a72332ad85b2f87","sha1":"75ffb110f618c64e2570b2d77915d7e3f4e1c69d","sha256":"3d25a49b5a20010200e2621571e7bb3347d7919792498d0bf6ee90aa1e349144","sha512":"def6d1ed17e9bf0b0414dee833bdfcccb2115db981225e8027bc5987a36676a7097b6ba8012c2a43fddb270e857460ce93e63a689e16c15b7103e0a999cf4aff","ssdeep":"","tlshash":"62e0ecf72c91893069f93297eb57bb552c1261c72e01b40140445c51a51cf8aca3de99","first_seen":"2025-11-14T15:09:26.831996Z","last_seen":"2026-01-18T16:36:59.131697Z","times_seen":38,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":35,"dns":12,"connect":1,"send":0,"wait":582,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dash-1.xiao222.cc/?u=https://03355.com/\u0026p=/","fqdn":"dash-1.xiao222.cc","domain":"xiao222.cc","tld":"cc"},"ip":{"addr":"38.60.250.187","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:40.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xiao222.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 11 Nov 2025 15:30:15 GMT","end":"Mon, 09 Feb 2026 15:30:14 GMT"},"fingerprint":{"sha1":"85:4D:D8:8E:A9:32:24:3F:81:AD:45:D4:E9:D6:63:BD:59:C1:66:7C","sha256":"4B:6D:31:DF:FB:62:BD:CF:29:05:3B:FE:E9:45:4E:46:F0:18:F0:A1:A7:6D:9B:B7:07:FC:32:09:0F:85:D0:BB"}}},"request":{"raw":"GET /?u=https://03355.com/\u0026p=/ HTTP/1.1\r\nHost: dash-1.xiao222.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://03355.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: no-store, no-cache, must-revalidate\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 12 Dec 2025 18:32:41 GMT\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nlocation: http://www.buakt.cn/?V=03355.com\r\npragma: no-cache\r\nserver: nginx\r\nset-cookie: PHPSESSID=d52fd0374ce519075eec574b33ac3742; path=/; HttpOnly\r\nx-cache: BYPASS, Status: 302\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T15:55:26.931181Z","times_seen":14184276,"resource_available":true,"data":null}},"time_used":1974,"timings":{"blocked":802,"dns":740,"connect":25,"send":0,"wait":361,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-12","alert":"Sinkholed","trigger":"dash-1.xiao222.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.buakt.cn/?V=03355.com","fqdn":"www.buakt.cn","domain":"buakt.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:41.635Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /?V=03355.com HTTP/1.1\r\nHost: www.buakt.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T15:55:26.931181Z","times_seen":14184276,"resource_available":true,"data":null}},"time_used":653,"timings":{"blocked":653,"dns":0,"connect":203,"send":0,"wait":0,"receive":0,"ssl":216},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.buakt.cn/?V=03355.com","fqdn":"www.buakt.cn","domain":"buakt.cn","tld":"cn"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:42.753Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?V=03355.com HTTP/1.1\r\nHost: www.buakt.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 12 Dec 2025 18:32:43 GMT\r\nContent-Type: text/html\r\nLast-Modified: Mon, 29 Sep 2025 15:29:54 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68daa5f2-3b7\"\r\nSet-Cookie: server_name_session=6bb9108b645ad5bbd22fd7f5558143f1; Max-Age=86400; httponly; path=/\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":951,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"4c4f3b1cb14d339b9b3aa3d079bd7d61","sha1":"e99c0ef8f30aba77d80dabb107ea690835de758f","sha256":"3d2b6a1d32029b8c9e1c678102f6d5b416255d79234476d9cb29a222f3f9369c","sha512":"c346a2869b8c827d1d67abba7867749d133d807bba518d80d85d728ffd46baa31425537b710478f56e1987a80bf405045daf56b2aed6c6822bb383cc3f8b380e","ssdeep":"","tlshash":"0111e3a914d3d1c458e302dc5ef29b04a546324bbb87d0443baea0a07f9df0b156f78c","first_seen":"2025-10-16T20:12:48.398034Z","last_seen":"2025-12-12T18:33:09.439605Z","times_seen":3,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":203,"dns":1,"connect":202,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/?v=03355.com","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:43.304Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /?v=03355.com HTTP/1.1\r\nHost: xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.buakt.cn/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T15:55:26.931181Z","times_seen":14184276,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":556,"dns":0,"connect":203,"send":0,"wait":0,"receive":0,"ssl":214},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.buakt.cn/favicon.ico","fqdn":"www.buakt.cn","domain":"buakt.cn","tld":"cn"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.buakt.cn/?V=03355.com","date":"2025-12-12T18:32:43.405Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.buakt.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.buakt.cn/?V=03355.com\r\nCookie: server_name_session=6bb9108b645ad5bbd22fd7f5558143f1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 12 Dec 2025 18:32:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"68b7d4f7-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-25T15:33:53.000599Z","times_seen":256918,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/9420/index.html","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:44.785Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /9420/index.html HTTP/1.1\r\nHost: xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/?v=03355.com\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=ad458904bb04360680d80b86ae1e8a04\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T15:55:26.931181Z","times_seen":14184276,"resource_available":true,"data":null}},"time_used":412,"timings":{"blocked":412,"dns":0,"connect":202,"send":0,"wait":0,"receive":0,"ssl":208},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc/?v=03355.com","fqdn":"xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc","domain":"zt9.cc","tld":"cc"},"ip":{"addr":"168.63.151.129","port":80,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-12T18:32:44.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?v=03355.com HTTP/1.1\r\nHost: xn--srsr4sp2a52ep0mg91anxaf14eea481x.zt9.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.buakt.cn/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 12 Dec 2025 18:32:44 GMT\r\nContent-Type: text/html\r\nLast-Modified: Wed, 29 Oct 2025 11:12:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6901f6ab-13e1\"\r\nSet-Cookie: server_name_session=ad458904bb04360680d80b86ae1e8a04; Max-Age=86400; httponly; path=/\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5089,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (491)","md5":"bce0a17ad002362cd780c1337191358f","sha1":"5f469c73cd8f6e2140f0530dde03f4446630423a","sha256":"325724b2cb9a3c4473ebbda23fb963a38a11da8922444a3af4fa91902275218d","sha512":"ae61c9cdd54e4b4c36aedd04a803a8cf1999515667a852a817bd437bac6d99342cc5394020e35ece46381f10b48e7d0f39aa2e46018b8ddb16398eb5481d95b3","ssdeep":"96:cuIqAFwVLOWeiVJOQtF0fpPMSHKOEdlZWRR/v9o3ShAdL2/Hf0JVNp1l2Gp2FxxE:sKGws69lc9va6c","tlshash":"46b1ef854f50c6360aaae39266dbbf24f223901612c9bc05f72c71109fd8f9e564fdc8","first_seen":"2025-11-02T21:07:09.705651Z","last_seen":"2025-12-12T18:33:09.441733Z","times_seen":5,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":202,"dns":1,"connect":202,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}