{"report_id":"dbd10405-0209-4ecc-8238-7db9ff88601f","version":6,"status":"done","tags":[],"date":"2025-11-26T10:37:36Z","url":{"schema":"http","addr":"click2prize.com","fqdn":"click2prize.com","domain":"click2prize.com","tld":"com"},"ip":{"addr":"43.166.254.239","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"click2prize.com/","fqdn":"click2prize.com","domain":"click2prize.com","tld":"com"},"title":"Welcome！","dom":{"size":600,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3140193f6ac31a8dd6c408b3fd0d59c5","sha1":"c81f832655d65a1823ddf52e045d8cd4b9db4d30","sha256":"3dd65b9390ec7f2ed32f2bbb279ab6a4e26359734490782b48fa4948e8062e17","sha512":"779840953642c11462921ecf0916d4a7b64a340a880f3a4c85a68152a18e3575e5c652f6768bcbf73916800a3689e87888c07d7fc571078d268b6443f7488946","ssdeep":"","tlshash":"10f05c2a49f29100b41390b84efa7b442f94e107d34edd447e4c6164ef4da43cc6335c","dom_hash":"domhashed75f013c70bc2c7a97556ae3d2d4b18","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"click2prize.com","fqdn":"click2prize.com","domain":"click2prize.com","tld":"com"},"ip":{"addr":"43.166.254.239","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-31T10:37:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-26","alert":"Phishing - Amazon.com Inc.","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"Amazon.com Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-26","alert":"Phishing Block","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"click2prize.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"click2prize.com","ip":{"addr":"43.166.254.239","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2025-08-04","domain_rank":6783644,"first_seen":"2025-08-28T03:36:54.563234Z","last_seen":"2025-11-25T06:24:54.518524Z","alert_count":6,"request_count":2,"received_data":1356,"sent_data":921,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"click2prize.com/","fqdn":"click2prize.com","domain":"click2prize.com","tld":"com"},"ip":{"addr":"43.166.254.239","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T10:37:15.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.click2prize.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 07:59:09 GMT","end":"Sun, 04 Jan 2026 07:59:08 GMT"},"fingerprint":{"sha1":"87:A9:08:F2:DC:BB:2C:B7:A8:D4:E4:A2:7F:80:9B:6C:FF:40:51:47","sha256":"F1:37:65:6C:C0:83:87:FC:FC:4F:03:68:96:29:E4:53:AE:26:C5:21:69:99:5F:CD:5E:A3:B4:AD:9E:4A:FE:35"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: click2prize.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 26 Nov 2025 10:37:15 GMT\r\ncontent-type: text/html\r\ncontent-length: 617\r\nlast-modified: Fri, 14 Nov 2025 06:56:54 GMT\r\netag: \"6916d2b6-269\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":617,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"11a10c622f532c7d1f146e1e1b403c45","sha1":"a64aa892949e9c4ee9fbde8a4f843b848d8d6c56","sha256":"e0d9232874fb58d3a4967eb2353808138743a40e8a6e2f5615217975829a0683","sha512":"efce59f03947346aa374ecdd8b8f15adc5e0a3f46e719d21f962d01d2fdb543edcefc4788906156743b9fbf12bc03db52699391032051ea7c7eb56bfadd4443d","ssdeep":"","tlshash":"acf05c2a49f29100701390b85efa7b442f91e207d68e9d443e4da174ef8da43dc6735c","first_seen":"2025-11-26T10:37:38.078152Z","last_seen":"2026-02-01T11:38:00.219043Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1571,"timings":{"blocked":735,"dns":520,"connect":100,"send":0,"wait":100,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-26","alert":"Phishing - Amazon.com Inc.","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"Amazon.com Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-26","alert":"Phishing Block","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"click2prize.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"click2prize.com/favicon.ico","fqdn":"click2prize.com","domain":"click2prize.com","tld":"com"},"ip":{"addr":"43.166.254.239","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://click2prize.com/","date":"2025-11-26T10:37:16.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.click2prize.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 07:59:09 GMT","end":"Sun, 04 Jan 2026 07:59:08 GMT"},"fingerprint":{"sha1":"87:A9:08:F2:DC:BB:2C:B7:A8:D4:E4:A2:7F:80:9B:6C:FF:40:51:47","sha256":"F1:37:65:6C:C0:83:87:FC:FC:4F:03:68:96:29:E4:53:AE:26:C5:21:69:99:5F:CD:5E:A3:B4:AD:9E:4A:FE:35"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: click2prize.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://click2prize.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 26 Nov 2025 10:37:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"687f29dd-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-05-02T16:16:05.897818Z","times_seen":259436,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"click2prize.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-26","alert":"Phishing Block","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-26","alert":"Phishing - Amazon.com Inc.","trigger":"click2prize.com","verdict":"phishing","severity":"medium","comment":"Amazon.com Inc.","link":"https://openphish.com/","meta":null}],"urlquery":null}}]}