{"report_id":"e838a53a-4159-40b7-b595-cec8d56118e6","version":6,"status":"done","tags":[],"date":"2025-12-08T19:55:58Z","url":{"schema":"http","addr":"448256v.cc:51366/wp-content/plugins/","fqdn":"448256v.cc","domain":"448256v.cc","tld":"cc"},"ip":{"addr":"34.96.239.249","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"http","addr":"448256v.cc:51366/wp-content/plugins/","fqdn":"448256v.cc","domain":"448256v.cc","tld":"cc"},"title":"400 The plain HTTP request was sent to HTTPS port","dom":{"size":240,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"42833d5fc4aeda83277af69ba4b6acb0","sha1":"5c4427c404f59893fa89ecb026f16569f5a8adae","sha256":"0a1173e1c27b800e9590c989faf236fbc65fb0f1758f18b56664fa819bc6bbe4","sha512":"cdd9adaf29a0920cefac7c9dee7475796cfb7c09ca4dc547034176fe40b976e41861f57e9fba1e86b1b7049e863503609d224b56334bb41e24bbf3ceff3342b0","ssdeep":"","tlshash":"90d05e9628d23501941343245bc77640e5e2c276a58d8aa40483cbc724cb44fc582bd0","dom_hash":"domhash4f9f328ae0806ebc90a665e0a84580b7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"448256v.cc:51366/wp-content/plugins/","fqdn":"448256v.cc","domain":"448256v.cc","tld":"cc"},"ip":{"addr":"34.96.239.249","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-12T19:55:58Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"448256v.cc","ip":{"addr":"34.96.239.249","port":51366,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-06-10","domain_rank":0,"first_seen":"2025-12-08T19:55:58.626523Z","last_seen":"2025-12-08T19:55:58.626523Z","alert_count":4,"request_count":2,"received_data":788,"sent_data":796,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"448256v.cc:51366/favicon.ico","fqdn":"448256v.cc","domain":"448256v.cc","tld":"cc"},"ip":{"addr":"34.96.239.249","port":51366,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://448256v.cc:51366/wp-content/plugins/","date":"2025-12-08T19:55:37.090Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 448256v.cc:51366\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://448256v.cc:51366/wp-content/plugins/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Mon, 08 Dec 2025 19:55:37 GMT\r\nContent-Type: text/html\r\nContent-Length: 249\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"089812d1231b4c87144861b2952e0cf4","sha1":"5cff3b491c25c00bebf4d0537882e25ddc8a3536","sha256":"815b9bc98edc164a595a80d5a546fe175adda8dfb3bbf8ba67e1fe5280ac8da2","sha512":"234facfbc44781d2ef360c6fcfe3062322031db62183d4dddd5efc5555643fb0aaf8fd17c89d5028750362171af082338cc937bef89ef895d0984c4473a74425","ssdeep":"","tlshash":"bcd05ea629c23d09806363385bc7b550e1f39271a6ad5aa50481cb8725cb04e4bc2bd1","first_seen":"2025-08-09T21:40:42.700719Z","last_seen":"2026-04-08T08:31:28.782398Z","times_seen":712,"resource_available":true,"data":null}},"time_used":464,"timings":{"blocked":-1,"dns":1,"connect":231,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"448256v.cc:51366/wp-content/plugins/","fqdn":"448256v.cc","domain":"448256v.cc","tld":"cc"},"ip":{"addr":"34.96.239.249","port":51366,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-08T19:55:36.076Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /wp-content/plugins/ HTTP/1.1\r\nHost: 448256v.cc:51366\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Mon, 08 Dec 2025 19:55:36 GMT\r\nContent-Type: text/html\r\nContent-Length: 249\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"089812d1231b4c87144861b2952e0cf4","sha1":"5cff3b491c25c00bebf4d0537882e25ddc8a3536","sha256":"815b9bc98edc164a595a80d5a546fe175adda8dfb3bbf8ba67e1fe5280ac8da2","sha512":"234facfbc44781d2ef360c6fcfe3062322031db62183d4dddd5efc5555643fb0aaf8fd17c89d5028750362171af082338cc937bef89ef895d0984c4473a74425","ssdeep":"","tlshash":"bcd05ea629c23d09806363385bc7b550e1f39271a6ad5aa50481cb8725cb04e4bc2bd1","first_seen":"2025-08-09T21:40:42.700719Z","last_seen":"2026-04-08T08:31:28.782398Z","times_seen":712,"resource_available":true,"data":null}},"time_used":1623,"timings":{"blocked":703,"dns":486,"connect":217,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"448256v.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}