{"report_id":"fc2d50c1-1c5d-4816-8399-39b503636882","version":6,"status":"done","tags":[],"date":"2026-03-03T06:52:05Z","url":{"schema":"http","addr":"apmarket.tt286.com/","fqdn":"apmarket.tt286.com","domain":"tt286.com","tld":"com"},"ip":{"addr":"116.162.210.150","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"apmarket.tt286.com/","fqdn":"apmarket.tt286.com","domain":"tt286.com","tld":"com"},"title":"apmarket.tt286.com/","dom":{"size":20607,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (20607), with no line terminators","md5":"0b560c4aff58cf57aa21e7214fea7961","sha1":"bb00e703c7a388031a1e85ccd523389c53af0615","sha256":"8383ba6a628548ed8a938f8fdfa8e74553cd0b4396d834d8b991652af9b3bba2","sha512":"1973e11937239ba8323bf0065d40b470cb2d85dbdd9e133bc7124c55a752f619d171acc10668e8741e5921aa5a2b69282d368803fff6d8872cc25a26a04d0c53","ssdeep":"96:H5rZrLDbV+CZXUgpk5POtQw07/4P4lHFjqGZSTEZPlSTIY/STWmFSTtDySTsArSO:3Db9X04P4lHFjEMUOKpEO","tlshash":"2d92aee17dd28c35e54516c8e0f0ea29a1c3f69fdce2d884eed502f827da994750d2a8","dom_hash":"domhash9de818305cdf857c1d472a574d176af4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"apmarket.tt286.com/","fqdn":"apmarket.tt286.com","domain":"tt286.com","tld":"com"},"ip":{"addr":"116.162.210.150","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T06:52:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"apmarket.tt286.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"apmarket.tt286.com","ip":{"addr":"119.36.124.159","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2014-06-17","domain_rank":0,"first_seen":"2025-08-19T09:43:17.490898Z","last_seen":"2025-10-06T21:35:53.534165Z","alert_count":2,"request_count":2,"received_data":1725,"sent_data":890,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"apmarket.tt286.com/","fqdn":"apmarket.tt286.com","domain":"tt286.com","tld":"com"},"ip":{"addr":"119.36.124.159","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T06:51:43.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tt286.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 28 Mar 2025 00:00:00 GMT","end":"Fri, 27 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:36:37:39:4F:50:78:C7:88:DF:0E:05:8D:AF:5B:62:7B:D1:3B:48","sha256":"9B:A6:CC:1A:30:EC:FE:CA:90:DD:0E:52:E1:12:CB:D1:BF:D6:3F:2B:F8:4B:70:66:03:A4:E4:2D:4C:88:16:6F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: apmarket.tt286.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: Byte-nginx\r\nContent-Type: application/json\r\nContent-Length: 215\r\nConnection: keep-alive\r\nDate: Tue, 03 Mar 2026 06:51:45 GMT\r\nVia: cache66.jnmp,cache04.hbxtcu02\r\nX-Bdcdn-Cache-Status: TCP_MISS,TCP_MISS\r\nX-Exception-Info: O2|403\r\nX-Request-Id: eae4942d15b162508f1e8f1d1b379590\r\nX-Request-Ip: 91.90.42.154\r\nX-Response-Cache: miss\r\nX-Response-Cinfo: 91.90.42.154\r\nX-Tos-Cs-Type: CDN\r\nX-Tos-Ec: 0003-00000013\r\nX-Tos-Id-2: 29e01a685018db069a68501-b9d27ac-1vxJbd-LB-cb-tos-1az-front-azc-1\r\nX-Tos-Request-Id: 29e01a685018db069a68501-b9d27ac-1vxJbd-LB-cb-tos-1az-front-azc-1\r\nX-Tos-Server-Time: 4\r\nX-Tt-Trace-Tag: id=5\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":215,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"75a815eff7a359089aaddbda115c4d23","sha1":"6793e83f91421b43589a1e9be71b126cd2df25db","sha256":"79712cef3c91e1554c98698e3252486132c24f16d4678f624851f7bdd76261a7","sha512":"22af84250e9c06e45341f2821e46194341dfeca23da3fae649008d9314ffbad9ef881e2afa46a2a01341a83cd4c335f874ff0ad2c55da288c2f00f41ed1fb9de","ssdeep":"","tlshash":"c2d0223ee50a0db9b74ace333a28f041322430302b9403c851fe607a05801e56202a8a","first_seen":"2026-03-03T06:52:20.707386Z","last_seen":"2026-03-03T06:52:20.707386Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3660,"timings":{"blocked":1617,"dns":780,"connect":277,"send":0,"wait":426,"receive":0,"ssl":557},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"apmarket.tt286.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"apmarket.tt286.com/","fqdn":"apmarket.tt286.com","domain":"tt286.com","tld":"com"},"ip":{"addr":"119.36.124.159","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T06:51:45.466Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: apmarket.tt286.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: Byte-nginx\r\nContent-Type: application/json\r\nContent-Length: 216\r\nConnection: keep-alive\r\nDate: Tue, 03 Mar 2026 06:51:45 GMT\r\nVia: cache40.jnmp,cache07.hbxtcu02\r\nX-Bdcdn-Cache-Status: TCP_MISS,TCP_MISS\r\nX-Exception-Info: O2|403\r\nX-Request-Id: ae4e09c6a137f011736bf786176240c1\r\nX-Request-Ip: 91.90.42.154\r\nX-Response-Cache: miss\r\nX-Response-Cinfo: 91.90.42.154\r\nX-Tos-Cs-Type: CDN\r\nX-Tos-Ec: 0003-00000013\r\nX-Tos-Id-2: cc7101a68501ba4169a68501-b29f6a4-1vxJbd-LB-cb-tos-1az-front-azc-1\r\nX-Tos-Request-Id: cc7101a68501ba4169a68501-b29f6a4-1vxJbd-LB-cb-tos-1az-front-azc-1\r\nX-Tos-Server-Time: 0\r\nX-Tt-Trace-Tag: id=5\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":216,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"3f57dd68326333f8482e5f0545799874","sha1":"997d7cedd91feae80569e62722a91658d6f10128","sha256":"eb8beea1bf5888f35f779afe48bee10aa188f6d014361ad12631d9f9ac92f06f","sha512":"09efa4e80a5a2cf776efe1e5a8922bf1222430f6da5d8f82ff59e9e41d2cb09108ab13e5872a0077e66ce81e42e65437d57a55d9960f18bd533b3de2f6da66fa","ssdeep":"","tlshash":"e6d0227f7c4a0cf8b327c6cf3e1ef100662831a0af8402d4a5ee70b802440d82a13691","first_seen":"2026-03-03T06:52:20.708718Z","last_seen":"2026-03-03T06:52:20.708718Z","times_seen":1,"resource_available":true,"data":null}},"time_used":834,"timings":{"blocked":263,"dns":1,"connect":265,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"apmarket.tt286.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}