{"report_id":"06fd46e7-61ee-4c7b-b81f-6d0c8cdfc000","version":0,"status":"done","tags":[],"date":"2026-06-17T18:40:30Z","url":{"schema":"https","addr":"ellipalfirmwareupdate.live/","fqdn":"ellipalfirmwareupdate.live","domain":"ellipalfirmwareupdate.live","tld":"live"},"ip":{"addr":"172.67.143.26","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ellipalfirmwareupdate.live/","fqdn":"ellipalfirmwareupdate.live","domain":"ellipalfirmwareupdate.live","tld":"live"},"title":"Ellipal Desktop App – Critical Security Update","dom":{"size":2464111,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (38917)","md5":"894cbb0a5a7fa9d39fc3f960b2cdd6de","sha1":"c58d1dfb54257ba69b1bdf4683a52391f7230163","sha256":"e4b4f6847216daa4fc3f65fef429a89d4ff76c9437bf6f3e94d0c0a7001e6b1e","sha512":"15bdb1f920fee4a94506843a9d8fab2cd955f4d2e5c807cf72ed2b65f8cf1192d6b7be1379b71aae20d71145c7315b84c4261575d23f63ef5fe60230fd65652a","ssdeep":"24576:XZqZYZHfFFKfK2BFsU7vBlGC2t2e2D2x34yMS7W4CkxhrWIi7Ai6b82x+cPBQMdy:pEKdFF2862PAz6RyOPFi0iG+6yMdJpW","tlshash":"c4b50124b9b985762c3333b4a7ad74183626e583d80dcda97dec2061dfca7f06c92785","dom_hash":"domhashfba87df66200fe1b2f5dc90d5517f6e9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ellipalfirmwareupdate.live/","fqdn":"ellipalfirmwareupdate.live","domain":"ellipalfirmwareupdate.live","tld":"live"},"ip":{"addr":"172.67.143.26","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-22T18:40:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"ellipalfirmwareupdate.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.ellipal.com","ip":{"addr":"23.227.38.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Canada","country_code":"CA"},"domain_registered":"2018-03-17","domain_rank":997481,"first_seen":"2021-03-24T12:39:41Z","last_seen":"2026-06-17T16:39:13.143868Z","alert_count":0,"request_count":1,"received_data":2794,"sent_data":650,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ellipalfirmwareupdate.live","ip":{"addr":"172.67.143.26","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-17T16:40:15.184889Z","last_seen":"2026-06-17T16:40:15.184889Z","alert_count":1,"request_count":1,"received_data":2499378,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ellipalfirmwareupdate.live/","fqdn":"ellipalfirmwareupdate.live","domain":"ellipalfirmwareupdate.live","tld":"live"},"ip":{"addr":"172.67.143.26","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"33286ff94f986f04221b64404ceb6782","sha1":"cf7598dec50b861e625e19d7473ed2df9152b300","sha256":"c81402569b6fd2536c584d3c88d1bb5e9081d8ce8d499d8a26c0dc70ca6144cc","sha512":"e9790418a63c51047798573ea4d9bfff60a00ff7e1bef6b42e51bc8cb989b2ef53752600ac97f7eb7c6770b4372fd0c436ae3da8ea9dd6ba72a033ecf549d353","ssdeep":"","tlshash":"bd015927222233707cd9d5dca8b6d98e39bb500ae40a0090a08e844c1834bc544f7bdc","size":843,"data":"","first_seen":"2026-06-08T13:08:16.104529Z","last_seen":"2026-07-03T06:12:45.490682Z","times_seen":221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.ellipal.com/cdn/shop/files/elogo_confirm_926e35ff-a91a-40a4-95c7-f909680852b5.png?crop=center\u0026height=32\u0026v=1650533009\u0026width=32","fqdn":"www.ellipal.com","domain":"ellipal.com","tld":"com"},"ip":{"addr":"23.227.38.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ellipalfirmwareupdate.live/","date":"2026-06-17T18:40:05.062Z","timestamp":1781721605062,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ellipal.com","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 04:14:03 GMT","end":"Fri, 28 Aug 2026 04:14:02 GMT"},"fingerprint":{"sha1":"A0:0E:F0:FE:AE:97:2E:5A:6A:79:5B:76:6F:4B:F3:C0:6E:79:65:13","sha256":"86:31:B9:B5:47:13:D2:E7:BF:AE:F6:4E:0B:5C:58:7B:DB:56:57:03:B2:EF:AE:21:72:7C:F5:6F:5F:35:EF:48"}}},"request":{"raw":"GET /cdn/shop/files/elogo_confirm_926e35ff-a91a-40a4-95c7-f909680852b5.png?crop=center\u0026height=32\u0026v=1650533009\u0026width=32 HTTP/1.1\r\nHost: www.ellipal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ellipalfirmwareupdate.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Wed, 17 Jun 2026 18:40:05 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1566\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ncache-control: public, max-age=31557600\r\nlast-modified: Mon, 15 Jun 2026 10:25:19 GMT\r\nage: 4202464\r\nserver-timing: imagery;dur=212.070, imageryFetch;dur=184.030, imageryProcess;dur=27.215;desc=\"image\"\r\nsource-length: 5988\r\nsource-type: image/png\r\ntiming-allow-origin: *\r\nvary: Accept\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iDCQL165iRSsKEsFKudTtn%2FJphejYVLBo42DxdMqbQUMFa0JzOmZu%2FPTsfRNSORCOGTzlCVtPl0VqqeenKoGC%2Bhk5MfVGvOzFz1X85gwN%2FsAukn4I4mLNZb72lLOHzfPWA%3D%3D\"}]}\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nx-permitted-cross-domain-policies: none\r\nx-dc: gcp-us-east1,gcp-us-east1\r\nx-request-id: 903f6439-8451-41b0-adbb-b8daac169770-1777519139\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nx-download-options: noopen\r\ncf-ray: a0d42e402f1956a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1566,"size_decoded":2794,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"33cc338bd973e0e2d27402b534278f39","sha1":"99975bef016ff6d1524e520103829bfad52c1ba7","sha256":"360401ef7b1274fb562d9b8864010493cf64ae2dca7b51008c05b9ce327bab03","sha512":"a108d75f13490cc8b82e54e22f251c1a135ff0b658319f678202e58feeb8486ebe1ea4f7688f37abe4bd6e98b6fc79f3c984ce5b7ba047b101f193ef38ac7569","ssdeep":"","tlshash":"7a31b673e3029f40c08271f8bed72f58eb1539258b19cb9a330883461f316d18dae484","first_seen":"2025-07-06T12:49:59.435318Z","last_seen":"2026-06-17T18:40:32.141896Z","times_seen":12,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":53,"connect":3,"send":0,"wait":25,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ellipalfirmwareupdate.live/","fqdn":"ellipalfirmwareupdate.live","domain":"ellipalfirmwareupdate.live","tld":"live"},"ip":{"addr":"172.67.143.26","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-17T18:40:04.146Z","timestamp":1781721604146,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ellipalfirmwareupdate.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Jun 2026 11:40:42 GMT","end":"Wed, 09 Sep 2026 12:38:26 GMT"},"fingerprint":{"sha1":"ED:6F:C5:FA:0B:57:8C:8A:EA:7D:52:51:27:F6:2E:1E:32:D5:7D:E2","sha256":"9B:DA:36:B4:98:0D:91:12:30:19:75:32:5F:F3:E6:42:90:8E:29:2E:AB:2B:0B:E2:5D:04:31:3E:5E:33:E4:AE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ellipalfirmwareupdate.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 17 Jun 2026 18:40:04 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 11 Jun 2026 12:19:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\nage: 7215\r\npriority: u=0,i\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UTy%2BQRP5SO2IGcWTpvi85rySl9Mh%2FeeGEWqtjeYUEmbdscJg7mlOKEw%2FQobTOlaOexIUgDw10K7%2BoInyxrPd5Dnai0z9yiULFeNTyY%2BRZW7bGiOLxAfgUs%2BevtJ7II%2B6sHwwl7fTu8zWZRup6g%3D%3D\"}]}\r\ncf-ray: a0d42e3a88500b45-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2498458,"size_decoded":1149798,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (38905)","md5":"71ab1531e78d4cd5ada0ee71a5c17107","sha1":"f2279bfe656e9bffc50094fdddbd994d3dbf0d1c","sha256":"3486b5cc7693beca8fdaf719f3a234acb430e1f1e13b1fc88fa6dae7da2c7ad7","sha512":"33eab04897e2a6a7e6fc6a60859a1b041b057f6dbe1c8146b01eaa1e41b68fd40ab6d5fcdb0fc494ff2d2bab22e960a3974dde02b5cef6db63bf32a6a8a1a59f","ssdeep":"12288:bk/2Onk//2Onhm/2On+QFZzBFhFcxSQFZoBHb2cx8ETgkC5myI7rqRKTgkC5mzID:oZqZYZHfFFKfK2BFsU7vBlGC2t2eo","tlshash":"76252330cb641563986313c5ba39fcb5ad1b0b53088485b927be389e98dff61355336e","first_seen":"2026-06-17T16:40:19.556571Z","last_seen":"2026-06-17T18:40:32.143518Z","times_seen":2,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":72,"connect":18,"send":0,"wait":35,"receive":192,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"ellipalfirmwareupdate.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}
