{"report_id":"0ba9bce3-f662-4978-9dd8-76facdf57cdb","version":6,"status":"done","tags":[],"date":"2025-11-07T14:11:28Z","url":{"schema":"http","addr":"zlyer-cdn-comps-en.bigeyes.com/","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"zlyer-cdn-comps-en.bigeyes.com/","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"title":"403 Forbidden","dom":{"size":182,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8768c9119530429a29694b62c3398ed6","sha1":"97380c0418df1b0119a588fa11a112a26e901e21","sha256":"6bc6ef2d60ba905d77dc3484e663ba7b6106bb3e66682a64f35c03b8f9caa2a5","sha512":"48e1d6f247b877d86f1ef89f49dedc836ad63017077b0e78c7693a35557bece84b9d1c1fa154ef24f3e754cc18451360e344bcab2923273b4e6b0989998b15e8","ssdeep":"","tlshash":"cdc0805fe69e111e5f5357d4599f2bd0b554531475934c84ff0584cbd00087ed11b55c","dom_hash":"domhashbff6f9baafe2112e931551a0c1321140","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"zlyer-cdn-comps-en.bigeyes.com/","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-12T14:11:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"zlyer-cdn-comps-en.bigeyes.com","ip":{"addr":"89.222.119.81","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2000-02-03","domain_rank":5727425,"first_seen":"2025-02-12T17:01:03.895663Z","last_seen":"2025-09-14T01:16:25.235322Z","alert_count":6,"request_count":3,"received_data":2606,"sent_data":1465,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"zlyer-cdn-comps-en.bigeyes.com/","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T14:11:06.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bigeyes.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Thu, 03 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:77:44:24:13:F5:39:D9:D3:2E:50:F7:96:29:83:49:63:54:5C:48","sha256":"62:D1:8A:2A:35:C1:CA:D3:11:DD:3A:4A:9C:72:81:10:F3:65:DF:0C:F4:E8:C3:18:59:97:5B:C9:CA:60:10:16"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zlyer-cdn-comps-en.bigeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html\r\ncontent-length: 238\r\naccess-control-allow-origin: *\r\nali-swift-global-savetime: 1762524666\r\ndate: Fri, 07 Nov 2025 14:11:06 GMT\r\neagleid: a3b5fe9617625246662603885e\r\nhittype: TCP_MISS\r\ntiming-allow-origin: *\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-exception-info: O2|403\r\nx-swift-cachetime: 0\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Fri, 07 Nov 2025 14:11:06 GMT\r\nx-tengine-error: You are forbidden to list buckets\r\nstrict-transport-security: max-age=31536000\r\nserver: Zen\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"f9fe2e9a4770fe7ef4eebdbd6385299d","sha1":"f7fa02b5871bbc37c01ef7d10a1612e771cc8eb7","sha256":"6e1c38d044037281bc69275855c2951880dcf534f456035d0276a244a4a8c81f","sha512":"446dc05ab46dddd1294f3ef2fbcc21907541eb8ec7e2e07335fa7e4002a444dc31b08b4841e5db5513f0e1fa49ca10c5d7244fc2de0743515f2473313f4904b7","ssdeep":"","tlshash":"e7d0a7bee64e2c1d57a362f425c76ae070652390779318c87e04a043664047d860f61d","first_seen":"2023-04-08T14:38:15Z","last_seen":"2026-05-28T08:09:29.846671Z","times_seen":2501,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zlyer-cdn-comps-en.bigeyes.com/favicon.ico","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zlyer-cdn-comps-en.bigeyes.com/","date":"2025-11-07T14:11:06.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bigeyes.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Thu, 03 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:77:44:24:13:F5:39:D9:D3:2E:50:F7:96:29:83:49:63:54:5C:48","sha256":"62:D1:8A:2A:35:C1:CA:D3:11:DD:3A:4A:9C:72:81:10:F3:65:DF:0C:F4:E8:C3:18:59:97:5B:C9:CA:60:10:16"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: zlyer-cdn-comps-en.bigeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zlyer-cdn-comps-en.bigeyes.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: application/xml\r\ncontent-length: 380\r\naccess-control-allow-origin: *\r\nali-swift-global-savetime: 1762524666\r\ndate: Fri, 07 Nov 2025 14:11:06 GMT\r\neagleid: 9b66a7a217625246663974059e\r\nhittype: TCP_MISS\r\ntiming-allow-origin: *\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-exception-info: O2|404\r\nx-oss-cdn-auth: success\r\nx-oss-ec: 0026-00000001\r\nx-oss-request-id: 690DFDFA26FAD732337E7CB8\r\nx-oss-server-time: 2\r\nx-swift-cachetime: 0\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Fri, 07 Nov 2025 14:11:06 GMT\r\nstrict-transport-security: max-age=31536000\r\nserver: Zen\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":380,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"d6cc93ca8ea2c4d573f8c092b33933e8","sha1":"83478f5a8359ef8099ab99d29aa77ba3a2abe6ec","sha256":"64609c82fce438c62899ea43ae1a3c9a611b3464c0a29819043c47bba2859027","sha512":"d31a5c1e06d80d5a899d978e47d4922f76cfce3b020026150bedb1480b70a326e838bc8743f11072b622a02aa9d7df89b999cda3c979530737fe7cc771a2a584","ssdeep":"","tlshash":"0de06822d390d015cac4052a9927ff4092a1f5fb27d0863c169a45e22598ae24ddba04","first_seen":"2025-11-07T14:11:30.666153Z","last_seen":"2025-11-07T14:11:30.666153Z","times_seen":1,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":595,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zlyer-cdn-comps-en.bigeyes.com/","fqdn":"zlyer-cdn-comps-en.bigeyes.com","domain":"bigeyes.com","tld":"com"},"ip":{"addr":"89.222.119.81","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-07T14:11:05.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bigeyes.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Thu, 03 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:77:44:24:13:F5:39:D9:D3:2E:50:F7:96:29:83:49:63:54:5C:48","sha256":"62:D1:8A:2A:35:C1:CA:D3:11:DD:3A:4A:9C:72:81:10:F3:65:DF:0C:F4:E8:C3:18:59:97:5B:C9:CA:60:10:16"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zlyer-cdn-comps-en.bigeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html\r\ncontent-length: 238\r\naccess-control-allow-origin: *\r\nali-swift-global-savetime: 1762524666\r\ndate: Fri, 07 Nov 2025 14:11:06 GMT\r\neagleid: a3b5fea517625246661202604e\r\nhittype: TCP_MISS\r\ntiming-allow-origin: *\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-exception-info: O2|403\r\nx-swift-cachetime: 0\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Fri, 07 Nov 2025 14:11:06 GMT\r\nx-tengine-error: You are forbidden to list buckets\r\nstrict-transport-security: max-age=31536000\r\nserver: Zen\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"f9fe2e9a4770fe7ef4eebdbd6385299d","sha1":"f7fa02b5871bbc37c01ef7d10a1612e771cc8eb7","sha256":"6e1c38d044037281bc69275855c2951880dcf534f456035d0276a244a4a8c81f","sha512":"446dc05ab46dddd1294f3ef2fbcc21907541eb8ec7e2e07335fa7e4002a444dc31b08b4841e5db5513f0e1fa49ca10c5d7244fc2de0743515f2473313f4904b7","ssdeep":"","tlshash":"e7d0a7bee64e2c1d57a362f425c76ae070652390779318c87e04a043664047d860f61d","first_seen":"2023-04-08T14:38:15Z","last_seen":"2026-05-28T08:09:29.846671Z","times_seen":2501,"resource_available":true,"data":null}},"time_used":589,"timings":{"blocked":268,"dns":146,"connect":22,"send":0,"wait":51,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-07","alert":"Sinkholed","trigger":"zlyer-cdn-comps-en.bigeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}