{"report_id":"0bee0e43-2890-4058-80f1-ac08e5aa772e","version":0,"status":"done","tags":[],"date":"2026-06-22T10:20:02Z","url":{"schema":"http","addr":"app-heyaura.xyz","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"172.67.152.134","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"app-heyaura.xyz/","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"title":"ADX Staking Migration │ heyAura","dom":{"size":213394,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (32658)","md5":"4090146a93cb5b9e4b83cf7fca1432b5","sha1":"38320979bd272aaa61ca7864e805f7ea7454c721","sha256":"14198135fd872db7dc612fbb4bfc88ece89cc72de7730436c6cf0a8700d82be2","sha512":"abee75729a5e87173d3b2f9c1c72d8f6b7f84855540c8eb9aaf042da3d9ab064c4094e97b2140795eb7879f948e09116e4a3f63f663b96a47b2a1c2bc235cccd","ssdeep":"1536:PkyODyJxvX98PndnmGyw5YjyjsENHgxVq0PtVdFe1f0jX54AJ1t1gG5v53tANfWX:PRvX9UnmsXR524AJGG5jF0Kj","tlshash":"cb24a806f9b16577471719ab031bfeede9a2ae838454db58f13b0804af8cdeb3952503","dom_hash":"domhash5f66cbc6b304547cae20617e9a7bad30","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"app-heyaura.xyz","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"172.67.152.134","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-27T10:20:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"app-heyaura.xyz","ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-06-14","domain_rank":0,"first_seen":"2026-06-22T10:20:03.216391Z","last_seen":"2026-06-22T10:20:03.216391Z","alert_count":16,"request_count":8,"received_data":2207396,"sent_data":3943,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"app-heyaura.xyz/symbol_on_dark-ChGNN6jO.svg","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.232Z","timestamp":1782123578232,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /symbol_on_dark-ChGNN6jO.svg HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=5,i\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gADnPpi5uq%2BAW6N1B%2FTOVpZ1zeCjDfhuOLCGOTWO25RlqFAy4s4ybSn75Hk1EERI706TJ%2BUeyqHoV9%2Fen0nHXGo9nbf9U8Q01eFJx4ijeLMep%2Bf4Yz48l0anBheCvjuNUak%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\netag: W/\"6a2dfe7a-10f936\"\r\ncf-ray: a0fa840bfc200731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1112374,"size_decoded":827462,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fc57929f6294a01a4da87818fdd12d43","sha1":"e0acc807992ac059c73782c63137ba84e3030cdd","sha256":"0e1f15d7233b3661664c6d4ae9e6a7a3758d38fa62690ec74e4c345653f7294f","sha512":"c3899cab054c1acd4aca966c630bab9fb79a67bc428d1788655b57c09d339eba4a793326d9409f3cd6f04b48d639384bdc6f1857e86469fe8298ec383b008f4a","ssdeep":"24576:6z2RPorKIfO3oU/XN98zqFeY2iSisYwgrCWR+RUw:6iForYE+HrwV","tlshash":"d82523b47caf6c662a68403eb61b084c3e749debc44442dfa69939a3b14d71858f7df0","first_seen":"2026-06-22T10:20:06.545022Z","last_seen":"2026-06-22T10:20:28.598853Z","times_seen":2,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":163,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/heyAura_wordmark_on_dark-k3_OFea7.svg","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.234Z","timestamp":1782123578234,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /heyAura_wordmark_on_dark-k3_OFea7.svg HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eP1tqCYL8qh0UVhT7ufptRD8OMbEro1TqovhdaUpSYHTw0%2B89KBEPEDw8KGKo%2Fw9Kjjj4jBmxSYr5yA3kK%2BMBB1KBfsO7Mlee0w3Fj38Hj3dBUYcMiubEmMIXGfqB34N8c4%3D\"}]}\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\npriority: u=5,i\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\netag: W/\"6a2dfe7a-11be\"\r\ncf-ray: a0fa840bfc260731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4542,"size_decoded":2938,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"efdc00e78f466f6ab4c6d4d4173b1b0b","sha1":"9b6a2d18478952ddb1545ae86171494cbe0d88d5","sha256":"b7a025f02bd1e1e7398cb9eb95526a7bf43b0832ea213b89fabbadc309a1fde6","sha512":"676b212285ba471fb4049ea48aaf9544987148b23b562af6a2e2bda6aa24aa04bddcb0b0dd01e4a484a77b3e069fe82f16d3966f32b5fdd6f82ac9238fd390ee","ssdeep":"96:mUOczG4bKZNAZHniABeBzFhqh3yFPFlZEdYnFxXhoQho:m3NAZCkedzqdWPudYnbRho","tlshash":"689195f962d2a2f4a405f7b9cc2641a4bd6e3cfefb16c6d4c3447ea496251168c4ccd0","first_seen":"2026-06-22T10:20:06.547259Z","last_seen":"2026-06-22T10:20:28.600551Z","times_seen":2,"resource_available":false,"data":null}},"time_used":662,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":662,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/token.png","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.235Z","timestamp":1782123578235,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /token.png HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: image/png\r\npriority: u=5,i\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\netag: \"6a2dfe7a-52a2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fatAptfI0DjEHW7aCpG7otZthKi%2Bkxr1EE4ivJy5agbL8TOtGSuIxHEqqCUX7ijst0mqhlsFl%2BInny%2FHSu%2F6m5AnQ5AvmRAE7WKnK29LsWSklKmP8s%2BNsX8bg9eUoA4H0Ho%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-length: 21154\r\ncf-ray: a0fa840bfc290731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21154,"size_decoded":22083,"mime_type":"image/png","magic":"PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced","md5":"ff5c085fe1f1147438cd2d268261e7cb","sha1":"cec70f9f1cd19eff5cad55dee35805c4c53fe3b1","sha256":"b04b9959b687af0998e89ee8572b2be267d9fda2ee0b9c9a12ec7bed4a6dd65a","sha512":"2512824bfbe210bb2b73b77384a95a8af4643addc8caf2049379cabd60e7decc8a6c4cee1fee4b05cd290e3dfc82163e03ab7d7d447e6babf28dc832cb6d9a42","ssdeep":"384:SmoLkQUMxRDmY4nSuU+Jbm/NyGe4FGF98YN7CTh4PYD/XT537Q:KLkQzxRDmYMY/IGZiZCN4PET537Q","tlshash":"c692e1aaf594762d40cae590b7c067a22ca4efc25f4ddd5c89cc0564e4e6382df239cd","first_seen":"2026-06-22T10:20:06.549243Z","last_seen":"2026-06-22T10:20:28.602066Z","times_seen":2,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/favicon.svg","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.679Z","timestamp":1782123578679,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R5aKwTswdPs74FNZGnn6OHaS3CpH30UJLLdLkn7fYSi7Tdcmgk78FWKDJ6lzZyBDWrnLAt3PsTiWSreJSZtTSyv61D6p0p6joqNiNvYDw2vI4PUey9%2Fbv4zzqLZ3wDG1pwQ%3D\"}]}\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\npriority: u=6,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\netag: W/\"6a2dfe7a-8e4dc\"\r\ncf-ray: a0fa840ecc8c0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":582876,"size_decoded":433159,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"06c755508f5aa00249508d681f38d430","sha1":"f3c1fab94ee06dbb035fe8a68cb368c0917e29c4","sha256":"9baf738919eb8ea6e403003908c32def83ecf9e9c4b91b214877c9eba070b524","sha512":"881accfc5165096ae37daee2ed0a5c3a1af870114546c7829689666e06cb03ef7a159640ece610ba744f0778218e59ebe135c8fce98a5a7b0e48786afaa41a36","ssdeep":"12288:o6GNfd2UPCuhGgKj/Dp8kyjjiziNAfCSW0MDd7OfGjdUwWBDdQGhyMN:NG6U6AizDp8ezi2lWXtwBDVdN","tlshash":"f8c42338587cfe4acfa88c26a6a64c0e9efd7fbe343535e5e19234f74197450402ae61","first_seen":"2026-06-22T10:20:06.551483Z","last_seen":"2026-06-22T10:20:28.603505Z","times_seen":2,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":190,"receive":135,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-22T10:19:37.707Z","timestamp":1782123577707,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:37 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\npriority: u=0,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PkSAIX5t5RKdZ9OD9bZd7LwKSvpeuQLfUUgU44RYV6g6yDYCay7a6MjioXaUN4t6NYpNdxgTDwPANiG0mqHtW1cNemcsUxlR6KD%2FAdbHnGXZA7b7ZvoKi3LRO20MPc5brrw%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0fa84092bc90731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":213411,"size_decoded":24526,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (32643)","md5":"d2e635f69bcc1c3805c392914631d937","sha1":"171ec6b36e0c8833af859904f38da40e72d8d285","sha256":"923af65f85d154ca78be381d87fe2d54ce7cffad676af32615b2e1bbfd15fb81","sha512":"3899d53b7b55f4b3eefc9889f5a543e777c39bc20902604b51a68d12af086cd52b11f83399bf19ec22bc58f56ec9168c2d0498655e26a9ef4aa232af1c8c5f4c","ssdeep":"1536:/kyODyJxvX98PndnmGyw5YjyjsENHgxVq0PtVdFe1f0jX54AJ1t1gG5v53tANfWX:/RvX9UnmsXR524AJGG5jF0Kj","tlshash":"7824a806f9b16577471719ab031bfeede9a2ae838454db58f13b0804af8cdeb3952503","first_seen":"2026-06-22T10:20:06.553322Z","last_seen":"2026-06-22T10:20:28.604689Z","times_seen":2,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":61,"connect":15,"send":0,"wait":183,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/css2.css","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.217Z","timestamp":1782123578217,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\netag: W/\"6a2dfe7a-2a6e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KlOGaJ%2Ft3PUgjhhHfYT6s496mAYDrhUA8KIVSIrchrjH9%2FWdLH149euMNLlKuaZBL%2BNpTzdLb7WVhXkWlmf5yKLIWz0nbSFHF1yHHf5sjey1HHheqd7f%2Fn%2B%2Fm%2F9Pxms%2BTdw%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: a0fa840bdc1b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10862,"size_decoded":1687,"mime_type":"text/css","magic":"ASCII text","md5":"fea18608bf637473994f4ca0518e25a5","sha1":"730f1a0a6735f1fa70d3e1c2717dc1a4bcce2fdd","sha256":"f9c188b79957c064beb7513a89dafbd7dbb87178ee09911605ecfd3e7e097a6e","sha512":"4283a5a1fb4d66e1d188eb88a6b8d172524357415951c14048486fdd9198a2dd93c8401f5335475a071fd6e93834ce5a54be8e1e63517895a0f045543822e31b","ssdeep":"192:Za+XaXwawL/Wlt3HBacq/P4t3usaxZ/I/t3tzaCg/hit3k2afH/yRt3LVaYc:piOASaeEaaY","tlshash":"e6226790046b9400eb872cd663cf7f269e5eb140a045da786ffd04a8ec9ed2523e5b5e","first_seen":"2026-06-22T10:20:06.555443Z","last_seen":"2026-06-22T10:20:28.605688Z","times_seen":2,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/vendor-react-ui-Ba5yOK7X.css","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.219Z","timestamp":1782123578219,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /vendor-react-ui-Ba5yOK7X.css HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\netag: W/\"6a2dfe7a-36433\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lzV5WzttF%2Brc55tjkjhEFiMRCs4sgiEaXJ4IOObN0GXHNi0z9XIS2LwwTgR0PUvgt7PdS%2BU0IZoB8sPyFCxx%2Bz%2Fsn5mpRP0IEWijLGusISaAAqVjLGPRWeuj73C2JrzOFxE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: a0fa840bdc1d0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":222259,"size_decoded":42265,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7d1d51a5a343485da8b934b080319db6","sha1":"544f4a90dce71fa738fb642a650bfbeb70f5725e","sha256":"2a8f9c60fbc8cc0039c3fb70c82da1c5729635a9d05c9ae5a74d5b3fbb33f421","sha512":"0c2f83c4afa5c36e95b57a43ccf37f5c3f9d58d6cac502582709e318fc67c397f41777943f4585bc5f5f1285a1ed1d54a806489c59fce2781aa752a5d6ad4c2c","ssdeep":"6144:exv6l7kBa7Y/2YlvO0wcFsrHem6dlLOrI7kqv8/U4YcT3aD9vzf9oIl9Bs2Gp:exv6l7kBa7Y/2YlvO0wcFsrHe/dlLOrB","tlshash":"f724fc98f1a4a13aae27612b039afadce1387c631c518b9cf96350508dcbffb3147556","first_seen":"2026-06-22T10:20:06.557209Z","last_seen":"2026-06-22T10:20:28.606632Z","times_seen":2,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app-heyaura.xyz/index-LLKCw8h1.css","fqdn":"app-heyaura.xyz","domain":"app-heyaura.xyz","tld":"xyz"},"ip":{"addr":"104.21.2.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://app-heyaura.xyz/","date":"2026-06-22T10:19:38.221Z","timestamp":1782123578221,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app-heyaura.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Jun 2026 00:31:47 GMT","end":"Sat, 12 Sep 2026 01:30:37 GMT"},"fingerprint":{"sha1":"72:11:26:71:A1:79:E3:36:B6:4E:E2:F4:71:75:3C:CF:8E:14:F8:B6","sha256":"EB:35:57:5D:7E:72:24:47:B5:6E:23:51:FA:EF:28:3B:FC:36:7A:0E:F5:A4:85:11:AA:2A:8D:06:E5:A9:81:DA"}}},"request":{"raw":"GET /index-LLKCw8h1.css HTTP/1.1\r\nHost: app-heyaura.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://app-heyaura.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Mon, 22 Jun 2026 10:19:38 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Sun, 14 Jun 2026 01:06:02 GMT\r\netag: W/\"6a2dfe7a-7f39\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g10NBBpdFz87u4d1qoJLreDrnMr5b0dzDin7VSGuIYTHS9FJIL0aH53HCU8YJa3puV0HCwsENAkvNeEVviTc%2BkkHc2JrIkTZOKnBJqUy887FfeCYjPN0gIlYtuybj%2F97emM%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\ncf-ray: a0fa840bec1e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32569,"size_decoded":8263,"mime_type":"text/css","magic":"ASCII text, with very long lines (32568)","md5":"cef036b9936f8f568e23ac7248fc5a1a","sha1":"a3ea3384601aea3cd2ff3bd5a0c23045406b3551","sha256":"49156200762285bb01043506f0a70b3cc93ca677cd1b91ed4d41a16dac8481d4","sha512":"cf2721d57fac8e19352097aafecdeff7c90e173ea89ee7801686af0eaf00640f655652ef0e0dac56c4b559450bfd7bebe517ef5c0ab07c37d9e7b7a5b659550d","ssdeep":"384:bC+7BmC09He4aHH6JtvF6B8lZeTqbn2XVwV7eb3N:++NmnHe4a0FNETqbn2Xqebd","tlshash":"00e242a0f168e53a7e27977b574ebeecb26dbc235d114a9cf12614140fc6eeb3812501","first_seen":"2026-06-22T10:20:06.559062Z","last_seen":"2026-06-22T10:20:28.597188Z","times_seen":2,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-22","alert":"Sinkholed","trigger":"app-heyaura.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}
