{"report_id":"101c0491-057e-4edf-afe8-6c721a629705","version":6,"status":"done","tags":[],"date":"2025-10-15T13:45:37Z","url":{"schema":"http","addr":"passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318","fqdn":"passengercomprehend.com","domain":"passengercomprehend.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318","fqdn":"passengercomprehend.com","domain":"passengercomprehend.com","tld":"com"},"title":"passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318"},"submit":{"url":{"schema":"http","addr":"passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318","fqdn":"passengercomprehend.com","domain":"passengercomprehend.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-19T13:45:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"passengercomprehend.com","ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-11-20","domain_rank":0,"first_seen":"2025-07-16T14:02:27.521681Z","last_seen":"2025-10-09T10:03:39.280519Z","alert_count":6,"request_count":2,"received_data":47428,"sent_data":1061,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318","fqdn":"passengercomprehend.com","domain":"passengercomprehend.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T13:45:12.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"passengercomprehend.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 22:05:52 GMT","end":"Mon, 15 Dec 2025 22:05:51 GMT"},"fingerprint":{"sha1":"B5:34:0D:2C:A5:E4:61:56:19:2F:DC:C2:B8:88:9A:72:A0:26:05:C9","sha256":"CB:52:1E:15:18:F5:53:C8:C0:51:EA:70:B1:AB:3A:55:5A:F2:DF:11:D1:6F:B7:7A:94:06:DE:7E:0F:EF:D5:99"}}},"request":{"raw":"GET /6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318 HTTP/1.1\r\nHost: passengercomprehend.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Wed, 15 Oct 2025 13:45:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18425\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: passengercomprehend.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c54971936f0cd12271d975a3aeef3567\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46246,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46246), with no line terminators","md5":"7b34d39e60b98ec63995e0d7c5eb9ede","sha1":"582efb72a395ee2e0e8ca8f3c9adf0929c33e932","sha256":"8be6c75f04904c88fae2464e79074db5e817dd574fbe7f8000a952658c2688e5","sha512":"c9f1bb0fbfa3a2e02b5328f17f5f39b372b0fa0e51a535c0292eb9208254aab90f5423b07e63dda915c8f3d1f490607401570356a35d72f2bb70abde3d33996e","ssdeep":"768:36pVSvtKlcbk0CrrWB+QCej1cOOwcHcDba1lIrRGswcsVZVE/D4YybDj77k:36rZKbk0CrQ+fdwNDba1lIlcPEA7k","tlshash":"f123c48e3f71f15866867037223f9417f22a4e55248de0f8d216b4a13ef8b69e837725","first_seen":"2025-10-15T13:45:38.861985Z","last_seen":"2025-10-15T13:45:38.861985Z","times_seen":1,"resource_available":false,"data":null}},"time_used":837,"timings":{"blocked":312,"dns":23,"connect":92,"send":0,"wait":119,"receive":93,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"passengercomprehend.com/favicon.ico","fqdn":"passengercomprehend.com","domain":"passengercomprehend.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318","date":"2025-10-15T13:45:12.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"passengercomprehend.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 22:05:52 GMT","end":"Mon, 15 Dec 2025 22:05:51 GMT"},"fingerprint":{"sha1":"B5:34:0D:2C:A5:E4:61:56:19:2F:DC:C2:B8:88:9A:72:A0:26:05:C9","sha256":"CB:52:1E:15:18:F5:53:C8:C0:51:EA:70:B1:AB:3A:55:5A:F2:DF:11:D1:6F:B7:7A:94:06:DE:7E:0F:EF:D5:99"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: passengercomprehend.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://passengercomprehend.com/6f0e040e9e414a3449cd6e048c244178/invoke.js?_=1759914919318\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Wed, 15 Oct 2025 13:45:12 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d6ec3312642959f605f25acccd280b5d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-15","alert":"Sinkholed","trigger":"passengercomprehend.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}