{"report_id":"1084694c-5d94-469c-9a41-0ec92aaa4bce","version":6,"status":"done","tags":[],"date":"2026-03-29T12:22:37Z","url":{"schema":"http","addr":"libdr4n.com","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":0,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"https","addr":"libdr4n.com/","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"title":"Connect","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"libdr4n.com","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":0,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-03T12:22:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"libdr4n.com","ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"domain_registered":"2026-03-12","domain_rank":0,"first_seen":"2026-03-29T12:20:40.152221Z","last_seen":"2026-03-29T12:20:40.152221Z","alert_count":8,"request_count":8,"received_data":11137836,"sent_data":3717,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"libdr4n.com/","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":true,"md5":"76cdab7df6bb2b5f9b1af970dd87450f","sha1":"a298eb1a3a1d9da00cd8c357371b92d217ae923d","sha256":"2e49b848228aaaa0ff7e0c3c7571ea8bc8a1eb4d719e6c221bcf9887b2fb7370","sha512":"ec0d926b08172efba5e388c67736a63642a5a9e41e43046bc4ba5245ce4e51cb112736dc06459d39dd03d4d25f9bfa14d1b54346db3cb3bc94e547a69de81df4","ssdeep":"","tlshash":"2dc0c051c2b18b3012280886303881c074403d9dd0b3a0cbc9fe8ed75c0cec40748125","size":191,"data":"","first_seen":"2026-03-29T12:20:44.457837Z","last_seen":"2026-03-29T12:22:39.39313Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/solid.js","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2131589ec592090c37fbca371459bdd","sha1":"3dcb4b368b642e827c4c5e7500e04de9e292dbf2","sha256":"31585e656c4539790b43fdefaa0ac6ffbfe92b2ee3cac18da8b62368243141b9","sha512":"826f4e3a78be9bf9f3381e7dc9e317a02baa605399e50278d40f2ac68962e43253fdc71bef4a72756de0d3ab7eb871930972f1f574664d1f5bb32d087e8f235c","ssdeep":"1536:iLEQYHKPFWdNrqSnaCJfmEpzRNSxdvNdv0N/n/WorRUl7Tqo/d:iLEctIkk22zwd8R/WorRURqMd","tlshash":"d3d33fd6a95bd4d98e2152ddd433ec08e0684963cdacf183ba2cdec6742ef61854723b","size":139693,"data":"","first_seen":"2026-03-29T12:20:44.452145Z","last_seen":"2026-03-29T12:22:39.382756Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"introduction_type":"Function","is_inline":false,"md5":"b955d135d52b865a5c64b219d00a8e77","sha1":"737a31b8cc29ceb1cbada9d57f788b1dc5aa90d8","sha256":"42335757ec82f2d4e8113e6cb217db863530c8e86229b351ed56420dba29a972","sha512":"b95bb0354d00554753067522e8bcef37edfd836a9e17ad5a9b3712b0202ad8c05b84f6e29f7ecd5387849d34f806f4715224ac748e0854845d0dc04ed3067160","ssdeep":"1536:hPizMoZ4m87DCbq8z+X9MEAHHv+7FvNH6XNXhoordUl9zUyb:hPizMoZ4m87DR8zM9gHea9hoordU3Uyb","tlshash":"e5d372d5a95bd4e58e2152ded433ec09e0280967cdacf293b92cdec1746df22c64723a","size":134709,"data":"","first_seen":"2026-03-29T12:20:44.456249Z","last_seen":"2026-03-29T12:22:39.394487Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"libdr4n.com/solid.js","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:13.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"GET /solid.js HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libdr4n.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 139693\r\nLast-Modified: Thu, 12 Mar 2026 23:56:59 GMT\r\nConnection: keep-alive\r\nETag: \"69b352cb-221ad\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139693,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b2131589ec592090c37fbca371459bdd","sha1":"3dcb4b368b642e827c4c5e7500e04de9e292dbf2","sha256":"31585e656c4539790b43fdefaa0ac6ffbfe92b2ee3cac18da8b62368243141b9","sha512":"826f4e3a78be9bf9f3381e7dc9e317a02baa605399e50278d40f2ac68962e43253fdc71bef4a72756de0d3ab7eb871930972f1f574664d1f5bb32d087e8f235c","ssdeep":"1536:iLEQYHKPFWdNrqSnaCJfmEpzRNSxdvNdv0N/n/WorRUl7Tqo/d:iLEctIkk22zwd8R/WorRURqMd","tlshash":"d3d33fd6a95bd4d98e2152ddd433ec08e0684963cdacf183ba2cdec6742ef61854723b","first_seen":"2026-03-29T12:20:44.452145Z","last_seen":"2026-03-29T12:22:39.382756Z","times_seen":2,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/ultra-link-v3.4.min.js","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:13.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"GET /ultra-link-v3.4.min.js HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libdr4n.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3149327\r\nLast-Modified: Mon, 09 Mar 2026 20:07:05 GMT\r\nConnection: keep-alive\r\nETag: \"69af2869-300e0f\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3149327,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ffc29d57b79f7d3c2cb3ec0b726c0690","sha1":"6313ba35551d6d9f2ccdb063eac18886c34a03d6","sha256":"a0abdc2c90b4dd79e546b2c4281b3b96afe4573c3b37cef18dc896c6a59dfad8","sha512":"b40a95e6ab9c5e1152916fe208057b98febd0b8e51c48d63cc88db1b6fe8263a89b85b3b6e22c411fe09d9e9caf3c06ed9a27ec6678a72c484350abc587d726f","ssdeep":"24576:eNxhhH+GpMk8ksU8UQ0A+nHEC8xKxB0/rLHvjznLNq15tx3BsgdriAcgcfyv6yE1:eNGNhDs+u1Zc1l","tlshash":"09258513a2d078d241d75fb1b62750daec2d4befb48c9afa998cf830bce1054e598674","first_seen":"2026-03-29T12:20:44.447928Z","last_seen":"2026-03-29T12:22:39.384209Z","times_seen":2,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":68,"dns":1,"connect":29,"send":0,"wait":55,"receive":318,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/G9H8k4Ke.php?s=%2Fipfs%2FJemSzx-iCa8vBEh5tgwVyQ43338117a51d3c29518f09ffd4ed102f%3Ft%3D1774786934074","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:14.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"GET /G9H8k4Ke.php?s=%2Fipfs%2FJemSzx-iCa8vBEh5tgwVyQ43338117a51d3c29518f09ffd4ed102f%3Ft%3D1774786934074 HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libdr4n.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:15 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Max-Age: 3600\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":634345,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5edd8e9e1482a20814137379a89d9f70","sha1":"5c54a0e34c07f743697cd2ec760a962ab1f96be2","sha256":"06ebd27977bae5ca23bb12687eafae091d39fc95bd0b51d9e9d7617efece8cd8","sha512":"bbdd7a8023806967da23f00e8cc5d4b8340d8dc0d1074081b7c341238154e51992c35ca8a8e165090a70a98b6d84018f5f28c87ed8f4380f88a680f4f08fa3bf","ssdeep":"6144:qh5gDO6Euno4xvlISDhTl0WHvfUp+v+9J87XGQOwOyyGpMy:qsOZunzvlzSWP8p0Q+Bz","tlshash":"abd499c08b4c357364802aea15fb446fdfdc0de82e4be8536bd098b5e379b8351e5998","first_seen":"2026-03-29T12:22:39.385585Z","last_seen":"2026-03-29T12:22:39.385585Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1095,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1033,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/secureproxy?e=jscdn/getFile","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:14.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://libdr4n.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://libdr4n.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:14 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-06-08T09:53:43.995062Z","times_seen":24471,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T12:22:13.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:13 GMT\r\nContent-Type: text/html\r\nLast-Modified: Thu, 12 Mar 2026 23:57:09 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69b352d5-1415\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":5141,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (413)","md5":"8af4747f3814cc4c4bdc222fd5f86101","sha1":"b07935f4e70b68dda782fc07355561ef4ff85534","sha256":"0d653f968d8ed4be91c374f86ffd01bf201e2a9217deebe2e24ae1483a317c6c","sha512":"5230d178b36ab8ef6704d0f971fa0e02275a8e69cd086e3bc470e2cc99579ffdb3668ef9d2679888508c31c10675bcf0b54c864ebbd5342afe46267f07de1b54","ssdeep":"96:DfVFS9FXY4rPKhLV4JLNxNBoZKakOa0jvF5j3Tgfw/MMK:D9FS9O4rPKhLV4JLN6ZGy5LTgfmK","tlshash":"96b151e76bf30a5153a7616827e7d754366140039109dc793fee63e48f82a84889b7c7","first_seen":"2026-03-29T12:20:44.450611Z","last_seen":"2026-03-29T12:22:39.388207Z","times_seen":2,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":66,"dns":1,"connect":28,"send":0,"wait":28,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/chunk.11.0tx6lne7.js","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:13.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"GET /chunk.11.0tx6lne7.js HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libdr4n.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:13 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3366202\r\nLast-Modified: Mon, 09 Mar 2026 18:40:03 GMT\r\nConnection: keep-alive\r\nETag: \"69af1403-335d3a\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":3366202,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f840e404197564601c3c9abf4b927006","sha1":"447e45505fb0db0656b8f936aa0965a6edacd5fe","sha256":"217f78d32b75c75d638281108b392b4545f515399ef254d26de9357edece54e8","sha512":"78dfbc8809172b55a863ea4fe186dfa530b06078f199d10240253f4fd9ee26b11a250f5abd2dcc288b708fdd18ac6974725ed014bd3b648bd91f80e51af03a15","ssdeep":"24576:uQNejFsFoPfguht3m9N7079C+C0CpCoClfiA/q2CRCPCyCDCK5DUkF7TUoUT9FuK:ojFsFUga3IZLOMCJ+s","tlshash":"ae25a503a2d1386644d35fb6762750caec2d8bef618c9ab9b44df834b8e4154e6ec770","first_seen":"2026-03-29T12:20:44.453427Z","last_seen":"2026-03-29T12:22:39.390131Z","times_seen":2,"resource_available":false,"data":null}},"time_used":458,"timings":{"blocked":69,"dns":1,"connect":27,"send":0,"wait":55,"receive":261,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/null?e=jscdn/getFile","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:14.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"POST /null?e=jscdn/getFile HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://libdr4n.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://libdr4n.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"r0uygxxaa9me1g9sml8f\"}"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:14 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-06-08T09:53:43.995062Z","times_seen":24471,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"libdr4n.com/secureproxy.php?e=jscdn/getFile","fqdn":"libdr4n.com","domain":"libdr4n.com","tld":"com"},"ip":{"addr":"185.193.125.59","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://libdr4n.com/","date":"2026-03-29T12:22:14.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"libdr4n.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 22:22:37 GMT","end":"Wed, 10 Jun 2026 22:22:36 GMT"},"fingerprint":{"sha1":"11:42:E6:F4:BF:3C:3B:70:92:80:FF:43:48:1C:D0:17:D3:47:DF:D5","sha256":"E6:6C:F7:B7:94:31:AF:8F:B3:BC:F2:B1:EA:74:86:B7:01:66:FF:B1:97:19:BE:D8:91:3E:BE:B7:0C:F1:B2:75"}}},"request":{"raw":"POST /secureproxy.php?e=jscdn/getFile HTTP/1.1\r\nHost: libdr4n.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://libdr4n.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://libdr4n.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"r0uygxxaa9me1g9sml8f\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 29 Mar 2026 12:22:14 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Max-Age: 3600\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3840692,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e0f03ef7cbefc5113274daea5527520a","sha1":"86e555995692ef2b20ef0d231927f498ab640cef","sha256":"b1195b7d08b20693463842b19d80caf5505a1a623b441ccdb6a00377496f68f4","sha512":"daa97ea3e8d737d1aee1af01d001a02b5d03dc6989ce4752287d2a7a72bb004bd081140ed4106e1b333a63987e8c969faa1ae372bef1d65bb4f9e1b693e5b924","ssdeep":"24576:5XqDDkHMTMCI0OAiFdhgmZC2MJAI+9e8BjMNokxlRWGHe:5OI4MCIziAJ9BYaORWG+","tlshash":"b42523d7b04ba4d23a12d8b995c19faa9dcee0cf59c846327b84dd0470da47183d8f9b","first_seen":"2026-03-29T12:20:44.445792Z","last_seen":"2026-03-29T12:22:39.391731Z","times_seen":2,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":508,"receive":221,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"libdr4n.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}