{"report_id":"1155c6b0-60d5-42ad-986c-f96405d2b27b","version":6,"status":"done","tags":[],"date":"2026-05-30T12:15:10Z","url":{"schema":"http","addr":"dpd.xvnplrqtmz.cyou/com","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/com/","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"title":"dpd.xvnplrqtmz.cyou/com/","dom":{"size":2400,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"63ec546ddfe65e725f1aa9e4d5a168bb","sha1":"4d012f85981ef1fa194c1c93d456d121c67b4057","sha256":"1c922d7e4ee2655161395f72cb3d4c4131cdf6520bcbabe01763041f606f23df","sha512":"bcb2d8f055fd04873cf5308a371c6acee760b32d72dfe48e227177dcb55a2747e52508c0971584f8d563415bb8b0deaed3e36c6c26adad92f5d1a56a0ef1bbfa","ssdeep":"","tlshash":"6941cb164593480c6152c6b45fe5b61d26a0c617860fdc487fee72e5cf81a82e9a33e4","dom_hash":"domhash636690ed7a5742b2669a147d070ab6e0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"dpd.xvnplrqtmz.cyou/com","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-04T12:15:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"dpd.xvnplrqtmz.cyou","ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-28","domain_rank":0,"first_seen":"2026-05-30T12:15:10.714884Z","last_seen":"2026-05-30T12:15:10.714884Z","alert_count":10,"request_count":5,"received_data":1135310,"sent_data":2319,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/com/assets/BOxIxIG1.js","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dpd.xvnplrqtmz.cyou/com/","date":"2026-05-30T12:14:49.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvnplrqtmz.cyou","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 07:10:21 GMT","end":"Wed, 26 Aug 2026 07:10:20 GMT"},"fingerprint":{"sha1":"B3:DD:39:D7:22:D1:50:C2:21:F8:00:1B:E9:F5:13:6A:03:AE:D6:63","sha256":"BE:47:E4:B4:12:3A:A9:AC:F9:EB:0C:69:21:EE:A9:1B:3E:34:A2:1D:2F:C3:22:25:06:40:D6:C1:91:A3:AE:FA"}}},"request":{"raw":"GET /com/assets/BOxIxIG1.js HTTP/1.1\r\nHost: dpd.xvnplrqtmz.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dpd.xvnplrqtmz.cyou/com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 30 May 2026 12:14:50 GMT\r\ncontent-type: text/javascript;charset=utf-8\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncontent-encoding: gzip\r\nlast-modified: Sat, 30 May 2026 12:14:50 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NNnPEyzF2q1q4e3oZzd4s2fCPrli8uJR9o7dspHVokTj4Aw6uC%2Bto9SlPmATMT4R6Q0kBrRmmWh%2FpLVSZ61s%2BvByKX272hvEilcjXzelbdW6Qk5f%2FWeqwQBE%2FHt9TfdCg2e2Pygc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a03da92a5d4d5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1019457,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65516), with no line terminators","md5":"3781004e2255c982dae171cebf7115af","sha1":"9c21e034678b70d1a9123f4f9f7b244745b098c3","sha256":"7dc540926eaeaee571333beecbeefe9a85b117aed1951cb584ae58df0d6c5f7d","sha512":"807591d7044e538d6dc678dfde5ca250d4a7be05b5b7bffdcbda569c55a73b1b33b6f6b051fabdb39dc819c6c8bd7824d4a17454ee521d82a8670dacb294deb0","ssdeep":"12288:6tFW0XMI82hzBLHWVcAEAGb2EmkfsIJQINvoJtLhIkvwbmArmqMrN/R10bOP695S:6tFb1oVcAQxmkfsWQKvSLhIzbkx","tlshash":"52256d05aa052d630b52919580ef34c684fe57da35c98184f9b7dc993ef8fcd22aaf34","first_seen":"2026-05-15T06:40:41.778185Z","last_seen":"2026-05-30T12:30:45.126944Z","times_seen":333,"resource_available":true,"data":null}},"time_used":1053,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":365,"receive":688,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/com/assets/D4JU2Bjy.css","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dpd.xvnplrqtmz.cyou/com/","date":"2026-05-30T12:14:49.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvnplrqtmz.cyou","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 07:10:21 GMT","end":"Wed, 26 Aug 2026 07:10:20 GMT"},"fingerprint":{"sha1":"B3:DD:39:D7:22:D1:50:C2:21:F8:00:1B:E9:F5:13:6A:03:AE:D6:63","sha256":"BE:47:E4:B4:12:3A:A9:AC:F9:EB:0C:69:21:EE:A9:1B:3E:34:A2:1D:2F:C3:22:25:06:40:D6:C1:91:A3:AE:FA"}}},"request":{"raw":"GET /com/assets/D4JU2Bjy.css HTTP/1.1\r\nHost: dpd.xvnplrqtmz.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dpd.xvnplrqtmz.cyou/com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 30 May 2026 12:14:50 GMT\r\ncontent-type: text/css;charset=utf-8\r\ncontent-length: 15400\r\npriority: u=2,i=?0\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nlast-modified: Sat, 30 May 2026 12:14:50 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6G320fhVKfN50TGbk56%2B0W0Lur6tdhS07hC%2Bbrmtt3zAcoSVSQ68xpd3PMwnXa%2Bs01sbIA0mmCI82NhnGESziJyDAzq9RUU6bE%2BTyTdMIwX8G%2FFx5fnQRp5g%2FpFq1oXCXz3aH0PP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: a03da92a5d4e5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107743,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"6153b5e9645e728e66b6c5c28593de57","sha1":"d4f6735c8578a3d50dab38d9747527aa035a2b6b","sha256":"7146c42676f27e91ce3b39e61805dfc6de1f083320a41f86f06ccd3745efbcbe","sha512":"126b04f3ca1f5957eb708f29365a4bcbf60a102dc4883122df769c8291d11854a76a673fe68ec7e1d5e637c73bf43c6015af6c068ebc01de5d5cf8271f7827e2","ssdeep":"768:1/fGmmVAL0uVYXEAFAtCpBoVaXp9jC8FMFPxR1ySZj+xCyuwZFBe0FpZlT:QOAuVYXt/3IgytHrwXT","tlshash":"d9b3a775765c2028f87fca5274e066ee2214f313e51746eeeea66924cdc70933b3269c","first_seen":"2026-05-15T06:40:41.777233Z","last_seen":"2026-05-30T12:30:45.127525Z","times_seen":333,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":195,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/favicon.ico","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dpd.xvnplrqtmz.cyou/com/","date":"2026-05-30T12:14:52.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvnplrqtmz.cyou","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 07:10:21 GMT","end":"Wed, 26 Aug 2026 07:10:20 GMT"},"fingerprint":{"sha1":"B3:DD:39:D7:22:D1:50:C2:21:F8:00:1B:E9:F5:13:6A:03:AE:D6:63","sha256":"BE:47:E4:B4:12:3A:A9:AC:F9:EB:0C:69:21:EE:A9:1B:3E:34:A2:1D:2F:C3:22:25:06:40:D6:C1:91:A3:AE:FA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: dpd.xvnplrqtmz.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dpd.xvnplrqtmz.cyou/com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 30 May 2026 12:14:52 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 0\r\npriority: u=6,i=?0\r\nage: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QC1f0uECqrtuyJvF%2FXoCSgTM8COyLUtdqJRVQ19xqIN%2BQBMtDfnLl3aognCSeAwjamufiNeE5Rev32Qn43EXyH781Mu36UvqrlzAdWWuTqvQR1dhVtpN9GgvhGZUBS0wQ6e3nXwH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a03da93968b15ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T17:03:16.761265Z","times_seen":15924132,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/com","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-30T12:14:49.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvnplrqtmz.cyou","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 07:10:21 GMT","end":"Wed, 26 Aug 2026 07:10:20 GMT"},"fingerprint":{"sha1":"B3:DD:39:D7:22:D1:50:C2:21:F8:00:1B:E9:F5:13:6A:03:AE:D6:63","sha256":"BE:47:E4:B4:12:3A:A9:AC:F9:EB:0C:69:21:EE:A9:1B:3E:34:A2:1D:2F:C3:22:25:06:40:D6:C1:91:A3:AE:FA"}}},"request":{"raw":"GET /com HTTP/1.1\r\nHost: dpd.xvnplrqtmz.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 30 May 2026 12:14:49 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 10\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlocation: /com/\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6PmPyhGgArF58%2BI%2FnMLxN2TwGNvPrCZvDHPVkz6JxyvcYsjTSdeIOMd%2BAj7omWPffZuFpbbN%2F%2BT7QHh9ibeCbcfjbSzefdo7Ir94pXsiM9VmKaVuvypDATQctkL%2BMFfwfBta4nXR\"}]}\r\ncf-ray: a03da9266a851525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2431,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-30T17:03:16.761265Z","times_seen":15924132,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":193,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dpd.xvnplrqtmz.cyou/com/","fqdn":"dpd.xvnplrqtmz.cyou","domain":"xvnplrqtmz.cyou","tld":"cyou"},"ip":{"addr":"172.67.140.159","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-30T12:14:49.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xvnplrqtmz.cyou","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 07:10:21 GMT","end":"Wed, 26 Aug 2026 07:10:20 GMT"},"fingerprint":{"sha1":"B3:DD:39:D7:22:D1:50:C2:21:F8:00:1B:E9:F5:13:6A:03:AE:D6:63","sha256":"BE:47:E4:B4:12:3A:A9:AC:F9:EB:0C:69:21:EE:A9:1B:3E:34:A2:1D:2F:C3:22:25:06:40:D6:C1:91:A3:AE:FA"}}},"request":{"raw":"GET /com/ HTTP/1.1\r\nHost: dpd.xvnplrqtmz.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 30 May 2026 12:14:49 GMT\r\ncontent-type: text/html;charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3uRs6iKLmPO6KVjPFnD7MOqry%2FdpYbNXoVSI9TuIj4lOr93F%2BHE0V7B5quYOVdzPD4MFLy1UIQO0CsXN%2FcVtKYesXH5%2BoMlSpYa7seSv0rT1w40fsuHGk3ysV0gsy8rqZFejRBRB\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: a03da927bf961525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2431,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, CR, LF line terminators","md5":"22d64c0cfc8c5f87c0aaf27611ed54c7","sha1":"a5941601fb2553f37bfcfc156dd410a0183c112f","sha256":"7ea34d05f7a505b70d91780b4fd9c80a77634c6b64fa938dad42baebc866819d","sha512":"a603bddf886101febc99e23eba71d7c5368de024aad5ff0e2b310361db0ec883b884de58255e4a873ac10b1bf7abad4b58cfd12d160e7a5bb984dd3881059602","ssdeep":"","tlshash":"3941cc1645934c0c21a2c7b85bd5b21d67a1d657460fdc487bee72e6cf82681e9e33e0","first_seen":"2026-05-15T06:40:41.776297Z","last_seen":"2026-05-30T12:30:45.125236Z","times_seen":328,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-30","alert":"Phishing Block","trigger":"dpd.xvnplrqtmz.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-30","alert":"Sinkholed","trigger":"dpd.xvnplrqtmz.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}