{"report_id":"1b7de7b4-9c71-4a43-bf0b-1026bb60f41a","version":0,"status":"done","tags":[],"date":"2026-06-20T13:08:44Z","url":{"schema":"https","addr":"vault-card.xyz/","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":0,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"vault-card.xyz/.rt/challenge?tier=captcha\u0026return_to=%2F","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"title":"Loading","dom":{"size":2480503,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (51216)","md5":"e7c35d53400f972bcfffb2a4956dc56a","sha1":"3a23f4243b3371d2fe104d6082e291f87699e987","sha256":"c90ae69efa70f75d2155f1ff025d468b6393383936c0f268f23f1aa1ae187a38","sha512":"120d7fa4da59a2553176a95b08ceceabd3c5ce727ec12392b65c21281fb3408b18bac4f200bb6ef1a9b9923abc7c5b72017621cf3bbc38ca68b0dc5905f22449","ssdeep":"12288:cw8qbdX8JGvFDrV5jFyRKnLIA8MQQu02Oj1CoSliWP0vtgDa4oQKVS6FGIhveZPA:FdXSGvF3V58onkALkPG","tlshash":"7cb5769235a6f56f00978b713a4a56f658bbc505cace604df9cc9dacf0dcab329483c4","dom_hash":"domhashd9fedc4cc384579a446a5266c87bb20c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"vault-card.xyz/","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":0,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-25T13:08:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"vault-card.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"vault-card.xyz","ip":{"addr":"193.187.110.3","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"domain_registered":"2026-06-11","domain_rank":0,"first_seen":"2026-06-20T13:09:37.37724Z","last_seen":"2026-06-20T13:09:37.37724Z","alert_count":3,"request_count":3,"received_data":2272809,"sent_data":2420,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"vault-card.xyz/.rt/challenge?tier=captcha\u0026return_to=%2F","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"29a93cfe79b3fc7c4db55290839dd2b1","sha1":"1718a4616738d001df305d50efbeb51b05aaee42","sha256":"8879dcdc931026719e5dfeac2b76b33fadf1050035a94b3ed5fc3d828321e205","sha512":"66c62f29f6d8372d4c74d293da8b51b93013c6afd6b6fa7e8f32ef2524b73cb9fe79032081c04c70c2f22633af8f26aa2deb504c92683467ca4d94288a66920f","ssdeep":"12288:A02Oj1CoSliWP0vtgDa4oQKVS6FGIhveZPFYNhpO6mS+E+6F11IZxDZ/KyyhrN8J:CP3","tlshash":"a2a5129235a6f56f00978b713a4a56f658bbc505cace604df9cc9dacf0ec9b329483c4","size":2170959,"data":"","first_seen":"2026-06-20T13:10:30.733286Z","last_seen":"2026-06-20T13:10:30.733286Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"debug","text":"map[actor:server1.conn0.watcher16.process7//obj20 class:Object extensible:true frozen:false isError:false ownPropertyLength:0 preview:map[kind:Object ownProperties:map[] ownPropertiesLength:0] sealed:false type:object]","filename":"https://vault-card.xyz/","line_number":0,"column_number":0},{"level":"debug","text":"","filename":"https://vault-card.xyz/","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"vault-card.xyz/.rt/ce","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://vault-card.xyz/.rt/challenge?tier=captcha\u0026return_to=%2F","date":"2026-06-20T13:08:19.188Z","timestamp":1781960899188,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vault-card.xyz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Jun 2026 18:59:52 GMT","end":"Wed, 16 Sep 2026 18:59:51 GMT"},"fingerprint":{"sha1":"36:84:98:5C:39:D5:47:0D:48:C2:B1:33:9B:6B:05:9B:14:13:7C:47","sha256":"68:9E:57:4F:A9:68:58:54:24:80:C5:B6:92:7B:23:DA:AC:B1:4B:77:47:CD:C8:D3:32:79:3E:E4:51:74:0E:9B"}}},"request":{"raw":"POST /.rt/ce HTTP/1.1\r\nHost: vault-card.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nReferer: https://vault-card.xyz/.rt/challenge?tier=captcha\u0026return_to=%2F\r\nContent-Length: 139\r\nOrigin: https://vault-card.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: sil_ses=101b02afafd698221448764acf237724; __Host-sil_ses=101b02afafd698221448764acf237724; sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNAG0zLSjDWsLSmS4s6m6.NiveuS1wsyJgaAO2_QRvIzsTocF784GrHITruKdIU8koaEDBrbZk8KJJu90CZEX1773-oR_KY2QSehwAL-AlBw; __Host-sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNAG0zLSjDWsLSmS4s6m6.NiveuS1wsyJgaAO2_QRvIzsTocF784GrHITruKdIU8koaEDBrbZk8KJJu90CZEX1773-oR_KY2QSehwAL-AlBw\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 \r\ncontent-type: application/json\r\nx-incident-id: dnspod1::1781960899-HYawCqUVNpIiurA8Y5v5rE9WrHf3950S\r\ndate: Sat, 20 Jun 2026 13:08:19 GMT\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":1271,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T17:29:48.779532Z","times_seen":16585560,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"vault-card.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vault-card.xyz/","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T13:08:16.858Z","timestamp":1781960896858,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vault-card.xyz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Jun 2026 18:59:52 GMT","end":"Wed, 16 Sep 2026 18:59:51 GMT"},"fingerprint":{"sha1":"36:84:98:5C:39:D5:47:0D:48:C2:B1:33:9B:6B:05:9B:14:13:7C:47","sha256":"68:9E:57:4F:A9:68:58:54:24:80:C5:B6:92:7B:23:DA:AC:B1:4B:77:47:CD:C8:D3:32:79:3E:E4:51:74:0E:9B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: vault-card.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 22959\r\ncache-control: no-store\r\nx-edge-action: challenge\r\nset-cookie: sil_ses=101b02afafd698221448764acf237724; Path=/; Domain=vault-card.xyz; Max-Age=86400; HttpOnly; Secure; SameSite=None\n__Host-sil_ses=101b02afafd698221448764acf237724; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=None; Partitioned\nsil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNACyzLSjDWsLSmS4s6m6.tU156Dp7m6kjhB9hFNGZxEqs8c5PlFkYRdlk-gLTOeJme1c9EWaqRCr42IPxZL4gsC7kuT-RFEcrnV7h_oHUBQ; Path=/; Domain=vault-card.xyz; Max-Age=600; HttpOnly; Secure; SameSite=None\n__Host-sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNACyzLSjDWsLSmS4s6m6.tU156Dp7m6kjhB9hFNGZxEqs8c5PlFkYRdlk-gLTOeJme1c9EWaqRCr42IPxZL4gsC7kuT-RFEcrnV7h_oHUBQ; Path=/; Max-Age=600; HttpOnly; Secure; SameSite=None; Partitioned\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 20 Jun 2026 13:08:17 GMT\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":83627,"size_decoded":23929,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12389)","md5":"5cd4729d7f0dc47d2c087e1b6240096c","sha1":"cb92da6f40d685a666e3e85e2eef863eb460b088","sha256":"5014f2a54b4b115b99a34ba5faa2a7e17abc16239cc8d02ceca839dd3711f313","sha512":"b64577d182feb8fe524512b040b822f56e5abef050ad9ed5f2d857f072cf767b8f2c2508a65970bf9987094b9d3af66b0010c631ce8966c82b310b14afabddb0","ssdeep":"768:GUAQ/p6WajPgGY+w664PW9bwz73dFXAMSLU6LGv+CCFdfGF4K1bdf6ppRA7EVKcr:w24PW9bwz7fye7WTwoTH9ne0RDT","tlshash":"9483c7b1623520ae80332ab7352f52461dbbc4b298c7c0ccfd5cdd9467fda6356a6788","first_seen":"2026-06-20T13:10:30.727199Z","last_seen":"2026-06-20T13:10:30.727199Z","times_seen":1,"resource_available":true,"data":null}},"time_used":955,"timings":{"blocked":-1,"dns":641,"connect":14,"send":0,"wait":269,"receive":3,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"vault-card.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vault-card.xyz/.rt/challenge?tier=captcha\u0026return_to=%2F","fqdn":"vault-card.xyz","domain":"vault-card.xyz","tld":"xyz"},"ip":{"addr":"193.187.110.3","port":443,"asn":7029,"as":"WINDSTREAM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T13:08:18.545Z","timestamp":1781960898545,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vault-card.xyz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Jun 2026 18:59:52 GMT","end":"Wed, 16 Sep 2026 18:59:51 GMT"},"fingerprint":{"sha1":"36:84:98:5C:39:D5:47:0D:48:C2:B1:33:9B:6B:05:9B:14:13:7C:47","sha256":"68:9E:57:4F:A9:68:58:54:24:80:C5:B6:92:7B:23:DA:AC:B1:4B:77:47:CD:C8:D3:32:79:3E:E4:51:74:0E:9B"}}},"request":{"raw":"GET /.rt/challenge?tier=captcha\u0026return_to=%2F HTTP/1.1\r\nHost: vault-card.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vault-card.xyz/\r\nCookie: sil_ses=101b02afafd698221448764acf237724; __Host-sil_ses=101b02afafd698221448764acf237724; sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNACyzLSjDWsLSmS4s6m6.tU156Dp7m6kjhB9hFNGZxEqs8c5PlFkYRdlk-gLTOeJme1c9EWaqRCr42IPxZL4gsC7kuT-RFEcrnV7h_oHUBQ; __Host-sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNACyzLSjDWsLSmS4s6m6.tU156Dp7m6kjhB9hFNGZxEqs8c5PlFkYRdlk-gLTOeJme1c9EWaqRCr42IPxZL4gsC7kuT-RFEcrnV7h_oHUBQ\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 644419\r\ncache-control: no-store, no-cache, must-revalidate\r\nset-cookie: sil_ses=101b02afafd698221448764acf237724; Path=/; Domain=vault-card.xyz; Max-Age=86400; HttpOnly; Secure; SameSite=None\n__Host-sil_ses=101b02afafd698221448764acf237724; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=None; Partitioned\nsil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNAG0zLSjDWsLSmS4s6m6.NiveuS1wsyJgaAO2_QRvIzsTocF784GrHITruKdIU8koaEDBrbZk8KJJu90CZEX1773-oR_KY2QSehwAL-AlBw; Path=/; Domain=vault-card.xyz; Max-Age=600; HttpOnly; Secure; SameSite=None\n__Host-sil_gate=ASAxMDFiMDJhZmFmZDY5ODIyMTQ0ODc2NGFjZjIzNzcyNAG0zLSjDWsLSmS4s6m6.NiveuS1wsyJgaAO2_QRvIzsTocF784GrHITruKdIU8koaEDBrbZk8KJJu90CZEX1773-oR_KY2QSehwAL-AlBw; Path=/; Max-Age=600; HttpOnly; Secure; SameSite=None; Partitioned\r\nx-edge-action: captcha\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 20 Jun 2026 13:08:18 GMT\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":2187027,"size_decoded":645415,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (49175)","md5":"de2299baa22a6d41edd56612b1599d53","sha1":"8a9e2d266cbe3e75be72885100398e0077f6fd5e","sha256":"41a0e0a3711fa49f86f2050debc662d2f9419e39921de58c9e2b77eeda41322c","sha512":"5d60c8c2f733e18a0bf5f8644aa73d31575db153feb8d9f0983a8582be3824c2114692f8db60e063c321fc8b4ebf50e4702ee84b5230d151a75e6e0f627e883f","ssdeep":"12288:w02Oj1CoSliWP0vtgDa4oQKVS6FGIhveZPFYNhpO6mS+E+6F11IZxDZ/KyyhrN8H:2","tlshash":"cf2511923996f56f00978b713a8a67f658bbc505cace6049f5cc5dacf0dcab235883c1","first_seen":"2026-06-20T13:10:30.730185Z","last_seen":"2026-06-20T13:10:30.730185Z","times_seen":1,"resource_available":true,"data":null}},"time_used":454,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":396,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"vault-card.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}