{"report_id":"1f33e11b-9ef6-4e4c-92b4-c16adfc75bce","version":6,"status":"done","tags":[],"date":"2025-12-04T02:53:35Z","url":{"schema":"http","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"104.21.32.236","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:neterror?e=dnsNotFound\u0026u=https%3A//sandbahn.com/x/dl%3Fp%3D1473%26clickid%3D%26siteid%3D\u0026c=UTF-8\u0026d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20sandbahn.com.","fqdn":"","domain":"","tld":""},"title":"Server Not Found","dom":{"size":7941,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (500)","md5":"d22b31bf7ec97533fcd08751ee067434","sha1":"67ce9d9fc48e83ac95b06652c1d8b4805823bcdf","sha256":"c8a08d74f3b6817b53232edb8c7e1317adde97bb53c76e77a8cbd85872f722fa","sha512":"b2c84f637da54020fc8310c73ac5b99fd973a3a13585a920ec0b20839dab08889759d39ad9222470e1f0a40760df4ac497608438744c6f017e1554d2b0cc3309","ssdeep":"96:rIPfVVvtARPy48S8k45USz+45RaIkata89+RzydNAIl9+kex8KdRonI7B1g/M:rIlZeRPyfS8LUSZRa2b9wm7I98IT","tlshash":"d0f162a862fa0d2b819386e938db7409bd01d297d35c24e5bf6d45f10fc7d61980f19b","dom_hash":"domhashc59d69afccb598c37df8c553a509577e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"104.21.32.236","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-08T02:53:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"95.pexeburay.com","ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-11","domain_rank":0,"first_seen":"2023-05-31T15:33:41Z","last_seen":"2025-11-27T14:22:01.878319Z","alert_count":12,"request_count":4,"received_data":113150,"sent_data":1875,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"sandbahn.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2019-01-24","domain_rank":0,"first_seen":"2019-01-25T19:31:07Z","last_seen":"2025-11-27T12:22:02.624656Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":545,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-18T22:50:34.4379Z","times_seen":454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/199f8c6.php?utm_source=\u0026utm_campaign=","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"77ef9500b784f79d0cf80b0e7cdf9d93","sha1":"38c6b4158f81f2053cecaa1d531095d398b8f3aa","sha256":"95a4b4f1e66255ddb2965a9418fe0bc188f1bc0b25178ddc3534144ff01a57e7","sha512":"f45f9cfd96086304ad3d9cdd36f37373403cb159a0a950d17e86366d60234e292ef0577d805b5cb705e6a32b2fb2efad14b920cc9ab8ca7b9f605d6d05153c0f","ssdeep":"768:HCUnz5UC+FbMT1gEEmZ2iPlveH4qBWDHV/cIBi:DYqxm4LDHV/cOi","tlshash":"26131b9a35437026326f99e1637f670eb37e69175ca40c10c647b8c02924e9de3abf9d","size":43506,"data":"","first_seen":"2025-12-03T17:15:42.347058Z","last_seen":"2025-12-04T09:12:15.512366Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3326473fa38b03eadb676de48365bc9","sha1":"040fa3e3acf072acb9d465c127bf6ddafa826cc9","sha256":"b8a9cf388a860dabf27e6c29ac310a8114293686a21a7b9eee93ce92e8d0b30a","sha512":"732197ddd32f701b1206ef5c643833b3b5e20b603501aa3a051609190df4b176b61f68c00afa8cfb5080e3932e6dcd8c8d2e21fdcedbf625fea91b675ad643c3","ssdeep":"","tlshash":"8451e3bb48a752711ab721a64b1fb714352700771488d811bface7047fa897b9125be8","size":3167,"data":"","first_seen":"2025-12-04T02:53:36.702568Z","last_seen":"2025-12-04T02:53:36.702568Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"062fd9276b8b132d729ec1c6d5d16971","sha1":"1dc9655168c0ef28f5388e9d1d544e999b6b25ef","sha256":"c8e63197ad2336ed35f59f35b74bd0c7d3baa9c06b17c811f2c8ea211bae663f","sha512":"c77f1174a048402ab4e87d12da172225f44b37269cffaf1b30593badda1dcd24f2a09254bd9be566dbc87d524af8880caeee8f826dbd210eb2cec9b818f0e7ed","ssdeep":"","tlshash":"0ac02b2e3480033c800303c9064ed2b07a239c320d818000387e53c15fd0c03c4482ee","size":155,"data":"","first_seen":"2023-04-07T14:49:21Z","last_seen":"2026-04-18T22:50:34.445374Z","times_seen":293,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0#","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-18T22:50:34.4379Z","times_seen":454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0#","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"f24614cc99ae42d78518bc14e6f3a4ab","sha1":"85c19c504e092911ec3484e86f4e8a032b7543dd","sha256":"8ebcfaeb67e53e2a497fbf4574f7d76806878b4fe4b322ae95a1bf348597afc5","sha512":"69e7faa75ad338912d58ba77c2a82366b9804d868238e75bfc79ee791440d695bd22ca5478bdcb46d719b1a8d0b98834a6dcc4cb407a4bdf028976e506188df5","ssdeep":"","tlshash":"1051e3bb48a712711ab711a64b1fb714352700771488d801bface7147fa897b9125be8","size":3167,"data":"","first_seen":"2025-12-04T02:53:36.705712Z","last_seen":"2025-12-04T02:53:36.705712Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"95.pexeburay.com/assets/styles/arrow.css?v1","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://95.pexeburay.com/index/m3?diff=0","date":"2025-12-04T02:53:13.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /assets/styles/arrow.css?v1 HTTP/1.1\r\nHost: 95.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://95.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:53:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\netag: W/\"636262bc-1a14\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=unD6Kt8YUdTsFRmrBzRI1Gz0abRY2NlMFdgIWj1N11KO%2FnE0vlg4LkatcKGuNk1xQG%2BGEVERarSX1D9C2dgQ4AwfA5I6E7cBC7xgwoGY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a880320ce8c0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6676,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ed4a61ae7235d0e7573766e78dd3fc02","sha1":"090b5cdab4ff3a3b87f491da06b4db99a8c51694","sha256":"ca50536990b949c20119f3134582c654fcd14fabce2517bbc5255fba7faa881b","sha512":"c2d58441829ea6697f14e85f01e1d0c006b6460cd110969578263423016232f407b40490eb5dfde4fbe02e47ac1e19c8db508b8fc0c7fea7a28920c0ad573165","ssdeep":"192:jKRrDP7WWP/8O+t6cjfwZVMLLmmGTA3P8JsRYJbwAzXJtMzZzINvOQpsLr6O:Y3MLLmmGTA3P8JsRWbwAzXJtMzZzSvO9","tlshash":"94d173236a5e2c46a05ed898efd09f4e261f41d7664f8c99fd80340d9fc89a48996f8c","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-18T22:50:34.435385Z","times_seen":482,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/favicon.ico","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://95.pexeburay.com/index/m3?diff=0","date":"2025-12-04T02:53:14.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 95.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://95.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:53:14 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"636262bc-1007\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gyowrL1xTenofHshU1Oo7fbPSjvKMGs%2FrBIp%2FMIYSZ8hJ5l4hQ8W8pIATXNF39jOJO6aVPN1F1Y7Q%2BXcoTSKUfsmUva%2FE9V2ufTxi2Zr\"}]}\r\ncf-ray: 9a8803227e960b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4103,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4cdf3256cd7b8ec3917adb79d6bf457e","sha1":"bc615337e9223183a126c8fb649774866fb53e69","sha256":"fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0","sha512":"2bcd90a667b80393690e244a979e36e9f482b419e52302571a41412aac296aac1d58f81787b38d00a00257dca8bd3dce7cfe6ab8ef12aa3a91e0801ee3c3f21a","ssdeep":"96:LSDZ/I09Da01l+gmkyTt6Hk8nT2JCkun8i01FZZN:LSDS0tKg9E05T23un8h5N","tlshash":"2e818daf99b0d47f7938fa400dce8281e279256c197637ad94e5c5ee00a7b031bb0232","first_seen":"2023-04-08T14:37:37Z","last_seen":"2026-04-19T23:53:13.264398Z","times_seen":8783,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sandbahn.com/x/dl?p=1473\u0026clickid=\u0026siteid=","fqdn":"sandbahn.com","domain":"sandbahn.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-04T02:53:15.033Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /x/dl?p=1473\u0026clickid=\u0026siteid= HTTP/1.1\r\nHost: sandbahn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://95.pexeburay.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/index/m3?diff=0","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-04T02:53:13.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /index/m3?diff=0 HTTP/1.1\r\nHost: 95.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:53:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AbP0U%2BPX0uzRzkGI6VchZ1zCAnwHkzgQW6ggQGFVj5xGJHGrzqdPMkTzuCHtLLgLDQx3RjY1bqwwK%2BxzmoqYArvsZBfpLkXr37mHX4ao\"}]}\r\ncf-ray: 9a88031ecfd956ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":56277,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12693), with CRLF, LF line terminators","md5":"28c3fa64a99717c864a4c29579dda0fb","sha1":"8f619e79726d312b21a9c29d9d58550a4119a118","sha256":"b8126e65f04d86399c54b793e35d3aba15abaf16c543e98d010974101b8433e4","sha512":"5222e87259fc156fb2470c101764ce9bf58da7b4d640e9a5f178d58bf92bebb0f4bc6c2c450941221d83196fbc366fab5237d3679a485efa9ec3af001b63a24a","ssdeep":"768:0gLFNfaelsGLhO9e4NvraHESxoGgDa8pbkK4k:0gxNCehhMfkxotDDkK4k","tlshash":"f3435c2e8a423155503bd7bae79b2a0cfea7427741818446fedc92006ff5942c9a6fdc","first_seen":"2025-12-04T02:53:36.698242Z","last_seen":"2025-12-04T02:53:36.698242Z","times_seen":1,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":168,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"95.pexeburay.com/199f8c6.php?utm_source=\u0026utm_campaign=","fqdn":"95.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://95.pexeburay.com/index/m3?diff=0","date":"2025-12-04T02:53:13.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /199f8c6.php?utm_source=\u0026utm_campaign= HTTP/1.1\r\nHost: 95.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://95.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:53:13 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1IRRGnXO6wrpH6ldt6NT8b0HLGVa2ClYWVjY6KLHa%2B8JazhJNq0D%2FpZ%2FQTOuI7eWmALU9osAvZtdTOvd85hoVgDrm5L6pLpUucw93s1d\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a880320ce8d0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43506,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43458), with no line terminators","md5":"77ef9500b784f79d0cf80b0e7cdf9d93","sha1":"38c6b4158f81f2053cecaa1d531095d398b8f3aa","sha256":"95a4b4f1e66255ddb2965a9418fe0bc188f1bc0b25178ddc3534144ff01a57e7","sha512":"f45f9cfd96086304ad3d9cdd36f37373403cb159a0a950d17e86366d60234e292ef0577d805b5cb705e6a32b2fb2efad14b920cc9ab8ca7b9f605d6d05153c0f","ssdeep":"768:HCUnz5UC+FbMT1gEEmZ2iPlveH4qBWDHV/cIBi:DYqxm4LDHV/cOi","tlshash":"26131b9a35437026326f99e1637f670eb37e69175ca40c10c647b8c02924e9de3abf9d","first_seen":"2025-12-03T17:15:42.347058Z","last_seen":"2025-12-04T09:12:15.512366Z","times_seen":7,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"95.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}