{"report_id":"26d59d36-9ef2-432b-8a76-e094ed6f9620","version":6,"status":"done","tags":["amazon","phishing"],"date":"2026-06-01T01:13:46Z","url":{"schema":"http","addr":"amazonqn.com","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"104.21.84.226","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"amazonqn.com/#/pages/login/login","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"title":"Amazon","dom":{"size":32937,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13818), with CRLF, LF line terminators","md5":"3edebb8a0671fd64d9c76a2ec461bb0f","sha1":"f1ee16960d7e5c4472997e9682c55006ced936a1","sha256":"ea358cf2f1940b0bf48b10ceb03eb74f0f33c24f8750a66753871f5ae086a859","sha512":"9106740164c964a33badd7bfa13fe8c2de520c06a3133c24a812889ff241cca0383d10c665108612dd2fafcd84d6a8a4cf9b34d62b4299723cbd5e855ebba208","ssdeep":"768:fhdZXEnI035aG7L46eZDm64tFKBsfLsfnsfMsfhsfmZrrxRco/7:fhdZXEnTawUD2FKBsfLsfnsfMsfhsfc7","tlshash":"83e2a6212045342ba437c484b462db1c7637d723ca524afcb76d3b699fca8e60d7bb64","dom_hash":"domhash53db856df4a08d964d5ad78668bdbf94","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"amazonqn.com","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"104.21.84.226","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T01:13:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"summary":[{"fqdn":"amazonqn.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-30","domain_rank":0,"first_seen":"2026-06-01T00:53:56.888841Z","last_seen":"2026-06-01T00:53:56.888841Z","alert_count":108,"request_count":27,"received_data":1325983,"sent_data":11865,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.zxs6yt.com","ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-24","domain_rank":0,"first_seen":"2026-05-31T13:11:39.290619Z","last_seen":"2026-05-31T13:11:39.290619Z","alert_count":20,"request_count":20,"received_data":27318,"sent_data":9900,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"124.220.205.65","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-05-29T04:51:42.491915Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"amazonqn.com/","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"93368157fb131b56a45d6f60f8b40342","sha1":"ea2a25edb7b00c3e0a06650f02fded5bd87dfa20","sha256":"c48d4859bc082aa591168f7d7230bef438ecc2b3074e707c83864e11ec1a891f","sha512":"366c90d022f7fd6718d76460de51a154cf6cf8bf8e3aefa2e0e736cbba24ec53506485331abd3c3c2a7e6ae00c9a3b957a9aa675ecdd389afca7863ad8365908","ssdeep":"","tlshash":"c8e068c260a6294c02208016304ac1031bb608729ec149613c4c67a58fb9f4bc46e859","size":352,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-06T21:06:51.413804Z","times_seen":4008,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/pages-login-login.dfded83f.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bac658b75e76ca16c22da491b06d686","sha1":"28eb16cca6720ba9159509ed8db8cc019dc77116","sha256":"a379dcd59834802a40adef6555e8739d5b5e4b46ffc12aadef669678e210dbca","sha512":"5829e31c5560b87be9c71fdf6502f3ca2da603c80096bdf8123eefa0b24a34fc8227c09fef775757a062024cd5c2be4919c0e7394b3e9323f479f548479280bf","ssdeep":"192:ZEJqRZAAMhP1TgSqtpntaZHym2kAQHcoRsNtnw06pwaaxAhn5:ZEJSOROMz2M3taxc5","tlshash":"e412f71de0c7348f4c96a025647b951821363e78f852fd45ebbad6a50cacd4e2233f9c","size":9301,"data":"","first_seen":"2026-05-31T13:11:44.181427Z","last_seen":"2026-06-01T04:47:35.003962Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/chunk-vendors.74d0700a.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"16dfc57921f45f1d802475f7f86aad2e","sha1":"4380d730122852244737c84ba39bb19fc1ccd480","sha256":"e573495417949ee13903626a4768c4314498e7568f37709a7bcc631e3564d0bb","sha512":"44649557505c102636661d853296ac5f59dcd54b562390a04dcf7dc8c28023aeb1509c9aeb9c058610eda3bf2a82d88f8324adc6778a54ff802df9c46a197012","ssdeep":"6144:emB7mh5jJAAih84CHeuhTUWTfUDMT3E9hXtwTf3I+b/UoG7vwNTM3YEvm/40+QhW:edh5GABInyGhdwTf+oawtNi09vQzx01e","tlshash":"f015088cf2c6b0b616e760b5403f220bb2376969b40a94d4f675e4d0ad78d4e6227f3d","size":960569,"data":"","first_seen":"2026-05-31T13:11:44.17284Z","last_seen":"2026-06-01T04:47:35.010487Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/index.d0139eef.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cae34bab31c6bf16bb94aa29a5db25b3","sha1":"8a83aa044c7556bc77418f1cd81e7e4f401376b9","sha256":"696eda728eaa012f00faad5d75e1a37003b50356bd364ec6e4519bfc9b8404ea","sha512":"20417aa30babedf3ffab119e8b84c0a4dbae070b74ba8ed799b145efaaababc6e887283d8be7bc34870a0148aa7ea5d35b2b8b209af50581ca7d2143ee37212b","ssdeep":"3072:gAQ5lRqs2xifevxllZaQbTIlBtnCJ4d9W2GrfTqK8ekFetGZTME:5ElRqX9LYAkwtGx","tlshash":"c0c36cef31ce969d2011e816d80fb11576e52cf2ba0df5e0936acf857ee4186c622e71","size":122626,"data":"","first_seen":"2026-05-31T13:11:44.192607Z","last_seen":"2026-06-01T04:47:35.017546Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/pages-index-index.37031676.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e9cba5ecaa6d0d317b8225a2fff1b03","sha1":"211d00f4702ab6276fc710c48d3e566726d51f50","sha256":"1f879219a9fa4a8b1bbbb8fe444f061b751d061852d711803c54233fb7af7957","sha512":"e5bb8a35a74c4a4bffdbe6a9ccdc8eaa322f3f4e2c84cd43ce96efe00a816011d0bfb51624766e4ceb57bdc86794434b58c2873307a972ba5dc16c4f0505dbf1","ssdeep":"384:e0/M1bxVjghUTJh+E56G3RLkSN7u2vUXFARNzu8tqA5ZK6/dD+ZL+xJV++i:3PMBXJunxW5ZKsgZLW+h","tlshash":"8ad2e62da0c9787f1f9980d1002b6a45637e9e26ddd13c90f276cf5989fd18a063fb68","size":29848,"data":"","first_seen":"2026-05-31T13:11:44.180141Z","last_seen":"2026-06-01T04:47:35.034626Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-06T21:06:51.41442Z","times_seen":15889,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"amazonqn.com/static/gq/eyu.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/eyu.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 491\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-1eb\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wvMng75ag%2B0BZ6TPq7QreMzS2nMbXk9vN2DVOWMP1AqBgdOt7MnPQZyN3U68r7%2BoebcxKrvW7Tkr7vYTAV8BIDOFNh7x45sYmB7W9Eid6wq0vNKGz2EvfxFVNs6%2Fnoc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b170b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":491,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"6eba6498d6c80c834c369f5d76dc2a8e","sha1":"8001c8144ba025179fe2add31c819174918c89ec","sha256":"fd704e680d8e14a071f31c1999bd56edcac3c67728ca0ab56bc8a0fc9b39c17e","sha512":"a8135ab491a04e5722cd752b24c44f88d73c704a47d13f0bcd1078196583640f88198246a59754f81e013b53e6ae4037f02b4648f4a2fc62f836f8f66e0789ed","ssdeep":"","tlshash":"7af00eef87152cf692d90a560280047084628a8c02905984a5d093b69bc8ed34e52789","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.033663Z","times_seen":26,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/them01/tar3.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/them01/tar3.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-8dc\"\r\nexpires: Wed, 01 Jul 2026 00:53:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Apidd5LT%2FUWzAA8GPQM%2BTUfkE5WRiDPKTwN9FhwlaGEYyDmFikxPVrEl%2BRNS%2BqSWvHvgQIUz%2B8FjT72Ou6R1EFik24MZNncHvk7apu4p68QJAAz0HV6eWb0lobLwqkU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f68c40b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2268,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"3f27e376639040df2ea8da04826897fe","sha1":"fc608047734166b88bc3b464efea06faee612674","sha256":"b8c848207c62fc1af9735baaefdcec8844e96783d72ac5bcc0b6c0cbf03dcbef","sha512":"481dafa7a13ddee8d25be289a6ef2ba19d901b2d961e4cd6ec6cfe0c42d067e13e379c26c7ebb952601867f5c01ab91fda34a5660c0d4627d5b4c75a9daf6150","ssdeep":"","tlshash":"bb418349fa72ad00658daf49a4f991175bb747949781b080eceb8c033c341fecd499c3","first_seen":"2025-09-04T17:53:21.658066Z","last_seen":"2026-06-01T04:47:35.035185Z","times_seen":13,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/them01/tar4.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/them01/tar4.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-90c\"\r\nexpires: Wed, 01 Jul 2026 00:53:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fa52IqslA6kxOd9894nzRnf9ZNuOE1uNabgfNbsAL7fEYGb4Bt448ITXpze%2Bbnmz9dQCxwWnMAyS4FRipQmgo%2Bx8iezb09VolvQtHp2ZCsFQWuMqt4y7nS6UUqB5iUU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f68c70b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2316,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"9ee5dab1abe0f7870c890f4498483052","sha1":"f120aabfcf868e5db5eb3c5ae62f52d3d4950c5a","sha256":"dc8f7bfae5e8a7cca0c82b079d38ee512243e8d29b85e461b7a0903ce5121168","sha512":"e3f492b64392c5ef1fe9f89723030ad0fe0211e946a921cebb17b4938195173a0d4c6ec8a60e4b481a5c0bcf10e5d1c4ec02c134922012fd77f49149a4468273","ssdeep":"","tlshash":"9041b80cf9b56c55164dbb48a9ed6243dbb34ad4c681a8c1eccbd80364211f9cc9a5d2","first_seen":"2025-09-04T17:53:21.659123Z","last_seen":"2026-06-01T04:47:35.010965Z","times_seen":13,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T01:13:24.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:24 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=02Ejh5EjqDA%2Ftem5wARvcIP%2FeeMjgyO4Awp219mGOhvh2JYXorjQAtr5y9b6ijIXNQGjM6jwyGpGcC64MYl%2FMxbAVFvJG8Wey9lWKLSXSgNJJjs05bG3GwFZiT2fy5c%3D\"}]}\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: a04a5b0798dd569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":780,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (500)","md5":"4b8efe6858bdbef3c48053d9bc9ec7ed","sha1":"3a61c250a76035f866cb0705631c3240e78cdb8d","sha256":"5e1988268ef01ab1e92f725b58b7e7839007902c68aa2e90d13a1e8ac7958b2b","sha512":"df5f059988c915473ca238e4e40dd50fb9052e3f07ca05d7ede1f124d7aa4bd4d4a6d4191b61ad3b4b82e869a801118a2e507b19630ee533c999efaefe875c1d","ssdeep":"","tlshash":"7001b1c21c50e94d0720869164b6e61e89d64eb8699199603cdc2aec4be0b8dce2f855","first_seen":"2026-05-31T13:11:44.149216Z","last_seen":"2026-06-01T04:47:35.013406Z","times_seen":5,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":106,"dns":28,"connect":27,"send":0,"wait":442,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/index.883130ca.css","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/index.883130ca.css HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-1793e\"\r\nexpires: Mon, 01 Jun 2026 12:53:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e7AlLqaIxT03yOxnvL08HEtTEmtSiRSFBFm7VeHQ2JFJPKoUpr7wa4aC0cYMPmlJGOjJjwdHoR6RThDc1BhnVRcVgBXKECGQJAEY%2BNQCL6mSxOCrroiLV2S%2FtREAS0M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0b8fd90b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96574,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2de2f2d3943b4b382a28a439daff5939","sha1":"70d04e1c3567cb4f248b29046b98386f215a4d38","sha256":"8a35934d019c2b120a31ae6c51c75b2327f22637824b2a2c2faf4ce17ae9d4d8","sha512":"eba9271e30d6e4b21954078e3ccd839a55e1dcc8212fa375c18dce42104d19a92655c2f289401525b0c9565971a31573b928666515a3ca89b1801bbd48c1de95","ssdeep":"1536:OlIApuK7hmVmb2RS1Wu3xdynGJ7eh/nrhlvbc:VApuK7hmVrS1Wu3iG41nrPI","tlshash":"f393f73719012e39e52bcd26b6c1ab5a1e61c033e15307adfba47628cbcf9c9167b345","first_seen":"2025-07-20T12:48:29.443135Z","last_seen":"2026-06-06T21:06:02.410475Z","times_seen":2633,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":102,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/pages-index-index.37031676.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/js/pages-index-index.37031676.js HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-7498\"\r\nexpires: Mon, 01 Jun 2026 12:53:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MUtj05gvm%2FWmYYzbey3kCBFW4i9rx%2FN8GQuy10qLeYF5BFgh1KDvlf663XXBkVvE1CFTw2mh3gfBSfJ%2F1GhaduV%2BgIv3QpCPcImu7VkKEy116WcoVqZ4gEaeQJTkAB4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f48be0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29848,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28328), with no line terminators","md5":"2e9cba5ecaa6d0d317b8225a2fff1b03","sha1":"211d00f4702ab6276fc710c48d3e566726d51f50","sha256":"1f879219a9fa4a8b1bbbb8fe444f061b751d061852d711803c54233fb7af7957","sha512":"e5bb8a35a74c4a4bffdbe6a9ccdc8eaa322f3f4e2c84cd43ce96efe00a816011d0bfb51624766e4ceb57bdc86794434b58c2873307a972ba5dc16c4f0505dbf1","ssdeep":"384:e0/M1bxVjghUTJh+E56G3RLkSN7u2vUXFARNzu8tqA5ZK6/dD+ZL+xJV++i:3PMBXJunxW5ZKsgZLW+h","tlshash":"8ad2e62da0c9787f1f9980d1002b6a45637e9e26ddd13c90f276cf5989fd18a063fb68","first_seen":"2026-05-31T13:11:44.180141Z","last_seen":"2026-06-01T04:47:35.034626Z","times_seen":5,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cfXetZAM45myEVwoWZdlpIGPqepwuIYJG%2B1Ap8KTIvO0FwIOJq4R110MfoUmZdm53hrvvHk9Z1AtsmlzKiWfFdE%2FVH1q7rFq7m9dEpXv%2BxdkXjnQdBOZeg2aS2bxARX5Pw%3D%3D\"}]}\r\ncf-ray: a04a5b1119cc783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58a35e214d0bebd318f11219ffad05ed","sha1":"d1acc2a3f53eaadf83accab8430815e2e06b95d5","sha256":"b716a783b6be1feb2ffad9a00ed5223e72a0f77c8a036cb6434d8a0f3fed7425","sha512":"0f6f7bbac2abd3b3c747087b799a618b46b35edc8b8f1404848291f88b1b9e1fb0ee5362eed6092ae959c8f11c573eb3a2b48d487d93e966630f625ba1bbac73","ssdeep":"","tlshash":"df11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614caf859080370262b82c","first_seen":"2026-06-01T01:13:48.902722Z","last_seen":"2026-06-01T01:13:48.902722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":683,"timings":{"blocked":115,"dns":5,"connect":34,"send":0,"wait":452,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/setlang?lang=en","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/setlang?lang=en HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: think_var=en; path=/\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g3w0uhgIt4cHfxN7aQHb9g1TVS1890%2BVIzZ1pueIqro%2BNHbP05dPX0FnLbrX4HbhhJnIoeBGKGjVGt9AoO5kfAAHQfvGGg7FRYb78i1FDFbIoxzR4tBGlOPpCGWpGdp0yg%3D%3D\"}]}\r\ncf-ray: a04a5b14adb1783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d0ca0468feebc8fa8ab6f6ccaf1f28b","sha1":"dcb821ce3af8f8c23183ef30336ca804d80643cf","sha256":"6164a4aaf7e86b36f1ad49f52484b60b97470d5a6fcad0339ccb563cf131b079","sha512":"8b5218491944e98868fe077b249a766e7696c1d298266e4e61f68a1f0aac942a23fd2e37586a79ad55042214125427f6bc19dc2829801211846f3a61833d433f","ssdeep":"","tlshash":"8f9002656e89152719255158461c82c7031c5043484157540a8a7f34618846c5021425","first_seen":"2026-06-01T01:13:48.905971Z","last_seen":"2026-06-01T01:13:48.905971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":442,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"OPTIONS /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: acceptlanguage,content-type,lang,token\r\nReferer: https://amazonqn.com/\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With, token, lang, acceptLanguage, Accept-Language, accept, origin, cache-control, Pragma, Expires, Cache-Control\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xLMiOYXt2HBTjm4MzSTgPYt0buxRMDlGDGGR4UTiH0voefm%2ByoicltGIIUh0DReVFb%2BMUKtnnAypk9%2B04rioFKVEUiS5cjyiVR3v8I65bVaFSNMfE%2Fa6QDGoynD%2F3YTWeQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b14bdd3783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:09:45.281132Z","times_seen":16194959,"resource_available":true,"data":null}},"time_used":428,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":428,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/taiguo.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/taiguo.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 525\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-20d\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JSrZpLK76T8oJcFGq2YWefNajNS7iifKLNR8SMJ8XYTLa0jjps2m4ADENI7f2NG2M7%2FiuQ%2BMyZT8iqGm4LFKx9719%2Fg4UJQLlEsPTesBFXJsropleSOqHrSjfDKgmrA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b140b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":525,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"542d20df26980e5ba3a9fdbe773f0909","sha1":"e03d2e4246789780a9e5fc6ba886b5dd775cf322","sha256":"b5f951fa81b17a89dccdb2aa91dc76a5b3d8b0ce4c9d1e2df3ba7ca008a9892f","sha512":"ac0baf008567a55246e14332150ea744069110700e23b4a0ef7fec62a95a9fc53969eb7d2c61931945fac1183b2712d82c4dd58779cd417749ea375a9633389f","ssdeep":"","tlshash":"c3f026e4668049545a4d29356e0a20c5fe37a8c9e41778e03924d6314ce15d18c98554","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.016659Z","times_seen":25,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/alabo.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/alabo.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 528\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-210\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=65OnYaPV2MqrYMIWPwcJJ6PSHa2b1YhVk4yX5bD7FoYDstePa6867v99k%2F4uDdqNQ4eGFnVQOgX4IyuQZHiSnLo6T6TtvlI9of%2Fy2YVSUqSFbMQbSVMOLHVpnEz0myo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b180b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"fc1ec85446b65d50152eb2629b18d0f5","sha1":"0e54721f3d73a1ef60b77beb5bcf4c1632e54dd2","sha256":"97a5b36f17b95e7482d8eeec2ef2688f807391655e1867940a30af0ead005555","sha512":"e7e75eb5a24205d66aedc8118ba2ceeb2265519a1a1200ba3b7f562b2819591f0d9e09fc1a5e27e47f78998ae2bcf6c24bc858b2eda6e08488dee6baba39c55b","ssdeep":"","tlshash":"f7f020872da778b0c74a65b52b409856dd3f4b21dc38265b10aa5169ba8c8abe0005c3","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.009511Z","times_seen":26,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/them01/tar1s.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/them01/tar1s.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-8b0\"\r\nexpires: Wed, 01 Jul 2026 00:53:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MiFRKAAgEQi9XWVud9OXXGwKJXi7UFAS2Fz8PbictaQb%2BX%2FzcI2i1Twxo3u4RN0p9kKOpFkWfVmsR1UK92cgn8FkwstMRp2QcGy6MyhuKlwbWbQUQPolkrAJHM8dERU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f58c00b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2224,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"f4890e88e08503dd47b8bc247d0f0ae9","sha1":"fdf7a83f96b06f45ec69436fcc5e6e638d33f374","sha256":"573889dff70762cae20328be951c9855a8ec42db99db9752b42372692f75aabd","sha512":"7b4bd0cc169d0fb9a65564477af4b5636d0fb049a8eddf0dc96269e8ad6f9cdc04d8d98d0853f56283b1b80e17f2df3ba434f61d61ce45290443b1fb549e90db","ssdeep":"","tlshash":"4f414308f5265c40594efe48adfe42536a7347c48a86b495fce6cc1658600f6c84d6d7","first_seen":"2025-09-04T17:53:21.655635Z","last_seen":"2026-06-01T04:47:35.01396Z","times_seen":13,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"OPTIONS /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: acceptlanguage,content-type,lang,token\r\nReferer: https://amazonqn.com/\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With, token, lang, acceptLanguage, Accept-Language, accept, origin, cache-control, Pragma, Expires, Cache-Control\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DxVmKhcAtWtKLm2CxQrNrua2yapS5NMb3LurZoy1QXauqGt831%2FUnBxWzRdcEepXDWYwmHwQDvzUY7FMi0Vi%2FiiClw7C8QmqKPOPS0VDbqaczUB7SwXrjx%2FFLiKGjLT4ow%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b149dad783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:09:45.281132Z","times_seen":16194959,"resource_available":true,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":416,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"POST /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nacceptLanguage: en\r\nContent-Type: application/json\r\nContent-Length: 0\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oFhlozpQ4%2BRcAKCYzZ%2FNcRqH%2F4x2mTpN5Dx0ImrNWmo4htY9FxQ0KAS%2F9CZ5NsWI6vYo9AxAlh2TdIcHVS5S4%2BgaLlTS7KMVsMPuYNcSVccA00QMIC%2FcWeWGnjfZQIofWw%3D%3D\"}]}\r\ncf-ray: a04a5b17383d56b5-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a3663b3fbfd93091c392d6570a1f7a39","sha1":"e2e416b30ddbd7e7a939eb1ff9e08ae39caf1519","sha256":"4110d653d376ea9d6f5b7739c919f327b264d4823ace0cc3975b4a366af917bb","sha512":"292946ee43f4dc5eadf8c896da89ba5f94a14df37adbb121fa4feb183027cd41a558d3d0bc0f88dd6e28fe2ad4403fbc8599d9bb47975333f5fe7cefd8fb36de","ssdeep":"","tlshash":"1d11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614daf858080370262b82d","first_seen":"2026-06-01T01:13:48.914072Z","last_seen":"2026-06-01T01:13:48.914072Z","times_seen":1,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/hk.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/hk.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-474\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ib1PRbI2SERe4aMtHwBrfrAyvLkWkWIoe4vU%2BMChH%2BxSWuqRUrPwvLW6aFBDkidRtBhbVdv8u%2FZvcn%2FmV%2BGWqSxhvjNJwWNXqXCxPACCBHccw9JWQdVowZ%2BPDj%2FaIn0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a5b100b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1140,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"1d130e8e019abcc7a50e3983b2a0f816","sha1":"8976309cc9a84cbf05e9148aa49d96c5b52f9cfc","sha256":"b920cc85a0575930569bec5833afbd1ac7f8ee8c6017dca24a463e26182b2210","sha512":"7b4cc4ea25aef8382547c1320d6a2ccef93d5c4cce0ad64eab9d4d6cdcafb44c80cdf93a3599a5cd3c35d97136cf621a7e4be7339a1752ff9dd6d6ad6ad1b555","ssdeep":"","tlshash":"b721f9c8f9b834444dd6e537859e34581fa1e21b4289df3488eac90b0ed098fccc0f5a","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.02673Z","times_seen":26,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/yuenan.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/yuenan.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 745\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-2e9\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KzPX%2FI0p%2FWO7iM15ctabpIVkdG62Y9tFPao%2FdlBW5KebeqWtCfdMU09NjXqcQtV4Mx4VGy6n9IIMFfssxcjF12fFlt15wf2pJ7v%2FzrFt1eFZhlRpwhLraPdmGTqUpuU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b160b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":745,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"7b987c6fe6808554b0f48dff6ce70b23","sha1":"57f71bd29107ce8afc5b33ebce0edb70573acbdc","sha256":"99c03bdaf1f0ed20af788aca322ef7c66854735c7b9c4f91bb266fd7d69d138c","sha512":"9198a69bf5a5e50dd68e3804382b82e2ebd9833f6d2e9bf7076c4e02c01e2e05d79fc23b67500f3b788084acd0f3b3148c9a5e3775b739e4180944f6b92d5147","ssdeep":"","tlshash":"9c01e9bc2b36cd6d4d51e630d2df00ddc8770846c745af6c3b10838290b235272cd808","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.011472Z","times_seen":26,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/xibolai.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/xibolai.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-20a7\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qJHhEn4%2FzMCr1AQTnvrwz2VbSFebR9r4fdpxDdIYbU4qAB0381IH2KNp61ECMqEZf7zE01%2FBVDlE%2Fdx0pAmBOHFKBMMgkkZ4E9%2BBYga2VsU1S73jgfjXpY9LWZuapHg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b1a0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8359,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 536 x 390, 8-bit/color RGB, non-interlaced","md5":"9f6e45dc75656793e08ba453a101636d","sha1":"387e8971305e7f62c67b3ac050a0fa137c76fc56","sha256":"900376c45ea2fc34ec278dcd84bf8e27253b27489844d19e3dbbd743af545cd6","sha512":"c4befee1513109ded8360aa8e0a8aac235d090a680c2f650e4810c91d429bcacbeffb4d0808af58be36bf1819c0e69e6a14061344c26f6d16bff7c6e299cec2f","ssdeep":"96:b6lLVWfLENZR+f3h6Cbex5FNjjjvLUWQAO+fVN7hS2ULj5++tq28atronlviA9vm:bCmgLYvGhTvHO+fLMjjSatsl7YPsz8","tlshash":"ac023b300a15b3c3a4de8a4b06713926aec34dea460e3555025de1bf23c166f76a5feb","first_seen":"2024-11-08T16:11:40.282224Z","last_seen":"2026-06-01T04:47:35.028804Z","times_seen":15,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/fyu.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/fyu.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 343\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-157\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cDhL0%2Fz94ePXWvTyTrJbotSWOe4Bcj%2F04fpbGv4OKN9iRMPFEdf4yZo%2Fp8HpifXogYCrA798n4dHqffCKWizg%2FQveZaLutuwhJczdByGdhqQpksR0eocGO5BkKvT99I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a7b1c0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":343,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 170, 2-bit colormap, non-interlaced","md5":"08c5c11f0ccc3ca7f88302c1c106e8e2","sha1":"feb9dac5a1724ce0c9735058ae9ec74a0fb97cf1","sha256":"652d6cdb1b04dd87e6a010dbfce3941e8b66b1bd4de3390db6845d99ea7a6760","sha512":"18116471633e196d6e832af7aade14dfd554afac7fc52581a2bbb813ef52deabe3d0ae4d950660b461361df7a18dd1117e8dca34759796c7eea7bf22dfb0c4da","ssdeep":"","tlshash":"8ae026d39670d5a0ea4729cb03169708bf382a8626a68b44b9e5d58f08482ac9c99ec1","first_seen":"2024-11-08T16:11:40.249236Z","last_seen":"2026-06-01T04:47:35.014797Z","times_seen":15,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"124.220.205.65","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:28.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 01:13:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Mon, 01 Jun 2026 15:13:29 GMT\r\ncache-control: max-age=50400\r\nset-cookie: __uni__uid=rBEQRWoc3LkbRaM3Az7rAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-06-06T22:40:26.838933Z","times_seen":16194,"resource_available":false,"data":null}},"time_used":2243,"timings":{"blocked":994,"dns":87,"connect":255,"send":0,"wait":254,"receive":0,"ssl":649},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/chunk-vendors.74d0700a.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/js/chunk-vendors.74d0700a.js HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-ea839\"\r\nexpires: Mon, 01 Jun 2026 12:53:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cUEiV%2Fkh799wu4rUlAIIz%2Fc2MwWBiDgT9YZzwRlddi2ej02Cyrn8RgeXZGJqNMo4u8DOkJ6NFTbylbAc0%2FNIe6XCE%2FTYTmnlyRDSwsRt7qwNEfEpR5cq8ya4JBCPP%2FQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0b8fda0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":960569,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (51110)","md5":"16dfc57921f45f1d802475f7f86aad2e","sha1":"4380d730122852244737c84ba39bb19fc1ccd480","sha256":"e573495417949ee13903626a4768c4314498e7568f37709a7bcc631e3564d0bb","sha512":"44649557505c102636661d853296ac5f59dcd54b562390a04dcf7dc8c28023aeb1509c9aeb9c058610eda3bf2a82d88f8324adc6778a54ff802df9c46a197012","ssdeep":"6144:emB7mh5jJAAih84CHeuhTUWTfUDMT3E9hXtwTf3I+b/UoG7vwNTM3YEvm/40+QhW:edh5GABInyGhdwTf+oawtNi09vQzx01e","tlshash":"f015088cf2c6b0b616e760b5403f220bb2376969b40a94d4f675e4d0ad78d4e6227f3d","first_seen":"2026-05-31T13:11:44.17284Z","last_seen":"2026-06-01T04:47:35.010487Z","times_seen":5,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":135,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sl%2FbgX80gBI%2FMAJNhE5SrLBCOP6VfBRIlv5%2FmerzNEzlooZnqXIhfyPCRjGhaZD96hvpJfI4xYr5aeohJQNfWLOEY08a6fXLAUjf70BGSF8w72vMGyQ3hfbYMv3wAfTaeg%3D%3D\"}]}\r\ncf-ray: a04a5b10b930783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58a35e214d0bebd318f11219ffad05ed","sha1":"d1acc2a3f53eaadf83accab8430815e2e06b95d5","sha256":"b716a783b6be1feb2ffad9a00ed5223e72a0f77c8a036cb6434d8a0f3fed7425","sha512":"0f6f7bbac2abd3b3c747087b799a618b46b35edc8b8f1404848291f88b1b9e1fb0ee5362eed6092ae959c8f11c573eb3a2b48d487d93e966630f625ba1bbac73","ssdeep":"","tlshash":"df11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614caf859080370262b82c","first_seen":"2026-06-01T01:13:48.902722Z","last_seen":"2026-06-01T01:13:48.902722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":126,"dns":34,"connect":28,"send":0,"wait":455,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/login.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/login.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-da69\"\r\nexpires: Wed, 01 Jul 2026 00:53:36 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zOJIV6Z0d447cruWCKrwXuD%2B5xxJjLTrJldSLmbGDY9wX9xM0RBt52qiNN%2FIvFlW6i7pTLuf44l1EOvp6%2FfkqurF2EXv4%2B28cTiaIRKqlJK%2FV26a9n1bBK87nqOepEQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1069080b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55913,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 265 x 220, 8-bit/color RGBA, non-interlaced","md5":"fd00a2013d3c0ba3d959542ca9e57b12","sha1":"8ce2b97f35f8f9fe32c26c599ec5f79878209ac8","sha256":"fc13005651a1b38bf87ac21a1a695053b36ce37fe28e2140a2bebc4969057463","sha512":"f5b7053a7977e12610005eb094231ccde9fa602e770ee73d76f597d9b6ca0443f42e02e4124248fa5889f8432ddebad8c375440d00b3fa57a3207e93cd94135e","ssdeep":"1536:w+ySdwNDaXDSzbQANgPGz2kXE4KHPmOMxCwDNQW:ySdw9Fzc0dzLXE4slMkwDNQW","tlshash":"dc430298ec8b89b0905e1e2db3c6415036480a30cb66dc6a3e9c1e739a3667cdf57cf5","first_seen":"2025-09-04T17:53:21.667198Z","last_seen":"2026-06-01T04:47:35.031145Z","times_seen":14,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/undefined","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VG7paNlJNe%2FNsYE%2FSLkDPiPCagIrIh9MAdgXGKv5sV57n7BSkUhfzFjxSSmY3rd2QQkuS%2FA5o82kaP%2BDxDvigIo34vQJQ8W5d1R3p6MaYWgLzlQLg%2BK%2FqgkX%2FKltnLk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: a04a5b10790e0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-06T23:18:24.466919Z","times_seen":279292,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/setlang?lang=en","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/setlang?lang=en HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: think_var=en; path=/\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gUf%2B4GTZvWow9DybuY8TRdPJEZMFG4niX3AcDwL41ZfSceWKhlOfwoeP75Xp7O6C2cmrDGVbxfBQklUIedRUk3CXdwp%2FgNuTmVcri5Gjl40giFGbCavHqcTXS7QgEtA2Pg%3D%3D\"}]}\r\ncf-ray: a04a5b148d95783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d0ca0468feebc8fa8ab6f6ccaf1f28b","sha1":"dcb821ce3af8f8c23183ef30336ca804d80643cf","sha256":"6164a4aaf7e86b36f1ad49f52484b60b97470d5a6fcad0339ccb563cf131b079","sha512":"8b5218491944e98868fe077b249a766e7696c1d298266e4e61f68a1f0aac942a23fd2e37586a79ad55042214125427f6bc19dc2829801211846f3a61833d433f","ssdeep":"","tlshash":"8f9002656e89152719255158461c82c7031c5043484157540a8a7f34618846c5021425","first_seen":"2026-06-01T01:13:48.905971Z","last_seen":"2026-06-01T01:13:48.905971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/islogin","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"OPTIONS /api/user/islogin HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: acceptlanguage,content-type,lang,token\r\nReferer: https://amazonqn.com/\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With, token, lang, acceptLanguage, Accept-Language, accept, origin, cache-control, Pragma, Expires, Cache-Control\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GOvZ%2B7SXcxYoGr3zfsIpGyuchWypNjhKhdXdj9Hx33hO55sU2V3wzF%2FT1t30NSaiCB2NQFTAuRZKYN%2FY79w9q3CaH2J1zbtYoz7XRtQMJzu7E%2FUjwHsllKYUSAdv29pVHw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b14adbb783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:09:45.281132Z","times_seen":16194959,"resource_available":true,"data":null}},"time_used":419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/islogin","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"POST /api/user/islogin HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nacceptLanguage: en\r\nContent-Type: application/json\r\nContent-Length: 0\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B2NVsDCp1dnJ3J3N14vauaaLDSTG6Wjm6hx80W4fa6BueD0Mc%2BTS7eYUouzDg9XPmMNyX8RwMoI9C5xDezQjWev2krWCiI%2F9u1xTVYJ3k0LHM6I3m3XbUWxVC8GiNwx2LQ%3D%3D\"}]}\r\ncf-ray: a04a5b17483e56b5-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f75a10bce837c8f0c55f6bf88d524a8e","sha1":"0a391df38eb0280360b10145e944236e04a54bb9","sha256":"5bd428897c6696eedea5e3e8be856f44bca299be60cd9e860d591aab0053c12d","sha512":"8e1f76651cb8775c5cba0ae7f7ab03430ea574ede8ec756023cb2f839c4c5e3f7cd616fb201365af87847769cf57c007c66efdd3e936587bd20cf26c57f9d246","ssdeep":"","tlshash":"cca0021a555d24070b318198935d83ce065e50c30d41973d494b6f2456d8475651252f","first_seen":"2026-06-01T01:13:48.922468Z","last_seen":"2026-06-01T01:13:48.922468Z","times_seen":1,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":449,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/riben.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/riben.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 609\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-261\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zWjjAGI2%2By7hfhQZFZ48IN0tJk52SjuYhzlw%2Bz0x3jzkwfpMRpj55B6gErkIdCz5kPoZXTwJpfWcwg%2FvnMpuq8JKNkdRPfFc2XeJXHx%2B%2Bm%2FlSuvhiHAZ4lOqYQpw%2Fuk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a5b120b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":609,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"81244a5b8c587317d9b74ea88aa8047a","sha1":"ab63298e5d42a1ba9c623cdaa90fa33e2d7d6b9d","sha256":"4680c87235779112f2a63e31f837a4180317b6261a4f8297df789fa822bcc455","sha512":"a80f38d46b2b1709be20c32663d0292c52346aebd50339e444766467c51accfa19d6e38115ca9943781b38b89f50c4ca2c35a1c7cd98400fd04e929e26e191d0","ssdeep":"","tlshash":"92f002f69e2024bad15d2e7657884028737f934a91152a381a092cb6611899e5545356","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.002879Z","times_seen":26,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/index/isThem","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"OPTIONS /api/index/isThem HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: acceptlanguage,content-type,lang,token\r\nReferer: https://amazonqn.com/\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With, token, lang, acceptLanguage, Accept-Language, accept, origin, cache-control, Pragma, Expires, Cache-Control\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pl6N75AYuzvpe9awfd9kFNtWDeCitXuqUw2eL6JQZZ%2FFa%2BG850iE6MOwyY6NJB3gHlDCVCsWJsI5n56We%2B0K6AMjSIL8UKGN3XmFH%2FAu8WmomocvyBSA2EOgKoLNl9Okw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b14adc0783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:09:45.281132Z","times_seen":16194959,"resource_available":true,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/them01/tar2.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/them01/tar2.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-977\"\r\nexpires: Wed, 01 Jul 2026 00:53:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZogKmpnSvLkl0SiYv%2BNdZsTDHcOACUSSGlKTyiSJS93A3bVqQHIylVhvduOQUWKAoAVjyM5KH2yvUsIkvYwt8jftKeA8OgR9j01BdippUH2X8KoOpXZKIMyRqAwwEw8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f68c30b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2423,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"ac06867cf63c31fed6a47256df2b612e","sha1":"e176c35521bc33b58f9f9a4fc284a04d3b2653d2","sha256":"f8a0f1a3019ce8c4cc6edd5e0f839b2d22ad5e2828dca124d3850a7c53cdf128","sha512":"f2359f004be075e7c44a44ca6824ca8307f17bcc499f80dd26e8e571d954d8f02b0ac2848f6145b0ec0aecda762d8bd783692f9ec89cfc1e6da0df8c8b2b6a1f","ssdeep":"","tlshash":"fa417748b9269c40158cbb08a9eef2076f775b809ac2e4d0acda84076c302fecc9d5d6","first_seen":"2025-09-04T17:53:21.665263Z","last_seen":"2026-06-01T04:47:35.003408Z","times_seen":13,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wkNRWOe6uNPNoappNDJ3THNcYbRRYVDmioPuvD7bDV%2BaDEdBTlFEmppeX6O2FIP73VrzUQQxj%2FuD7Se%2FIlPJ%2BN8slV0YcGJzx%2B%2B%2BNMsDTfkQu%2FWLffTnfyfrMu%2FN6PoZTQ%3D%3D\"}]}\r\ncf-ray: a04a5b10c939783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58a35e214d0bebd318f11219ffad05ed","sha1":"d1acc2a3f53eaadf83accab8430815e2e06b95d5","sha256":"b716a783b6be1feb2ffad9a00ed5223e72a0f77c8a036cb6434d8a0f3fed7425","sha512":"0f6f7bbac2abd3b3c747087b799a618b46b35edc8b8f1404848291f88b1b9e1fb0ee5362eed6092ae959c8f11c573eb3a2b48d487d93e966630f625ba1bbac73","ssdeep":"","tlshash":"df11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614caf859080370262b82c","first_seen":"2026-06-01T01:13:48.902722Z","last_seen":"2026-06-01T01:13:48.902722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":723,"timings":{"blocked":135,"dns":37,"connect":38,"send":0,"wait":448,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/setlang?lang=en","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/setlang?lang=en HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: think_var=en; path=/\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=al7vBJrhnKE2v6RQBqRKMb6aT5JJDINV0t2wujpK%2F%2BIRrL9LydiP%2FxenY9pbD3blJHOtn1mwM9j1hhLd3QT7pA3vBhNJWM7i2aC1pkmBvN2ALmL0Sd9LzYoXuKpUg0qclg%3D%3D\"}]}\r\ncf-ray: a04a5b148d98783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d0ca0468feebc8fa8ab6f6ccaf1f28b","sha1":"dcb821ce3af8f8c23183ef30336ca804d80643cf","sha256":"6164a4aaf7e86b36f1ad49f52484b60b97470d5a6fcad0339ccb563cf131b079","sha512":"8b5218491944e98868fe077b249a766e7696c1d298266e4e61f68a1f0aac942a23fd2e37586a79ad55042214125427f6bc19dc2829801211846f3a61833d433f","ssdeep":"","tlshash":"8f9002656e89152719255158461c82c7031c5043484157540a8a7f34618846c5021425","first_seen":"2026-06-01T01:13:48.905971Z","last_seen":"2026-06-01T01:13:48.905971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/setlang?lang=en","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/setlang?lang=en HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: think_var=en; path=/\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N6p%2Fm5yVfvE%2F7DWWym2MQ9emonHXgc%2B9Gu8M6QBwEUuPeGeqAkN7xiSVmJ5q13coSoWu3DYaU2Ch91pAFxFuzIr%2F342M7FwJ0kxoek2rYSslKXqVuN18NQBq9esh4RPUOw%3D%3D\"}]}\r\ncf-ray: a04a5b149daf783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d0ca0468feebc8fa8ab6f6ccaf1f28b","sha1":"dcb821ce3af8f8c23183ef30336ca804d80643cf","sha256":"6164a4aaf7e86b36f1ad49f52484b60b97470d5a6fcad0339ccb563cf131b079","sha512":"8b5218491944e98868fe077b249a766e7696c1d298266e4e61f68a1f0aac942a23fd2e37586a79ad55042214125427f6bc19dc2829801211846f3a61833d433f","ssdeep":"","tlshash":"8f9002656e89152719255158461c82c7031c5043484157540a8a7f34618846c5021425","first_seen":"2026-06-01T01:13:48.905971Z","last_seen":"2026-06-01T01:13:48.905971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":411,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/en.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/en.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 929\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-3a1\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8AfLVe2RpM1JJIBLaVRxshoMunrGp55HwkRjnm%2FbXE2LHzqs8MSmyIWcX22vq3NEz3ZF%2BJBJLYJoxuk0YOYgyl0jYgcowAgQwFQA27XeiUln%2BXQCAf21l5B21MCVW1k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a3b0b0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":929,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"8d1aa75e4817ce957737b0217b27ed2d","sha1":"1de3359d63953a1f98be9274f3345e2b59145ad4","sha256":"ebe6a64e9612a35db58699f169cb15d37537ee92394aeb7c6141a968369119bc","sha512":"73537afad2369a9fcfdb394fd851ca05b7aa29266149ea367050f335704cd6d61997278d42be6520217ac43d024197b5c9e0fc3d57daa7ba1716def87c946a00","ssdeep":"","tlshash":"0f11c4b26603f84bdb2cdd2cb81405b22d187941927b9c167449292fe54bc07b2272ce","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.032758Z","times_seen":26,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/xibanya.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/xibanya.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-47c\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XRN1WgcmSImO6Ca5uHSdF3oVjGn5o2MQtu4SzvTpXBNh%2Fg7PquQu%2BsZqXFe3NrXtdH7MGv7JHoa0FWZoHE0HmEm3Z5CBkiijE%2BKKkf4yf0wdzs%2BUfO4WR4U5aJYAiQ0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a6b190b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"a6539b48eb944454dd98496cc87c8d88","sha1":"ca0b2c5d83a5646217b09436f00eb4ab9658ac6a","sha256":"1bbfde7153dbf9d796b4516457f8149e89e18d88aa51c725d6924289b984b3e0","sha512":"2b3a3b8c02f031669cceff30b720afaf580e02cd8c773fafb38bfa0def5951e7df826cf691e2825d565bd42ebac70475310d0331ef2c168fe646cc63d514b5c0","ssdeep":"","tlshash":"e021c6cd2165318f5f468cac832c4ab14b535b8cd98d7647128de8a6dc048f985babc1","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.027699Z","times_seen":26,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/xila.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/xila.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 913\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-391\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eVg5eA1jqCtCgQCMgrgm09EoYVsSDSrXjI%2Brmkc3s2GYp86yyPnhaAIijn8df1P1P%2Bcvz%2FiGXULGiQ0u3SuGPM6NBMMxXUhFEqdS8KA8HMenTFLkZo3jspJTwKNIyOg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a7b1f0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":913,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 251 x 167, 8-bit/color RGB, non-interlaced","md5":"20c5297f31e55e76ad1c5279b2f27421","sha1":"2c01c9aa3e57f2d266fc8644a0d09e632b7b066d","sha256":"47c5bc3f28cf2ad1c545f7e56830b75fdadc59365f42a21625d7c05ba92ce424","sha512":"259882ca3edbf63bb8b0ad3a17e866cfd7dd37ca8ffbec94df93764aad8f45c082152dee23be2f98fb6f25725057cc3fd9761ea8ed7fa8379a437649ef7fd7de","ssdeep":"","tlshash":"f2119aefc31183f9da676865bab9f84131370ee432196d10b623a424fcbd3e19066ed1","first_seen":"2025-09-04T17:53:21.650981Z","last_seen":"2026-06-01T04:47:35.012292Z","times_seen":13,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/them01/tar5.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/them01/tar5.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-8e7\"\r\nexpires: Wed, 01 Jul 2026 00:53:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gb%2FclpfOMx7jRork7lMvc4zfh01jcD9iuJGpWvx1YNVEpLsQDzUbToLveupmXhb%2F2DTfs%2FQH6wIFN6cHZt1rcLUBn3xY4NVpX1preiBrOg3S%2FxcVDAXZyNr%2F8qhge90%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0f68c90b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2279,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"3b94ce10c981b84d1d2d6cc55c1535cc","sha1":"c56870678435cc1e960fe3b8bb04fa522cfe5949","sha256":"aa007c084e23f40253c033b3bfc69f1b46f15223dabe076a161c76b4dce429a7","sha512":"42ee1c458c704f225f1bc7f449e0602213d75c4434c6f5d009c5a7dba3da786475c9032b0031adcf807f6e3bfcd73aead7f1b9ac32252700cd65e9eff212dd68","ssdeep":"","tlshash":"5641980ce9716d14464dfa09e8fea14757774bc0db91e444fcea9903a8204f9c84e5e3","first_seen":"2025-09-04T17:53:21.652381Z","last_seen":"2026-06-01T04:47:35.015762Z","times_seen":13,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/setlang?lang=en","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/setlang?lang=en HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: think_var=en; path=/\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r4%2BfQBa61km7m%2FXkZ%2BVEcK4PUFK6eg7GMG6qWH37KqNsmAoWL83i2OiKH5MrvqrrIPlPDm6nV3eMVsSgAW%2BCHdR%2Bzk7Cp7993I5NLX3OYYN14VvY92fEK7je1eVFzeyr%2BA%3D%3D\"}]}\r\ncf-ray: a04a5b149da9783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d0ca0468feebc8fa8ab6f6ccaf1f28b","sha1":"dcb821ce3af8f8c23183ef30336ca804d80643cf","sha256":"6164a4aaf7e86b36f1ad49f52484b60b97470d5a6fcad0339ccb563cf131b079","sha512":"8b5218491944e98868fe077b249a766e7696c1d298266e4e61f68a1f0aac942a23fd2e37586a79ad55042214125427f6bc19dc2829801211846f3a61833d433f","ssdeep":"","tlshash":"8f9002656e89152719255158461c82c7031c5043484157540a8a7f34618846c5021425","first_seen":"2026-06-01T01:13:48.905971Z","last_seen":"2026-06-01T01:13:48.905971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/index/isThem","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"OPTIONS /api/index/isThem HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: acceptlanguage,content-type,lang,token\r\nReferer: https://amazonqn.com/\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, X-Requested-With, token, lang, acceptLanguage, Accept-Language, accept, origin, cache-control, Pragma, Expires, Cache-Control\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I5FWj744M1zQj%2BXI1rr4zeeopeXSEU3KEp4D34c8caDRS5IsSRP2rHhLFC378XUBu%2BfLvpmIFpoC%2BG0U2pIpQvBPnzEeWLEuXFhk8jifvby%2F3rM%2F%2FOLcHvAa3ok4o9z9Tg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b14bdcc783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:09:45.281132Z","times_seen":16194959,"resource_available":true,"data":null}},"time_used":395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"POST /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nacceptLanguage: en\r\nContent-Type: application/json\r\nContent-Length: 0\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eQ8d6DIGj0nOi%2BK5xRWZKw0wRlUaTnxwVo27X149H2mCFkCxagsPci3iuZnfnN8SpSOmCdCqvmy9vZIPvpokpEQKbSx0M3o0d4TecLgFDCYKyFxe%2F0AfB1%2BDMihkvw9Y%2Bg%3D%3D\"}]}\r\ncf-ray: a04a5b17683f56b5-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a3663b3fbfd93091c392d6570a1f7a39","sha1":"e2e416b30ddbd7e7a939eb1ff9e08ae39caf1519","sha256":"4110d653d376ea9d6f5b7739c919f327b264d4823ace0cc3975b4a366af917bb","sha512":"292946ee43f4dc5eadf8c896da89ba5f94a14df37adbb121fa4feb183027cd41a558d3d0bc0f88dd6e28fe2ad4403fbc8599d9bb47975333f5fe7cefd8fb36de","ssdeep":"","tlshash":"1d11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614daf858080370262b82d","first_seen":"2026-06-01T01:13:48.914072Z","last_seen":"2026-06-01T01:13:48.914072Z","times_seen":1,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/index/isThem","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"POST /api/index/isThem HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nacceptLanguage: en\r\nContent-Type: application/json\r\nContent-Length: 0\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kteEHTZeNA4pZ8pYMAgro%2ByvPHQnQOylM19%2FXDp5PBbvgFcsWgjgSuaGERMT5FpRGeS0TrGsCtzJlNDLFsFw%2FHoKM5%2BNtH9FhQiXdIXVqNYDlfsBPkwgQAB%2BLT0mnivHSA%3D%3D\"}]}\r\ncf-ray: a04a5b17283b56b5-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2312,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6bb6ba9fa9aa8228a591e33621f6a87f","sha1":"1861f339331b3a4619140452fd332a191eee14ea","sha256":"42b14512cc86d38816fb307f4dc4fda28d864b66b4d30384a77b6716d722490d","sha512":"4bf6a5f96ce292e9100417e7b18597daeb1ca01e704a44eabf358d5365b57a59069e513d36521bad08c755a264175418e61d523f782369cab634512793b21ce2","ssdeep":"","tlshash":"7041fca272d1841dd3d8b7c55ddd74d8950fb9c35ec0b6a27eb4caf988604b7091e02a","first_seen":"2026-06-01T01:13:48.927141Z","last_seen":"2026-06-01T01:13:48.927141Z","times_seen":1,"resource_available":false,"data":null}},"time_used":478,"timings":{"blocked":-1,"dns":1,"connect":0,"send":0,"wait":477,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/index/isThem","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:26.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"POST /api/index/isThem HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nacceptLanguage: en\r\nContent-Type: application/json\r\nContent-Length: 0\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=06GLAG9IlQRTDmXXJC8S%2B1z91n802rsX%2FB5vu6X%2BCFbqJocSZAyaNz%2FETDNqA2HCAxxThX4hrGeZQMpgTreUqDXesBhXFgwetJ%2BAaMtseen2VJQ9nEy63Uz0dY%2BECRX4KQ%3D%3D\"}]}\r\ncf-ray: a04a5b17383c56b5-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2312,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6bb6ba9fa9aa8228a591e33621f6a87f","sha1":"1861f339331b3a4619140452fd332a191eee14ea","sha256":"42b14512cc86d38816fb307f4dc4fda28d864b66b4d30384a77b6716d722490d","sha512":"4bf6a5f96ce292e9100417e7b18597daeb1ca01e704a44eabf358d5365b57a59069e513d36521bad08c755a264175418e61d523f782369cab634512793b21ce2","ssdeep":"","tlshash":"7041fca272d1841dd3d8b7c55ddd74d8950fb9c35ec0b6a27eb4caf988604b7091e02a","first_seen":"2026-06-01T01:13:48.927141Z","last_seen":"2026-06-01T01:13:48.927141Z","times_seen":1,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/zh.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/zh.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\ncontent-length: 791\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\netag: \"6a133330-317\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CsSaTY8E38CeZu1r6LU%2BTJfAR2X0SHyvQ4JGV5i3SkfSAiKJpqlaMCMu73MBymxhxK9HA1i08nuo9owqyt0CoW4wkkJ8To6Y0Y5nKs5Os9E0VQaHcXqsB1qggPBrwQw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a5b0f0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":791,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"eb99c5d98af11e7f34e117b1fb06ea17","sha1":"b6566b602f28234c9f770c6735ded6c52ae9ecfb","sha256":"b138a047c094faedcdcbda060d8c20fafcfc3dfe08dfbd69b5405014883ff21a","sha512":"0955df538f3e9561da01fa244229f4da33b4b08c5b911a65f49bde2965bf284d39445c47111a76449994825af24546159dbeef4e561e3cd6c899cd552d82c5e4","ssdeep":"","tlshash":"d80141c1d300a92ca6e54b200a110424aee87c20b00e1a1e262ead6be7a9f5f4a9091d","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.007577Z","times_seen":26,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/favicon.ico","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uMFaIS1jZz7okOKf7%2FdvnOJBuojcvNoQe5J4NZWOUHP%2BBRuLlniLGBs4MIcEDxMGdKG7BTa1X5XsG8pzxCaCw1K3aEz7gYTZA8qaDofwyOvlaWi7AREUSEcr9%2FE3t%2BY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: a04a5b1b6b630b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-06T23:18:24.466919Z","times_seen":279292,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":430,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/index.d0139eef.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/js/index.d0139eef.js HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-1df02\"\r\nexpires: Mon, 01 Jun 2026 12:53:34 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F2A1NnZfaTeAJyi%2Bk4eSzIwXM1QcE861BGsn%2FCyn8r6QugsqXOGCBaOI9ACJiHcVuoeGsHvpxNNtEjyik5UGVsYEcLJvSuoEWn3zYFp8Q5XoloNpG8Rjz8gGfvGBqCk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0b8fdb0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":122626,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48945), with no line terminators","md5":"cae34bab31c6bf16bb94aa29a5db25b3","sha1":"8a83aa044c7556bc77418f1cd81e7e4f401376b9","sha256":"696eda728eaa012f00faad5d75e1a37003b50356bd364ec6e4519bfc9b8404ea","sha512":"20417aa30babedf3ffab119e8b84c0a4dbae070b74ba8ed799b145efaaababc6e887283d8be7bc34870a0148aa7ea5d35b2b8b209af50581ca7d2143ee37212b","ssdeep":"3072:gAQ5lRqs2xifevxllZaQbTIlBtnCJ4d9W2GrfTqK8ekFetGZTME:5ElRqX9LYAkwtGx","tlshash":"c0c36cef31ce969d2011e816d80fb11576e52cf2ba0df5e0936acf857ee4186c622e71","first_seen":"2026-05-31T13:11:44.192607Z","last_seen":"2026-06-01T04:47:35.017546Z","times_seen":5,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"amazonqn.com/static/js/pages-login-login.dfded83f.js","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/js/pages-login-login.dfded83f.js HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-2455\"\r\nexpires: Mon, 01 Jun 2026 12:53:35 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1189\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t7BEK8%2Bf85Lcp%2FqK2UejmszTDo9AsXDauZdMavaYC0TAif7nrkg8%2B04ndVMEuwCrEWTkhpxhgHFBG9UZcI5u%2BgR6mI4wfiQBCx8xChOaMLpvIav3LUOrsOkzl3eWgSo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b0fc8db0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9301,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8753), with no line terminators","md5":"1bac658b75e76ca16c22da491b06d686","sha1":"28eb16cca6720ba9159509ed8db8cc019dc77116","sha256":"a379dcd59834802a40adef6555e8739d5b5e4b46ffc12aadef669678e210dbca","sha512":"5829e31c5560b87be9c71fdf6502f3ca2da603c80096bdf8123eefa0b24a34fc8227c09fef775757a062024cd5c2be4919c0e7394b3e9323f479f548479280bf","ssdeep":"192:ZEJqRZAAMhP1TgSqtpntaZHym2kAQHcoRsNtnw06pwaaxAhn5:ZEJSOROMz2M3taxc5","tlshash":"e412f71de0c7348f4c96a025647b951821363e78f852fd45ebbad6a50cacd4e2233f9c","first_seen":"2026-05-31T13:11:44.181427Z","last_seen":"2026-06-01T04:47:35.003962Z","times_seen":5,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FWtqB%2BMJ4c8dwWn2MGFYfXJ%2BBkYaYGFgXdMtbH8ovfnAxzBdmn0LmIODZv2AO1t9otgOFhbsUvPfAYqPBxAoehAGnEHgAn%2Bxiq%2BlCUfQ9IahxNjubB8UWJboE6czAedYLA%3D%3D\"}]}\r\ncf-ray: a04a5b10b92f783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58a35e214d0bebd318f11219ffad05ed","sha1":"d1acc2a3f53eaadf83accab8430815e2e06b95d5","sha256":"b716a783b6be1feb2ffad9a00ed5223e72a0f77c8a036cb6434d8a0f3fed7425","sha512":"0f6f7bbac2abd3b3c747087b799a618b46b35edc8b8f1404848291f88b1b9e1fb0ee5362eed6092ae959c8f11c573eb3a2b48d487d93e966630f625ba1bbac73","ssdeep":"","tlshash":"df11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614caf859080370262b82c","first_seen":"2026-06-01T01:13:48.902722Z","last_seen":"2026-06-01T01:13:48.902722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":129,"dns":39,"connect":27,"send":0,"wait":474,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zxs6yt.com/api/user/siteobj","fqdn":"api.zxs6yt.com","domain":"zxs6yt.com","tld":"com"},"ip":{"addr":"104.21.75.127","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:25.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zxs6yt.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 May 2026 08:05:39 GMT","end":"Sat, 22 Aug 2026 08:05:38 GMT"},"fingerprint":{"sha1":"14:3B:DC:4C:F1:47:9B:B2:CD:1C:12:17:63:C2:6E:30:F5:D1:46:60","sha256":"5A:51:8C:3D:46:10:B4:CE:C5:42:EA:A9:97:31:00:12:25:03:35:F3:AA:54:B6:1F:B7:2E:51:95:D1:82:4C:90"}}},"request":{"raw":"GET /api/user/siteobj HTTP/1.1\r\nHost: api.zxs6yt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://amazonqn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://amazonqn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5Gen2an4Ds0yxI0CxYjAK865uG3yhSeT6Tvl%2F%2B2s5iWj%2Bt0zx7gbfYbNLlHVpKmAeT67LOplQQQeBNYY2y%2BFZ4W%2FhXzNicPonolkIVOyMExjoOlXlQo6hKihHmRzcArrrg%3D%3D\"}]}\r\ncf-ray: a04a5b1129dc783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":878,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58a35e214d0bebd318f11219ffad05ed","sha1":"d1acc2a3f53eaadf83accab8430815e2e06b95d5","sha256":"b716a783b6be1feb2ffad9a00ed5223e72a0f77c8a036cb6434d8a0f3fed7425","sha512":"0f6f7bbac2abd3b3c747087b799a618b46b35edc8b8f1404848291f88b1b9e1fb0ee5362eed6092ae959c8f11c573eb3a2b48d487d93e966630f625ba1bbac73","ssdeep":"","tlshash":"df11488c1d52ad3d4d4a6ad1ae0787efedd012a6cabe9d54614caf859080370262b82c","first_seen":"2026-06-01T01:13:48.902722Z","last_seen":"2026-06-01T01:13:48.902722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":671,"timings":{"blocked":113,"dns":3,"connect":32,"send":0,"wait":441,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"api.zxs6yt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amazonqn.com/static/gq/malaixiya.png","fqdn":"amazonqn.com","domain":"amazonqn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://amazonqn.com/","date":"2026-06-01T01:13:27.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amazonqn.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 May 2026 09:35:42 GMT","end":"Fri, 28 Aug 2026 09:35:41 GMT"},"fingerprint":{"sha1":"02:D4:B6:97:F2:EC:C8:12:F7:2F:23:D1:03:6C:3B:38:D5:5B:A7:1D","sha256":"6E:F4:1F:63:83:09:BB:78:34:F6:BD:F1:A7:3B:37:4A:D5:A8:43:72:B0:7C:E4:78:24:5B:A2:FD:D8:3D:8E:93"}}},"request":{"raw":"GET /static/gq/malaixiya.png HTTP/1.1\r\nHost: amazonqn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amazonqn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Jun 2026 01:13:27 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 24 May 2026 17:19:44 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a133330-4e1\"\r\nexpires: Wed, 01 Jul 2026 00:53:37 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1190\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BUn8mGiGjv%2FigcHuDWvZ3HPAn7kYU0eez4w4BAYIJiV852DkBN%2FzexAtQeViipayOoFnnUk77xrbYcJ8S6mOzVrSilDnuQLFkwqXcUTqyCdGycdgqWOE4PyuY7ERP2s%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a04a5b1a5b110b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"57d093f78e0b62f0a2e3673a76eea4e0","sha1":"f6f16552d17cf24f7dcd9b301b1fca52439a4f25","sha256":"21294c2a2d413330a42afaa4a79d6a88b1e0880acb8058f763c0551a08f24f84","sha512":"9296ee1f08712d00b31757e220e4b67f0cc59a3aac8c83a15d2408fdb55e561c839ca4287c21bfe083a41b68fd6296fa3a25f07a2a84ed13870fbfd357dcd0dc","ssdeep":"","tlshash":"d521b77992458e22d2a8ac519341b83bcb7fd46429ce59179671bf361884b02a781b2e","first_seen":"2023-09-06T11:54:20Z","last_seen":"2026-06-01T04:47:35.008196Z","times_seen":25,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"amazonqn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"amazonqn.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}}]}