{"report_id":"2e0bfcae-395d-4a65-a818-f683097020f5","version":6,"status":"done","tags":[],"date":"2026-05-15T01:07:47Z","url":{"schema":"https","addr":"abyzz.cfd/","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"104.21.77.79","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"title":"Abyss","dom":{"size":130128,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (58730)","md5":"8a94bfeea6ea5e88e5d34ca42ae766a7","sha1":"6dc6df7cca15eb90f23422ed6879969a16a1113c","sha256":"3f3777a8cc9bb729493377bfe397639f980c6203ee59a29c1baa7e5caf51a34d","sha512":"07396a709fc9b4fb420df53f48a5443138d4dc08242dfe4dd59849b7761a5f4bd70fc86240cbca3416e2fd53646aa1e32b2a992d9a48966ba411a6a686464378","ssdeep":"1536:GcjODR70Kr3YZp+CMOgWdO44mIDtB924/4KAsq5kckDzu2V4ioh4EZfYiQa9A7oN:cBN++Mdi9dOsqKu26mExWSdVR","tlshash":"fed3d87957dd3dc52928d10abbb58a380353aa014b92dae3257a3dd87f094be74c0cb7","dom_hash":"domhash2900cbc955abf5843e05396241297d60","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"abyzz.cfd/","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"104.21.77.79","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T01:07:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/js/analytics.js?v=202605121226","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/verifying","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"abyzz.cfd","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-12","domain_rank":0,"first_seen":"2026-05-15T00:43:12.536034Z","last_seen":"2026-05-15T00:43:12.536034Z","alert_count":11,"request_count":10,"received_data":1488553,"sent_data":4433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4f30cf0b66e02b869fed369ae0887ff5","sha1":"ed8decdd926d4da4696e6392310982f2f27049eb","sha256":"22b20ba407f2b96b69561528bcd2607a9c35a287aa0d11af852d63419328a5ca","sha512":"e3007c344835faa9c7993f13a368e06f8a700418c6f19646eef78c4ae49ad6dc55658e229a5a7fed57804d2d47e58146ddc27a0d8e8bb7199fbe966fd981d4ea","ssdeep":"192:ikZRv5PMev2R4uMw3nLaNaNL+gkDA9yrRD4Vb3AHtK83gRgALZ+KeiMSh:ikPvl3GpMuneNeK+yrl4+HtmggHeiDh","tlshash":"b4f1d728f7e1b86447432bf3771bf0c6e05ea86d7d41046ad510bea47eb0669c6e5b30","size":7934,"data":"","first_seen":"2026-05-02T19:14:25.327093Z","last_seen":"2026-05-31T22:45:10.697061Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/js/analytics.js?v=202605121226","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3094c3186ed44a28e70162f128f66bac","sha1":"d7266342c63b7d6b2c9d08a4148de5dd20a98bba","sha256":"f0a8912cfa818a70e3753afbe5a9a235779a56d5b92065dfc031c6c6b9aa03d5","sha512":"b4c304434c130bbe308a424907ec4440f678cc7fe556bda52f1b0eb58d61e8b6bd5ec7c46a73fc81e8237cef43c8edfea41df44f12019e74a9e72df2a7f0d545","ssdeep":"","tlshash":"5161527abb5069d513665feaf63b09a1b2538c7e39ec28478108d6e43dd0d168dd0e32","size":3398,"data":"","first_seen":"2026-05-15T00:43:16.680119Z","last_seen":"2026-05-31T22:45:10.685165Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/js/analytics.js?v=202605121226","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"82e0414c888588990acbde5cf040c7c2","sha1":"4b39d962b0f696bf39d5ba9adafd07f7239da040","sha256":"74235baa6cde5edfb7a5cc541822e01d58359466e9486043d2f56cf370af81b6","sha512":"84385aae66f7769e938a103f158ed8c857a706a9c01508cbd03d8e18790d5796df3fda6950def871e44a407bb3b1a57d7836961f94c09891ab734964fee7bba3","ssdeep":"768:QlYpPx5UErXKDJfHTu6ea7g+eo0j8Z6HPw5VwDr9naaNPuYZfNVkP8xqY9XPkWCI:QlW6Ddz/ea6mQ+2NRzeWp9K8Dg12v","tlshash":"6a733d11d3c0695419cb9fb2f30ffee4ec5d8aa9b658484fd4816ff0aea5602e690d70","size":75720,"data":"","first_seen":"2026-05-02T19:14:25.305511Z","last_seen":"2026-05-31T22:45:10.694805Z","times_seen":10,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/verifying","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6e9fe4f19caeb99f15f5b844237d3184","sha1":"e0c01a50043ca6785140288b422338aa7b5ce8e0","sha256":"584695ef5cdc28530d221bf46f16e4cc6c96122562f6c5ccbf1e9240e439622a","sha512":"90b28ac7efdfdcd198cfb494b59adbeadd42cad2ba6ddffdae3ad7bd538d62e84feccfdc74d1663b09ac70a38d924ec162b5fdffaa42510ca3968651b5eda0cc","ssdeep":"","tlshash":"3121d29967652b8117931d9772621354b06ec8b42e826cc7a118bc427c13311faceb3e","size":1212,"data":"","first_seen":"2026-05-15T00:43:16.694933Z","last_seen":"2026-05-31T22:45:10.692988Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"40120e921f98345f73ad7b3159d3fe81","sha1":"02bbda1ea82b4e6822264af287618139db671740","sha256":"7045ee2a262e6ddf0ad86c330cad275d4b9d66ae36623ba20bf8df7296dd4399","sha512":"2ce11c041af13efa0f0beec4ebda0d2d43a2dd5d87581000dd46f195d2e661ebfd5176bcafceae4b8168d4446b09047a6ec56acadf16d035e7019ac3b1ac0484","ssdeep":"1536:MODR70Kr3YZp+CMOgWdO44mIDtB924/4KAsq5kckDzu2V4ioh4Ep:JBN++Mdi9dOsqKu26mEp","tlshash":"4ea3b77957ed3dc52928d54afbb58a380353aa010b92e6e315763dd8be0d4be34c0ca7","size":102687,"data":"","first_seen":"2026-05-15T00:43:16.69409Z","last_seen":"2026-05-31T22:45:10.693503Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"38f8a29364a136ffcbced8d8b827b924","sha1":"14c6319a1af3ba4f3a4a3fadbb6bddff546af6ac","sha256":"759af696a4ac8a9a8ed3ed7f1ec2fb2185866b29888ba38af704ab87b646a732","sha512":"3930cd3d9d6ece9ca9498ab6b4c32b2dfdddb0f554a64ad962e5a9105cb2ebd34b9192d50f525945036d88a59fc4fe053996a9db57be9f6b52ac849423f2d6a2","ssdeep":"","tlshash":"8b6135582bf06ac903d767b7232fb6cbe6258cd22cc8475bc120f897aea5e15c2d1534","size":3242,"data":"","first_seen":"2026-05-02T19:14:25.307136Z","last_seen":"2026-05-31T22:45:10.696099Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5442dc0ba1d9e3027d0f57597ca24a3e","sha1":"7e1c001ab162a1ff46db08a248b0e60972f4d931","sha256":"9947ff71228d1ea55ee5037e3a44ef26adc2dbb0e5fcfa653d44a9e1ed79fe5c","sha512":"f73dc5dff7e015e54edfb1cdd680e5ecab47a31e9cb2480ed1e8a9edc8fa41cce7fbac6137bc6183873f10f47b40d1fbfb98647e071dafaf533317a28fb8f72f","ssdeep":"96:O0IIiJQBQRQqQ6Evk81WVSLGS4qGhj+gGCJYyVSbeSPeoUcgxQJfALxhbnqNlGqE:O0NmSLx4qxgByNuoUB2dixhbip1YkQzF","tlshash":"2bc1e7305ac53ec05f6c650aba3bd4e89723dc2992058ccfd11a6ef83d1483aac42d77","size":6015,"data":"","first_seen":"2026-05-15T00:43:16.696794Z","last_seen":"2026-05-31T22:45:10.694059Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"105953ac9c12d6e7937cc78ae904c40d","sha1":"643e7d47084dcb807dd1060cd80c1462cf0fc08e","sha256":"48d1eea13cb146eca349535fb81d7faa70fbbd79eae375736350d2dec3d13f60","sha512":"5b91ad0e08519c01cec76a5d2d86ded0ac949b40e6b1e3dafc8984d12bef9dc5be97feef34aeda693c5c23e89a3af740647d6437577fcef501c65c67dcf63b07","ssdeep":"","tlshash":"b1f0a756325214312febbde796cb8645373840028e49d4652d7ce5564e32bc1d5f2ad4","size":442,"data":"","first_seen":"2026-05-02T19:14:25.308476Z","last_seen":"2026-05-31T22:45:10.698852Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c984a436c580ac04619f542cf259a1d0","sha1":"f5703ee0e4af7d81433ca013e242681e604acd34","sha256":"1fe943bad98abc6ee0161d452b8d10fc949fd55b13e9e62c151cffc4a5c14ebf","sha512":"350067a6cc21c0fc1de6e315d32be78f7d2787c95b47746c4be6da519f5705c5703d48c76c9b16dca2fd80b2e7bf1a98cff895ca11c192d6848fc04d6ffcd528","ssdeep":"192:WQfaNQ0/bqi+fBDVM/KziZVPd8ReLr/Q62CllkGO6kGO0+PIuIhn3SkgrLV7wT/C:WDQCbKgKziD1zrsC0GOPGOvPkSzfNwTK","tlshash":"9542f9779ee63ed81a68f106bf3698a99201902705a248d390493fdc3e1d5ef9141db3","size":12212,"data":"","first_seen":"2026-05-15T00:43:16.698552Z","last_seen":"2026-05-31T22:45:10.700083Z","times_seen":8,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/verifying","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /verifying HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\nratelimit-policy: 1500;w=60\r\nratelimit-limit: 1500\r\nratelimit-remaining: 1495\r\nratelimit-reset: 60\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: public, max-age=300\r\npragma: no-cache\r\nexpires: 0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J6IscW4rxdmrN97xjZp1IP9L8sO4nZfadybwOHWbkJ%2Bx5lq23SCoxHCKQDXSCitFwjTf5w1hhMnSdlKzsbQzXfN%2Fo6xjm1TlQReG8nnnO%2B2jxaXiWOik8zZgxGo%3D\"}]}\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: DYNAMIC\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245712\r\nx-nonce: 382c9fea72a6a4aaea4dc61114fb37d4\r\nx-served-from: static-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee5981a32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (58567), with CRLF line terminators","md5":"c6ce91f3e49974979a19191bab03da46","sha1":"cc5048bc53b0f1a14500ec6b83e0340485cc5bb3","sha256":"ffb0db977d63c0afab55f973ad32f160d26ffe34ce9a1db68d3325c9e17120b6","sha512":"fc8b32777dd1360022d93df97069ec0e1c035812f2becf826a6d869b176015c92c14a426aefdbb217b2a267ee46636e97fb2c8fd1096d31efabdf978026287eb","ssdeep":"1536:qEdODR70Kr3YZp+CMOgWdO44mIDtB924/4KAsq5kckDzu2V4ioh4EUfYiQae3olR:WBN++Mdi9dOsqKu26mEuxd9","tlshash":"44d3d87957dd3dc42938e10afbb58a284353aa014b92dae3257a3dd87f1947e70c0ca7","first_seen":"2026-05-15T01:07:48.790283Z","last_seen":"2026-05-15T01:07:48.790283Z","times_seen":1,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/p/LhKOz1yjqW1sjDrAArR_VYwgQQ1ypNIFwZEau2_4I99U3VViYl0US5Yt9os21KnDm0eAJgCCPgqpKFe3WgiKYe_1oXtVBFGx0lh7Bv_d93Zlyg5XSpySp_in4RrzcrY.bin","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /p/LhKOz1yjqW1sjDrAArR_VYwgQQ1ypNIFwZEau2_4I99U3VViYl0US5Yt9os21KnDm0eAJgCCPgqpKFe3WgiKYe_1oXtVBFGx0lh7Bv_d93Zlyg5XSpySp_in4RrzcrY.bin HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 517711\r\nx-powered-by: Express\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: private, max-age=86400\r\npragma: no-cache\r\nexpires: 0\r\netag: ddc2c5ed5b8e1df3\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: BYPASS\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245587\r\nx-nonce: 42bb6e333ec246ef7d3b7a8e6213b21d\r\nx-m: 0\r\naccess-control-expose-headers: X-M\r\npriority: u=3,i=?0\r\naccept-ranges: bytes\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R9LPMPo4fwLgFpb9mzZ6bTlhLqEbGttznLgavAB8FKRUxfWEgfG3cK952QbMCQf2HySWWgs1zZbAlS7gOnszk%2Fr2x%2FcN3UvYufTXjrJvO5qHrJI2eFLt9PO%2Fa6g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee4bebd32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":517711,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PNG image data, 525 x 716, 8-bit/color RGBA, non-interlaced","md5":"ddc2c5ed5b8e1df373d3de64f4cf3d27","sha1":"18c2365409082b343580c95e1ad37228756146e2","sha256":"ad13d1d748c6a6afed16b4b9bc93bf0b67f1b167ab538d41aa12e2dcf82d2e35","sha512":"879f34d869345eb6f8bd519454442f38bef126fb8e9cc462ef3967c92038bcd3a57b5cd23bfef904938e8d7e71c2ea48eb56d073377845dc3414bbdb63e6cc8d","ssdeep":"12288:zra6d5X4E8m8E32/TkavmFmQZyJBibaj0PgTi1qXjirU2s:zX94E8mjmLrPQZybi2jg4i1W72s","tlshash":"92b423bcdc7087b9da92d71bcb14ba648856c8f08a4ed5992936e01b06db30117d8ef9","first_seen":"2026-05-02T19:14:25.272833Z","last_seen":"2026-05-31T22:45:10.689191Z","times_seen":10,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/p/Cqz75L-m9eU7ZtJqh8vLn4e9MOIbz9hyvDqi-6krEPum-S5YM86sDmLQHI3MEgiWpZLQMwIY_rHeMnKJoULkQue-LAx2NL6LNTdfiX6xSckeXxKGxpTZVw.bin","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /p/Cqz75L-m9eU7ZtJqh8vLn4e9MOIbz9hyvDqi-6krEPum-S5YM86sDmLQHI3MEgiWpZLQMwIY_rHeMnKJoULkQue-LAx2NL6LNTdfiX6xSckeXxKGxpTZVw.bin HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 573\r\nx-powered-by: Express\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: private, max-age=86400\r\npragma: no-cache\r\nexpires: 0\r\netag: a77e5a3fe50107b4\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: BYPASS\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245587\r\nx-nonce: f491b19c403ec732f36f053ca24ea359\r\nx-m: 0\r\naccess-control-expose-headers: X-M\r\npriority: u=3,i=?0\r\naccept-ranges: bytes\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xx6pQPMjJoEYqM3uPIwBoOsh1Q54fji%2FiCZHVztKs3yENz2uEyv3Iza050EKgsWbKkZV5hk9673FrbxOui3DFffJLwYcyWGDVFYUIOREFeJcz1Xfdws0ZWEpqrw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee4bec232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":573,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced","md5":"a77e5a3fe50107b49ad4c21111296d1f","sha1":"df99fef0ef3a5cb44d07dd71f1843b6d04ff6727","sha256":"f1ad03417907e88be4183272b4177f3efe8a52065a04aac5ab66c8976f6d23b3","sha512":"6dcf0830d52275d9c9a35d81a5a8bba457fb18c2be76f8c67eab47b587713981613585c6cefb0766905686b9e45a36f3ee9ff85d6954f0e54fbb96e318eeea64","ssdeep":"","tlshash":"7ef041c66099ded2b71e1271444704f1d4b2062d8892cd30c375081197aa3542acc003","first_seen":"2026-05-02T19:14:25.259465Z","last_seen":"2026-05-31T22:45:10.689798Z","times_seen":10,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/api/pgp-public-key","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /api/pgp-public-key HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 28\r\nx-powered-by: Express\r\nratelimit-policy: 400;w=60\r\nratelimit-limit: 400\r\nratelimit-remaining: 399\r\nratelimit-reset: 60\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0, private\r\npragma: no-cache\r\nexpires: 0\r\netag: \"1021ecf9254fbcf8add1f9ccee118baa-1778807245618\"\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization, Accept\r\ncf-cache-status: DYNAMIC\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245618\r\nx-nonce: 1021ecf9254fbcf8add1f9ccee118baa\r\nlocation: /login\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FaNlfsjQNb8sOXn9ufRqr5X782MEIb1wKyVIgZ9EXn5dLnd3fgk5bhMoZFVOYAGKz2cgts2DdBRgzgbNndmIzNrMpoc5TlGrTvaKA80z146Lr8Qx2Ak81A7ew2A%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee4def332fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":130498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T12:34:25.437902Z","times_seen":16239334,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T01:07:25.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\nratelimit-policy: 1500;w=60\r\nratelimit-limit: 1500\r\nratelimit-remaining: 1499\r\nratelimit-reset: 60\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: no-store, no-cache, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization, Accept\r\ncf-cache-status: DYNAMIC\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245227\r\nx-nonce: 95fc04d0608c8334e52c7fae9072fa8d\r\nsurrogate-control: no-store\r\nlocation: /verifying\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t1bWt5MiGDfal6Q8No1K%2Fk3%2BWEf0LmLaay2UWom%2FcbfGrbVYYygDU3nJUYB5z%2Ffs%2BPfjjrujkRae%2Bb2SHp%2FN76deduooZ8WcqvGm4RYq4Xe%2FWPE3zcrIfvlxajc%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee27ead7131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":130498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T12:34:25.437902Z","times_seen":16239334,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":49,"dns":36,"connect":1,"send":0,"wait":63,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/verifying","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T01:07:25.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /verifying HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\nratelimit-policy: 1500;w=60\r\nratelimit-limit: 1500\r\nratelimit-remaining: 1498\r\nratelimit-reset: 60\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: public, max-age=300\r\npragma: no-cache\r\nexpires: 0\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: DYNAMIC\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245274\r\nx-nonce: b4fb906ecaf41f895bfdde0ffc2f0055\r\nx-served-from: static-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FRliJFQfxvbvyBFz15RYkhFEgFf%2Bjwc0YMxoTPYzWwaNLzO3M3tILMKkgAUGJQEBcsIXx0z6SqwLTc1aIxI7qiqalCh7AAhJPphqD7xlSFIGT5DNJZmII%2BRO64Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee2dede7131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":130498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (58567), with CRLF line terminators","md5":"c6ce91f3e49974979a19191bab03da46","sha1":"cc5048bc53b0f1a14500ec6b83e0340485cc5bb3","sha256":"ffb0db977d63c0afab55f973ad32f160d26ffe34ce9a1db68d3325c9e17120b6","sha512":"fc8b32777dd1360022d93df97069ec0e1c035812f2becf826a6d869b176015c92c14a426aefdbb217b2a267ee46636e97fb2c8fd1096d31efabdf978026287eb","ssdeep":"1536:qEdODR70Kr3YZp+CMOgWdO44mIDtB924/4KAsq5kckDzu2V4ioh4EUfYiQae3olR:WBN++Mdi9dOsqKu26mEuxd9","tlshash":"44d3d87957dd3dc42938e10afbb58a284353aa014b92dae3257a3dd87f1947e70c0ca7","first_seen":"2026-05-15T01:07:48.790283Z","last_seen":"2026-05-15T01:07:48.790283Z","times_seen":1,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/js/analytics.js?v=202605121226","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /js/analytics.js?v=202605121226 HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-powered-by: Express\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: public, max-age=86400\r\npragma: no-cache\r\nexpires: 0\r\netag: \"81fec39fe0473782eb6fdfcb626d3c54-1778807245508\"\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: BYPASS\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245508\r\nx-nonce: 81fec39fe0473782eb6fdfcb626d3c54\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fUnMefkZHl6MjXOej%2Fm%2Fi5mOcpnFqcLGLJ1MGLSGqseVNP3t28PW0rEbZLrvlX%2Bu3ZqcjagGqEoAku6wrP4exAZcoUFDgmuvPdxx%2BWpJZcPQOC3Yd8MLrOcfkQ8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee42df832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":3398,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3398), with no line terminators","md5":"3094c3186ed44a28e70162f128f66bac","sha1":"d7266342c63b7d6b2c9d08a4148de5dd20a98bba","sha256":"f0a8912cfa818a70e3753afbe5a9a235779a56d5b92065dfc031c6c6b9aa03d5","sha512":"b4c304434c130bbe308a424907ec4440f678cc7fe556bda52f1b0eb58d61e8b6bd5ec7c46a73fc81e8237cef43c8edfea41df44f12019e74a9e72df2a7f0d545","ssdeep":"","tlshash":"5161527abb5069d513665feaf63b09a1b2538c7e39ec28478108d6e43dd0d168dd0e32","first_seen":"2026-05-15T00:43:16.680119Z","last_seen":"2026-05-31T22:45:10.685165Z","times_seen":8,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-05-15","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"abyzz.cfd/js/analytics.js?v=202605121226","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/p/2v5qC_O6dcP3o6kYfdZZwFNOpsoDRktjVX2ldpZHGT_paKaf2-oTufJ0eJSnZOhBwyKI84_rYKD3_bpokYHJVPOF4tw87slMfwNi1hL-GSj5vtG3bjD_vxMy3P5xRQ.bin","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /p/2v5qC_O6dcP3o6kYfdZZwFNOpsoDRktjVX2ldpZHGT_paKaf2-oTufJ0eJSnZOhBwyKI84_rYKD3_bpokYHJVPOF4tw87slMfwNi1hL-GSj5vtG3bjD_vxMy3P5xRQ.bin HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 207298\r\nx-powered-by: Express\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: private, max-age=86400\r\npragma: no-cache\r\nexpires: 0\r\netag: 5ced747131f37713\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: BYPASS\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245587\r\nx-nonce: 2a29bf167bf7a6804f399a544a19025a\r\nx-m: 0\r\naccess-control-expose-headers: X-M\r\npriority: u=3,i=?0\r\naccept-ranges: bytes\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HvUAoV3KWpYf4L9F5PMzGYNShezrrNknbKD%2Bn5bIkK292ZX%2BnsDqoGSlYx7QMGjnTzKCqsHRrAWjGbmxel4o%2Fcp15wdmYrwrfWpHKbbB%2BgoQWYOxrD%2F6uaWvKp0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee4beba32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":207298,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 525x715, components 3","md5":"5ced747131f37713339fc05fba78af7b","sha1":"593c106b00f05d70ae93fac55667a1337cf8b5bc","sha256":"afa4683075cca1c25f1270c48a8ac0592e5a51efa9cc80804cd90cae4945972b","sha512":"a74c84868f59774526d70dd522f8ae7acc4f8cbbc825fd3d8553bba7a7945cf5294cc72ce9a605d31f6437d9335968d47ab9ce550f4113f76a51a11f993653c0","ssdeep":"6144:cUoLECaOKMmsq6FtWq0JdyZlFxKyZ4T6p:cUqECnq6LWXJdy7G4zp","tlshash":"fa14225943a6ae60ed6af43d296a4a35c31db1c2e5d9fd4d432f8023e16479330bce4e","first_seen":"2026-05-02T19:14:25.284187Z","last_seen":"2026-05-31T22:45:10.691858Z","times_seen":10,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":147,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/p/n-ONvGktkIlG3s2I_Go-8ICxt_wwzTupFjbw3e7zDXcHM-4lhcEyMp_Zc-6EaQ3v5-sTkuLcJ3BQHxauYWPmO37gY6N6VuPlmAt35SRInEtx_n71_5kr7ZlQqS07uKw.bin","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /p/n-ONvGktkIlG3s2I_Go-8ICxt_wwzTupFjbw3e7zDXcHM-4lhcEyMp_Zc-6EaQ3v5-sTkuLcJ3BQHxauYWPmO37gY6N6VuPlmAt35SRInEtx_n71_5kr7ZlQqS07uKw.bin HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 93343\r\nx-powered-by: Express\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: private, max-age=86400\r\npragma: no-cache\r\nexpires: 0\r\netag: 6e159d7b6b377a60\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization\r\ncf-cache-status: BYPASS\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245587\r\nx-nonce: a62c00a373cd7efe5f8d563162687c3d\r\nx-m: 0\r\naccess-control-expose-headers: X-M\r\npriority: u=3,i=?0\r\naccept-ranges: bytes\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JsfmIDTL1HRcu%2BdC5WRaeO1x21%2Fv75q%2BYwP3Dm7CDY%2BCtXyo%2FhF2B1DjEAbPiuLLuZklzVhIusfu9CxWPFS1UMqEz88NEZcGJC9KUxqaTki58YwFjmo9iMx1DYU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee4bebb32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":93343,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 525x700, components 3","md5":"6e159d7b6b377a6097861d92df258893","sha1":"84e0242d8e60300cab2f7adaa0adec5856c8e0f6","sha256":"626b5c206b85be193e4b5f403db9919ac0f27663bcf5ceead50a1b117bdbdbe9","sha512":"576b78a49faec948cc6637438def5860a0bf5e80e451731b48e50e492f28e9136d6e554fa0a7aa69e2d602f8200b1b77af31bec635f1124c1c41ce0c795d3083","ssdeep":"1536:ib6onAo8pFvC9g98lZrg1QrtQRpsiJ076BC9zvYqh9RxLJS0ZgeJM0j3hk:iCfB1QrtQRS+BCJPjlS0Cd0jC","tlshash":"2c9312b487618c31ff2c61753162cbf2a18552c9f8b474a787133bec158af996d38a8d","first_seen":"2026-05-02T19:14:25.29466Z","last_seen":"2026-05-31T22:45:10.687951Z","times_seen":10,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abyzz.cfd/login","fqdn":"abyzz.cfd","domain":"abyzz.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://abyzz.cfd/verifying","date":"2026-05-15T01:07:25.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abyzz.cfd","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 01:15:25 GMT","end":"Mon, 10 Aug 2026 01:15:24 GMT"},"fingerprint":{"sha1":"30:33:9A:13:5B:B6:C7:F8:22:6F:5B:36:59:A6:E2:BD:43:01:5F:24","sha256":"D1:3E:5B:A2:E4:D6:4A:B6:58:A3:0C:84:01:B9:01:EC:9A:EB:A1:89:11:6C:9F:B3:97:B0:E3:C4:E0:B6:94:DA"}}},"request":{"raw":"GET /login HTTP/1.1\r\nHost: abyzz.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Fri, 15 May 2026 01:07:25 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 32\r\nx-powered-by: Express\r\nratelimit-policy: 1500;w=60\r\nratelimit-limit: 1500\r\nratelimit-remaining: 1496\r\nratelimit-reset: 60\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: no-referrer\r\npermissions-policy: geolocation=(), microphone=(), camera=(), clipboard-read=(), clipboard-write=()\r\nx-robots-tag: noindex, nofollow\r\nx-sourcemap: none\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncache-control: no-store, no-cache, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\netag: \"96bb08c12460f3a8d730a5e1bff423e9-1778807245665\"\r\nlast-modified: Fri, 15 May 2026 01:07:25 GMT\r\nvary: Accept-Encoding, User-Agent, Cookie, Authorization, Accept\r\ncf-cache-status: DYNAMIC\r\ncdn-cache-control: no-store\r\nx-cache-control: no-cache\r\nx-timestamp: 1778807245665\r\nx-nonce: 96bb08c12460f3a8d730a5e1bff423e9\r\nsurrogate-control: no-store\r\nlocation: /verifying\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kmRhArMMkNrpS5HgS8uugyQ78DnrXygzPTXO7Jb%2Be9xWhkGym6DcqznQBot%2Fz2gjEgrDnnCh0DeNIgFyvwE3ezHWWKREe2%2BsoecrnHa9UbA7fjHgxDO70JFt9H0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9fbe3ee55faf32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":130498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T12:34:25.437902Z","times_seen":16239334,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"abyzz.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}