{"report_id":"3024e17c-a181-4d6c-a48f-38ac239f0832","version":6,"status":"done","tags":[],"date":"2026-01-10T08:48:14Z","url":{"schema":"http","addr":"15.xemloigiai.com/","fqdn":"15.xemloigiai.com","domain":"xemloigiai.com","tld":"com"},"ip":{"addr":"104.18.2.223","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"15.xemloigiai.com/","fqdn":"15.xemloigiai.com","domain":"xemloigiai.com","tld":"com"},"title":"15.xemloigiai.com/","dom":{"size":141,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"326f39a205b46a080c2c2baacedf2949","sha1":"2448d1fc16b2486fb8846c3aeefd22a3969b7d00","sha256":"b64dfa6355de8d949a567b5c2953a540d98681b07654a9d3852b3ce4c1dca776","sha512":"d77f527d75f69bf8b48a881b1e1cdf81e4a82a2744c21e12619e63b3925f71eac718b361dacac86fc7bba78173afaaf4feeceed60886d1e4642135b29f90bd88","ssdeep":"","tlshash":"26c02be3c072480d50b0d7708d81e11c4948dc6cb3021c007ec131d84cde742c4e31cc","dom_hash":"domhash04e59d2d9a139a790f7413a4cfd28860","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"15.xemloigiai.com/","fqdn":"15.xemloigiai.com","domain":"xemloigiai.com","tld":"com"},"ip":{"addr":"104.18.2.223","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-14T08:48:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-10","alert":"Sinkholed","trigger":"15.xemloigiai.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"15.xemloigiai.com","ip":{"addr":"104.18.2.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-11-02","domain_rank":0,"first_seen":"2026-01-10T08:48:14.491062Z","last_seen":"2026-01-10T08:48:14.491062Z","alert_count":2,"request_count":2,"received_data":1511,"sent_data":927,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"15.xemloigiai.com/","fqdn":"15.xemloigiai.com","domain":"xemloigiai.com","tld":"com"},"ip":{"addr":"104.18.2.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-10T08:47:52.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemloigiai.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Dec 2025 07:30:30 GMT","end":"Mon, 16 Mar 2026 08:26:46 GMT"},"fingerprint":{"sha1":"22:70:72:E9:DE:60:17:97:41:32:B0:57:15:80:16:53:03:2C:31:BF","sha256":"58:3B:A1:FE:F1:86:05:B5:89:00:26:5C:E3:3C:69:B8:17:70:6A:35:B3:91:E7:73:1D:4B:88:09:81:47:37:A9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 15.xemloigiai.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 10 Jan 2026 08:47:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-worker: trackerWorker\r\nx-worker-version: 0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qmQvkSFzMuFdJDVrL%2FW9EujgcBGIkIseADZlnrzfB9iZoNx16aeSRZmJbWZsZEhtYrkwwZ1GDOqzCaXG5SA8yxA6V9ss%2Fdxrip0ezXh%2FFw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bbae981b966b509-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"b75088f9e84a3cb4f5caf64850d657c8","sha1":"f0e2063b6c171589dabb7bee1bb8543ac79811ab","sha256":"80ea514c5d11b147698cdf879da3f43daec174a5da3b159d54616f48ca207945","sha512":"df4aa4cade27c368328184cb79d8f9b8ca3377abae860b1844e273763103ea297a25c01b167bda54b7fdb032da187d1cc37384015835140c54b298811a183027","ssdeep":"","tlshash":"a9c08ce6d0b2480d54b0a7b08d81e12849499aa8b3021e007ec131e85cea75688e3288","first_seen":"2024-12-18T14:53:48.194086Z","last_seen":"2026-04-11T00:26:49.130133Z","times_seen":2418,"resource_available":true,"data":null}},"time_used":677,"timings":{"blocked":332,"dns":308,"connect":1,"send":0,"wait":13,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-10","alert":"Sinkholed","trigger":"15.xemloigiai.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"15.xemloigiai.com/favicon.ico","fqdn":"15.xemloigiai.com","domain":"xemloigiai.com","tld":"com"},"ip":{"addr":"104.18.2.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://15.xemloigiai.com/","date":"2026-01-10T08:47:52.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xemloigiai.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Dec 2025 07:30:30 GMT","end":"Mon, 16 Mar 2026 08:26:46 GMT"},"fingerprint":{"sha1":"22:70:72:E9:DE:60:17:97:41:32:B0:57:15:80:16:53:03:2C:31:BF","sha256":"58:3B:A1:FE:F1:86:05:B5:89:00:26:5C:E3:3C:69:B8:17:70:6A:35:B3:91:E7:73:1D:4B:88:09:81:47:37:A9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 15.xemloigiai.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://15.xemloigiai.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 10 Jan 2026 08:47:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-worker: trackerWorker\r\nx-worker-version: 0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=slrl9J1KYdw1VEnsRkCvoc2KIQ%2B1zRVrr4OABUAZZii6u%2B%2BrIS6%2BBK1jRJhHdkKP35vnOkwKeCbuT1Pu3vhAcpX3yX6IvNbya1elTSotHA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9bbae982ecfb0b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"b75088f9e84a3cb4f5caf64850d657c8","sha1":"f0e2063b6c171589dabb7bee1bb8543ac79811ab","sha256":"80ea514c5d11b147698cdf879da3f43daec174a5da3b159d54616f48ca207945","sha512":"df4aa4cade27c368328184cb79d8f9b8ca3377abae860b1844e273763103ea297a25c01b167bda54b7fdb032da187d1cc37384015835140c54b298811a183027","ssdeep":"","tlshash":"a9c08ce6d0b2480d54b0a7b08d81e12849499aa8b3021e007ec131e85cea75688e3288","first_seen":"2024-12-18T14:53:48.194086Z","last_seen":"2026-04-11T00:26:49.130133Z","times_seen":2418,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-10","alert":"Sinkholed","trigger":"15.xemloigiai.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}