{"report_id":"33607f2c-37f2-4dfd-950a-c6e31848c8f5","version":6,"status":"done","tags":[],"date":"2026-06-02T06:09:20Z","url":{"schema":"https","addr":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz/","fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","domain":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","tld":"xyz"},"ip":{"addr":"104.21.17.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz/","fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","domain":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","tld":"xyz"},"title":"Nexus Market","dom":{"size":36537,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (27621)","md5":"44cff5489137a8f0388c99fee50648da","sha1":"fc47e0a59549d7b8a2a42907295ae2c443ad32c9","sha256":"f2663069d1d55f438bb0ac80d0459abf6b0cdee6678ca7d77e108d13cc255bdf","sha512":"4e0e10216450fa8bf395f1e66e97aea9364cb21499a28fedf856cb67eb24d0ff6a7ad625e3a0d31bde6598c25d737b6c9b6d218c6783cffff44fe59603c04dbf","ssdeep":"384:cMme9vhXC8QFic5+BnUY5u7wf2lF10j7TANpw1WSDs3ktLhHfaNEh6KNW/aZsh:6ephX0i3BnUYabNktLhHxhq/ak","tlshash":"95f205f7e621e81db752b649fd7c00761c5aee9721c7082ca09dd4828f6ee79982dcc4","dom_hash":"domhash98d833b7aca367c4b3c7ee490a24f98d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz/","fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","domain":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","tld":"xyz"},"ip":{"addr":"104.21.17.247","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T06:09:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","ip":{"addr":"104.21.17.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-02T06:09:20.253072Z","last_seen":"2026-06-02T06:09:20.253073Z","alert_count":2,"request_count":2,"received_data":74658,"sent_data":1090,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz/","fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","domain":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","tld":"xyz"},"ip":{"addr":"104.21.17.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:08:58.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:52:04 GMT","end":"Tue, 25 Aug 2026 16:52:03 GMT"},"fingerprint":{"sha1":"10:11:5B:19:E0:DB:46:39:1A:11:7D:04:C6:58:46:AD:44:50:64:83","sha256":"7C:79:7D:86:9C:18:BC:E7:08:50:F8:22:D5:92:2C:C4:E1:17:AC:49:19:FA:34:5C:9A:FF:A1:2D:60:4A:B1:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:08:59 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: nexus=zqupjRYt1f2pIcq; expires=Wed, 03 Jun 2026 02:08:59 GMT; Max-Age=72000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kqcffWNSffy%2BOVxA%2FCly6i5qMYX%2FG%2BiwujVK4mRKmKva4zAaCRbE%2FtKFc3vfutmu1XuSWmBHGHEg2jEgmZI5GGbwDjpfwnpAwO5uJlSWlDx%2FqjIfyLjzs9JAPgXMHY1xw9ZsmkR7LGtbxFuNB1bvRzTL8kHr5%2FxFJ9jQnYd80AxE3mlo7O9ETrOw6fKL1EI%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: a05449602b6c5699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36553,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (27585)","md5":"8b64f200a42fe60b21179e86be5be5c0","sha1":"4a773234bfe1e3de370604daf27e36568e98d1a2","sha256":"d65333bc0d0a1be3d852ce553771be764c161923751b07f87fdb52f4189bf29b","sha512":"5ff3bf64cfd3f0ffaaaa6a1c2e0dd878e82454df455b7bde93dbb791b6087310633840cea65f48f5ef73525aaceac2185f0a12c51725b9939ba2baf58c58dda6","ssdeep":"384:oMme9vhXC8QGic5+BnUY5u7wf2lF10j7TANpw1WSDs3ktLhHfiNEh6KNW/aZ6i:mephXpi3BnUYabNktLhH5hq/aR","tlshash":"63f206f7e621e81db712b649fd7c00761c5aee9721c7082ca09dd4828f6ee79982ddc4","first_seen":"2026-02-13T03:20:17.952494Z","last_seen":"2026-06-04T18:06:07.480908Z","times_seen":26,"resource_available":true,"data":null}},"time_used":360,"timings":{"blocked":107,"dns":90,"connect":1,"send":0,"wait":142,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz/","fqdn":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","domain":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","tld":"xyz"},"ip":{"addr":"104.21.17.247","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:08:59.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:52:04 GMT","end":"Tue, 25 Aug 2026 16:52:03 GMT"},"fingerprint":{"sha1":"10:11:5B:19:E0:DB:46:39:1A:11:7D:04:C6:58:46:AD:44:50:64:83","sha256":"7C:79:7D:86:9C:18:BC:E7:08:50:F8:22:D5:92:2C:C4:E1:17:AC:49:19:FA:34:5C:9A:FF:A1:2D:60:4A:B1:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nexus=zqupjRYt1f2pIcq\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 02 Jun 2026 06:09:00 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\npriority: u=1,i=?0\r\nset-cookie: PHPSESSID=n03hrvug8nh8aqhson3a66lehr; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nrefresh: 17\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TnGYDLmatVQhriK6JfiCoDzCwKCR6DQSRV0gkbbeGT4t8cksMMl4LJtyNkE0vldIhT8TAq1Ixc3Y36nIPFerjhnPWgzKr8UjV9EW%2FrtXoBQ%2BN7SeqVU9HzwUArdqGTkFjtTxqTUSUqbtuAvLvTLJavKevHUJhey5fGsgrCeKF8mQd0eX58LFVbjN5C4Hv98%3D\"}]}\r\ncf-ray: a05449623bfc56a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36508,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (27614)","md5":"dc1c7addafd74cbc09850cea580d559b","sha1":"746c4c2b5a6b64fa807ff12b589044a39c2b8c89","sha256":"c683ec446ad8fdb14b9ab05ded3b3cfc06d034e82227174cb9da7bc51a55eced","sha512":"0d91baef2ea1bda0cbb06667b2676abe4134f3bb8b8234faa4abc62a65778092c76db35486e759c891c1cd7fe53b1feadbafb1e97b00586b87ee054ce3f7dddb","ssdeep":"384:uMme9vhXC8QGic5+BnUY5u7wf2lF10j7TANpw1WSDs3ktLhHfiNEh6KNW/aZ6i:gephXpi3BnUYabNktLhH5hq/aR","tlshash":"33f206f7e621e81db752b649fd7c00761c5aee9721c7082ca09dd4828f6ee79982dcc4","first_seen":"2026-02-14T08:29:24.11039Z","last_seen":"2026-06-04T18:04:07.17381Z","times_seen":19,"resource_available":true,"data":null}},"time_used":1169,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1167,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"nexuse7l4nv4ugxlolun7z2afroxkjovddnlz9ubmkofappffudzwgqd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}