{"report_id":"3664ee27-9997-475d-9d43-c4c62b80d95e","version":6,"status":"done","tags":[],"date":"2025-12-20T06:53:19Z","url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"title":"Webmail","dom":{"size":7957,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (500)","md5":"f1628241473255b90a6725bcf72c99bb","sha1":"a096fa18fb44b1d03c6228a93b15b3ebf06dbb54","sha256":"4ee6d813152a5433ce665add5764bff6962ca784df1f3de57e334c944befd556","sha512":"9ca41f1525cedb15d8f757c037a69e8a758f40b2f3d6095647aad83f657c2a4664c1be4fb72568e2814d5ebea540a21b53cde225b41f4f0190b9214f007d5097","ssdeep":"96:rIPfVV3tARPy48S8k45USz+45RaIkata89+RzydNAYt9+kex8KdRonI7B1g/M:rIl9eRPyfS8LUSZRa2b9wmtI98IT","tlshash":"e7f162a862fa0d2b819386e938db7409bd01d297d35c24e5bf6d45f10fc7da1980f19b","dom_hash":"domhashc59d69afccb598c37df8c553a509577e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T06:53:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-20","alert":"Phishing Block","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"ik.imagekit.io","ip":{"addr":"54.240.174.126","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2016-01-17","domain_rank":153981,"first_seen":"2017-04-02T12:17:08Z","last_seen":"2025-12-16T06:31:45.317547Z","alert_count":0,"request_count":1,"received_data":684,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]}]},{"fqdn":"fac.corp.fortinet.com","ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"domain_registered":"2001-02-16","domain_rank":1096827,"first_seen":"2017-10-16T05:55:10Z","last_seen":"2025-12-20T00:39:23.935214Z","alert_count":0,"request_count":1,"received_data":686,"sent_data":515,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"alphatrade-options.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-10-23","domain_rank":0,"first_seen":"2020-08-05T06:26:24Z","last_seen":"2025-12-20T00:39:23.911365Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":469,"comment":"","tags":null,"fingerprints":null},{"fqdn":"limited-zoo-crooked.on-fleek.app","ip":{"addr":"172.67.73.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-28","domain_rank":0,"first_seen":"2025-01-23T11:46:22.612748Z","last_seen":"2025-11-18T13:21:15.930387Z","alert_count":6,"request_count":1,"received_data":160821,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-12-14T22:26:41.611695Z","alert_count":0,"request_count":1,"received_data":86168,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"172.67.73.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0a18dbfb856e33fcea42e5a8db3458d0","sha1":"bf7f679ff888573c6855b41a5b19661badcebbfe","sha256":"3b5e8e9c897749a5b1360d449e0e0df9c2d01ea87cca28c9d93282e6570ced72","sha512":"da57682424adb84feab620359c3630bc4bef1010cc24628f6481159116754212192c0b60e120b7717a35012bf87da4183f3ae4eef3b7b9fcf1d87f9d4baf1714","ssdeep":"","tlshash":"04e04f4a9140246022f33826df123129b16344ef981be930350d93657f106af93739ca","size":348,"data":"","first_seen":"2023-03-07T01:12:06Z","last_seen":"2026-04-04T17:35:48.755107Z","times_seen":9283,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"172.67.73.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-05T01:47:14.959237Z","times_seen":594656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"172.67.73.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c31012ce0223c6b2b34ab850442857b","sha1":"f59fdaa76c6f6fd884ac5e77b46c194e4e0adb7d","sha256":"5c8f0dd685a565e626ddfa834199e0d247e45b74ae2f1a42e2da373a2e453a9c","sha512":"6e068bf2f9531a544c38005f896e73d312a5168c1543914ebead0732ecd733be18491e304f5e76e33a2d3495d3a8ccaa7ad2d4747365bdcfdfca1e03d209210a","ssdeep":"3072:lvbpQkuZDwPglsfRDDDlYPe2zNcpcPaVyU+pISpzqGYq9MFXypD3pBW3BT:Zblu1wYlIRDDDlYPe2zNcpcPaV3NE3YT","tlshash":"6fe33ec177c2bc8102471b767327b6e9e53a48ec7488489ef041fc94f2ae916fae5671","size":145907,"data":"","first_seen":"2024-08-23T11:32:16Z","last_seen":"2026-03-18T11:32:08.57114Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","fqdn":"limited-zoo-crooked.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"172.67.73.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T06:52:56.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.on-fleek.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 20:11:02 GMT","end":"Sun, 15 Mar 2026 20:11:01 GMT"},"fingerprint":{"sha1":"60:80:3B:8A:6F:48:98:7F:79:B8:98:AD:10:E6:D4:7F:5E:19:52:D5","sha256":"8B:9F:7B:26:97:43:C0:6E:D8:38:EE:77:BF:A6:E5:C8:F4:D8:4B:AF:BD:4C:5C:7E:C1:BF:CC:77:63:EC:AD:E8"}}},"request":{"raw":"GET /xnohzcyqmrap1.html HTTP/1.1\r\nHost: limited-zoo-crooked.on-fleek.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 06:52:56 GMT\r\ncontent-type: text/html\r\ncf-ray: 9b0d3845db8556c9-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 22434\r\ncache-control: max-age=60, stale-while-revalidate=3600\r\nlast-modified: Sat, 20 Dec 2025 00:39:02 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\naccess-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With\r\naccess-control-allow-methods: GET,HEAD,OPTIONS\r\naccess-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output\r\naccess-control-max-age: 86400\r\ncontent-security-policy: upgrade-insecure-requests\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-cache-status: HIT\r\nx-content-type-options: nosniff\r\nx-ipfs-path: /ipfs/bafybeif3iyvlp77jw2r7wqo36prxx2tzluum7n74pxuzq2bf2do3v2brmq/xnohzcyqmrap1.html/\r\nx-ipfs-roots: bafybeif3iyvlp77jw2r7wqo36prxx2tzluum7n74pxuzq2bf2do3v2brmq,bafkreicyzrwxcf7xjsveunbb5g6qysqzmgcbr5mjzemvzrpq26plgw3z3a\r\nx-request-id: a17a1e14905964e781437776a22d65f6\r\nx-xss-protection: 0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KWi7goyD7tgFlNk9CtFxhG%2BA4mC1xSNNexOgbNUVjoxlcUggckeO5MuszhzipEGOosNapeJSFhc2l5DtziY7NpacxRMNGxrz8ip0aQ2u0oGANqyeYZvbD1PBnGgY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]}],"data":{"size":159342,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (52134), with CRLF line terminators","md5":"866d377ad3932be3c1e892be4266aeb5","sha1":"448a8a59cae132d43776d0ebb072ea7f033f552d","sha256":"58cc6d7117f74caa4a3421e9bd0c4a19618418f589c9195cc5f0d79eb35b79d8","sha512":"8413e5c99647213956d5c3f004bdfe0808f07e30af523c04d162f2ca24d5e9ec7e44c2a321c83439e98861fdaf44600d441149ee1ea95783a3ff33f8c3e46bdf","ssdeep":"3072:PdvbpQkuZDwPglsfRDDDlYPe2zNcpcPaVyU+pISpzqGYq9MFXypD3pBW3Bs:5blu1wYlIRDDDlYPe2zNcpcPaV3NE3Ys","tlshash":"5ef34fc177c2bc8102571b76b317b2e9e52a489d7488488ef14dfd94f3ae912fae1670","first_seen":"2025-01-23T11:46:23.764386Z","last_seen":"2026-01-20T02:14:23.965563Z","times_seen":13,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":50,"dns":36,"connect":1,"send":0,"wait":362,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-20","alert":"Phishing Block","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"limited-zoo-crooked.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","date":"2025-12-20T06:52:57.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-2.2.4.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://limited-zoo-crooked.on-fleek.app/\r\nOrigin: https://limited-zoo-crooked.on-fleek.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-14e4a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 06:52:57 GMT\r\nage: 940178\r\nx-served-by: cache-lga21935-LGA, cache-hel1410028-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 37, 22617\r\nx-timer: S1766213577.238578,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 29811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T01:48:03.052952Z","times_seen":261468,"resource_available":true,"data":null}},"time_used":171,"timings":{"blocked":66,"dns":1,"connect":26,"send":0,"wait":27,"receive":8,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif","fqdn":"ik.imagekit.io","domain":"imagekit.io","tld":"io"},"ip":{"addr":"54.240.174.126","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","date":"2025-12-20T06:52:57.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagekit.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sat, 22 Nov 2025 00:00:00 GMT","end":"Sun, 20 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3B:8A:6A:40:5B:EB:4E:98:B8:8F:7B:11:50:B7:82:1A:41:96:CC:CD","sha256":"38:E4:87:60:37:CC:3A:5A:FC:01:83:79:F1:F0:17:D1:2C:40:48:94:55:FB:CF:49:8D:0B:0F:6F:6D:D2:34:C0"}}},"request":{"raw":"GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1\r\nHost: ik.imagekit.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://limited-zoo-crooked.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 429 Too Many Requests\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 25\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: *\r\ntiming-allow-origin: *\r\nx-server: ImageKit.io\r\nx-request-id: b045be7f-86a0-4e99-9c71-afd38ec65743\r\netag: W/\"19-Sb63ye3Vgoi0fy8haTOneSzGWGM\"\r\ndate: Sat, 20 Dec 2025 06:52:57 GMT\r\nvia: 1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront), 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)\r\nx-cache: Error from cloudfront\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: 9Qovrq4n-EDzXomVn3G4X63c4gItxw5QhCxfQzetPaiAJ_31elLVCg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"429","status_text":"Too Many Requests","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":87,"dns":79,"connect":1,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/","fqdn":"fac.corp.fortinet.com","domain":"fortinet.com","tld":"com"},"ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","date":"2025-12-20T06:52:57.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fac.corp.fortinet.com","organization":"Fortinet, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 10 Feb 2025 00:00:00 GMT","end":"Mon, 09 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:04:8D:F5:6F:6E:EE:68:A1:8A:98:5C:48:DA:BF:A2:40:00:8F:5D","sha256":"A0:28:A2:28:8F:73:0F:3E:04:FD:74:ED:E9:E2:62:A4:78:AD:0F:69:21:A6:85:D6:34:DF:FE:D4:AA:B4:70:9F"}}},"request":{"raw":"GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1\r\nHost: fac.corp.fortinet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://limited-zoo-crooked.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nStrict-Transport-Security: max-age=15552000\r\nDate: Sat, 20 Dec 2025 06:52:57 GMT\r\nContent-Length: 1338\r\nX-Frame-Options: SAMEORIGIN\r\nVary: Accept-Encoding\r\nContent-Language: en\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nCross-Origin-Opener-Policy: same-origin\r\nContent-Encoding: gzip\r\nCache-Control: public, max-age=31536000\r\nSet-Cookie: device_id=b6efba21-8f5b-45d0-9aa8-62eb5eaf70e3; expires=Sun, 20 Dec 2026 06:52:57 GMT; HttpOnly; Max-Age=31536000; Path=/; SameSite=None; Secure\r\nPermissions-Policy: fullscreen=(self)\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":1391,"timings":{"blocked":607,"dns":1,"connect":149,"send":0,"wait":173,"receive":0,"ssl":454},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alphatrade-options.com/git/rand/favicon.png","fqdn":"alphatrade-options.com","domain":"alphatrade-options.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://limited-zoo-crooked.on-fleek.app/xnohzcyqmrap1.html","date":"2025-12-20T06:52:57.563Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /git/rand/favicon.png HTTP/1.1\r\nHost: alphatrade-options.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://limited-zoo-crooked.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":27,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}