{"report_id":"4066ff7a-331c-4b1a-be44-e3b02d86e97c","version":6,"status":"done","tags":[],"date":"2025-10-08T19:44:46Z","url":{"schema":"http","addr":"admin.shopihy.info","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"172.67.149.199","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"title":"Access denied | admin.shopihy.info used Cloudflare to restrict access | admin.shopihy.info | Cloudflare"},"submit":{"url":{"schema":"http","addr":"admin.shopihy.info","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"172.67.149.199","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-12T19:44:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"admin.shopihy.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"performance.radar.cloudflare.com","ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":418040,"first_seen":"2022-06-29T10:44:51Z","last_seen":"2025-10-06T00:17:08.316828Z","alert_count":0,"request_count":1,"received_data":9211,"sent_data":395,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"admin.shopihy.info","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-28","domain_rank":0,"first_seen":"2025-10-08T19:44:46.433945Z","last_seen":"2025-10-08T19:44:46.433945Z","alert_count":28,"request_count":4,"received_data":32251,"sent_data":1617,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"285e8a13f84c87efb9790974093e2667","sha1":"6e5b719576d2e3078b82c9662142532cbeeb6608","sha256":"faecc3916c0f5cb11429713cd0d36edb2ef2663d4b08c9c494200dc6351fea21","sha512":"ea7bc67f2ba0856e474b293233b7dc613f7bd3aa8598f94aa609977c661f2c56d5e5d848b52ef3bf7f1d3bbef805f7842cfd0d4ef329b8f271e34aa535723f55","ssdeep":"","tlshash":"1511eda7f988193612cff6bb513bd3a431f920923c2004f35c568ca5096dec6d976785","size":967,"data":"","first_seen":"2025-06-25T01:30:16.782215Z","last_seen":"2026-06-06T11:24:30.558767Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56df91490fa1984fa82b297dcb23c22d","sha1":"2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9","sha256":"275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24","sha512":"537ac565ea049803015a3b15881913d8179eafc11f95ac99dfe0ee842ac3d496ea3c6e1c167274357b7443e32ea9efab72400b95798479c5a5c81c9aabc88e8b","ssdeep":"","tlshash":"bbe0dfbbbb192e3906efa67771aee74a3676c091acc05560092ccc940b3fec4d03a1d4","size":375,"data":"","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-06-14T01:29:28.704189Z","times_seen":461222,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"16f6161217e242dffadf4241d174abcc","sha1":"304832d02caf7b8a45ea29c321993d7eba48be67","sha256":"390eefa5af21228aaab4bb7eb68043b2468a645b3c861aaba17b226cc8c05d95","sha512":"886e6c321c801fa26a1363e65eb9ddd6f15617044d57f2b458d235cb396119dbc35e216178258e47ed6a73ad9a6f558e12605621bb3bae8e463c56ae6f9f6d18","ssdeep":"","tlshash":"869004534011730005710337175555403335501310314c0437cdc1153f51f57cf05340","size":46,"data":"","first_seen":"2025-03-04T09:24:28.966015Z","last_seen":"2026-06-12T17:04:36.342613Z","times_seen":246245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6f2456a3ebe1da3c2f8283c7299bd81","sha1":"ac206e9585ad431e189f572cdd0f97e8ae8fa572","sha256":"442e812113de863da0e434a5528906865a2272cc6c0fe89e4bb6e015e76b8957","sha512":"bfd5f7d40da0a8eb3818731f02bcdb612270d4e6f67a32383529583524299caa0797e0cab7d278f40c09c1cbe05edc09b854005721afad18d4733614d1066194","ssdeep":"192:qWTavxSxKBV/oRks10BINTAPAWVZb7+wheTn21I8FyFZBvjALME:q0avxSxKBV/0ks6usZWwhmn21I8AFZBU","tlshash":"ce02d97717a44a42cb860091405af36f7167f14607d1919eb21fcc6b3758ed3b6f6316","size":8382,"data":"","first_seen":"2025-10-08T19:44:47.692362Z","last_seen":"2025-10-08T19:44:47.692362Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-08T19:44:23.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopihy.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 13:56:29 GMT","end":"Tue, 30 Dec 2025 14:54:38 GMT"},"fingerprint":{"sha1":"EE:9F:32:28:13:20:63:30:82:FF:52:0B:08:29:56:CE:65:EC:EB:39","sha256":"D1:F5:0B:A7:E8:50:48:EC:6B:2A:C6:47:B7:81:F8:C9:D1:58:37:62:24:A9:33:D9:FF:3E:0D:0B:A2:C5:7D:22"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: admin.shopihy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 08 Oct 2025 19:44:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tJuyiXCDNI6wWjiuooPyKXvVj88JjISc%2BQm3LH1nV2wlpxiz9RVrgWbK5xzmuvTWFdpoxdoP7%2B7nCVtbTxVCKI%2FNbDyGvbMXP7iDAMgC2oXmmQ%3D%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 98b821f708a01525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7165,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"767e183f810a72020e4df57d9c600dd8","sha1":"c2871694f8c2b23dc645f87eb0a3f17206cbfc50","sha256":"a8674c1e8609c41882c4a3d2dc0fd2b0e7aa6066798439a297f7a86ec3c2af50","sha512":"4c139c119dc699a2d4b30814ab9d68e1136335f69b7efef1ba4b8cb93485acc8e075ce27dbe7575a936032000ef09a08a2ab0df26cb1bd6a4aee15bdc621362d","ssdeep":"192:Vj9jhjOtK/OaaEl8zzUzPgD89Y71lCeNA:d//5hgQY71lCeG","tlshash":"53e1b963f9f925fa1097817231ba7b197de48013eaa704a576edc1720f8df81ee03184","first_seen":"2025-10-08T19:44:47.687962Z","last_seen":"2025-10-08T19:44:47.687962Z","times_seen":1,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":204,"dns":15,"connect":1,"send":0,"wait":15,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"admin.shopihy.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"admin.shopihy.info/","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-08T19:44:24.272Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: admin.shopihy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Wed, 08 Oct 2025 19:44:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zteRALLx58dwRhCpTaDFeCU3kvKjMj9wbZcQjSsQhtKvrrPiMGr4WVMwInCx8m4nVbT5RKrFxLcYtO14Blt9rtSbyoDU6rodGnTnBH0Mp9E%3D\"}]}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 98b821f7bdda0b51-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7165,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"8a13c2a8976dfdc708585ab94f99d5c4","sha1":"8bbc5d39e2617dcaf4866669dafdecf0051a8918","sha256":"090a8c0d8e87a1e3db46f9a2f25207c4bfcc626704f9d16b9b6a3d29b5b73cf4","sha512":"8dc8010e22a2ef10c0b826a6be911943e6a9c74663f3b1deda0466834a2dd43913d30cd06dc519e94a967ba2b14d8983923539abe3a48fc1eb0316f30bde2339","ssdeep":"192:Vj9jhjOtK/OaaEl8zztTzPgD89R71lCeNA:d//50gQR71lCeG","tlshash":"4ce19863f9f925ba1097817231ba7b597de48013eaa704a576edc1720f8df80ee07184","first_seen":"2025-10-08T19:44:47.689724Z","last_seen":"2025-10-08T19:44:47.689724Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"admin.shopihy.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"admin.shopihy.info/cdn-cgi/styles/main.css","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://admin.shopihy.info/","date":"2025-10-08T19:44:24.379Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/styles/main.css HTTP/1.1\r\nHost: admin.shopihy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://admin.shopihy.info/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 08 Oct 2025 19:44:24 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BT03R6xvqwbx%2BHQdjO3oJFpO%2BTn6iVdn9ypXMCXNTxoM8c%2FIMhZskOQUxvE8hFX3Pdt6PFgDTJmNasZc0aDv17RNapnsQK3KkPlpz3J3uCA%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 98b821f85e7d0b51-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8013,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8012)","md5":"ff26f59e28a5fe6ea4ab23586415696b","sha1":"4182675484d175e363cd34b43041b7b1af93d0cd","sha256":"d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74","sha512":"92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4","ssdeep":"96:1jMh3JNJinvaE5TQRGxfldudududEtCbnaimpSpIplDO6bU6b16bE6bb6bNdkd94:1jMFJiva655dimwqjlP0/mGTZxRbC","tlshash":"75f1851bbf49104e3023886ae2c5a78d912dd282ee535bfff7173561cbc52fa1552b24","first_seen":"2023-04-05T04:39:40Z","last_seen":"2026-06-14T00:48:05.659505Z","times_seen":87763,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"admin.shopihy.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://admin.shopihy.info/","date":"2025-10-08T19:44:24.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:00:21 GMT","end":"Sat, 15 Nov 2025 22:00:11 GMT"},"fingerprint":{"sha1":"3A:87:60:65:8E:C3:78:E0:E0:D6:43:44:5D:97:C0:66:C2:EB:5C:82","sha256":"AD:87:F2:38:09:6B:8B:E3:6D:52:8D:C1:E9:9F:A2:A3:B6:AF:83:79:FC:69:6D:4F:8E:1F:E8:49:43:F1:6D:CC"}}},"request":{"raw":"GET /beacon.js HTTP/1.1\r\nHost: performance.radar.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 08 Oct 2025 19:44:24 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: no-store, max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreferrer-policy: no-referrer\r\ntiming-allow-origin: *\r\nset-cookie: __cf_bm=ffYkfLfY4W2bFouYJ4IeXrm2ujuaHl8k5erUs3ioNYg-1759952664-1.0.1.1-BH22kNqTSlh1hw5VXuon8.FrmDdSKtSRueLUuAFNXS70Lkgwe2DIRmdzFK3aOfsB6t403crmVSS9P9ZrcHyiEeQaIeShlG6ifD6pZ0kG.jI; path=/; expires=Wed, 08-Oct-25 20:14:24 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 98b821f899a80883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8382,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (8381)","md5":"a6f2456a3ebe1da3c2f8283c7299bd81","sha1":"ac206e9585ad431e189f572cdd0f97e8ae8fa572","sha256":"442e812113de863da0e434a5528906865a2272cc6c0fe89e4bb6e015e76b8957","sha512":"bfd5f7d40da0a8eb3818731f02bcdb612270d4e6f67a32383529583524299caa0797e0cab7d278f40c09c1cbe05edc09b854005721afad18d4733614d1066194","ssdeep":"192:qWTavxSxKBV/oRks10BINTAPAWVZb7+wheTn21I8FyFZBvjALME:q0avxSxKBV/0ks6usZWwhmn21I8AFZBU","tlshash":"ce02d97717a44a42cb860091405af36f7167f14607d1919eb21fcc6b3758ed3b6f6316","first_seen":"2025-10-08T19:44:47.692362Z","last_seen":"2025-10-08T19:44:47.692362Z","times_seen":1,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":31,"dns":21,"connect":1,"send":0,"wait":26,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"admin.shopihy.info/favicon.ico","fqdn":"admin.shopihy.info","domain":"shopihy.info","tld":"info"},"ip":{"addr":"188.114.96.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://admin.shopihy.info/","date":"2025-10-08T19:44:24.513Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: admin.shopihy.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://admin.shopihy.info/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Wed, 08 Oct 2025 19:44:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EeXvgUWVcYqVZHKh5An6oSz2bAmF9JAlEdrEET%2FHAz190u0Wt4XRIzqkTaWpsI%2BSpv7ydnhVmV%2Fr8bSAHlvVznkerf64tbbvg1XpU4%2BXVgw%3D\"}]}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 98b821f93f3e0b51-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7165,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"627a24a5a16aad45db72291408c1afde","sha1":"7d2d83104ce1744b13083e1b4bf612f2b68c43f9","sha256":"4e0d41782d185413770d366cb137f7149fcedb069c4d214f51f468510cfd354a","sha512":"cf331e3afa7c70a622eb80842bb17aef3803425f8b482656a937e3326750195f72be8ab256738b4e1302f4bf988e76c2c0f7324320c32a88ee798abaeae76a4f","ssdeep":"192:Vj9jhjOtK/OaaEl8zzDzPgD89j71lCeNA:d//56gQj71lCeG","tlshash":"81e1a867f9f925bb109781b231ba7b597de48013eaa704a576edc1720f8df80ee03184","first_seen":"2025-10-08T19:44:47.694245Z","last_seen":"2025-10-08T19:44:47.694245Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"admin.shopihy.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"admin.shopihy.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}