{"report_id":"4071677b-575e-4d55-876a-46ace8980dc2","version":6,"status":"done","tags":["phishing","kali365","aitm"],"date":"2026-04-27T04:42:56Z","url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"104.21.74.153","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"title":"Shared document","dom":{"size":17402,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7529)","md5":"558f7dad5051c7b686fe353434410057","sha1":"6ebe3f6e02f40898bea9f71b083f7030aee38d37","sha256":"9fca02215cbe71c76c0b21b0045c8e5776009168efded8ca53f90b2a384a7240","sha512":"dc5dd39dd06d17b8a9e850e02ca174a80c67dea5f3c9bead9116aec3134a7c0767835ee3a2e164e568bd739a0389482edff57f642e2cf49265d531eb8ae96ff5","ssdeep":"384:/v1pGdtTicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:/v1pGjTicNp+uPn4CW9yguGbPcFejO18","tlshash":"a0724b2fb5d8053ab713e293dc42638ab4214edbfe5bbe81458d50a801c9bf9c377568","dom_hash":"domhash5c62b14ef9f0ba0f0f4f77a71b14f51c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"104.21.74.153","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T04:42:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":2,"analyzer":8}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T04:42:33Z","timestamp":1777264953,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":50966,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI","source":"{\"timestamp\":\"2026-04-27T04:42:33.785771+0000\",\"flow_id\":221259153137727,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50966,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2051768,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_03_22\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Cloudflare_Workers\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Cloudflare_Workers\"],\"updated_at\":[\"2024_03_22\"]}},\"tls\":{\"sni\":\"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":940,\"bytes_toclient\":2720,\"start\":\"2026-04-27T04:42:33.778303+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"summary":[{"fqdn":"api.kali365.xyz","ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-18","domain_rank":0,"first_seen":"2026-04-20T01:49:57.021198Z","last_seen":"2026-04-27T01:54:27.087104Z","alert_count":24,"request_count":6,"received_data":5386,"sent_data":2634,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-24T00:03:57.513983Z","last_seen":"2026-04-24T00:03:57.513983Z","alert_count":15,"request_count":3,"received_data":22657,"sent_data":1518,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e2d05f779d774b8a05d957ecc403aa1","sha1":"83f851a15c760ec7d7d19188154436e5ad31f409","sha256":"0e382bcdaacdcd5b7e55504b741da2b36e0c63d5afc9887e8ed9c87f746cfdfa","sha512":"eac1814f760694f516d381eeab91d8548fccd8e9131a0201ad8f186a906822ee38ce2d7a8516bd3ac5331e1f2ef88eefe54be17dc5bf1dbe3fced75b70f2e145","ssdeep":"","tlshash":"d13172e2f2bb04398ad922f7e879978a7c324a19fd47c106d53d0c2459a0f87613aed0","size":1697,"data":"","first_seen":"2026-04-27T04:42:57.631633Z","last_seen":"2026-04-27T04:42:57.631633Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e0d82f578e606774adbfd3223c767562","sha1":"ac52532ca9dce8eaa068734ed6a145a976fad540","sha256":"bbd8d1a20de73407ab19195c7417123729f690e0aae35e51196c40934efc0be1","sha512":"6b7b9f5493c05b4a5dbfd59b4190fc72a6d46b532daf58e113544d9d444f43e609a7482cb1d3d31691ad1c35f3776f3d41770d5c16a0382c66517befbb5a668c","ssdeep":"192:oSMqKu1pypQer0NVVknIbQixufq9bPiUexFejbHJmQs1JI8vqwOYkDy1f:oSdKIypdr0NbqPixuGbPcFej1mQs17s8","tlshash":"de32d80eb8d88a7a7712b26bcc431285b5254ed6ff6dbdc5054d809c01aebbcc3bb465","size":10964,"data":"","first_seen":"2026-04-22T09:55:07.485757Z","last_seen":"2026-04-27T14:10:47.392493Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"effdc11dfb0d5ac8d489a1359753a8d5","sha1":"61673a9a6e209af33763961e24aa4a1746d60308","sha256":"0e68b88cccccc7a13f352b1bfa2323ce350f5d2d9ddf36a60d56745b5c5cb1a4","sha512":"6ccab271a57c9f9764f71ca2e1c5d3b0f2f8ef0e41a55f793e7e51accee241940aa929a73401a8ed95fe3bbb17e2684cd84db20758fd7981d9ec5591f730f3a3","ssdeep":"","tlshash":"d4e092aa374531041ba395baa53fdb18783730636806da54622aa9941faca2ca112a8d","size":380,"data":"","first_seen":"2026-04-27T04:42:57.633019Z","last_seen":"2026-04-27T04:42:57.633019Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"aa5520df7895875ae8bc2c09de88552d","sha1":"afe7b12cf2e687fab98d6e1e52fdd3f57ef74a15","sha256":"56f2dceb6b1a4d450b3a2e223302cfab9bbf50ea0938ad200a00d2411269ed7b","sha512":"d9312df4dd1682f3061812634905d69f0b4e1e4e4f85f1e4da20a29415bd1c03babcc9579b4db2fc6a3068068518c92b1418eccf830465bc265a3d52a1f3cde3","ssdeep":"192:Kav20qloMApkQK9x9TicNp+SvsxYCYwr/7qYspQstjQR1eknIb/:jvhpG9TicNp+usxYCYS7ZspZtjQR8q6","tlshash":"8332297bb2d8043eb353d1d3e8729b8b70545a89f99b9e4582dd206440c4bfed377648","size":11292,"data":"","first_seen":"2026-04-27T04:42:57.633849Z","last_seen":"2026-04-27T04:42:57.633849Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:42.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:42:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=45GrsYgUWNYVAfyxFTZC9wdjvy7tZ0FIJyA56oOmP3nGVo91LjpvMiAVO3%2BjGLsVOiYu4U97zkNSZYiH2insmBOsh5Mx3TlZnrEvmwN1cdiBFee0QliFAyjngXZEzg%2Fikdw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b297f7ec91525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:48.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:42:48 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q5OvGDrC%2FVda%2FBjyWDmH5f7A59e63T5xDG5dreSnSHSpBNP08saaUkUYu%2FYE6d9ox3QbulPhO2BM%2B69x%2BdceBmPqlUeNzFIqyDPzl5yqnBFtD2xhd1hLfm5Mwguq8OkfCy8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b29a5c9901525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:45.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:42:45 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wJdlRAs6dfRH2yqfou2dBFOavhh335gQO7TbM5n3gwEv41x52Nh0DOvuPtOo5vxUSjcaiRoD2wZO9i9bAnUCeSO9TSOigKKs5nQ4IV%2BhikroeKZEM%2BSSs2ZihWIPqGchWjI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b2992d8a71525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:51.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:42:51 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4RQ%2Fh6yZDbysuwquhbIXycW92IsipWud6cBoZkVWAN6whZXOq4OW23b%2BT4421HhA0f5F98rhbNCWmKbbXtgzXKj4lncuscUEgm641W33UQvmRnzKohfL7TB63nuih5NJ1x0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b29b8db611525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T04:42:33.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /l/Imiral@slurpmail.net HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:42:33 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=txochitvPL9xda4WE7J%2BfW9P%2BIme1FaZurmBB8AXkJeFZPSyPWn3aW1ymyKEqUkxxfeNflmAUT5dULdmJ4v6WZfxzzbXjNlhcbrg0NxsIaZpJdx57IEc4N7L3AbUvFNLnVU2EqG2cTsTh8glt7MJdfHrWQ2qwkRqww%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b294939a10b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1417,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6df609c0af04a54dd3ca93ebb15284fd","sha1":"aaa90ee44c35c9c3c0f248c18e5e3995d9773c29","sha256":"2065dd0b9c0b4fcf69379a27bfeb35ee3153d8439b1cf2c21efa6fb6920a0fea","sha512":"8021dc68ca5084293ddd03901991123b3b0fdf21dd77f202eda41a1c801185b557b59abbb46425b6e03e729372b0ea05a7da80fea4098f49d441ace34f3c71ec","ssdeep":"","tlshash":"3521c6b79e4520016b2384b2b432e61c7ce299a3e503c60075d172ac8fd868c8a1278c","first_seen":"2026-04-27T04:42:57.625521Z","last_seen":"2026-04-27T04:42:57.625521Z","times_seen":1,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":60,"dns":43,"connect":1,"send":0,"wait":188,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/favicon.ico","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:34.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:42:34 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hndG8%2Bw9BL1M1GjWJcsMy56lBoNlHVFe99irXLIlCn96EiaMAGFVfGBmLgmr1jrGXNPSGo2prcKU24xGHQ6uCa0zHocEQgztMJ5A3OKykGCatzQdjjPrHM18%2BqKYw%2FV9dTAxyT8dASD0bDQSddwRp2Tra2S8sZ%2FXXQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b294b595c56a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1411,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2ca019b0e71f69776797d845470452ca","sha1":"c7462a64ed7953d3c5e62bf8a6cb60842be4c623","sha256":"3f314c137c1909d2c059200a49c2f6688e9a9e878b860b595769842c5ef4115b","sha512":"ce96fc5211d99b831fc7ae0fa2cad5a9f86bbc241e9e5f47baea3f820fbd78241d838665cf6fb75fdc720ea47b84c6d44b3b3cd23f4ad77bfa21a93ceb751f88","ssdeep":"","tlshash":"ba21b9b69a812005676388b2f533d75c7ce39973e547da41b5c176ac8fc46cc4a2178c","first_seen":"2026-04-27T04:42:57.626537Z","last_seen":"2026-04-27T04:42:57.626537Z","times_seen":1,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/lp/Imiral","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:36.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /lp/Imiral HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:42:36 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: no-referrer\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LHPxZGWHhqlhI1Q3ACHpMg%2FoHzWI5RKHMWF%2FuNscAkZ8F4ICws5nm6E9%2BBrK5eJqDxcO5zoBMpDcRhBZHKhJuOgnitqkqZ6MuJB82YTiP2FViOaIsAlcsMK10ZSOeY8LInohsnxWqwcCGbJwE9C1BieN190WLASiqQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b2957c9b956a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17412,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7529)","md5":"5410fea2abad0eb7123fd1e9d9898116","sha1":"591c87bdf4f491426ec91c053da899818cc927e4","sha256":"0babd9ff1511cf883a42b84844e0997045cc9b5b424fc4053a3cd9fc6698b0a7","sha512":"d9420eac26861133ee55407cd892d66dc012a38070e2481263add565f15cc855e20741b404254f89e5809a993bf88c33d362580644fe190a7f783a66ae0c7f1f","ssdeep":"384:jvhpG9TicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:jvhpG9TicNp+uPn4CW9yguGbPcFejO18","tlshash":"3d724b2fb5d8053ab713e293dc42638ab4214edbfa5bfe81458d50a801c9bf9c377568","first_seen":"2026-04-27T04:42:57.630218Z","last_seen":"2026-04-27T04:42:57.630218Z","times_seen":1,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":129,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:36.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:42:36 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TzI4%2Flp2M5xH2zNEOHTTKw87oozE21p9eGg%2FAEj6ZXWSbXsJX0KrxqOjiK4zdYV6rFcBFEHrLlnSik4VwOef3FmO2u7tXYXewG0H%2Fz0pj6KIHJfxKI9wjSqflSqVSlLXcfM%3D\"}]}\r\ncf-ray: 9f2b2958eb2fc759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":38,"dns":22,"connect":1,"send":0,"wait":98,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462249","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Imiral@slurpmail.net","date":"2026-04-27T04:42:39.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462249 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:42:39 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lCFM4MYRr%2Bwhuj%2BgBISfA6QyqgG3vf3gMPnBPglsmLpc8T3%2FXviil9JwqWuiWe7%2BpQTybGMM0ERBfFG%2FtpSdLLw6sdpKBd%2B6j4zBcrlvGIl7wANwiN%2FHiBB09u8URVP7Ckg%3D\"}]}\r\ncf-ray: 9f2b296c7fb6c759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}