{"report_id":"41ed8353-06b6-4638-b458-c7284970ec1f","version":6,"status":"done","tags":[],"date":"2024-05-18T07:53:27Z","url":{"schema":"http","addr":"qu.ax/TYKj.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"104.21.86.112","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"qu.ax/TYKj.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"title":"TYKj.mp4"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:32:28Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"qu.ax","ip":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2019-10-23","domain_rank":0,"first_seen":"2019-12-22 20:42:29","last_seen":"2024-04-11 17:31:27","alert_count":6,"request_count":3,"received_data":2159899,"sent_data":1373,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-18T07:53:01Z","timestamp":1716018781,"ip_dst":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":47048,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI","source":"{\"timestamp\":\"2024-05-18T07:53:01.534917+0000\",\"flow_id\":798457478381232,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":47048,\"dest_ip\":\"172.67.218.147\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048382,\"rev\":1,\"signature\":\"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_02\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_02\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_02\"]}},\"tls\":{\"sni\":\"qu.ax\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":907,\"bytes_toclient\":1654,\"start\":\"2024-05-18T07:53:01.523952+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-18T07:53:01Z","timestamp":1716018781,"ip_dst":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":47048,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI","source":"{\"timestamp\":\"2024-05-18T07:53:01.534917+0000\",\"flow_id\":653287583776432,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":47048,\"dest_ip\":\"172.67.218.147\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048382,\"rev\":1,\"signature\":\"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_02\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_02\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_02\"]}},\"tls\":{\"sni\":\"qu.ax\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":907,\"bytes_toclient\":1654,\"start\":\"2024-05-18T07:53:01.523952+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null}]},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"qu.ax/TYKj.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://qu.ax/TYKj.mp4","date":"2024-05-18T07:53:02.045Z","timestamp":1716018782045,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qu.ax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 07 May 2024 09:45:30 GMT","end":"Mon, 05 Aug 2024 09:45:29 GMT"},"fingerprint":{"sha1":"84:64:EF:4C:9D:CF:6D:73:6C:C6:67:82:14:6B:E8:D6:B7:AF:7D:E2","sha256":"96:5C:55:78:DA:AD:F2:52:E5:85:CD:DC:DA:21:05:77:0B:8B:AC:97:B3:2D:A0:67:B9:0B:48:15:AA:F4:39:80"}}},"request":{"raw":"GET /TYKj.mp4 HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=41943040-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://qu.ax/TYKj.mp4\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Sat, 18 May 2024 07:53:01 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 131045\r\nlast-modified: Sat, 20 Apr 2024 01:16:21 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nage: 814702\r\ncontent-range: bytes 41943040-42074084/42074085\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=B2ZT5bcFtvtnwfG8vXl1RceyarKCI2jgzcGRqscmhE7agLUSceJGz9PL9wdX6YJ3PPccJmB2CI1equxr%2FV3ehLe0NsjSDnGVlxFBGbyoJxP3OD4a6OcdVw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 885a456b5cf50b41-OSL\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":131045,"size_decoded":131045,"mime_type":"video/mp4","magic":"data","md5":"dd42c905eba07223e53a6f4ec99b7876","sha1":"6f14b37ee994689a4c742dc82548440a7c3dc44f","sha256":"379aa5dcb229ba5cd32bebdeb5d0135ddfe7c96f050b9f0cdd161ad8c01c7e31","sha512":"deecdeb2b8a362b9818a82410f44c99feb2b61bad0e17f589e861dc3a0f650f4b9a04271793b0d727421c631c2b095b3363aef0505f01472d602b974c4f490b2","ssdeep":"1536:TclnywPLhF5y/3dRXSD3eQh9wRnA/hfzsg1GRIaKQ60gb732SzawKgC1JCtoy87Y:YtvzhH91hfzsszx066/O8Gh/lLhOJE","tlshash":"cad30ae9b318113ffa539731d9e257243db4e8b90757458944acf32a8c2a3fcaa071e5","first_seen":"2024-08-19T22:37:44.523479Z","last_seen":"2024-08-19T22:37:44.523479Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/TYKj.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://qu.ax/TYKj.mp4","date":"2024-05-18T07:53:02.045Z","timestamp":1716018782045,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qu.ax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 07 May 2024 09:45:30 GMT","end":"Mon, 05 Aug 2024 09:45:29 GMT"},"fingerprint":{"sha1":"84:64:EF:4C:9D:CF:6D:73:6C:C6:67:82:14:6B:E8:D6:B7:AF:7D:E2","sha256":"96:5C:55:78:DA:AD:F2:52:E5:85:CD:DC:DA:21:05:77:0B:8B:AC:97:B3:2D:A0:67:B9:0B:48:15:AA:F4:39:80"}}},"request":{"raw":"GET /TYKj.mp4 HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 May 2024 07:53:01 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 42074085\r\nlast-modified: Sat, 20 Apr 2024 01:16:21 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nage: 814702\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=S%2Fy2NxlxLMrL9tFoG9RG9For13js7wHbMPfuC0HhWd7xtkT3OW1unq88916YU%2B761F9u6CEngss6TZ6X7XVDj2v3v267rX1yvE0IwpsNhYhqfSLcrBZEMA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 885a45689b0a0b69-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":2006130,"size_decoded":2006130,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"72bb4f7575e060b9446353c6bdf783ea","sha1":"9d71c3300fe7b937a4b047332d070033db6b2d5e","sha256":"57d99fe102b4b0e6fb6a53f444a9c96e490d0c8f958a455dcae04f19b19f7d7e","sha512":"0be45a304bb4a8e8c956dc1ac0c30f38df0916d6cb9ee3091445ba835cc9fdff48bf3a868fdb06c97a63f8c683ee83de4fb8fa3776016cbaf6b8732c0f3167e5","ssdeep":"49152:H6fb03vXx4+K4TAjI6cJ4MHZGJr6BqaffgnYiSMqjS:H6fUvC+rTAzcJoJrfafBMqjS","tlshash":"889533314e5a8837d7a8c89c08da92db075e17a1d20beebf37d441c02a98dbf25136d7","first_seen":"2024-08-19T22:37:44.524338Z","last_seen":"2024-08-19T22:37:44.524338Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/favicon.ico","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"172.67.218.147","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qu.ax/TYKj.mp4","date":"2024-05-18T07:53:02.655Z","timestamp":1716018782655,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qu.ax","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Tue, 07 May 2024 09:45:30 GMT","end":"Mon, 05 Aug 2024 09:45:29 GMT"},"fingerprint":{"sha1":"84:64:EF:4C:9D:CF:6D:73:6C:C6:67:82:14:6B:E8:D6:B7:AF:7D:E2","sha256":"96:5C:55:78:DA:AD:F2:52:E5:85:CD:DC:DA:21:05:77:0B:8B:AC:97:B3:2D:A0:67:B9:0B:48:15:AA:F4:39:80"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://qu.ax/TYKj.mp4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 May 2024 07:53:02 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Sun, 05 Jun 2022 23:07:17 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-cache-status: HIT\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nage: 893283\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=4b6Y%2FGlHdretIg7X6Gf2thuWl1azr%2B%2FciFcM98zcRuCzyFWFaKRiKaLebccnbeC9mFI5Lyqe%2BP2SH7BTe5vh831cF1%2F4kmTLo5xep6DvaylwJG8JU9Jffw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 885a456f9f3e0b41-OSL\r\ncontent-encoding: br\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20601,"size_decoded":20601,"mime_type":"image/x-icon","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"b1427ced1520ea9d49dc3ff783f9fc38","sha1":"f63057f04bbc9685daef2a5bb5f8b6c0ae483bf0","sha256":"9374e3620b1daa8f7ce59acc9250129e15dae90354280f4ce3b8369209ebdd31","sha512":"af6d02903058ba9e2164e0b77ca0b870331e4e85bfe79c62abe2731b7997b39a11f6835137c8fe23b8b2a03b3425a528f612378aaabe2280b59a3f31aae72f6f","ssdeep":"384:RovOhmplLJz/ZlUgmTZPkx1B6ffc9XdP+z1ZJ7BuuWbzzqf69mKThIUHkjNrH8i:Ro6y3ggsMXBkc94zD2z24mKThIUyNrH/","tlshash":"bd92d18641398eed5da19297f842662fc6d82b36a87449fe141f1c918cb297c1a3f24b","first_seen":"2023-06-27T16:50:02Z","last_seen":"2026-05-30T15:08:11.202631Z","times_seen":422,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"mnemonic_dns","sensor_type":"domain","title":"","description":"mnemonic secure dns","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://mnemonic.io","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-17","alert":"Sinkholed","trigger":"qu.ax","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}