{"report_id":"4275689c-50c7-4493-9b2c-3c8355aebcce","version":6,"status":"done","tags":[],"date":"2025-10-07T19:26:52Z","url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"172.67.163.195","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"title":"sunpass.lgyxf.info"},"submit":{"url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"172.67.163.195","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-11T19:26:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"sunpass.lgyxf.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"sunpass.lgyxf.info","ip":{"addr":"104.21.15.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-06","domain_rank":0,"first_seen":"2025-10-07T19:26:52.144749Z","last_seen":"2025-10-07T19:26:52.144749Z","alert_count":3,"request_count":3,"received_data":185275,"sent_data":1260,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"104.21.15.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e22baf861836972fc065779deff334f","sha1":"08e18bb08aba179f50cc3f2cf93b4dc5000ce62d","sha256":"b14a717e998fda0cb62f103b44d894557b8c1971db0b2c6b47dd8e3985d24b09","sha512":"9df509edd770ff054a113312531b99a809c7cb85d798c247ae8af88e8c0211e717631cf94d35d6aa3ae85e1b8dabaa6a0e3ba976bd958756c578f6d800240ed4","ssdeep":"","tlshash":"5031f06a7990367ec55f29ee130bf12e3a00b557a114c843b41cc310aee1db6d1b2eeb","size":1479,"data":"","first_seen":"2025-07-06T13:18:31.389388Z","last_seen":"2025-10-13T20:00:42.722025Z","times_seen":454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"104.21.15.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"eeca225f9a4b5b3e267fbeb403c60cd3","sha1":"60b75deaf36cbdc653fc0f5b02bcdf0e3469f57d","sha256":"108bcbb9b31307c783a9b84929c77e1a7f26915e6c3f9f498993286f4128ab72","sha512":"da9f8e713d524814f8b4bbe9d0b40ee103fd3ff577d94120eeb80e8d30df845469774b20d4bdd6735bf258d2d529d5e34ab6068b73b87adbd42918d328e670c9","ssdeep":"","tlshash":"21c080ff2221c5303fc330477751b741301241939c937c182d5901407425a4fd136f85","size":166,"data":"","first_seen":"2025-05-10T20:39:24.680293Z","last_seen":"2025-10-13T20:00:42.732336Z","times_seen":483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"104.21.15.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T19:26:26.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lgyxf.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 06 Oct 2025 12:33:23 GMT","end":"Sun, 04 Jan 2026 13:26:46 GMT"},"fingerprint":{"sha1":"66:62:EF:FE:46:0B:DB:BF:17:F9:02:C9:7C:E7:3B:F0:0F:C4:C2:24","sha256":"46:3F:03:C1:AE:91:59:3C:CC:23:74:6B:D9:D4:41:72:0F:79:4D:F9:E7:D0:E1:E4:3E:4C:25:FE:E2:61:60:C3"}}},"request":{"raw":"GET /us/ HTTP/1.1\r\nHost: sunpass.lgyxf.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 07 Oct 2025 19:26:27 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cr%2BJ6Bp%2F7zJRopG5WjYlaqZ7zm0SKBBg2it7vjN9iVzZnHz4M5IE%2FS4kcn2BgezcA4ymSujvpaPDNsCzfj6M5b0Q799G8gcjDi%2BGea3GQn8%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98afca48ea63568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61166,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6486)","md5":"70b3411e7aca05579fb3cc4e0a34a7b7","sha1":"f09ce43220032959d63a273f66ac7bc91d9bf7d3","sha256":"743aa713f850f8ec4d471857b7965a5bae7aa18a5a37d14e987b0529606fb9c1","sha512":"e3332f32129a89d81fc5799001f4bd37b8f1e44cb3fafeb83e6387ae4aaa06d2a942c76638d9554cb8eac79cd9cc2d0de86fa5c79d8667bff6801ea766eb628e","ssdeep":"1536:9tLU8JkvouiS9QEmdSbusNMjBAUHHNr4A:/QDf9XDNMj8A","tlshash":"36534be2b2f01a3d1217416965d7b2007b78d483970ede22bbdc5258efc97d06827b8d","first_seen":"2025-07-06T13:18:31.387734Z","last_seen":"2025-10-13T20:00:42.702076Z","times_seen":456,"resource_available":false,"data":null}},"time_used":1405,"timings":{"blocked":61,"dns":37,"connect":1,"send":0,"wait":1282,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"sunpass.lgyxf.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"sunpass.lgyxf.info/us/","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"104.21.15.184","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T19:26:28.168Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /us/ HTTP/1.1\r\nHost: sunpass.lgyxf.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 07 Oct 2025 19:26:28 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zG5tMfJYdtHEDPI4TCr9%2Br1L33n%2BGytoEgjQ5W13WFI6HzniGDl6zYvud5ljkgcW5ujDeJ3Sh0O%2BkOwezb1QSyANPKGiqdQ6m3Bl7uL5pyZgkQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: 98afca520b432efa-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61166,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6486)","md5":"70b3411e7aca05579fb3cc4e0a34a7b7","sha1":"f09ce43220032959d63a273f66ac7bc91d9bf7d3","sha256":"743aa713f850f8ec4d471857b7965a5bae7aa18a5a37d14e987b0529606fb9c1","sha512":"e3332f32129a89d81fc5799001f4bd37b8f1e44cb3fafeb83e6387ae4aaa06d2a942c76638d9554cb8eac79cd9cc2d0de86fa5c79d8667bff6801ea766eb628e","ssdeep":"1536:9tLU8JkvouiS9QEmdSbusNMjBAUHHNr4A:/QDf9XDNMj8A","tlshash":"36534be2b2f01a3d1217416965d7b2007b78d483970ede22bbdc5258efc97d06827b8d","first_seen":"2025-07-06T13:18:31.387734Z","last_seen":"2025-10-13T20:00:42.702076Z","times_seen":456,"resource_available":false,"data":null}},"time_used":977,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":678,"receive":297,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"sunpass.lgyxf.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"sunpass.lgyxf.info/favicon.ico","fqdn":"sunpass.lgyxf.info","domain":"lgyxf.info","tld":"info"},"ip":{"addr":"104.21.15.184","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://sunpass.lgyxf.info/us/","date":"2025-10-07T19:26:29.208Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sunpass.lgyxf.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://sunpass.lgyxf.info/us/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 07 Oct 2025 19:26:29 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: Accept-Encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yt%2B1Oqxx8ES1NqYv1ZRBfeyOk6hUeU4mMWD3mBdA%2FR%2Bhfs54sJ8DDN%2FmOiUbVpnpnTsLUwcKAdk7KWo5OooBNBsjPNPKRNgv8aMUX24oTpPf7A%3D%3D\"}]}\r\nCache-Control: max-age=14400\r\ncf-cache-status: MISS\r\nContent-Encoding: gzip\r\nCF-RAY: 98afca588fb22efa-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61166,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6486)","md5":"70b3411e7aca05579fb3cc4e0a34a7b7","sha1":"f09ce43220032959d63a273f66ac7bc91d9bf7d3","sha256":"743aa713f850f8ec4d471857b7965a5bae7aa18a5a37d14e987b0529606fb9c1","sha512":"e3332f32129a89d81fc5799001f4bd37b8f1e44cb3fafeb83e6387ae4aaa06d2a942c76638d9554cb8eac79cd9cc2d0de86fa5c79d8667bff6801ea766eb628e","ssdeep":"1536:9tLU8JkvouiS9QEmdSbusNMjBAUHHNr4A:/QDf9XDNMj8A","tlshash":"36534be2b2f01a3d1217416965d7b2007b78d483970ede22bbdc5258efc97d06827b8d","first_seen":"2025-07-06T13:18:31.387734Z","last_seen":"2025-10-13T20:00:42.702076Z","times_seen":456,"resource_available":false,"data":null}},"time_used":1082,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":749,"receive":333,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"sunpass.lgyxf.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}