{"report_id":"47a33d3d-fe5f-4a54-89a6-448bb8da809f","version":6,"status":"done","tags":[],"date":"2025-07-10T11:31:47Z","url":{"schema":"https","addr":"security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"ip":{"addr":"172.67.146.122","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"title":"security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response="},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-09-18T11:31:47Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"security-malware.com","ip":{"addr":"172.67.146.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":0,"first_seen":"2025-07-07T12:33:00.646034Z","last_seen":"2025-07-07T12:33:00.646034Z","alert_count":6,"request_count":4,"received_data":2877,"sent_data":2037,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-10","alert":"Sinkholed","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2025-07-08","alert":"Lumma Stealer","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Lumma Stealer","link":"https://threatfox.abuse.ch/","meta":null}]}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"ip":{"addr":"172.67.146.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-10T11:31:26.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"security-malware.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 14:34:55 GMT","end":"Mon, 08 Sep 2025 15:32:23 GMT"},"fingerprint":{"sha1":"97:64:FB:48:34:C2:98:0B:5B:F0:4B:5C:86:51:16:40:F2:CB:85:A7","sha256":"CC:B0:F5:73:14:93:14:6D:EC:AE:07:73:BE:00:F7:0B:B9:83:57:F9:E3:CF:99:2F:C7:96:74:17:09:D5:F8:61"}}},"request":{"raw":"GET /cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response= HTTP/1.1\r\nHost: security-malware.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Thu, 10 Jul 2025 11:31:26 GMT\r\ncontent-length: 23\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ujAcabtqPuIqICMoujRV9L84MWEvYYlF4Ftm8s4wynLaI%2F%2B4tkfOV%2FQtE1bIpzKEv6ThqVC7CNdid%2BSMMjIZw4%2B7%2BcYxRsdd%2FFgKs0JXRDWCpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 95cfbc1c4d8156c7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":null,"data":{"size":23,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"1862a245f1f02bd4477a17e9432e3a25","sha1":"5e9e7ba669c7c6e7aa7aede335b0b22f0a08b88f","sha256":"e999e13afc2c76a9b3523daa037814a97f9ad5310ee32c4dfe3b5d006a0ed73b","sha512":"d9a8704b10b2897fa29358a36d8f8a180a97f1752ac745065c11ca1698055fd59415d32ac54e451a2237dc460d8a465ffacdbfc7009bf8e2f4fd885acc189e16","ssdeep":"","tlshash":"6b70000a0800320022000820002082a2af808080000000088ee2cce00808080a002220","first_seen":"2025-04-28T11:02:45.558882Z","last_seen":"2026-04-03T00:36:04.347909Z","times_seen":43236,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":39,"dns":1,"connect":1,"send":0,"wait":23,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-10","alert":"Sinkholed","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"ip":{"addr":"172.67.146.122","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-10T11:31:26.939Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response= HTTP/1.1\r\nHost: security-malware.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\nDate: Thu, 10 Jul 2025 11:31:26 GMT\r\nContent-Length: 23\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rh9Z14gFoPR9uzMd0Bt6bU71Xrq3ziZGK%2BKn1Co3NCXy%2BSOJ5p27bFQV9Q7BwDbz0ea98dH58pPpG4p8li3trap89jVSxVs0gg4tGSsl449gmg%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 95cfbc1d38945690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":null,"data":{"size":23,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"1862a245f1f02bd4477a17e9432e3a25","sha1":"5e9e7ba669c7c6e7aa7aede335b0b22f0a08b88f","sha256":"e999e13afc2c76a9b3523daa037814a97f9ad5310ee32c4dfe3b5d006a0ed73b","sha512":"d9a8704b10b2897fa29358a36d8f8a180a97f1752ac745065c11ca1698055fd59415d32ac54e451a2237dc460d8a465ffacdbfc7009bf8e2f4fd885acc189e16","ssdeep":"","tlshash":"6b70000a0800320022000820002082a2af808080000000088ee2cce00808080a002220","first_seen":"2025-04-28T11:02:45.558882Z","last_seen":"2026-04-03T00:36:04.347909Z","times_seen":43236,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":2,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-10","alert":"Sinkholed","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"security-malware.com/favicon.ico","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"ip":{"addr":"172.67.146.122","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","date":"2025-07-10T11:31:27.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: security-malware.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 10 Jul 2025 11:31:27 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLocation: https://security-malware.com/favicon.ico\r\nCache-Control: max-age=14400\r\nCf-Cache-Status: EXPIRED\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eug8DIFiPbi04knd0Ok6RfI%2FGTmXrwlhn8yLh4h%2BLBMLWMURFAnUcwmSPyyLqeyioCo9SSjfUmSSGis7%2F5PLfqb84JDImfb7Y%2Fiz3cVTyhelsQ%3D%3D\"}]}\r\nCF-RAY: 95cfbc1f2c165690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2025-07-08","alert":"Lumma Stealer","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Lumma Stealer","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-10","alert":"Sinkholed","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"security-malware.com/favicon.ico","fqdn":"security-malware.com","domain":"security-malware.com","tld":"com"},"ip":{"addr":"172.67.146.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://security-malware.com/cdn-cgi/phish-bypass?atok=8jQMysgwUcuog5c41FKhdVnFnCdAvm7hpLjfWwN_Q4A-1752128257.680793-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","date":"2025-07-10T11:31:27.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"security-malware.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 14:34:55 GMT","end":"Mon, 08 Sep 2025 15:32:23 GMT"},"fingerprint":{"sha1":"97:64:FB:48:34:C2:98:0B:5B:F0:4B:5C:86:51:16:40:F2:CB:85:A7","sha256":"CC:B0:F5:73:14:93:14:6D:EC:AE:07:73:BE:00:F7:0B:B9:83:57:F9:E3:CF:99:2F:C7:96:74:17:09:D5:F8:61"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: security-malware.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 10 Jul 2025 11:31:27 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kbicXsb6Sho2G8rJBbt4hbX%2FenLBYxluG7n3CUdp0YHMWg3bAu2sFpwu3z766LoJMbb%2FSNngioo0IjAVsDfgdhpdraeU%2FgsvwwZl%2FFwre7X%2BwA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 95cfbc208ef30b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":4,"send":0,"wait":202,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"threatfox","sensor_type":"url","title":"","description":"ThreatFox","scan_date":"2025-07-08","alert":"Lumma Stealer","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Lumma Stealer","link":"https://threatfox.abuse.ch/","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-07-10","alert":"Sinkholed","trigger":"security-malware.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}