{"report_id":"4bea8347-352f-4b6a-8dad-ed5cbd43d250","version":0,"status":"done","tags":[],"date":"2026-07-17T09:28:48Z","url":{"schema":"http","addr":"roverifly.com","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"final":{"url":{"schema":"https","addr":"roverifly.com/","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"title":"RoVer","dom":{"size":155687,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (21776)","md5":"5797c0b60dfe8ba5e24cb41d6ef5d0e5","sha1":"99e0c9a4e697711fc024fc7037b940b597cf6914","sha256":"1c21ae09c5cbf59b85a0567941cac069492e300ffe0cb70f4538000ea4fe035f","sha512":"4dbe02533386308529b67e166a7fd0f79d8423a6d58c702e024323287f4580d3d8fcd78ebec6002d05bca7169a18f75d086cac12b0cfc2d24aa82d108037e3c2","ssdeep":"1536:zHRLx1sUBgjkZ3S32S2Sm6XTIj30XOsRQCAZnk2T9hq2zF27U:V91s0GzXDs3YObCKNTq2k7U","tlshash":"51e35d254963a19d1c73a81e23e65e172230e003ad05fb4ebaff45648f0fac564d7f6a","dom_hash":"domhashc0cc54f2f4c3d0d916c57af7c58a043a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"roverifly.com","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":0,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-21T09:28:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"roverifly.com","ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"domain_registered":"2026-06-06","domain_rank":0,"first_seen":"2026-07-15T23:25:39.446213Z","last_seen":"2026-07-15T23:25:39.446213Z","alert_count":12,"request_count":4,"received_data":157292,"sent_data":2264,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"lolxd.xyz","ip":{"addr":"172.67.147.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-11","domain_rank":0,"first_seen":"2026-07-17T09:28:48.397248Z","last_seen":"2026-07-17T09:28:48.397248Z","alert_count":0,"request_count":1,"received_data":658,"sent_data":398,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.discordapp.com","ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-02-26","domain_rank":16705,"first_seen":"2015-08-24T13:06:21Z","last_seen":"2026-07-11T12:59:58.834618Z","alert_count":0,"request_count":1,"received_data":10783,"sent_data":556,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.roblox.com","ip":{"addr":"128.116.5.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"Germany","country_code":"DE"},"domain_registered":"2004-01-30","domain_rank":1776,"first_seen":"2012-05-24T19:56:53Z","last_seen":"2026-07-11T09:30:10.861486Z","alert_count":0,"request_count":1,"received_data":3565,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":[{"level":"log","text":"URL Params:map[actor:server1.conn0.watcher17.process7//obj22 class:Object extensible:true frozen:false isError:false ownPropertyLength:3 preview:map[kind:Object ownProperties:map[avatar:map[configurable:true enumerable:true value:map[type:null] writable:true] id:map[configurable:true enumerable:true value:map[type:null] writable:true] username:map[configurable:true enumerable:true value:map[type:null] writable:true]] ownPropertiesLength:3] sealed:false type:object]","filename":"https://roverifly.com/","line_number":2131,"column_number":9},{"level":"log","text":"No Discord info in URL, checking sessionStorage...","filename":"https://roverifly.com/","line_number":2149,"column_number":13},{"level":"log","text":"SessionStorage avatar:map[type:null]","filename":"https://roverifly.com/","line_number":2150,"column_number":13},{"level":"log","text":"SessionStorage username:map[type:null]","filename":"https://roverifly.com/","line_number":2151,"column_number":13}]},"http":[{"url":{"schema":"https","addr":"roverifly.com/RoVer_files/saved_resource.html","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://roverifly.com/","date":"2026-07-17T09:28:21.174Z","timestamp":1784280501174,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roverifly.com","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 15:08:46 GMT","end":"Fri, 04 Sep 2026 15:08:45 GMT"},"fingerprint":{"sha1":"00:F9:29:F1:AE:EA:EF:A3:65:FE:3A:7F:3C:78:6B:EA:4B:C6:4E:BC","sha256":"9D:F8:85:D2:50:C1:89:00:35:F4:97:F7:49:1F:9A:72:84:70:77:05:BC:93:2C:E3:4A:55:6E:5B:26:F1:A2:47"}}},"request":{"raw":"GET /RoVer_files/saved_resource.html HTTP/1.1\r\nHost: roverifly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: EggyWall_Token=0214017194b8e367d3d0935ed6f4a37e12f6849e7c593b899730c38846af29aa\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Fri, 17 Jul 2026 09:28:20 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 275\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":275,"size_decoded":470,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"dad6379feef0df7ec0c64f78a43385e7","sha1":"2cfdf405bddf53e7fe768c3cac68a2d714bf8521","sha256":"9a63c10611994145235ca6fb4fba8cb65827228b471516d30242f4f3f878e914","sha512":"cf0ac42d61c83487d36f0a9c57760dcb4bd3463e63b8f95415df4c538d9ff28d8665ff4b7f7079a4bc7640c1a986613c484a9ab8c4606a5fa1579475b6ba3346","ssdeep":"","tlshash":"bbd02bef5053638b0d12156039c615c2274c13eaa83a85e93d86d48752d853ecd9aacc","first_seen":"2026-07-15T23:25:45.958095Z","last_seen":"2026-07-17T09:28:50.730848Z","times_seen":2,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lolxd.xyz/favicon.ico","fqdn":"lolxd.xyz","domain":"lolxd.xyz","tld":"xyz"},"ip":{"addr":"172.67.147.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://roverifly.com/","date":"2026-07-17T09:28:21.193Z","timestamp":1784280501193,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lolxd.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:20:59 GMT","end":"Mon, 12 Oct 2026 20:18:06 GMT"},"fingerprint":{"sha1":"E8:BD:E6:0F:6A:9E:C5:BD:A1:75:32:DA:33:C2:22:2F:84:5D:C7:A2","sha256":"F5:B2:C3:C3:C5:E8:87:99:6E:ED:F2:85:82:D5:F7:B3:69:77:A4:5C:F0:0F:FF:F2:6F:18:9B:20:01:8C:22:76"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: lolxd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\ndate: Fri, 17 Jul 2026 09:28:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.roblox.com/request-error?code=404\r\nserver: cloudflare\r\neggy-wall: 15.6\r\nabuse: abuse@eggywall.org\r\nx-cache: HIT\r\nx-frame-options: ALLOWALL\r\naccess-control-allow-credentials: true\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.1,\"failure_fraction\":1}\r\nstrict-transport-security: max-age=604800; includeSubdomains\r\nx-cache-url: https://lolxd.xyz/favicon.ico\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1c8374c8e115695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-17T14:40:26.336623Z","times_seen":17316417,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":4,"connect":1,"send":0,"wait":271,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roverifly.com/","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-17T09:28:20.150Z","timestamp":1784280500150,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roverifly.com","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 15:08:46 GMT","end":"Fri, 04 Sep 2026 15:08:45 GMT"},"fingerprint":{"sha1":"00:F9:29:F1:AE:EA:EF:A3:65:FE:3A:7F:3C:78:6B:EA:4B:C6:4E:BC","sha256":"9D:F8:85:D2:50:C1:89:00:35:F4:97:F7:49:1F:9A:72:84:70:77:05:BC:93:2C:E3:4A:55:6E:5B:26:F1:A2:47"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: roverifly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Fri, 17 Jul 2026 09:28:19 GMT\r\nContent-Length: 0\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nLocation: /\r\nSet-Cookie: EggyWall_Token=0214017194b8e367d3d0935ed6f4a37e12f6849e7c593b899730c38846af29aa; SameSite=Lax; path=/; Secure\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-17T14:40:26.336623Z","times_seen":17316417,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":-1,"dns":166,"connect":42,"send":0,"wait":42,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://roverifly.com/","date":"2026-07-17T09:28:21.171Z","timestamp":1784280501171,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 30 Jun 2026 19:20:57 GMT","end":"Mon, 28 Sep 2026 20:20:43 GMT"},"fingerprint":{"sha1":"0E:2A:22:B7:6A:D3:D5:15:59:33:47:36:69:35:D7:4C:C5:8D:85:85","sha256":"74:A6:CF:F6:20:1A:C6:09:D2:05:BC:90:AE:1E:68:2C:E2:4C:77:66:4D:5F:62:FC:F9:34:5F:67:0A:D7:A2:79"}}},"request":{"raw":"GET /avatars/298796807323123712/7338ed45666cd90ec1a6662491a9eb8a HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Fri, 17 Jul 2026 09:28:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 9690\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\nlast-modified: Sat, 11 Jul 2026 23:36:18 GMT\r\nset-cookie: __cf_bm=KZRbUrRlzp4HPVMSJhQDLq2nOduC2phqvyVYqj_UCY8-1784280501.1895254-1.0.1.1-OcxU4GBlzdKRpB8H2wVf2NJn4SoKVIwzEfG4ZRNSTgzw6ZiOUlT7ppKEZrGSEOIsUkTn3VxtAqVis7PejeJOhyz_0KplLIKwXpjrini_Q4e8pToDoFsYLh02C9dK.CmE; HttpOnly; SameSite=None; Secure; Path=/; Domain=discordapp.com; Expires=Fri, 17 Jul 2026 09:58:21 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zaLpfECLK8qCA03bB1ReW0KJV88p8QfwXtta4wLhjRU%2Fsb11LTBzU%2FK2GedlltsMdPzJPCi3MMC%2BtE7qsp4wWYcBaEVQPTuADuy%2FaKeAzQxIMhPOSDOu6ihszyNg%2FVDLPAtPuQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\npriority: u=4,i\r\nserver: cloudflare\r\ncf-ray: a1c8374c690f712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9690,"size_decoded":10783,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"8c9620b17aa05ffe8eb1da96f9d5a31e","sha1":"3b89033766ad1d0bc94582541ce5bfb5018d86fd","sha256":"a3e1a227d1147bd6da31c004db87a78f97f0f041a67642b92b6e50b76cbb8460","sha512":"196102e30149e4d10bf4136bafbd12a560daad7a933618a561d37c78c438b588437ea8df8407819a4a925e52569996d495f3f32a98d94113896a391c83741b5b","ssdeep":"192:KWZkXE3uoJG9QJhalARGGN39IjhJCTVHWAnLr57t6xy/:KWZk9oJl/fQ8RHDn57Z/","tlshash":"3e12bf3e5c5e3fce621407eeadf43adb150587288fc97864b4408226f252c53a312f87","first_seen":"2026-06-06T23:00:37.182642Z","last_seen":"2026-07-17T09:28:50.735428Z","times_seen":16,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":3,"connect":14,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roverifly.com/RoVer_files/saved_resource(1).html","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://roverifly.com/","date":"2026-07-17T09:28:21.176Z","timestamp":1784280501176,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roverifly.com","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 15:08:46 GMT","end":"Fri, 04 Sep 2026 15:08:45 GMT"},"fingerprint":{"sha1":"00:F9:29:F1:AE:EA:EF:A3:65:FE:3A:7F:3C:78:6B:EA:4B:C6:4E:BC","sha256":"9D:F8:85:D2:50:C1:89:00:35:F4:97:F7:49:1F:9A:72:84:70:77:05:BC:93:2C:E3:4A:55:6E:5B:26:F1:A2:47"}}},"request":{"raw":"GET /RoVer_files/saved_resource(1).html HTTP/1.1\r\nHost: roverifly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: EggyWall_Token=0214017194b8e367d3d0935ed6f4a37e12f6849e7c593b899730c38846af29aa\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Fri, 17 Jul 2026 09:28:20 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 275\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":275,"size_decoded":470,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"dad6379feef0df7ec0c64f78a43385e7","sha1":"2cfdf405bddf53e7fe768c3cac68a2d714bf8521","sha256":"9a63c10611994145235ca6fb4fba8cb65827228b471516d30242f4f3f878e914","sha512":"cf0ac42d61c83487d36f0a9c57760dcb4bd3463e63b8f95415df4c538d9ff28d8665ff4b7f7079a4bc7640c1a986613c484a9ab8c4606a5fa1579475b6ba3346","ssdeep":"","tlshash":"bbd02bef5053638b0d12156039c615c2274c13eaa83a85e93d86d48752d853ecd9aacc","first_seen":"2026-07-15T23:25:45.958095Z","last_seen":"2026-07-17T09:28:50.730848Z","times_seen":2,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":42,"send":0,"wait":67,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.roblox.com/request-error?code=404","fqdn":"www.roblox.com","domain":"roblox.com","tld":"com"},"ip":{"addr":"128.116.5.3","port":443,"asn":22697,"as":"ROBLOX-PRODUCTION","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://roverifly.com/","date":"2026-07-17T09:28:21.487Z","timestamp":1784280501487,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roblox.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 05 Jan 2026 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"64:9A:C3:7A:FE:A7:7F:57:81:16:16:7F:1C:E2:23:2D:BF:EF:BC:22","sha256":"1E:BF:27:4D:6F:A4:B6:CC:27:F9:EF:38:15:3A:89:3E:54:38:8D:3B:B9:D6:2D:44:B9:64:6B:6D:27:7B:22:42"}}},"request":{"raw":"GET /request-error?code=404 HTTP/1.1\r\nHost: www.roblox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 17 Jul 2026 09:28:20 GMT\r\nserver: public-gateway\r\ncache-control: no-store, must-revalidate, no-cache\r\ncontent-encoding: br\r\nset-cookie: rbx-ip2=1; domain=roblox.com; expires=Fri, 17-Jul-2026 10:28:21 GMT; path=/\nRBXEventTrackerV2=CreateDate=07/17/2026 04:28:21\u0026rbxid=\u0026rbxuid=\u0026browserid=1784280501640003; domain=roblox.com; expires=Tue, 02-Dec-2053 09:28:21 GMT; path=/\nGuestData=UserID=-89222344; domain=.roblox.com; expires=Tue, 02-Dec-2053 09:28:21 GMT; path=/\r\nvary: Accept-Encoding\r\ncontent-security-policy: report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests;  script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' apis.roblox.com roblox.com apis.robloxapp.vnggames.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com cdn.safecharge.com *.px-cloud.net *.px-cdn.net;  img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.openstreetmap.org *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com *.safecharge.com;  connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.robloxapp.vnggames.com *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com wss://realtime-signalr.robloxapp.vnggames.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com *.safecharge.com *.px-cloud.net *.px-cdn.net *.pxchk.net *.px-client.net;\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000\r\nroblox-machine-id: c108a21a-445c-cb4e-1015-2a347656a6cf\r\nx-envoy-upstream-service-time: 29\r\nx-terms-message: Terms apply https://rblx.co/TOU.\r\nx-ratelimit-limit: 100, 100;w=60\r\nx-ratelimit-remaining: 98\r\nx-ratelimit-reset: 39\r\nx-roblox-region: us-central_rbx\r\nx-roblox-edge: c078\r\nreport-to: {\"group\":\"network-errors\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://ncs.roblox.com/upload\"}]}\r\nnel: {\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.001,\"failure_fraction\":1}\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Arkose Labs","description":"Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.","website":"https://www.arkoselabs.com","common_platform_enumeration":"","icon":"ArkoseLabs.svg","categories":["Security"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":16410,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-17T14:40:26.336623Z","times_seen":17316417,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":2,"connect":20,"send":0,"wait":164,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roverifly.com/","fqdn":"roverifly.com","domain":"roverifly.com","tld":"com"},"ip":{"addr":"91.240.20.16","port":443,"asn":59939,"as":"WIBO Baltic UAB","country":"Lithuania","country_code":"LT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-17T09:28:20.466Z","timestamp":1784280500466,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roverifly.com","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Jun 2026 15:08:46 GMT","end":"Fri, 04 Sep 2026 15:08:45 GMT"},"fingerprint":{"sha1":"00:F9:29:F1:AE:EA:EF:A3:65:FE:3A:7F:3C:78:6B:EA:4B:C6:4E:BC","sha256":"9D:F8:85:D2:50:C1:89:00:35:F4:97:F7:49:1F:9A:72:84:70:77:05:BC:93:2C:E3:4A:55:6E:5B:26:F1:A2:47"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: roverifly.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: EggyWall_Token=0214017194b8e367d3d0935ed6f4a37e12f6849e7c593b899730c38846af29aa\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 17 Jul 2026 09:28:19 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nContent-Length: 56901\r\nEggy-Wall: 15.6\r\nAbuse: abuse@eggywall.org\r\nAccept-Ranges: bytes\r\nEtag: \"26070-656b39b8bbd67-gzip\"\r\nVary: Accept-Encoding\r\nLast-Modified: Thu, 16 Jul 2026 05:21:09 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":155760,"size_decoded":57235,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (21776)","md5":"8d4d451ddcaba118a95ededc95485830","sha1":"0dd39065b2b62892d70b414569d78528751b69d5","sha256":"e6677516cd42d44b6cb3b30107cd9e99c5945de3d2dc6dc0a15d91c9a5996da5","sha512":"fcb391792353fcad03115245eb7125ffe336f8a0e7651d97c630b974f19c292a4865d7990435ff99611e0b0430c7ac9857040e2bc2f8e40bbb78c990ddfd73bf","ssdeep":"1536:wHRLx1sUBgjkZ3S32S2Sm6XTIj30XOsRQCAZnk2T9hq2zF87U:+91s0GzXDs3YObCKNTq2q7U","tlshash":"5de35d254963a19d1c73a81e23e65e172230e003ad05fb4ebaff45648f0fac564d7f6a","first_seen":"2026-07-17T09:28:43.38312Z","last_seen":"2026-07-17T09:28:50.736721Z","times_seen":2,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":138,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"roverifly.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}
