{"report_id":"4d9a03c5-9830-4c36-9bd0-f35817a4f4c7","version":6,"status":"done","tags":[],"date":"2024-05-15T16:06:08Z","url":{"schema":"http","addr":"myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html","fqdn":"myallcdn01.xyz","domain":"myallcdn01.xyz","tld":"xyz"},"ip":{"addr":"188.114.97.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html","fqdn":"myallcdn01.xyz","domain":"myallcdn01.xyz","tld":"xyz"},"title":"myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:50:54Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"myallcdn01.xyz","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-02-21","domain_rank":0,"first_seen":"2024-02-21 15:02:42","last_seen":"2024-03-20 13:23:08","alert_count":2,"request_count":2,"received_data":327661,"sent_data":1008,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-15","alert":"Sinkholed","trigger":"myallcdn01.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-15","alert":"Sinkholed","trigger":"myallcdn01.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html","fqdn":"myallcdn01.xyz","domain":"myallcdn01.xyz","tld":"xyz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-15T16:05:42.792Z","timestamp":1715789142792,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"myallcdn01.xyz","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Apr 2024 12:47:04 GMT","end":"Fri, 19 Jul 2024 12:47:03 GMT"},"fingerprint":{"sha1":"FE:D4:A6:5F:C7:0D:BB:71:66:46:A9:05:40:BA:BE:B4:7C:A6:C9:C1","sha256":"E9:58:CD:3D:1C:29:77:EE:63:40:57:A2:E9:06:01:01:26:F4:9D:F3:31:30:22:F8:5F:6B:1D:36:B9:C2:A0:94"}}},"request":{"raw":"GET /cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html HTTP/1.1\r\nHost: myallcdn01.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 May 2024 16:05:43 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 11 Jan 2021 08:50:23 GMT\r\naccess-control-allow-origin: https://i11lli.com\r\ncache-control: public, max-age=31536000, s-maxage=31536000\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=dvUsrborB%2F1xvYe%2FYWAeLnZs2sqTV1VUWwf%2FjrsfT%2F%2BlswnvIxex5G%2BLMqzcKR7%2FNAZkeQ0vLqEdMPVh0pwgiJAAi1HdTa8%2Fk%2Bn2Kt0DIa9YVo%2BnmZurnXgwZSgHzW6tGQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 88445efe99f70b51-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":326155,"size_decoded":336896,"mime_type":"text/html","magic":"data","md5":"a7fdefeabec5c70fa32e7c45815a89a3","sha1":"ab0ee912a4167a3ddc78cb7949954b2153fe5906","sha256":"b768dca3d30455be258915e821ec04cb959fabf89df1646be796958742570a57","sha512":"05a4abf96ce1f6eca1883546c5c43c1fcb2ab5ed71a00401b6787a0810a761f7a036d267ef1f5a743b0a07d51895f731506723dab65d7f5ead6b13bd2bda5c7d","ssdeep":"6144:wBts1LVxqZ5CXM/pzGX6q6NbnKXHtXMT+Sh6SO4QsCXvLGC6Uu+:wsVVxgCXiRGX6/oXtXMKn5fzGlUu+","tlshash":"1264124c03f5de35dc9301fa5e4ce3a93682ac455e609fdb6ba47a2eedbc219592c031","first_seen":"2024-08-19T22:52:15.986842Z","last_seen":"2024-08-19T22:52:15.986842Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":25,"dns":1,"connect":1,"send":0,"wait":266,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-15","alert":"Sinkholed","trigger":"myallcdn01.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"myallcdn01.xyz/favicon.ico","fqdn":"myallcdn01.xyz","domain":"myallcdn01.xyz","tld":"xyz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html","date":"2024-05-15T16:05:43.384Z","timestamp":1715789143384,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"myallcdn01.xyz","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Apr 2024 12:47:04 GMT","end":"Fri, 19 Jul 2024 12:47:03 GMT"},"fingerprint":{"sha1":"FE:D4:A6:5F:C7:0D:BB:71:66:46:A9:05:40:BA:BE:B4:7C:A6:C9:C1","sha256":"E9:58:CD:3D:1C:29:77:EE:63:40:57:A2:E9:06:01:01:26:F4:9D:F3:31:30:22:F8:5F:6B:1D:36:B9:C2:A0:94"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: myallcdn01.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://myallcdn01.xyz/cdn/down/ca135e347983ca1a4413efa7fd697d81/720p/720p31.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 15 May 2024 16:05:43 GMT\r\ncontent-type: text/html\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nage: 152\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=K1YegmxzwDl3BIIjrq65bVs3j5pEoieUYXq5uDBRA8FuiwWQ5iJUJ%2B5tEJppkfloe8wmL%2FRJYrynz8vWoYkDtH%2BlBBTHOURk8QveQOOWSqs1vlPTUQFsS5h4TmHBdN4EXA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 88445f02296c0b51-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":162,"size_decoded":162,"mime_type":"text/html","magic":"HTML document, ASCII text, with no line terminators","md5":"42b7c03ebcddafdb2aa3078e3a9ceb69","sha1":"57570cf4712b36bce96f68228e6c72137c2156dd","sha256":"a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f","sha512":"4f13627b2b4472ef42c041e85afb0cb7cced297a4878e813c3d4fffce5e81910ea1197a9448b7b33299f5b0f75b5a36cabfdcb0f1cfddd020b110f459dd28709","ssdeep":"","tlshash":"afc0801cf8137045c5030f6807c33542c255d22b9cf9841105454107f0ce2b9c8d53d5","first_seen":"2023-04-05T09:29:41Z","last_seen":"2025-04-06T18:43:22.639142Z","times_seen":4169,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-05-15","alert":"Sinkholed","trigger":"myallcdn01.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}