{"report_id":"60185b56-2b27-4e69-b35b-f2e5bfd365af","version":6,"status":"done","tags":["phishing","kali365","aitm"],"date":"2026-04-27T04:47:43Z","url":{"schema":"http","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"title":"Microsoft User shared a document with you","dom":{"size":18674,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7529)","md5":"bafff0a07d32cd830e42905f671a2536","sha1":"5287d7daac68e3a26bdd62ad1d3ec2edaf68d9ca","sha256":"dab02b2c8aafc98ce4176dc110e242ff5014b3e42529f26bda9c83c4b4d67399","sha512":"fa482e9d496a261a1c40f4f755752d275f197bd252b6965202680e1d1ab870e202e2333ab1fb4e39c5b66023340cecbe0ddcc04823fb978229da1ff9f193e03e","ssdeep":"384:PD81r4ZjEUicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:r64iUicNp+uPn4CW9yguGbPcFejO17sN","tlshash":"f0823b2bb5d8053eb713e297ec42238ab0204ed7fe2bbe85858d519801d6bf9c377564","dom_hash":"domhashea95be312806fa650c95e49886e3a44a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T04:47:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":2,"analyzer":8}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T04:47:20Z","timestamp":1777265240,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48370,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI","source":"{\"timestamp\":\"2026-04-27T04:47:20.859015+0000\",\"flow_id\":1574414388363103,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":48370,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2051768,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_03_22\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Cloudflare_Workers\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Cloudflare_Workers\"],\"updated_at\":[\"2024_03_22\"]}},\"tls\":{\"sni\":\"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":940,\"bytes_toclient\":1654,\"start\":\"2026-04-27T04:47:20.851807+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"summary":[{"fqdn":"api.kali365.xyz","ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-18","domain_rank":0,"first_seen":"2026-04-20T01:49:57.021198Z","last_seen":"2026-04-27T01:54:27.087104Z","alert_count":24,"request_count":6,"received_data":5384,"sent_data":2634,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-24T00:03:57.513983Z","last_seen":"2026-04-24T00:03:57.513983Z","alert_count":15,"request_count":3,"received_data":23926,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2cafcb06640ddf5d53156a0d1d4af36","sha1":"e40c9c110b3baaa70f26c73f4e0fde5539e5d3aa","sha256":"023d1f18ba156c1b436cd0f2bb0358bc87b51e5749fd89622c7296492136c0a7","sha512":"a4d64cebd8b1b399c1a00213220df2071c1c27300d2e817d1ff73daf08df8eb036b61c35e365bf10df83735a9394f32d1a43199097539294c8bdd3ee5e08abbc","ssdeep":"","tlshash":"d53184e2f2bb04398ac922f7e87957ca7c324a19fd47c106d53d0c2459a0f87613aed0","size":1708,"data":"","first_seen":"2026-04-27T04:47:49.257587Z","last_seen":"2026-04-27T04:47:49.257587Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"53d58ea86b09f571484a9e3b228df96f","sha1":"2ae2a2bc6d657bf300e3c24dab3e549c0fcddaa5","sha256":"cbb52fa1621177dac77beb51837bdfa92482b9e4b7f697687f76fd99d5563341","sha512":"f4889d85c6024f402c0e3631844e2c9f92f0c720ca3698c714595ec663d650f9a8e2cf054fc9c17f28744ca6700be08519f4f83be793c1f2a7e96268a1d0194a","ssdeep":"192:QSMqKu1pypQer0NVVknIbQixufq9bPiUexFejbHJmQs1JI8vqwOYkDy1f:QSdKIypdr0NbqPixuGbPcFej1mQs17s8","tlshash":"ed32d80ef8d88a6a7712b27bcc431285b5254ed6ff6dbdc5054d809c01aabbcc3bb465","size":10975,"data":"","first_seen":"2026-04-22T09:54:35.923662Z","last_seen":"2026-04-27T13:39:45.048786Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"64e4a9dbb05f6c53ef9dbb2c74d13b04","sha1":"c03c855f0364b4182ee8ea80854464f4941ae4ff","sha256":"2eb738c7f8b3fced4b65d24f70c76a998c09fa549a2172cee29632f4e1d4ef24","sha512":"fb517dd5c0a6084ff7f05ece053ac74ec42457bdaa4d7958c79c663213e7b1c3bc6d233a9b8b889bee6e228fe3fd5c14b09b35c1420fce90d6cd0bed2172fbf1","ssdeep":"","tlshash":"83e092aa334531441ba395bab53fcb1878373063680ada546329a9901f68a2ca11298d","size":381,"data":"","first_seen":"2026-04-27T04:47:49.259946Z","last_seen":"2026-04-27T04:47:49.259946Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"6ba58ca7f76135e04279a50f94dccc18","sha1":"5fc93dadc73372aca047fe6883e67c3ee4b3ea9e","sha256":"ea2ce4d8277a56e5fa3d32710ce36da87bb84b356092814c0a5b84e6da7e5724","sha512":"2a0e8542996f66ea50281229406babf5dfe21c218d1bf7e0d36e572fce35c07813124abb94d51f93d4a82b9b801826de8ead9661c62c835af7ec602d7407af36","ssdeep":"192:KgDeHSMwpQYIeiM0gkKNb0UicNp+SvsxYCYwr/7qYspQstjQR1eknIb/:bD7K4b0UicNp+usxYCYS7ZspZtjQR8q6","tlshash":"3f42097bf1d8043db713c1d3b462578b7050aa9aba6b9f49c5dd226840c5bfec367288","size":12540,"data":"","first_seen":"2026-04-27T04:47:49.261201Z","last_seen":"2026-04-27T04:47:49.261201Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:26.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:47:26 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fKtt8LZ3KCLoEKfapMOnvGB3ZzrrcvkzmGykbOv46COo4nI5l6UERsVSKsagJjLpKdCNU3kbI%2Bax4eXRiCo05n6uYlKDKHPBAS5wh7HEeqJDMWN82qEM%2F6nI0NypsoE9KCM%3D\"}]}\r\ncf-ray: 9f2b306f8f3db4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:29.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:47:29 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XhmFJ%2B7T5v2eorPf6Ddp%2BYKTc2qY2GGUW5uZmQPbGn3xnhlL2J12mBq9wJwlAf7a%2BG2tOA3%2F2yyJiayZCKqp5xLRu9qut5KOj0QeB6mNvvOC0xqE3sFxTFbGiZ2sK2hHnyM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b3082786e56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:32.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:47:32 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z8hAgGJw9PeEhKhm%2FpggUMg5M9Ue7iVAlGzkIlw6NwtMnoVjEmqexfeA463QPffnj%2Bln6MhH3IRjiNP7%2B0%2FLB0oun0j1w9P9OQxNEIbm70Zu6J7uttDwokbtWXNnkFPWN3k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b309588f656be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:35.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:47:35 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WWfCFpkP4C81iJaN4P9DfdBdzg2fsjRSH9GPjQ1%2F3jcHXPQwu9J3jhtyR6%2Fllp1%2BrKNxx5DAC4by0mGWHSutt2gpCjvd1nGyc%2FeEBovaJGdJDdkyuBEJh8Vc7az7nzTPa3U%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b30a8893e56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:38.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:47:38 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xSP9Ls6swRxB%2FzJVQvdRyhcP1hQfsJE6jl8tXBFu4i9zE89Tl6qPXNo9c0QYkHga7JuHVkMrYkLnqeH806Brijn%2F2Wo50jvFm2yi5eQgSEOsISXBasl2PNBF3nZe6YgU1Jk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b30bb99ca56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T04:47:20.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /l/Ibelio7@slurpmail.net HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:47:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Hj0qgkX4EW8Vkynytll94eVbizu0SAB2rtp07mFkvfQDchu9ZurUSZJBskoYnR89aeg3I7%2FBtbMRG8YqkNXEegSWlHxePqlz13K7Y0wGSD5axmf5n%2FevS0A3Vly0AAiMhnrKmgSeksz%2Bb5Y85EneKqIJK7pRMD9MQQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b304b782a8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1418,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"5470507c9fcfd3875ca1fa96569228ea","sha1":"6c41b4d9183b6dc27a1b6d0cb314e6fe3a37872f","sha256":"5485d1e075ddf9d4555e98cabef9e1cfcd3d344b106261ddd6082ef671e699ca","sha512":"39593812063b934ac9350dddfd5dc3046b5aeaac33589a68d1de2e65cf4b7875e0e8cc0390d4e91cb06f0a5770f93ab1ff8559e183b13b7222de8b588e7fc98a","ssdeep":"","tlshash":"1421c96759c130056763c4a1b532e75c7cd39872e507da4066d5b6ac5fc4a8c4e1234c","first_seen":"2026-04-27T04:47:49.25265Z","last_seen":"2026-04-27T04:47:49.25265Z","times_seen":1,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":14,"dns":1,"connect":1,"send":0,"wait":197,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/favicon.ico","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:21.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:47:21 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lKOfbr04%2B%2FSZLNiaxJ8%2BTk30oBJ3jBe301rcpZL%2ByAIYOMPCoErujXtSLOuI5%2B5R3Wc1G%2B7z3nPuMmP6k%2B5AGUKZTyNTlEvoEdYBFv7dSmkETMhknE%2B%2FV%2FWMnd%2BlOrZ6egihYE8jPz2hkv9ayy%2FyZ4u5Jci6bPKnQg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b304dae5f0b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1411,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8992b335b270aebc28ae8e12a4684e4d","sha1":"0261c874d03e254d6901c5c47ef1caffc2c5bd05","sha256":"8d6d1608297b02b5822f186eaf70298dcfe89a15b072ff2189e1b665acb133d3","sha512":"3951ee144df04264a3244f4c05dad96c9a84bf6891bf5ded5eb559af8ff9b7984e775c44c6b5ba04f086f00700044c97a9d51422e7ba50bce1573882fd47e73b","ssdeep":"","tlshash":"042196769d852002662384b1b832e61c7cd39962e917d6407bd2b6bc8fd4a9c4a22b8c","first_seen":"2026-04-27T04:47:49.254387Z","last_seen":"2026-04-27T04:47:49.254387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/lp/Ibelio7","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:23.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /lp/Ibelio7 HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:47:23 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: no-referrer\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5b%2Bph8sX%2FoBdYuQtU4nwQajLcUz5wbB3x7Vh9XclESJhcpWGszAuVgD1MoNXq%2Fl1Nvo1jbuOe9IOJd%2Ft2JXaFvXCHtvjJxm3V63Y49MizymYtDbmgkbJGNAGgpoiZ9gwVxklD39u8nelAQwvRSoGm0tE38tLyu2eDA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b305a0aa00b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18660,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7529)","md5":"eb7e46921fcf22b0939aac9e0cca97ea","sha1":"e8a2f36f73db3bc8c914148ffe433a549c56f6e1","sha256":"1b60d9e3335cf705e820831ec5d5477c5bd2ad314264f5b1f097d756d0d230e8","sha512":"343c8ba5f69b7073d1d77d03849b4aa757fe966a49d48bbb4fc98466f7825bee5c2675fe3d5e44cddf45050d1df355d75d59a2041c2461a17acf72d110705c28","ssdeep":"384:bD7K4b0UicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:Pu4wUicNp+uPn4CW9yguGbPcFejO17sN","tlshash":"78822a2bb5d8053eb713e297ec02238a70214ed7fa2bbe85458d519801d6bfac377564","first_seen":"2026-04-27T04:47:49.255781Z","last_seen":"2026-04-27T04:47:49.255781Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":272,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462316","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Ibelio7@slurpmail.net","date":"2026-04-27T04:47:23.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462316 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:47:23 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LaEcRBfmK8KtJA%2BJxM3dikhA2QaTAQ4TvlfQTJ4GHZy2XpJzarECf8h%2BHOVFWqvUe%2B2Pz44ROrzV8igille1n65HBPeYoXb0FvxZcuhBJjy2TPLq5%2FaDwxor7cVM613EuV0%3D\"}]}\r\ncf-ray: 9f2b305be9bcb4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":14,"dns":1,"connect":1,"send":0,"wait":101,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}