{"report_id":"6468fd50-7edd-4494-823f-2325b6743d9e","version":6,"status":"done","tags":[],"date":"2025-10-12T10:27:04Z","url":{"schema":"http","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"104.21.56.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"title":"Download Requested File | Secure File Transfer"},"submit":{"url":{"schema":"http","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"104.21.56.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T10:27:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cbyq4yr1.cfd","ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-08","domain_rank":0,"first_seen":"2025-09-16T01:16:37.114386Z","last_seen":"2025-09-23T09:28:55.215107Z","alert_count":12,"request_count":4,"received_data":48746,"sent_data":2098,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"e7dc6b4a5a339725202963973cca6ddd","sha1":"e9b302a693660f7e693eb3a91d37a9d7447cf5a1","sha256":"e5d47d0e8bc4c77283027d5f633b4f655e3ff5284642f15857137f195b0d040a","sha512":"c3e2524eeb5c2825d6939d07c8d049f7b8bec4e53e724cbc0780239c0115fca660ae3c897fdfb75656898639dca838733b9ea64d9c28b08b8e7480f40746c957","ssdeep":"","tlshash":"50d095dd2c25883072dd010e60f6d3a5322110d07f11f94041c5cc1f5e17dd35db141c","size":252,"data":"","first_seen":"2025-10-12T10:27:05.604413Z","last_seen":"2025-10-12T10:27:05.604413Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b1766481571058f1aff63f670b855e5","sha1":"87186ec0436910423c1f5167311c82bedecb0ea5","sha256":"a49f58786fb532004d789079d81f2a154b1744ff13e1c4f9b49737b3fabfbd53","sha512":"a6b75d493de29813465c24a491a1b8a639366b23625d31f693375390a678baa3485a75708e8dafe1e7833f642c4212155fee39b4ffedeaeceaf4c317f76a86d7","ssdeep":"","tlshash":"dc41ae6b397b193491afa66a0a6fa1447531d01b3807c5403e7dcaac2fa6d0364a6ef1","size":2087,"data":"","first_seen":"2025-09-17T19:57:13.537291Z","last_seen":"2026-03-08T20:44:38.558924Z","times_seen":90,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8a0d1628dacf257c87c36d0f08eae155","sha1":"3e87cae23c1f24849e4c75d86541f4c8bc80c8cb","sha256":"dc1e2a7cf30dcf9fa7141416e9ed6f6212f5d0ed0a3f4fbd134b3974fb2c3116","sha512":"6c9f6cda528513a79b8655f5f7cb96b1aad3698cb1c67b862d7b9f3706fec5e05ee52f5a475c2242d4e158eba1f7e1208e1b359cec70fe75e6b664508442fb25","ssdeep":"","tlshash":"da11e1b93a1a1534d6c5504f317ee7a93a3210617e02e080c2accc285d1ddc318afc7e","size":972,"data":"","first_seen":"2025-10-12T10:27:05.610992Z","last_seen":"2025-10-12T10:27:05.610992Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a6a3bfd4411bae8c7c3a66568cae5ce","sha1":"9e1938855d28fd62ba7464926c07175363ec8629","sha256":"c69dc69e2419e48df7442b04981a21bc72516c97075eb76a7b3230fbeaf412e6","sha512":"4279574d4bdef5fe8a2e1e1d72aae4d7ce14675500b2bdfc8549cf457235b1344a2aa783b42af8b39396584ec3da4f1400cbfd7b2340cfa4d5416f6037085862","ssdeep":"192:sI+bvRtzqtRYHsHk/bcexTPlmBdNsvyIEcfseAiPINNAOA6A3AdfeU:sB1V/bcqP4CnUDiyZ7Sk","tlshash":"4622d9cb6f0db46c43b42ea120ab29cb99698ea9303e5c494530e5fc7d10e8a7449e8d","size":9977,"data":"","first_seen":"2025-10-10T12:43:21.126077Z","last_seen":"2025-10-22T15:05:39.054903Z","times_seen":676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cbyq4yr1.cfd/","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T10:26:40.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbyq4yr1.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 20:59:31 GMT","end":"Sat, 13 Dec 2025 21:35:43 GMT"},"fingerprint":{"sha1":"85:DE:49:6D:30:56:9C:56:9E:21:76:20:9B:33:D1:D5:0C:48:77:68","sha256":"63:56:7A:54:DD:A5:44:BA:77:95:3B:F4:A8:1C:28:C7:0C:EC:97:B8:A5:66:8D:B1:85:35:5D:74:6D:D6:2E:C6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cbyq4yr1.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 10:26:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'nonce-W4BwjYzxCTNRq0x6kvuLEw=='; style-src 'self' 'nonce-W4BwjYzxCTNRq0x6kvuLEw=='; img-src 'self' data:; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; object-src 'none'; upgrade-insecure-requests\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y1t0mVPyTMm1rnvd2%2BgBdndXreyK4HZzGiDX4k7WqAQjwPobWFsewiwI1jMUkX2xWVmwnGn1P1cB6kmfuJElPy7waG7d6EvgF3c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=76408b9d59496687ebb16fefa0b382fc; Path=/\r\ncf-ray: 98d5e67a58b3568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":26107,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1029), with CRLF line terminators","md5":"5ec860fb0ffb9ec3dd676cb7f5a2e4e1","sha1":"cb8c31d273d4af96e44feb902fee766ec9c5692a","sha256":"a532ac1e0b348d0a135762050b857e5b2c47735c8c0380ea7b0f00b1428e57e1","sha512":"07b2b1c5de3ce5e88cb47b2b51226dde8a8ab3f3ac8649be109db204dd73c87d197431df491ab871c41827b73c21205da3326574c35bf2cfa0a3878caf9ac678","ssdeep":"384:zqzfINzCooNHnyLY6hn8xw+pKOq0v+qnx//:QAzZoRx6OcOPx//","tlshash":"ecc2621ac268557d6933e77497e78206ff723013c4029bacbfad93941fb19aa9122f44","first_seen":"2025-10-12T10:27:05.595794Z","last_seen":"2025-10-12T10:27:05.595794Z","times_seen":1,"resource_available":false,"data":null}},"time_used":640,"timings":{"blocked":51,"dns":4,"connect":1,"send":0,"wait":538,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cbyq4yr1.cfd/","date":"2025-10-12T10:26:41.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbyq4yr1.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 20:59:31 GMT","end":"Sat, 13 Dec 2025 21:35:43 GMT"},"fingerprint":{"sha1":"85:DE:49:6D:30:56:9C:56:9E:21:76:20:9B:33:D1:D5:0C:48:77:68","sha256":"63:56:7A:54:DD:A5:44:BA:77:95:3B:F4:A8:1C:28:C7:0C:EC:97:B8:A5:66:8D:B1:85:35:5D:74:6D:D6:2E:C6"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: cbyq4yr1.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=76408b9d59496687ebb16fefa0b382fc\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/e9c9e9d67513/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\npriority: u=3,i=?0\r\ndate: Sun, 12 Oct 2025 10:26:41 GMT\r\ncontent-length: 0\r\nserver: cloudflare\r\ncf-ray: 98d5e67facc20b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9977,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/cdn-cgi/challenge-platform/h/g/scripts/jsd/e9c9e9d67513/main.js?","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cbyq4yr1.cfd/","date":"2025-10-12T10:26:41.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbyq4yr1.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 20:59:31 GMT","end":"Sat, 13 Dec 2025 21:35:43 GMT"},"fingerprint":{"sha1":"85:DE:49:6D:30:56:9C:56:9E:21:76:20:9B:33:D1:D5:0C:48:77:68","sha256":"63:56:7A:54:DD:A5:44:BA:77:95:3B:F4:A8:1C:28:C7:0C:EC:97:B8:A5:66:8D:B1:85:35:5D:74:6D:D6:2E:C6"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/e9c9e9d67513/main.js? HTTP/1.1\r\nHost: cbyq4yr1.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=76408b9d59496687ebb16fefa0b382fc\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\ndate: Sun, 12 Oct 2025 10:26:41 GMT\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 98d5e67ffcc40b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9977,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9977), with no line terminators","md5":"6a6a3bfd4411bae8c7c3a66568cae5ce","sha1":"9e1938855d28fd62ba7464926c07175363ec8629","sha256":"c69dc69e2419e48df7442b04981a21bc72516c97075eb76a7b3230fbeaf412e6","sha512":"4279574d4bdef5fe8a2e1e1d72aae4d7ce14675500b2bdfc8549cf457235b1344a2aa783b42af8b39396584ec3da4f1400cbfd7b2340cfa4d5416f6037085862","ssdeep":"192:sI+bvRtzqtRYHsHk/bcexTPlmBdNsvyIEcfseAiPINNAOA6A3AdfeU:sB1V/bcqP4CnUDiyZ7Sk","tlshash":"4622d9cb6f0db46c43b42ea120ab29cb99698ea9303e5c494530e5fc7d10e8a7449e8d","first_seen":"2025-10-10T12:43:21.126077Z","last_seen":"2025-10-22T15:05:39.054903Z","times_seen":676,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cbyq4yr1.cfd/cdn-cgi/challenge-platform/h/g/jsd/r/0.31093954321451195:1760099306:PYl1JJi_a61rqQmhSomRc7mzq5WI4fFR_laoGfpN5iA/98d5e67a58b3568b","fqdn":"cbyq4yr1.cfd","domain":"cbyq4yr1.cfd","tld":"cfd"},"ip":{"addr":"172.67.181.107","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cbyq4yr1.cfd/","date":"2025-10-12T10:26:41.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cbyq4yr1.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 14 Sep 2025 20:59:31 GMT","end":"Sat, 13 Dec 2025 21:35:43 GMT"},"fingerprint":{"sha1":"85:DE:49:6D:30:56:9C:56:9E:21:76:20:9B:33:D1:D5:0C:48:77:68","sha256":"63:56:7A:54:DD:A5:44:BA:77:95:3B:F4:A8:1C:28:C7:0C:EC:97:B8:A5:66:8D:B1:85:35:5D:74:6D:D6:2E:C6"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/r/0.31093954321451195:1760099306:PYl1JJi_a61rqQmhSomRc7mzq5WI4fFR_laoGfpN5iA/98d5e67a58b3568b HTTP/1.1\r\nHost: cbyq4yr1.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12085\r\nOrigin: https://cbyq4yr1.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cbyq4yr1.cfd/\r\nCookie: PHPSESSID=76408b9d59496687ebb16fefa0b382fc\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Sun, 12 Oct 2025 10:26:41 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=IOlljxUsMBdNHbird7EJgqmlEE8z9yUIzqT1vJpgQis-1760264801-1.2.1.1-ZPlQo_DE15Q0EyhRqwk3GqmLmLVmJbMtnZyeUu9brQQo90YsBnmATWdPTNE9SzX5UdRaMWuQXtIm8QxOW_HgHstEYTrB0EgT.E2Ub6n_tMuJJzP3BZ_epq0gT_FxbwxQB7hL4sDyN645WX1Uv5_NxiWeRHCXDPCq70rTm3AnsZWll99UmUgZbhBk0sGcui0cE769ywkE2krPbjlcarCmwFEwThzHIvJQy4W6AoqRzJg; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=cbyq4yr1.cfd; Expires=Mon, 12 Oct 2026 10:26:41 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 98d5e6810ccb0b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"cbyq4yr1.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}