{"report_id":"67606d33-2afa-479b-bddd-673a5b556007","version":6,"status":"done","tags":[],"date":"2026-04-18T12:42:42Z","url":{"schema":"http","addr":"registerheiu.xyz","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"172.67.164.71","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"registerheiu.xyz/","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"title":"用户注册","dom":{"size":9667,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"29cdea1f7919f7264110f2d7b0047cfa","sha1":"78bcb3177cdc4a347aa3ed6865bd97294f22c046","sha256":"5f23af1fd4389d23bf6ed2c66ab0d0f8a931e9c0e2bc32c5a76bdbe242b834c0","sha512":"eb0ddd976942507a3300a5cb73eff9a1d14e00edfd91f226aad826b1f7af2249f91c9aa76679411cd3259fd333ddafe78d05e8ab1039605e56bcfd62fdd223fd","ssdeep":"96:xCYf5HpNbPx/aMl6PfmgPGmb4MGpMGJwcsWHjqKg4+a:cYf5HplQPfnGmbx4MGJwiPEa","tlshash":"0f12425889f70752197791a87be34e4677a0d103c809cd1d3fee32a8cf8d6d6e992345","dom_hash":"domhash41100cf97d1b290aa432b6388932dd2c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"registerheiu.xyz","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"172.67.164.71","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T12:42:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"registerheiu.xyz","ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":7,"request_count":7,"received_data":564606,"sent_data":3112,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"registerheiu.xyz/js/b8v4n6t2re.js","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e8b7141be8299f9ab2641aa65e7b9d8","sha1":"cc51d06fd284b34d3ad0fa68aa8e562d4fbf0e89","sha256":"b46236a0f28073c4658d5c48d8323b6f1bc51b996ba99c3d5ef0078dab0cc0de","sha512":"f700ee57fbecbcd59048086841e51bf0d07241a3690e4ed770bd07a95c46c8bd6d82b828fcb124336265ac0174ba2b92d78ea6d66964fe8542566dae00229d97","ssdeep":"3072:989eYGcJWRK/kIN0tifCEtQn4B8CyUyfd/vmeIF78CDACl3HXgaV2D6R1kbzeCpn:96g6kIFliDU1kbzeCpFUVygzhDSr","tlshash":"82a4dc8659cbea19de4890449c378dcfb1e3cd424aec9e0ef953edc9a9dc5e08ed0644","size":493510,"data":"","first_seen":"2026-04-18T12:42:49.350207Z","last_seen":"2026-04-18T12:47:27.553582Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/js/d2p6q8m3vb.js","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f900413ed97257508f81e0b3ae24428","sha1":"bc55d623d942541c3a240f59d3d271e295aa3e19","sha256":"a97d0f9f2c089ed59f65df79a95467a4500e504169388b5a236292dbfd6daf80","sha512":"feac8b952b9104122934d87a469bd70328bb1aaff30a06f5748f020c5e55ac74bec1916320aecb669cd101458c9771e91ac74252113830c760a6e6c8a97cd75f","ssdeep":"768:3RQ+gH4CklFfh0CrtfAaEjatVAQq51pDD:3RQ+DFfhttonebAJH9","tlshash":"54c23e4879e37030860bf1a85a6fcd0db339559b058d8d1a7d0c92a4af1583e87bafdc","size":26503,"data":"","first_seen":"2023-07-15T21:56:00Z","last_seen":"2026-04-18T12:47:27.552651Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"ae125cd5ce10bc1a2bf8f29ee68eb8dd","sha1":"aaea015c6e72003f0d4d8c667769c4a66d52d794","sha256":"55d057dda1c07b4f9bcd2c76206d1ef615997f528faa627a70cc8a6a219f7b21","sha512":"98f4f807ee3b7e0a57b8408c22026d90e9a32d8c368cf7f9ce0eae4d4f21a9f60932ce9dd05d22f86f3305e9d61538a6940300a6b76916ef93f12341f125f9df","ssdeep":"3072:wAvrFeEl7aZL10kJi76lMCyaAfd/vmeIFDUyDCC5/FX5KviV2f6d7kbzeCpFUVCl:wU7Ml79CbfS7kbzeCpFUVRgzBFQDR/y","tlshash":"33a4da855acbeb1ace4841489c278dcbb1e3dd5346ec8d0ef953edc9a9ec4e18ed0944","size":465063,"data":"","first_seen":"2026-04-18T12:42:49.353135Z","last_seen":"2026-04-18T12:47:27.556878Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"registerheiu.xyz/","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T12:42:19.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:42:20 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 09 Apr 2026 07:44:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eIA8LpCa7BS8vCBZ7IHoQlp7ItyvkExKRFdx7PJiSDGnSu0k3segpebbPDr8WRqI7DZrm9FWh47CkNkgzKevYekEW91y6zOQ78i5HCwZ4Vu2SeWwEdSH6mYdOfviu7tlnJED\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ee3bfb2b89b723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9687,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"fc97848ce2d8d029eacda3b98fd0f00b","sha1":"0bc66171ddca7bdab5bf56fbdb0fafd3063efc53","sha256":"54ec09c515b7c644a5e9c090f6daabacaffa7e5c2544715094db3f75d7cae86c","sha512":"51ee7f393091ed0bacf3fcc927f48f41cb71e3bea5911cc69a7f1e361b504f31b8ed1f14620655abd1df57bc210decdfecebc51771f68f83c565ea9a2ce2794e","ssdeep":"96:9tYf5HpNbPx/aMl6PfmgPGmb4MGpMGJwcqVHjqKg4+HD:LYf5HplQPfnGmbx4MGJwTPEHD","tlshash":"1012325889f70752197791a87be34e4677a0d103c809cd1d3fee32a8cf8dad6e992345","first_seen":"2026-04-18T12:42:49.337143Z","last_seen":"2026-04-18T12:47:27.554986Z","times_seen":2,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":101,"dns":74,"connect":3,"send":0,"wait":645,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/images/usdt.png","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:20.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /images/usdt.png HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 5449\r\nlast-modified: Tue, 07 Apr 2026 14:02:18 GMT\r\npriority: u=4,i=?0\r\netag: \"69d50e6a-1549\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=323qobGtekpg1x6Q3F0MDILe37rEZnVZVoeJH0p%2Bwygyv5C%2BbHp3gSRlYEEpGDmQZ%2FgagG5jOYqgPdQI1GUKCQMYg6JeAIFObGggxhecjVbuyNfpAUVd%2BoopgKgmZ2zWCnkH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee3bfb80c42712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5449,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"171435102abf595ca4853c290bafd6dc","sha1":"77f073e2b64292439dd50a0471e4db521458e2e9","sha256":"fd38f087acaeda090581bdef80af464910450a5aa3081a0de47bb895ad7593bf","sha512":"a57cbcf4028a3690a6f2bc27e912d1d7be59e53bb875727e023634bb7a2853b584e2abf862c74c25a852cf9d7246e91d7d3531f0d6596b7bb2ffbb69eb922688","ssdeep":"96:gxlMz8MDaEWBoNC7d1tJNg1Z6iuSjSgqbH/2rbdgTCpkCC5K/2S5iqst4OZiTwZ0:gEwFL7C1ZJS9fqdSC2C0jSsq2uwZwT","tlshash":"20b18ecc924564a9fd64da384812a12e928441b5b13ec58cf47fa61e37f63a316299ce","first_seen":"2026-04-18T12:42:49.340844Z","last_seen":"2026-04-18T12:47:27.555612Z","times_seen":2,"resource_available":false,"data":null}},"time_used":642,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":641,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/images/logo-tronlink.svg","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:20.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /images/logo-tronlink.svg HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:21 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xbmVrAysUnsR%2FOTXcHV%2FNVxjBBz7Cag63%2BlHXF7W%2FmSDYXxr%2F7Dl8C7%2B8kSyiM40U0L%2FGXcPCR7Trd0f6idhK8Yigwp5sab6djhvA9FXnMp40vQEUPHesxvfWMsVwXUEVIyt\"}]}\r\nlast-modified: Tue, 07 Apr 2026 13:59:19 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69d50db7-d6e\"\r\ncf-ray: 9ee3bfb80c43712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3438,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"189795537c6cb70670c337f54f5d0308","sha1":"0b47a2a56099cf933cdef17e07d21252218bf990","sha256":"f73c4f22751a332322f48bc9b4e2f7b78ed96553007bd0a62d94f3022440a37b","sha512":"a785d041ec32f29d43ec96e81e0a58cbe87d296a9f041fad1cffbeefcc8de703e6516a2c5d770f90acf6ea0a67e3476a678613d443d48d29e1cdce17d4fe7b74","ssdeep":"","tlshash":"a96172e163e5e2f5f509f3fd86324879b98268f63e22c98842d12c55a80444d8ddeceb","first_seen":"2026-04-18T12:42:49.34489Z","last_seen":"2026-04-18T12:47:27.556191Z","times_seen":2,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/js/d2p6q8m3vb.js","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:20.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /js/d2p6q8m3vb.js HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:21 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aBRI%2BK50USqz9QnW%2BVjETsdmOJbpNIBfXRaWVzhPegriubuE1aZ64J2QF3IkYrwOJ4%2BQHljKvGbJL3bWOWrOgeaZO%2F4D4qIy%2F2UhYfhrEkInp9zyZDYiB28jlVqQIx5WWZgv\"}]}\r\nlast-modified: Mon, 20 Mar 2023 07:36:43 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"64180d0b-6787\"\r\ncf-ray: 9ee3bfb80c45712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26503,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2942)","md5":"1f900413ed97257508f81e0b3ae24428","sha1":"bc55d623d942541c3a240f59d3d271e295aa3e19","sha256":"a97d0f9f2c089ed59f65df79a95467a4500e504169388b5a236292dbfd6daf80","sha512":"feac8b952b9104122934d87a469bd70328bb1aaff30a06f5748f020c5e55ac74bec1916320aecb669cd101458c9771e91ac74252113830c760a6e6c8a97cd75f","ssdeep":"768:3RQ+gH4CklFfh0CrtfAaEjatVAQq51pDD:3RQ+DFfhttonebAJH9","tlshash":"54c23e4879e37030860bf1a85a6fcd0db339559b058d8d1a7d0c92a4af1583e87bafdc","first_seen":"2023-07-15T21:56:00Z","last_seen":"2026-04-18T12:47:27.552651Z","times_seen":21,"resource_available":true,"data":null}},"time_used":894,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":894,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/js/b8v4n6t2re.js","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:20.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /js/b8v4n6t2re.js HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:21 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uUX4xewSjSLmsqRTaguazAvvB2WxIhh6SJS3uR8BV11P3oef4PhR7BVITuZiLe3SRRjNbn59EqlWDB1YuJYNAox3leXVHbk4rcbueyEgFaK7GxC4qLA0xc9dbpSXsVwX8izn\"}]}\r\nlast-modified: Thu, 09 Apr 2026 10:21:50 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69d77dbe-787c6\"\r\ncf-ray: 9ee3bfb80c44712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":493510,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2e8b7141be8299f9ab2641aa65e7b9d8","sha1":"cc51d06fd284b34d3ad0fa68aa8e562d4fbf0e89","sha256":"b46236a0f28073c4658d5c48d8323b6f1bc51b996ba99c3d5ef0078dab0cc0de","sha512":"f700ee57fbecbcd59048086841e51bf0d07241a3690e4ed770bd07a95c46c8bd6d82b828fcb124336265ac0174ba2b92d78ea6d66964fe8542566dae00229d97","ssdeep":"3072:989eYGcJWRK/kIN0tifCEtQn4B8CyUyfd/vmeIF78CDACl3HXgaV2D6R1kbzeCpn:96g6kIFliDU1kbzeCpFUVygzhDSr","tlshash":"82a4dc8659cbea19de4890449c378dcfb1e3cd424aec9e0ef953edc9a9dc5e08ed0644","first_seen":"2026-04-18T12:42:49.350207Z","last_seen":"2026-04-18T12:47:27.553582Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":790,"receive":616,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/images/icon.png","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:22.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:22 GMT\r\ncontent-type: image/png\r\ncontent-length: 10648\r\nlast-modified: Thu, 28 Sep 2023 07:24:22 GMT\r\npriority: u=6,i=?0\r\netag: \"65152a26-2998\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GqUl9TEDz92r8izmKZQ7m%2FqI0N5Jsdpa61xTExkhh%2B7oV%2FvdV0XEKn8F%2Bj6wSKMH7DCTFPomRE4eZJMvWiY0qBTdLQ9k0LkqLT6Zb9q2XGYShXVVqG4XZCTH8hwCL4vm9H33\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee3bfc18c8b712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10648,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"670f7e9ed8cb600ef95acb0619fb9ba3","sha1":"509013cf6bfab0c977b56887b9ddb9d96bedfc07","sha256":"40850fc33b7327cfbc25cd240cdfc36ef7e1b2f36729b09ddbc66369540ba0dd","sha512":"381ae265f0547a24674b33c9b9a45f92bd80543342d3d4068676996be6403e575b7f7b98fe8453c657bb1752da20c24a8fccd10d224aa04ba7db2ea83afe914e","ssdeep":"192:lHY3F80KM3g2dEhLpNmYTsrISM0iIjuQ8HUu2nlB/Wxwq2:lHY3FhQeqfmYTsrI3F10uC/Wxwq2","tlshash":"9622cff0f0ec7ca69e53294e14b910480a8ea85727bf0516e3eacf30979d607b1786e0","first_seen":"2025-06-25T03:52:04.677639Z","last_seen":"2026-04-18T12:47:27.554291Z","times_seen":19,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"registerheiu.xyz/images/icon.png","fqdn":"registerheiu.xyz","domain":"registerheiu.xyz","tld":"xyz"},"ip":{"addr":"104.21.82.221","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://registerheiu.xyz/","date":"2026-04-18T12:42:22.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"registerheiu.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 13:39:19 GMT","end":"Tue, 07 Jul 2026 13:39:18 GMT"},"fingerprint":{"sha1":"33:25:24:1A:67:46:02:A8:0F:10:7B:F7:C4:B8:9D:B3:CD:B1:34:48","sha256":"C6:89:33:10:CB:33:FF:21:24:3B:16:B8:30:EC:B3:75:3C:FF:38:86:77:C6:AC:16:2C:C1:6B:26:57:45:8C:72"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: registerheiu.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://registerheiu.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 12:42:22 GMT\r\ncontent-type: image/png\r\ncontent-length: 10648\r\nlast-modified: Thu, 28 Sep 2023 07:24:22 GMT\r\npriority: u=6,i=?0\r\netag: \"65152a26-2998\"\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xj9%2BduBz9zzDJqFsm5d%2F4hGlFXFga%2BC9i6A2nOYjt6uBYDhToKv4oAeHAoR1HkTKDH8kz5gdD2g7i7m2R6EKqrIMyzswU5OlvhErppni47yzE0N8jR0j9TdVhGzgtL8B3uHG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee3bfc18c8c712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10648,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"670f7e9ed8cb600ef95acb0619fb9ba3","sha1":"509013cf6bfab0c977b56887b9ddb9d96bedfc07","sha256":"40850fc33b7327cfbc25cd240cdfc36ef7e1b2f36729b09ddbc66369540ba0dd","sha512":"381ae265f0547a24674b33c9b9a45f92bd80543342d3d4068676996be6403e575b7f7b98fe8453c657bb1752da20c24a8fccd10d224aa04ba7db2ea83afe914e","ssdeep":"192:lHY3F80KM3g2dEhLpNmYTsrISM0iIjuQ8HUu2nlB/Wxwq2:lHY3FhQeqfmYTsrI3F10uC/Wxwq2","tlshash":"9622cff0f0ec7ca69e53294e14b910480a8ea85727bf0516e3eacf30979d607b1786e0","first_seen":"2025-06-25T03:52:04.677639Z","last_seen":"2026-04-18T12:47:27.554291Z","times_seen":19,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"registerheiu.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}