{"report_id":"6be07d8f-5220-4485-8c0e-49f4888ef219","version":6,"status":"done","tags":[],"date":"2025-10-06T22:03:39Z","url":{"schema":"http","addr":"azxulq.xyz/WvrES/ng-en?1005522740710788895\u0026s=wa\u0026","fqdn":"azxulq.xyz","domain":"azxulq.xyz","tld":"xyz"},"ip":{"addr":"104.21.15.172","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"azxulq.xyz/404bbbhcc2kogz","fqdn":"azxulq.xyz","domain":"azxulq.xyz","tld":"xyz"},"title":"azxulq.xyz/404bbbhcc2kogz"},"submit":{"url":{"schema":"http","addr":"azxulq.xyz/WvrES/ng-en?1005522740710788895\u0026s=wa\u0026","fqdn":"azxulq.xyz","domain":"azxulq.xyz","tld":"xyz"},"ip":{"addr":"104.21.15.172","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-10T22:03:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"azxulq.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"azxulq.xyz","ip":{"addr":"172.67.163.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2025-10-06T22:03:39.301793Z","last_seen":"2025-10-06T22:03:39.301793Z","alert_count":2,"request_count":2,"received_data":6770,"sent_data":935,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"azxulq.xyz/favicon.ico","fqdn":"azxulq.xyz","domain":"azxulq.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://azxulq.xyz/404bbbhcc2kogz","date":"2025-10-06T22:03:17.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"azxulq.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 11:43:17 GMT","end":"Sat, 27 Dec 2025 12:43:14 GMT"},"fingerprint":{"sha1":"AF:D8:B7:7C:E4:70:DB:89:F6:4F:4D:14:30:CF:14:47:85:C4:FB:B9","sha256":"01:E2:1B:81:39:D7:68:20:5A:5E:9A:23:DB:01:8A:3F:94:D3:A4:5C:FD:5D:03:9C:FA:C2:2D:C1:3F:3A:34:83"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: azxulq.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://azxulq.xyz/404bbbhcc2kogz\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Oct 2025 22:03:17 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CSfhkyKrVy5znaTHODuw6ap5V27EV8%2FN6PSuqlE7oUc2wRBCJOiTaLwUiS%2FloR%2BbVEXBE2gpoC%2FTaXXN%2BcOwC1t6Na0nGB%2Bz\"}]}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 98a872a9ddd056a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5322,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5263), with no line terminators","md5":"a11d576ee80c0046f9f07272b541cfad","sha1":"16c809bfa9d5ecb7c85bd1bdce41b825b97e4d1c","sha256":"a3cd5c910d087a7bd0473c91ad3dc2419ce2e5edcdded60ada3f6e1866534cdb","sha512":"9f93a384f52a7ae2a0b176937ac1037ff940f1b44012ae54d0e4b0e415af8819d853f20e7003b9ee6c66e67e9155930f33677392ceb96f5c9c9e15370dd0ea0d","ssdeep":"96:W+EaH/EKQE0S2iwE+TIZydHwHGGCmoKnhJ8b8Mw3bIFGca2vJurmYiHriHcHG6:W+E0EKQE0DiFZCQmGCmo8hJKP6bIjuri","tlshash":"aab10b739951dd1e4275c948659ab50874b0cb17c9718481b3ee04dfcce1ec9cbb7786","first_seen":"2025-10-06T22:03:42.099962Z","last_seen":"2025-10-06T22:03:42.099962Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"azxulq.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"azxulq.xyz/404bbbhcc2kogz","fqdn":"azxulq.xyz","domain":"azxulq.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-06T22:03:17.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"azxulq.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 11:43:17 GMT","end":"Sat, 27 Dec 2025 12:43:14 GMT"},"fingerprint":{"sha1":"AF:D8:B7:7C:E4:70:DB:89:F6:4F:4D:14:30:CF:14:47:85:C4:FB:B9","sha256":"01:E2:1B:81:39:D7:68:20:5A:5E:9A:23:DB:01:8A:3F:94:D3:A4:5C:FD:5D:03:9C:FA:C2:2D:C1:3F:3A:34:83"}}},"request":{"raw":"GET /404bbbhcc2kogz HTTP/1.1\r\nHost: azxulq.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Oct 2025 22:03:17 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZZ8%2BiYI8iIUBXMGa3HV6WZTJg9KPM8ojlTlfaTw68ffKJ0k%2FXm1CD1%2FyignhMktEqRT14QBl6O4IpGvrYIrEgMPHTKTlCIXGtyk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-cache-status: MISS\r\nlast-modified: Mon, 06 Oct 2025 22:03:17 GMT\r\naccess-control-allow-origin: *\r\ncf-ray: 98a872a99da356a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"e948292cca6a27165ff1d1edfb345a32","sha1":"80ff0b67a2016c711c0e61c281c39c8aa6d783b7","sha256":"3a41eaaf0fee88f5b56ba53b64b21358f755b71f6b7ba97f7a151cad4e1ed884","sha512":"4164a137b4c49de885d1836f0b8809f3b692b56cd0bf335da16f5579e39d495b3367e9815ee30506042db14111b2636d8bca28ba955f1a23e796b22bbbfb4cc7","ssdeep":"","tlshash":"d66000000000300000000c0c00000000000f0000003000003c0f033fc0000000f3000f","first_seen":"2025-10-06T22:03:42.103657Z","last_seen":"2025-10-06T22:03:42.103657Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-06","alert":"Sinkholed","trigger":"azxulq.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}