{"report_id":"71cca137-3608-4640-9e56-f4d28d5254b6","version":6,"status":"done","tags":[],"date":"2025-10-14T08:00:36Z","url":{"schema":"http","addr":"434724.zazz-analysis.cyou/","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"ip":{"addr":"104.21.84.162","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"434724.zazz-analysis.cyou/","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"title":"Apache2 Debian Default Page: It works"},"submit":{"url":{"schema":"http","addr":"434724.zazz-analysis.cyou/","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"ip":{"addr":"104.21.84.162","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-18T08:00:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"434724.zazz-analysis.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"434724.zazz-analysis.cyou","ip":{"addr":"104.21.84.162","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-14","domain_rank":0,"first_seen":"2025-10-14T08:00:36.200086Z","last_seen":"2025-10-14T08:00:36.200087Z","alert_count":3,"request_count":3,"received_data":19010,"sent_data":1418,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"434724.zazz-analysis.cyou/","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"ip":{"addr":"104.21.84.162","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-14T08:00:13.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zazz-analysis.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 20:48:06 GMT","end":"Mon, 08 Dec 2025 21:44:45 GMT"},"fingerprint":{"sha1":"2E:39:59:1C:C2:B2:CE:8B:B8:A2:45:88:30:C9:E0:04:47:C5:B2:90","sha256":"70:BB:91:BD:C6:A4:5E:13:27:B7:6F:EA:46:04:E2:03:80:A7:61:03:01:96:E9:8A:BA:A9:CF:20:85:A8:57:69"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 434724.zazz-analysis.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 14 Oct 2025 08:00:14 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 13 Oct 2025 04:35:46 GMT\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o3YPNBhDx3ppi2dD4PwAD9FLSK6SKGFeAdjBGXSnlgjWCW%2F7b70EDQgBQgjUDhLFCC1VMj%2BtirLz%2FG2CoDehHtd1fe%2FD8DPpFvAoyReOIWjPugDgBYHazu4%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98e58ab7fb7b76ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10701,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"e2620d4a5a0f8d80dd4b16de59af981f","sha1":"d23f3a5389aee902652b149cbe2474a12c57fa5a","sha256":"f14e8167f12be74330c1b881b5aa3df95f5bd66d26f42cc03b87a7c38946c571","sha512":"4474addba8debe99563c83202d1bf62baf07ce0a7fcdf127698d7b9989368eec77e5ff0ba1d0dabd3aed713d31b151b4b4bbc6061fd1bb7d8dfffbe47f454371","ssdeep":"96:LA46evqMhQKrFih8Wdp3667KoQAm+czjJX91Go1q03PHhdntunLhgJzdOGUloei8:LV6yqGQKJUnpJKoOJauzYGULe1U","tlshash":"5d229768f9e521136247c06177f2ba532f719087dc0e562931be026c8fc67f6c9a3389","first_seen":"2023-04-06T14:42:39Z","last_seen":"2026-03-31T22:16:35.179087Z","times_seen":2850,"resource_available":true,"data":null}},"time_used":894,"timings":{"blocked":270,"dns":3,"connect":1,"send":0,"wait":353,"receive":0,"ssl":263},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"434724.zazz-analysis.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"434724.zazz-analysis.cyou/icons/openlogo-75.png","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"ip":{"addr":"104.21.84.162","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://434724.zazz-analysis.cyou/","date":"2025-10-14T08:00:14.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zazz-analysis.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 20:48:06 GMT","end":"Mon, 08 Dec 2025 21:44:45 GMT"},"fingerprint":{"sha1":"2E:39:59:1C:C2:B2:CE:8B:B8:A2:45:88:30:C9:E0:04:47:C5:B2:90","sha256":"70:BB:91:BD:C6:A4:5E:13:27:B7:6F:EA:46:04:E2:03:80:A7:61:03:01:96:E9:8A:BA:A9:CF:20:85:A8:57:69"}}},"request":{"raw":"GET /icons/openlogo-75.png HTTP/1.1\r\nHost: 434724.zazz-analysis.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://434724.zazz-analysis.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 14 Oct 2025 08:00:15 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 29 Jul 2025 20:18:46 GMT\r\netag: \"167a-63b171d87f580\"\r\naccept-ranges: bytes\r\ncontent-length: 5754\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ay8A%2BO2NjeZ9bEMnSxBN%2BWonp7Yl%2BZUGbt3ccWTs8jQ2EHkbcfaSxRtQ0dsreaIWmnZhCU%2BaZr2Fox7PbrzVrDdo17LhLlHNV5LPhPPV%2FwUDM6DBwTNo\"}]}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98e58abb5fa856b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 99, 8-bit/color RGBA, non-interlaced","md5":"1769b6005b9b192fd09b7d91146e9485","sha1":"a735c1b0179e985003913d739a4e849962ec5e58","sha256":"71bedcd3976dc7678549451cd09df2dee4e4238b2bf22cfe93e7f1a577319430","sha512":"e45408231173f12ebc1409de54ddd776a889b7775a422165e0729dec7a8cb7894ef7a580e6863b4405c186725539a057ea7aaadaa665e3007afe08e80915ca3b","ssdeep":"96:DSRAo8VDzN8MeDiyse2N0vNuY2QNIoIyu5tfydPpBDLCxahoZUVRNHh5GbnWHdau:DSx8ViTfsei0vNu6N6yut8BDLzhoIDT1","tlshash":"edc16cd79d5a713d9739b9826a5106c07e9c2630a1f3ca2af911704a3d4efd7220f9e1","first_seen":"2025-08-17T12:51:19.742864Z","last_seen":"2026-03-28T21:54:24.654377Z","times_seen":117,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"434724.zazz-analysis.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"434724.zazz-analysis.cyou/favicon.ico","fqdn":"434724.zazz-analysis.cyou","domain":"zazz-analysis.cyou","tld":"cyou"},"ip":{"addr":"104.21.84.162","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://434724.zazz-analysis.cyou/","date":"2025-10-14T08:00:14.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zazz-analysis.cyou","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 20:48:06 GMT","end":"Mon, 08 Dec 2025 21:44:45 GMT"},"fingerprint":{"sha1":"2E:39:59:1C:C2:B2:CE:8B:B8:A2:45:88:30:C9:E0:04:47:C5:B2:90","sha256":"70:BB:91:BD:C6:A4:5E:13:27:B7:6F:EA:46:04:E2:03:80:A7:61:03:01:96:E9:8A:BA:A9:CF:20:85:A8:57:69"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 434724.zazz-analysis.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://434724.zazz-analysis.cyou/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Tue, 14 Oct 2025 08:00:15 GMT\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PGfV63hVxHH8mqVBG0dTlZ9kc%2BIkbc0WA11dQlOV1G23Oco8QbRaNfMbHNViLTw30UBmzSYN4n%2BtBUS4cXnYKYB27o2nk6ULO0Zqh3IwmE7H%2Fp8UXWxQ\"}]}\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncf-ray: 98e58abbffb156b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":287,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"8d0660d9fd767d259dc439ee7763e47c","sha1":"48070bc3626808fca0e71f7fd6d02df54d45dd97","sha256":"f76132792d5502af4853ea866fd45e2dac8b6d13223c30b085e5e8baa09bbf05","sha512":"d357e4a0ce8ca6fe6b7ea388fb6b5e9d8e8c29a20fd4a42e7c6ffe51aa6671e4af45697df130d871ba6d95259c9f52d71e55f35da9cdcffc6cbfdfa4bd70ebd0","ssdeep":"","tlshash":"09d0ebdd5043628f4802149039c118c2634c03ee703a40a82d87d447031983dccea2cc","first_seen":"2025-10-14T08:00:37.87087Z","last_seen":"2025-10-14T08:00:37.87087Z","times_seen":1,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":366,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"434724.zazz-analysis.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}