{"report_id":"7822c284-bf9c-4943-99ac-2ad62748cf15","version":6,"status":"done","tags":[],"date":"2025-10-08T20:49:44Z","url":{"schema":"http","addr":"qwtjq.ytogyptsixweek.org","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"title":"Title"},"submit":{"url":{"schema":"http","addr":"qwtjq.ytogyptsixweek.org","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-12T20:49:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"qwtjq.ytogyptsixweek.org","ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2025-06-11","domain_rank":0,"first_seen":"2025-10-08T20:49:45.236447Z","last_seen":"2025-10-08T20:49:45.236447Z","alert_count":6,"request_count":2,"received_data":1083078,"sent_data":889,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"encythan.online","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-01-24","domain_rank":0,"first_seen":"2020-11-16T12:33:05Z","last_seen":"2025-10-08T12:21:20.099802Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":582,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/service_worker.js","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cbcb6557f617f149532c723cc4edd57c","sha1":"051e2f9348d9ee04bad6565b3f406ad6ced1caa0","sha256":"9846e67f8cd6186b03d3f831826c0c457b99ea8c9f98ea63cddcac7e0fe43251","sha512":"3f093e625ae191944273071865c99592a26f5f3ea2f16e88693d3abda5d90bdfb828b1941471827de80de3637fcca65c347db4886723166c94432e731bc5224b","ssdeep":"1536:vSpw5PMhOhJ6ZbaL7l65FrH0qmjOytC1AVaU8BbrwWD1QUqelne8ShJZxnRw9gOk:vSpwVJ6zHOM1wb8BbUoQIntSFxnRh/","tlshash":"f1d3a48432026182cd43e3fb01bfe7f658da551da7984950044dee8fbd25c8f4eaeae5","size":139543,"data":"","first_seen":"2023-03-10T16:22:53Z","last_seen":"2026-04-04T00:54:45.915561Z","times_seen":951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1de95e448f6c764e4b8611d622fa1bab","sha1":"d8972a322b1de82305cda02f9b7926673bb62259","sha256":"113b3e5b554865d550281aeea90fd372de2519f8906103344f2fd72d3e845b8f","sha512":"e6cf2ba51f74f9204eae957764c0691ae5722846fcc64cc6bafcf0882310fd9d1d31fe6e1db503cde3a8b929bdbfa9d95666f5da10aa5a4fda62a3890d22a727","ssdeep":"1536:ojExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:oYh8eip3huuf6IidlrvakdtQ47GKF","tlshash":"da93f9ddb2c6702257a720ba007f510bf236199d6c4d8450f269d8e9bc78a4e827bf7d","size":89497,"data":"","first_seen":"2023-03-07T12:06:31Z","last_seen":"2026-04-04T18:04:02.998672Z","times_seen":816,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6ea86f11ae806cb11b2f053e5e0fd7c4","sha1":"112a77ba1a1ba7fe575cbd7ac296cca0c5dd18b9","sha256":"e9f79f88752cc733458de0ccd81f8f88598416003c41dca444a2e98572587811","sha512":"83c50e32cc2b07bb31c92f2410c4c8c572e65dc0fadf9d7fd17edc38aeebe4ce4f9754137fb36d7d8257fd39f5b593ac0bb1c3bb239a6245662eefbd1f33151a","ssdeep":"768:2p/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5Yo:VorXfURXiUrmq5Yo","tlshash":"8403950ab23031a107efa1a5414b020e73366a7df94791ac78a9d9f22db4c49717bf7d","size":39702,"data":"","first_seen":"2023-03-07T12:06:31Z","last_seen":"2026-04-04T18:04:02.999239Z","times_seen":814,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"aca38ecd939f42089c3c21ee6026cd0f","sha1":"84f7d1c61dbcc4f57d7a42efd1f4dc19f2ecd5d4","sha256":"902b148385047dcff604c45c71a6d8f5c554f4d144ad890a70a4ae90af16b1bd","sha512":"e888ed3d03eb1cdad05dd15dfa177c122e67bb7e42a6b7d04642c85cc5175cc951e4f1fbc15e03a643cb128d6b69d243b2e4072bb9480f3d51647af84ffad6e8","ssdeep":"3072:dbAG4B2hH4IxNG4Olv1sIe651Z8Ts6/6CA74VQiHxqu5Z4NVPJ6BMr9pm:d8B26okvaIe6LZ8TbTw4Vau4NVP0Mrm","tlshash":"be1412b0ac17b46bd82e8658866d3589ac74cc330e25f558b74e6073ef8e8900f758f9","size":200852,"data":"","first_seen":"2023-03-07T12:06:31Z","last_seen":"2026-04-04T18:04:02.999741Z","times_seen":813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-08T20:49:19.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ytogyptsixweek.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 10:47:34 GMT","end":"Tue, 06 Jan 2026 10:47:33 GMT"},"fingerprint":{"sha1":"12:CA:7C:8A:1C:B5:CE:87:EF:2C:75:11:C2:C2:47:AE:56:67:B9:D5","sha256":"2C:CF:B3:B0:B4:12:7D:0A:C8:0D:81:25:8D:EA:C8:81:64:34:E0:0F:C5:A5:D9:8D:DE:75:7F:16:05:C7:F0:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: qwtjq.ytogyptsixweek.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":943015,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (65083)","md5":"4890993cdb2f3d5d3b7925543fbe4240","sha1":"2e28d4f3bffafafcddac8a6737d0f522cb43d108","sha256":"2b1e9cbc7eb46e526ac37ecd323410b9b32bc0a3b5cd765ceafaa760b780518d","sha512":"3082b3a21de1089fe076d8f8e1285ab9fb03f26b8bb4477171086d5c2c5ebffee41d3c5cbe68c709dcb61f11e4dc689ac1123c853062ee09e5063e781f41f10f","ssdeep":"24576:nD/05p0zQKdR7apj/Y3mfy+NhysLZCZ4jPt7:D/05fu7azVhynZ4p7","tlshash":"0515f1e5f24131f23367c1a931a7aa0b32399457e50a4db5f11ea4e84f98d8a0273f7d","first_seen":"2025-04-19T06:54:35.830055Z","last_seen":"2026-04-04T18:04:02.998149Z","times_seen":147,"resource_available":true,"data":null}},"time_used":779,"timings":{"blocked":336,"dns":50,"connect":93,"send":0,"wait":106,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qwtjq.ytogyptsixweek.org/service_worker.js","fqdn":"qwtjq.ytogyptsixweek.org","domain":"ytogyptsixweek.org","tld":"org"},"ip":{"addr":"52.22.84.30","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qwtjq.ytogyptsixweek.org/","date":"2025-10-08T20:49:20.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ytogyptsixweek.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 10:47:34 GMT","end":"Tue, 06 Jan 2026 10:47:33 GMT"},"fingerprint":{"sha1":"12:CA:7C:8A:1C:B5:CE:87:EF:2C:75:11:C2:C2:47:AE:56:67:B9:D5","sha256":"2C:CF:B3:B0:B4:12:7D:0A:C8:0D:81:25:8D:EA:C8:81:64:34:E0:0F:C5:A5:D9:8D:DE:75:7F:16:05:C7:F0:96"}}},"request":{"raw":"GET /service_worker.js HTTP/1.1\r\nHost: qwtjq.ytogyptsixweek.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.21.4.1\r\ndate: Wed, 08 Oct 2025 20:49:20 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139543,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cbcb6557f617f149532c723cc4edd57c","sha1":"051e2f9348d9ee04bad6565b3f406ad6ced1caa0","sha256":"9846e67f8cd6186b03d3f831826c0c457b99ea8c9f98ea63cddcac7e0fe43251","sha512":"3f093e625ae191944273071865c99592a26f5f3ea2f16e88693d3abda5d90bdfb828b1941471827de80de3637fcca65c347db4886723166c94432e731bc5224b","ssdeep":"1536:vSpw5PMhOhJ6ZbaL7l65FrH0qmjOytC1AVaU8BbrwWD1QUqelne8ShJZxnRw9gOk:vSpwVJ6zHOM1wb8BbUoQIntSFxnRh/","tlshash":"f1d3a48432026182cd43e3fb01bfe7f658da551da7984950044dee8fbd25c8f4eaeae5","first_seen":"2023-03-10T16:22:53Z","last_seen":"2026-04-04T00:54:45.915561Z","times_seen":951,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"qwtjq.ytogyptsixweek.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"encythan.online/djlQRkkNGyMxFgNLPGRzVFEkMjkFA39pOAFNOjdnD00%2FITAGTSMvMQFcNS1nGUs3aToTSyYvKhNmJyk7HVwiaCMFG3xkOhtfcnx4WhsjKz9UA3J1Z0IbfGQ9F14PLy1UA3J%2FeEYMZnNrWhsjMyspUDR0a0wbMnMrQAo0fnpbXDMlcFsNMSNwW1g2In1bXzV%2FekcOaCQqTgxnZDQ","fqdn":"encythan.online","domain":"encythan.online","tld":"online"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qwtjq.ytogyptsixweek.org/","date":"2025-10-08T20:49:20.875Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /djlQRkkNGyMxFgNLPGRzVFEkMjkFA39pOAFNOjdnD00%2FITAGTSMvMQFcNS1nGUs3aToTSyYvKhNmJyk7HVwiaCMFG3xkOhtfcnx4WhsjKz9UA3J1Z0IbfGQ9F14PLy1UA3J%2FeEYMZnNrWhsjMyspUDR0a0wbMnMrQAo0fnpbXDMlcFsNMSNwW1g2In1bXzV%2FekcOaCQqTgxnZDQ HTTP/1.1\r\nHost: encythan.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T19:47:03.381564Z","times_seen":13344428,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}