{"report_id":"81414670-5113-4210-ba70-bc412ca08e07","version":6,"status":"done","tags":[],"date":"2026-02-13T20:37:09Z","url":{"schema":"https","addr":"armyxrptoken.com/","fqdn":"armyxrptoken.com","domain":"armyxrptoken.com","tld":"com"},"ip":{"addr":"104.21.86.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"armyxrptoken.com/","fqdn":"armyxrptoken.com","domain":"armyxrptoken.com","tld":"com"},"title":"armyxrptoken.com/","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"armyxrptoken.com/","fqdn":"armyxrptoken.com","domain":"armyxrptoken.com","tld":"com"},"ip":{"addr":"104.21.86.57","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-20T20:37:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-13","alert":"Sinkholed","trigger":"armyxrptoken.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"armyxrptoken.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-04","domain_rank":0,"first_seen":"2026-02-12T21:24:48.776504Z","last_seen":"2026-02-12T21:24:48.776505Z","alert_count":2,"request_count":2,"received_data":4075645,"sent_data":918,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"armyxrptoken.com/","fqdn":"armyxrptoken.com","domain":"armyxrptoken.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-13T20:36:45.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"armyxrptoken.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Feb 2026 21:28:17 GMT","end":"Tue, 05 May 2026 22:24:17 GMT"},"fingerprint":{"sha1":"D0:9C:B3:9B:2B:2F:56:01:07:E8:2A:B2:B3:56:30:84:93:DC:8C:FB","sha256":"03:1F:86:26:B4:66:D9:AC:CC:33:B4:C3:37:1E:3E:8B:94:74:DE:7B:F1:7B:7D:22:E3:DF:AF:D8:7E:ED:92:7E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: armyxrptoken.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 13 Feb 2026 20:36:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 04 Feb 2026 22:23:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=43DUwrxUlSggcf9jN1JSgmqvpY2AV375dhNer6avedVwPgGuaU2uGoYsRTaUzW8EvHMRt0hHxhlLjg6NeAbPckgsxelAg3VjPI4mn8tMXkM%3D\"}]}\r\nage: 228643\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9cd71ea94daab7b2-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":964091,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (27316)","md5":"f3c318fdbf354c584207af835154b321","sha1":"36312e94585a97d726d02820307da5d1aa448c7f","sha256":"f97d56975ef0753fcfa59a3926950c51eeff5b961e37e3930d7c7ca97be057e9","sha512":"348192452680d58090bb0a1801c4f98dcf9336ea04e0dfe71882511a261eff5050b3a489c92bd3b05f3148a2b26a91b4271451efa50c4a7a083f78f51b33f398","ssdeep":"24576:wyLcVe3KbqhOFUb2/3FD30sGCDbheKyqEnzKSk8dy:EbqR29D30sZ4qQRdy","tlshash":"382502353600213e5d2785d5e3ccb6ac6d19f183da1a49b9b9fa0025dbc3ff42a77268","first_seen":"2026-02-12T21:24:53.017038Z","last_seen":"2026-02-13T20:37:11.574534Z","times_seen":2,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":59,"dns":27,"connect":8,"send":0,"wait":38,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-13","alert":"Sinkholed","trigger":"armyxrptoken.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"armyxrptoken.com/modern-connect-v1.1.min.js","fqdn":"armyxrptoken.com","domain":"armyxrptoken.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://armyxrptoken.com/","date":"2026-02-13T20:36:45.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"armyxrptoken.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Feb 2026 21:28:17 GMT","end":"Tue, 05 May 2026 22:24:17 GMT"},"fingerprint":{"sha1":"D0:9C:B3:9B:2B:2F:56:01:07:E8:2A:B2:B3:56:30:84:93:DC:8C:FB","sha256":"03:1F:86:26:B4:66:D9:AC:CC:33:B4:C3:37:1E:3E:8B:94:74:DE:7B:F1:7B:7D:22:E3:DF:AF:D8:7E:ED:92:7E"}}},"request":{"raw":"GET /modern-connect-v1.1.min.js HTTP/1.1\r\nHost: armyxrptoken.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://armyxrptoken.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 13 Feb 2026 20:36:46 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 04 Feb 2026 22:23:24 GMT\r\netag: W/\"6983c6dc-2f739b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZTvkhYj3vygDrHsY1l85A0ZdEEXUapjq058wYJI99WJakjDiYmVsszNV57HtAGZHwdAvsRMrK8MV2J03NmZ8%2BR%2FLlq5QaBjvETaH5iXRhaQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cd71eaaca8edd2c-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3109787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b8d38b8b502ce108641ed5e161aa1b2c","sha1":"f7608c09797ba9394cc960c5d011d758cbb1b091","sha256":"1e812688eadf5517e175824fedf0bbee33f497aceb64a30f034fc61a683f7c20","sha512":"930b531c3a9fccdc651d27b2d6b0815248899169a179045cd3554a95cde09e371aba1fe25118b6f8971892d0a724057c8b551213bf3b7cb4365854c67574a48a","ssdeep":"24576:aftfvwh3nDbPPDrzhZzYWd3FMXaC1B19pRtlp17AjfHXnMO4qlviscwq8i7hMf0U:ywBq/j1XDCH4lgpb3","tlshash":"b1258413a2d038d251d75eb1b62350daec2d4bafb58c9afa998cf834fce1054e5d8634","first_seen":"2026-02-08T14:08:32.53433Z","last_seen":"2026-03-20T11:08:47.956456Z","times_seen":136,"resource_available":false,"data":null}},"time_used":1139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":334,"receive":805,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-13","alert":"Sinkholed","trigger":"armyxrptoken.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}