{"report_id":"8313a748-67a2-4069-a7cd-99b348cd5778","version":6,"status":"done","tags":[],"date":"2025-10-05T02:49:54Z","url":{"schema":"http","addr":"anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"anarisksa.com","domain":"anarisksa.com","tld":"com"},"ip":{"addr":"104.21.9.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"anarisksa.com","domain":"anarisksa.com","tld":"com"},"title":"anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?"},"submit":{"url":{"schema":"http","addr":"anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"anarisksa.com","domain":"anarisksa.com","tld":"com"},"ip":{"addr":"104.21.9.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-09T02:49:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"anarisksa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"anarisksa.com","ip":{"addr":"172.67.141.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-19","domain_rank":0,"first_seen":"2025-10-05T02:49:54.985285Z","last_seen":"2025-10-05T02:49:54.985285Z","alert_count":2,"request_count":2,"received_data":11138,"sent_data":1043,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"anarisksa.com","domain":"anarisksa.com","tld":"com"},"ip":{"addr":"172.67.141.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-05T02:49:32.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anarisksa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 13:01:30 GMT","end":"Thu, 18 Dec 2025 14:01:29 GMT"},"fingerprint":{"sha1":"C9:88:DF:3C:10:77:76:B5:9D:4C:71:44:9C:38:54:4D:D9:0C:DA:F5","sha256":"80:49:79:E4:7F:83:46:A2:05:9F:3E:84:91:4A:8B:17:23:6E:9A:63:30:BF:6D:D0:FD:24:F6:C0:68:65:A0:20"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: anarisksa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 02:49:32 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; preload\r\nserver: cloudflare\r\ncf-ray: 98999b3c8ae7b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10193,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10193), with no line terminators","md5":"7e5d8e6ba5b44a2ffdc5faf089aad48f","sha1":"a9ec690333186d444508d02bbd7306f3711854d6","sha256":"7fa005b7ea2827611c975372ba1f4b7cf008e3a2d595d264ec428f1c59e5807b","sha512":"71b49f69c6633ccdda465e739cd3fe76ff9292a37a9385ba5ef00afcde513138b6037f934c59761355a3548f74175af3dfcdc33303eea3f70750d250a1c48157","ssdeep":"192:/iXITQ5ibMD+4HV4p12WkBkpQScH1bjriMrskoTqPqnlzoh7bEDolVQSre7hus:KXITQ5ibMD+4HWsBOLibiCsksnKh7bkv","tlshash":"6c22d88bb705b028c26271b6156b70db2dda994d6162cf89c140acfc783578cbd6ef4a","first_seen":"2025-10-05T02:50:00.336655Z","last_seen":"2025-10-05T03:08:11.846506Z","times_seen":3,"resource_available":true,"data":null}},"time_used":400,"timings":{"blocked":191,"dns":0,"connect":2,"send":0,"wait":19,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"anarisksa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"anarisksa.com/favicon.ico","fqdn":"anarisksa.com","domain":"anarisksa.com","tld":"com"},"ip":{"addr":"172.67.141.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","date":"2025-10-05T02:49:32.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anarisksa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Sep 2025 13:01:30 GMT","end":"Thu, 18 Dec 2025 14:01:29 GMT"},"fingerprint":{"sha1":"C9:88:DF:3C:10:77:76:B5:9D:4C:71:44:9C:38:54:4D:D9:0C:DA:F5","sha256":"80:49:79:E4:7F:83:46:A2:05:9F:3E:84:91:4A:8B:17:23:6E:9A:63:30:BF:6D:D0:FD:24:F6:C0:68:65:A0:20"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: anarisksa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://anarisksa.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 02:49:33 GMT\r\ncontent-type: image/x-icon\r\nvary: Accept-Encoding\r\ncf-ray: 98999b3d0a8f56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000\r\netag: \"68df7bc7-0\"\r\nexpires: Mon, 05 Oct 2026 02:49:33 GMT\r\nlast-modified: Fri, 03 Oct 2025 07:31:19 GMT\r\nx-envoy-upstream-service-time: 7\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\nserver: cloudflare\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=15552000; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T18:08:06.981696Z","times_seen":16047564,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"anarisksa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}