{"report_id":"847723c9-1e90-439e-a99a-207eca407dbe","version":6,"status":"done","tags":[],"date":"2026-03-26T03:47:25Z","url":{"schema":"http","addr":"xyzverse.click","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"xyzverse.click/","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"title":"XYZVerse","dom":{"size":151,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"4fc06f1e423d4d777791d7b9fc23d01e","sha1":"5734d81336370d95ae7579861698e65e5105a03c","sha256":"44da8db42e0fd70ca4f5266252e42eb6b5970ccd861305d4e47b7afcb82158fe","sha512":"f40b2eab6391d0c46a4e305ba0dd346c60b4dff2ab0947797de0b48b9672af97f492c1bc8160895a03a4fae8c19dc6ff7265ca07f812ee8ea1ff766009ad9552","ssdeep":"","tlshash":"f0c08cb7a422082a2651abd007c5e28c6001aa2ca080882569d4b090cc247a5a9a36c9","dom_hash":"domhash5e6292264e4e9b437727682de9d4390f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xyzverse.click","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-30T03:47:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"xyzverse.click","ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"domain_registered":"2026-01-24","domain_rank":0,"first_seen":"2026-03-26T03:47:25.560752Z","last_seen":"2026-03-26T03:47:25.560752Z","alert_count":34,"request_count":34,"received_data":833487,"sent_data":15161,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xyzverse.click/","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b767c078c6813816231552aca1d562","sha1":"34f99579b527c24b3a5af82abb42079a0d3e1a51","sha256":"c17d50bae5a02a35e0ae5d0005c694495952f093629bb5193c668070161b0f7a","sha512":"7b4aed1d33c4891894a556505047a8f7afd72efc1c30c064b5a428fac50a5475e895f3937869de6d047128910d762069084c41d12fbacecffd43cd98e84b2e48","ssdeep":"","tlshash":"70c0125d7010696614ce687d4ccf088ebe368812a20809c999dcd4547bb1e6c42e484c","size":185,"data":"","first_seen":"2024-04-08T19:47:46Z","last_seen":"2026-06-07T00:08:21.700866Z","times_seen":667,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d8bf2a4e00cb084527923df6452b904e","sha1":"f5b21050ebbb9a86fa7a2d3928d62c6800bed2d6","sha256":"b7b0b908e400f3f4e6b15d21bfc9073a6de3263ecfa91938270cf9f9a8b0a57e","sha512":"054515c3d7bc84d93458a5b6485f783d181423ebcf079ba38939563ab2178ae3c9e9966e880700f3680b608b9ce856262566b5e4ab09e8df5ebc41aa6bee679c","ssdeep":"","tlshash":"ab71ab3aeb00173bdc8fe9fdcfd5b8c42d62497262596920691ce102a16cd7487bed88","size":3634,"data":"","first_seen":"2024-12-01T16:48:11.835861Z","last_seen":"2026-06-07T17:48:28.143941Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xyzverse.click/37dbc48ab1c4cb31.css","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /37dbc48ab1c4cb31.css HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 24 Jan 2026 13:38:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb4a-2aac\"\r\nexpires: Thu, 26 Mar 2026 15:47:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10924,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (10382)","md5":"3e8e289364fc0e93b4ae9fcb406090f5","sha1":"05509992f3ef75039532803e994cfb4036a80f2c","sha256":"d8e2d640ad4e426208d1a48969e31d4a670b72164b2e6dadc1d8c9af2ce52a7e","sha512":"755d33fae4087d10abcd29992011a56af26cda3139cc481cf0ada53ffba35655b5a05e401d7bae2cf44862a3975d33920d16f45e68ff189f8373d1b948c24259","ssdeep":"96:i/Siwsm4rBebdVuy9eP7J+OY/AT37J+OY/ATA4FPLrpW/OWhSkclXOsMOZtm4rn6:E5wLs7JXYS7JXYErp6DRsft/hJes6agd","tlshash":"3532a74a5b15043ebc63c4fbd5e1b66c710ab5c5df2e97eaa9422510bbca7e308f3508","first_seen":"2026-03-26T03:47:30.338055Z","last_seen":"2026-06-02T09:18:21.444369Z","times_seen":3,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-7274\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29300,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"d3a16175a42f00690bc34e1fcd98ddc8","sha1":"d0d9e0af667004d48e4be22c95734d2e7521d064","sha256":"fad6c8c363660abd90e7edb835ca37fab995d3b8937354d79bae2c3739321c96","sha512":"2b1186aab502314b1b8bcabd708925eb18a8969a9f6a069fd27e9d030b24461be5ca05b9de05cc2d7892a7b76616ccd65a314f9228754839f7b218f2b13f8306","ssdeep":"768:lz0j86yf1RQ3EMEdBq2AvvYEo6Qy7rS9loviPIet:lz0A6GHMeq1YE6y1vg","tlshash":"d2d2f24c276f8e66efa8253810010165ff21c9ee639963315b5d69100e4ad2dee71f74","first_seen":"2026-03-26T03:47:30.339338Z","last_seen":"2026-06-02T09:18:21.44546Z","times_seen":3,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/index_2.html","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /index_2.html HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/html\r\ncontent-length: 151\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-97\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":151,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with no line terminators","md5":"4fc06f1e423d4d777791d7b9fc23d01e","sha1":"5734d81336370d95ae7579861698e65e5105a03c","sha256":"44da8db42e0fd70ca4f5266252e42eb6b5970ccd861305d4e47b7afcb82158fe","sha512":"f40b2eab6391d0c46a4e305ba0dd346c60b4dff2ab0947797de0b48b9672af97f492c1bc8160895a03a4fae8c19dc6ff7265ca07f812ee8ea1ff766009ad9552","ssdeep":"","tlshash":"f0c08cb7a422082a2651abd007c5e28c6001aa2ca080882569d4b090cc247a5a9a36c9","first_seen":"2026-03-26T03:47:30.336328Z","last_seen":"2026-06-02T09:18:21.45484Z","times_seen":6,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/3-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /3-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-50f5\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20725,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"4b4e689e2b0048656320bbe2a7b902c5","sha1":"882d49d170cd14d9779386fd687be101e7adc4c9","sha256":"5f7eadb8eea11f1bdbd63f874bbada57f33d8a4d0950e0e3c989c7393d93b039","sha512":"9f3f93f9ebf3370af1e81a1d0a92ba56cbfbd3b30c114da26c3d5275f62f822d210a0dac5cd6a04a67b3a2fa496279cf20eb5eebb1ae9f17792bd0c533564240","ssdeep":"384:lzue8cbLz5m86hnnKsSsFbx0wiANVhRGAO9swBUOSyZZx03at:lz/b5CV5Ss1ewvhPWvBGkb0qt","tlshash":"0092c0aa36cd2a5fe9e48d333c8e8d0871246a1b7729a7260cddf2f14434165e81a71f","first_seen":"2026-03-26T03:47:30.341444Z","last_seen":"2026-06-02T09:18:21.438591Z","times_seen":3,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/bottle-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /bottle-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-14d6\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5334,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"239d22bb96dec44651b4b2973bf8cf9d","sha1":"0da68053933b409db92b488034236201f921b972","sha256":"4e44a850fd526e6f68750761c5294cd777c356fb4e48582821f44f0f78c067ea","sha512":"375a84a977f8c28acd7e62baa21efd8f40bffe2ea85a70cef8ff5abd4dc0271f8120daa32732ddac18744515d7e153d1ab8244c7efccda2e4fe9192636ac2f55","ssdeep":"96:lamahHoFG5GmaJsyob+WMZDQiiCgb2O0DtHkkkkfDHL/H5L7Xox7DJOKBjBr2NfJ:lzdYNaJsyG9MRQiiCPOAikXBHXgRBjQP","tlshash":"cdb16e7d68c08ba2d1eab0343a2d57916d1b15239ddb4ecb935158c95f2c28abcae818","first_seen":"2026-03-26T03:47:30.342574Z","last_seen":"2026-06-02T09:18:21.456916Z","times_seen":3,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/analytics-insight.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /analytics-insight.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-a0b\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2571,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 59, 8-bit colormap, non-interlaced","md5":"3fe1c27c5d1ab8e1bedefaa4364edea4","sha1":"0d14bd15e597e041464930a61f477f98268ccf4f","sha256":"fb66e9e53e01a009fd67fd0c7aea279fe83d61f15a6b0c2239be2305eef9bcf5","sha512":"39a3d8527901597d13e5f7336ad6f9a0eb90c5bbca1a160fe1a70060b04d858ede1d4b22146ffeeca3462faf3496e232c5cca0f30e7380e007f3019f86776ee4","ssdeep":"","tlshash":"6e515d5f06268ab2a36bd04c145745a6b2705d71529f27da30d19b286c8c39f460f905","first_seen":"2025-11-17T23:07:54.322377Z","last_seen":"2026-06-02T09:18:21.466062Z","times_seen":4,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/card3.webp","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /card3.webp HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/d3450359f1fa4d75.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1542\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-606\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1542,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6a3c48c1a76da55559c48cccd37f0510","sha1":"848ec5c66735cad02344cee70f227757d2b511f2","sha256":"e7b04eec1899fc251b7caf28cfe04dfaee5b6452d3519861a3aa320b685a0313","sha512":"67aabf038c69d5938355ad290bb53ba922d1292783b1e4d9fce22c369bfa50d686973dd8cf93343e39af38b36450e292676912302331b732b6667fea6349cfef","ssdeep":"","tlshash":"3331fca43f2de442c95f3a3585a931fb604f5d5a6d71f27c74922ac0ae04606d6d0e42","first_seen":"2025-07-03T08:55:45.401207Z","last_seen":"2026-06-02T09:18:21.461156Z","times_seen":15,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/logo2.svg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /logo2.svg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sat, 24 Jan 2026 13:38:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb41-110d\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4365,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4d1f1566176e8639adec41202e94f932","sha1":"2b82429be4d67466f1e3f94d0164989314c79fc2","sha256":"d1ee2b06ce64edf5b84482d5763895576e3f7f4c33e0c0c6483f8df1ac875b86","sha512":"5bd413b82e89602a90ed2538a9789963462023e0b01df52545ad26d30cbd40a09e6874d8c08f85988394340182de1f8cc5f1ad8c7cf2ecd095368d581cb4e43e","ssdeep":"96:th2UJEx01ybQBe6xvfyUiIiNU9f6TQVIRSTU9I5C+8m0sJXmp:tEUJExBQBfvfyU3+Uaw75C+D0sgp","tlshash":"b09184d0778ae1d0960ad34fab32517a673a34ea4971dba474427b16745c58f0ce9fc0","first_seen":"2025-07-03T08:55:45.353195Z","last_seen":"2026-06-02T09:18:21.446353Z","times_seen":16,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/eth-1.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /eth-1.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 651\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\netag: \"6974cb43-28b\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":651,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"30d13936e0ed7ed7d1da3d10ae673003","sha1":"23bf549bebfab0b54f384243d5c75be2401ff88d","sha256":"5cbeeaa83de47c7db64982584d4a02faa4687722be246a3047140066a2d7d95d","sha512":"d9b5986ed94f36d4bf1987ec302f40104ba7eeba59409a21ba1289bdc9d0b130f094f165a11e956d2f35131c9489db5c859869f740c2d3a07c1a40657c9b3744","ssdeep":"","tlshash":"53f083c77104d481661c989a8820ce118972cdbc380383ac1ea8b5383c745926bc5b20","first_seen":"2025-11-17T23:07:54.233074Z","last_seen":"2026-06-02T09:18:21.443458Z","times_seen":5,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/cointelegraph-1.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /cointelegraph-1.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-b25\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2853,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 79, 8-bit colormap, non-interlaced","md5":"36c1d12805726047cee55fab8b5dad02","sha1":"1f68c6c182b30eba49834793cf58a12f11601dda","sha256":"1e4795e16ee88deac5c47bc65d10fd006252bdb3125f99a6badfe9ad31c06a2b","sha512":"f82b1d584d4518abddbbd9a6feb3866fd65e83818fc5b15df5016f617187e71401fadbcd821473e65772cd3b5bc77e0924c9ef0fd3fd180f6134e0d629cadd77","ssdeep":"","tlshash":"6a514bc045519edaf938a23844c50963662154ee0d328da10e56eafbb2a4bef9d140e7","first_seen":"2025-11-17T23:07:54.281973Z","last_seen":"2026-06-02T09:18:21.449332Z","times_seen":4,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/bnc-1.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /bnc-1.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb44-8cb\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2251,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 59, 8-bit colormap, non-interlaced","md5":"b1f06203b7dc82f4feebec905ecc81f9","sha1":"d5f00c81cd546d2f2acd1b10c2295919c49281c1","sha256":"52223cc8ad1f5bee63d806e6d32ed10fc255ba2e3651d99ab9d097870be1106f","sha512":"523559e5f5ec631ae87efc3fd3f09403a9a0df0e30acb5e005675dab65fda2562c5d992fe6e5ccb5d658b05b3a8f9b6b3caa843d40b4dec4b8025e462ebd4f33","ssdeep":"","tlshash":"8f4129be46ab481946f05138868f89399b3121dd2fb3d32745200ce35efa98bd359e04","first_seen":"2025-11-17T23:07:54.330057Z","last_seen":"2026-06-02T09:18:21.450198Z","times_seen":8,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/crypto-daily-1.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /crypto-daily-1.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-7ed\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2029,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 79, 8-bit colormap, non-interlaced","md5":"e0ea44ee27171a694b08ae6b44f73117","sha1":"57999c945996687f0f93371a84dd517c778ea05a","sha256":"3ad3d539b89b8d45f1adefa3d97bc3af0fd89a35d54afdf8f7d2c2ead4b4e130","sha512":"11739d39ba5b07d7052cd168779edea72028af793a9e98ddd0763ea80164ce9be64e3502b26abb76516379264bacb636823d0958d338f1b48aa5470c4efef153","ssdeep":"","tlshash":"0941faf846a13a099e4cc7bf39583bb7cd22a17c0d5d57314b125c3d651297a80e0d6a","first_seen":"2025-11-17T23:07:54.328591Z","last_seen":"2026-06-02T09:18:21.439646Z","times_seen":8,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/d3450359f1fa4d75.css","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /d3450359f1fa4d75.css HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 24 Jan 2026 13:38:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb48-66ad\"\r\nexpires: Thu, 26 Mar 2026 15:47:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26285,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (26285), with no line terminators","md5":"a82f2290ddc2d3f44491d1b02310d4b2","sha1":"3a2d792772daa20f904a618c3d21b55027b59cc4","sha256":"d1d19450cf33e7b0a731a2bcd30ed170cac0797848ba9d54373a7c21dee8316d","sha512":"432154d89542590c74365490e742a43a1273595d65ef5674eaf52bcbf6c6f96eb6f310b496edef40e7d2a20d52fd8b740355b3080ea9a9f58d29c559c2eded0e","ssdeep":"768:/hPGMa7HUCKOR5QK9beyyKnpITG3tOhGAoxOeJ3E9+R:5Pna7HUi5QK9beyyKn7gGAoxH3c2","tlshash":"e9c286331a95a02cb07ae413e8d1668d3338d147fb371bedeb25b579c4ca29a12367c5","first_seen":"2026-03-26T03:47:30.35157Z","last_seen":"2026-06-02T09:18:21.457815Z","times_seen":3,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/card1.webp","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /card1.webp HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/d3450359f1fa4d75.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1404\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-57c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1404,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"49733b255e13a8cc479ada4a1b734c99","sha1":"3f57d5a64e57d0c0e74dcf872db6e42988108d54","sha256":"bc933eca0cc2fa9eec30d6e17a6a0df0206293b6b66519c0516a973a9dfc05f2","sha512":"9142b5ac0ad3ae3e39aa3c23579b8f5ef2b7254b1605d598a9e036a64eaba9c1e1f437caae23579459143cdc56a6223aa1890cfb6aa509ff4c77c00a0b0b268d","ssdeep":"","tlshash":"9521b6e7f6e37832d6a2413af9aa5b54f446f58c88366bfc15c9489369e42f04074a80","first_seen":"2025-07-03T08:55:45.39468Z","last_seen":"2026-06-02T09:18:21.455375Z","times_seen":15,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/card2.webp","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /card2.webp HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/d3450359f1fa4d75.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1312\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-520\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1312,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ec1f50b4883749be7cd9132c26759441","sha1":"28897a65191a01ae4ade375fea3a766533f717ca","sha256":"ac5b5484a11403f1d389efcc3e35bbb3f85bc855eb7276f2e194d21e07ac0b76","sha512":"98c5f5c6082a4931bb190b8b57f811edb4ee0c284d0a6aa9db7f1f53b22bd7d483b889561c08c7601239065e7170bd677dc0fdcecabf063fd3a71fc1c021afe8","ssdeep":"","tlshash":"8121a807bd2a7a5adbeb2d3067b9f6526716c75c8c0cc567d3606c329394ba01d1c2cd","first_seen":"2025-07-03T08:55:45.375206Z","last_seen":"2026-06-02T09:18:21.452265Z","times_seen":15,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/arrow.svg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /arrow.svg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 561\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\netag: \"6974cb43-231\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":561,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3dd0416bf9b82959ef720a237c85d126","sha1":"43b09e348c7268fc894571f6049158c3e85b01e4","sha256":"52f8c877b6d576b6fe02323b6344c0537f6fcec01f652bc4dc1f9947f4b37d43","sha512":"036ff66af28190106c087f6017bba978d01b5226ad84b10efe04d4fc9387280cca92b04ecf7f8474df387994d675120c331e168af12fe3debfb134ef23d34383","ssdeep":"","tlshash":"e1f04674705c80dacd8b9f84c5372c079c7b90a799051b9c6de8d1b8fad6d678c488f9","first_seen":"2025-07-03T08:55:45.344481Z","last_seen":"2026-06-02T09:18:21.461923Z","times_seen":10,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/dcc44b5992f53fa9-s.p.ttf","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /dcc44b5992f53fa9-s.p.ttf HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/d3450359f1fa4d75.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 295544\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-48278\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":295544,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 11 names, Microsoft, language 0x409","md5":"91a4b7550bea09847dec3314935df7fa","sha1":"a03e2809432bf3a5aaa49e05a90b85325ed1c022","sha256":"2758f1df8777d08e87167eca22734c0e7da3d5e41bdb99449c18615f995a1d47","sha512":"3d58de3ba4305c72907c2b4367cf859232313400b5c22da139d35b13d2273d40538a570405d4141820962fcba91e5e2f3ccd9ce90101179cb7084eda02106a0a","ssdeep":"3072:o83mdsYNWumSqPpXZMizt7Q0fDWpTC+t70v1wOAhB3gkzvUEfUusmLeBRVnm5Irx:T37cWIqppMipMXC+6v0dlM6aBRdZGY","tlshash":"30549e807795fb49e8342d91406b234b82daf107dbb70a6ffd86afd9ec6a1d011359c2","first_seen":"2025-01-01T02:45:46.682038Z","last_seen":"2026-06-02T09:18:21.459524Z","times_seen":52,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/6-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /6-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-5880\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22656,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"44728bbab8b1f5f9c760acfc142a4abd","sha1":"b7a65d2d9139d63cd4a0670d066292652f8acf2d","sha256":"237ad7f4c76d812e66ee48c6bccabd2124e6e98fb49e2c1d233a34c1348248e2","sha512":"7d8cb9edcd81ce813cd9cc23427b520ef4ff47af177b8cad7ff83b94358a5203a88f8a5bfae0d6f03db2b911bbdcde53bccbb49a8812f5b912723b0c2a046d4e","ssdeep":"384:lz8K4MLVJuS6Kuxsv4vZRPaknsd9HRHyRvWjk5wxsu5uqozIYBsN4ol6v4i4xU3Z:lz8EJyCvMjOH255+fgqCPBLosAi4xU17","tlshash":"eca2e0bc6ed31e34fd763b7a214c698a5756ae473d2d4fa8588d8886e0cf4c81317a20","first_seen":"2026-03-26T03:47:30.356506Z","last_seen":"2026-06-02T09:18:21.442628Z","times_seen":3,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/cup-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /cup-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-8b3\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2227,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 256x256, components 3","md5":"e630b9d8d5f114908c955ecbaa0b1822","sha1":"dcbb25420378fec412f8de982d9044212b2a7401","sha256":"46a0e17080aee9da6c754c5e257dffa6375538bade7bcf1fa1510293970e088e","sha512":"b1697b3c60362c1740601c6e8fea0c0c9c7cf7212c544d2a979dca6a706efe9ffbb2944a2900a8c90cb235f1e3d0915f0297228f4a98ad44a4ddb03c7e99751d","ssdeep":"","tlshash":"ae41f86e6a82cabfef625674998cd06220863f1b1b081bd24d59d5b014bdc5b8b840f0","first_seen":"2026-03-26T03:47:30.357755Z","last_seen":"2026-06-02T09:18:21.463691Z","times_seen":3,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/favicon.ico","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:04.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:04 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 13514\r\nlast-modified: Sat, 24 Jan 2026 13:38:09 GMT\r\netag: \"6974cb41-34ca\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 57x57, 32 bits/pixel","md5":"94037d806f9f84e043f31cacc92367f6","sha1":"f155adf3b38b948085f9ce7e2a4b5321fa809eea","sha256":"9d1d31190b230e16ecdd630be6b8d9225a29b4fd33bf2acb0c075768f2d04de5","sha512":"c545367cf76999999aa54c8207cb582a42648f0f0f067af4608f15c044bba28696875b73667a0bded3db6be697c83cf5ffd70c5683f15b78a061180bc01d4db9","ssdeep":"96:OfkB+fhY40IE11VBaaJJS114i23QeWmkWmooNKBWiNigiow:OZzqAe5k5ooNKkiNigiow","tlshash":"5d52b76632c28af1c4b51471cd93c5348cff3caaa6b55f6e1972f2974a81a435e2073b","first_seen":"2025-07-03T08:55:45.376445Z","last_seen":"2026-06-02T09:18:21.453136Z","times_seen":17,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/app-c8as1rg6jnp.min.js.html","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /app-c8as1rg6jnp.min.js.html HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 24 Jan 2026 13:38:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb48-19eac\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106156,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41272)","md5":"ccb2adbae9589a36c931070689b21124","sha1":"0306c922d63244ae4a5c391268401d1593b34272","sha256":"e687e49a44aa7c62d9def8594c3731692aa4fffd02be700d34782b5a03457d42","sha512":"bd39f7e17c814c8bf62e00b192249225cbdbc39e4377447d5a9d27ab37332751845dab51f54170fa28fcd4d0d9c9e857196d9952f7aaca28ce93511765cf54d3","ssdeep":"3072:wkJjRSQpV0Yh7lBWikcalW2JJrwnBKtKDg19VYCJ3glkbDjm7XwW5:wkJnp+YhzdKtKDg19VYCJ3glkbDjs","tlshash":"a6a3286091f1067a529781c56db59e4b3f56fa03eb1b0a84b3ec4ae08fdbcc6dc67148","first_seen":"2026-03-26T03:47:30.360607Z","last_seen":"2026-03-26T03:48:35.994817Z","times_seen":2,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/bitcoinist.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /bitcoinist.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-a78\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 65, 8-bit colormap, non-interlaced","md5":"d2c1b211bf5b32c060f0b9ad0c39e7a2","sha1":"d08fd07b201fd0b6e0c062400cde9bff49f7955c","sha256":"05fe2098a097557415cad79732b78d5d3c1431acdc8b754e0b2b29e3bf0be459","sha512":"627744dda8eb35770dbf72a7211e9ddfcded7a0cc500459469ce426b61eacabebf67a51f3d5ba6a2ec615e67dfe8d80a71c65ff8b04e62c9dbec25e599c94b2e","ssdeep":"","tlshash":"4a513c57c05ad1d1517289941b8ea77d83db75e00e0ae883d85585dc8cdc898ce7a1ce","first_seen":"2025-11-17T23:07:54.327117Z","last_seen":"2026-06-02T09:18:21.436584Z","times_seen":8,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/index_1.html","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/html\r\ncontent-length: 187\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-bb\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":187,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a416ad5e02f4e189f3cf3d1a61406d06","sha1":"b8ea907cf720ad777786fb022fc088be82ebf51c","sha256":"145c56f8d3b5c219e9e295c68813339aec0a5c63c2873730b0fc0dc7acb6f9d7","sha512":"b33ec4620bce6ee269334eb4b753622bcc3c033756e22aeb8a1ba6a1c4789b96604da965cf9a233cae0fda7a0778e0407f9c3e3ba8abe0ee816839195661d994","ssdeep":"","tlshash":"05c08011d8654c4e1950da70cb55f1d4c4029d5bd5155d01b55e55549f58621c807459","first_seen":"2025-08-12T06:31:01.544653Z","last_seen":"2026-06-08T03:03:54.705211Z","times_seen":10,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/read-faq.webp","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /read-faq.webp HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/d3450359f1fa4d75.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/webp\r\ncontent-length: 53170\r\nlast-modified: Sat, 24 Jan 2026 13:38:15 GMT\r\netag: \"6974cb47-cfb2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53170,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5e2f575cf4bc9d1dbb6d8d49caa92dfd","sha1":"a84c063e3c94f440ace219d460a87e8a5079c70a","sha256":"263535be3cb0886efb5135949a513e207edbccb705beb5b1cac0c9583bfd09ec","sha512":"83465d25254798847ce215a115599bc027fb4917c07496cb3735f0107d266e4d9e8f780a380ac69eab1545499f0e8d0e9e00699e1db5f985c0f3af01c65ad182","ssdeep":"768:wudLftuyEaFAENiCz0QLyRetOnoFBW6OY+SHLOq+ctjpV6di5uCNXK3RnzXA1uX:ndEysciQLyohOEiq+Opsi5O3RU1W","tlshash":"af3302bad420d7d659527fbb0b9d3d01a7801941aae7acfcd54ec4f0c08b459a2b0f4b","first_seen":"2025-07-03T08:55:45.396418Z","last_seen":"2026-06-02T09:18:21.460047Z","times_seen":9,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/2-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /2-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-4de7\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19943,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"8d65166584c115e52329edd547d83fbc","sha1":"588e97510a1b463efb295c9f41ceda892ab2f736","sha256":"2bdd8a0e6dcfbaa5b0e1cf57f5b9d7b4344f2fe78afcf5fce9fc90a2e7c8120b","sha512":"59d4d0e2e140cbdcef4ce99e46665efc7688d1d823e9fecadb272f79f13496e7e75a571b85c5e80ebcbc0726d6f504e9777ebe1f5287fdb6e8fc874e1aa6f046","ssdeep":"384:lzdLw17oFv5NEeKNLjDy74UUJI84TYVTThWflGmEOs57digtrJlpe:lzdLwh6Ym7PiI84TidolGmy5prJl4","tlshash":"b292d0ad811fc486f87baef8060f451bc0036f71ee0c9524905b953821f3d199a9fba5","first_seen":"2026-03-26T03:47:30.364855Z","last_seen":"2026-06-02T09:18:21.456164Z","times_seen":3,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/4-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /4-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-6b55\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27477,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"4b687e17729bfc6f1026b08d5a351faf","sha1":"574456a18dcc10113cce33df234d3b3595f33e34","sha256":"fe5e478469c13adc9e48d52b59b9f881073cab95c600d16163b414acf296d4b5","sha512":"cb5e4aed12679665b6d68dccdc559d902f3ed215a6e639124257bef8f9f6da382558fe1f022ca501c53bfe8c53150c7ab27fb89ced80d541a1c4d60875f5b645","ssdeep":"768:lzW1IwJ7CNVH/9LE/HdSsEIU+6NVg4/cGNzIs26K+:lzrwJa/9L692Ibm8E","tlshash":"dcc2e14f8fa90046f17a267847ee4c44b71bac034719b5010df81339eda894aff56eba","first_seen":"2026-03-26T03:47:30.365942Z","last_seen":"2026-06-02T09:18:21.441648Z","times_seen":3,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/7-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /7-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-809a\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32922,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"6a43c72c0f127a4e312e5a1bee2f2b68","sha1":"d26ec31261a3e72c2e34646e5f4596c147300e9b","sha256":"c85b6f79542bfe37de4e33d89c9cce77fa6ef13ee5328cde37864a671070a5a1","sha512":"3e3624e145b5db5daec37065623f06d36bc8a10e81f0a90cd02f7d04fa50109d55d5ce324178fde6c502ec94faffc19ce4b41eb6aa5ee6b52de69e75af728e9e","ssdeep":"768:lzgylxVHwPIqR1jLnYj8+ISA5GOO2/vpwlv2QsI/v:lzgylxJ8xBnD+IvwONvpwluQB","tlshash":"21e2e15d2f501ee1f5b162f5b73e4232e67ac261ca84ddeb9c718cd0ba725f02825d80","first_seen":"2026-03-26T03:47:30.36683Z","last_seen":"2026-06-02T09:18:21.46279Z","times_seen":3,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/coin-1.png","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /coin-1.png HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-495\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1173,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"897b5406e4576077a5020d034f39a379","sha1":"ebf53614d27a349b8d84f36a7560372644e671d6","sha256":"11f2d262a092fd8683536d5274d4d351663cd25bb78b3d842d282329859652bf","sha512":"cb651d908c4a5545649de52b99683fef7cb82a9464983783fb58e093acbc5b664295a7118ac76dda08e492ec446dc69ec4b3e66b721fc249be9a13ace41500c5","ssdeep":"","tlshash":"73216386e24c446bed25ac8046b59433a1df5fed2a2444cc2ac53c338eb37c126aab46","first_seen":"2025-11-17T23:07:54.325538Z","last_seen":"2026-06-02T09:18:21.44845Z","times_seen":5,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T03:47:02.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 24 Jan 2026 13:52:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974ce90-19f12\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106258,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41272)","md5":"805a197c557abe2171fde4f8baabe152","sha1":"1f6184a23ae4af0869faa6400e9d230beae81f8c","sha256":"e8dd18166648a9aa5eab0d144cc75d9193f062948d8351189945f2eb81d8c9aa","sha512":"d87dd4b4b9f590c73835e4ec5873a3e2990f7474a6f5dc614e392de2b3f5565b14a286749395471266044ed3d53803212946b547df50f5d7133e90b18210f27d","ssdeep":"3072:wkJjRSQpV0Yh7lBWi4cahumKJrwnBKtKDg19VYCJ3glkbDjm7XwW5:wkJnp+YhzAKtKDg19VYCJ3glkbDjs","tlshash":"5ca3296091f1067652a781c56db59e4b3f56fa03eb1b0a84b3ec46e08fdbcc6dc67148","first_seen":"2026-03-26T03:47:30.369594Z","last_seen":"2026-03-26T03:48:35.980949Z","times_seen":2,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":242,"dns":37,"connect":98,"send":0,"wait":97,"receive":0,"ssl":104},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/mobile.svg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /mobile.svg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sat, 24 Jan 2026 13:38:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb42-68b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1675,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8b33956d8edf2e5dc6a85de1e2db04d0","sha1":"97cf333b5c6d45e86becdfea7a4431b04dbc89ca","sha256":"07941552d0004ad939be4e08c864668c24a94f40c4f7eb9c8f468ce44ec4a452","sha512":"5e4c34096b9e70c3de5f01e5247417cab4f6240156ec2b30df85c6edd66e20425c71af20d364569764bcbd7f35e5abe9c87781e24cd07b48c6a901cafd2e3c76","ssdeep":"","tlshash":"bc31e1a9b0a9e819d354c628ffd945e710dcc1e7c4414369e46f7b291026ac2992f2f4","first_seen":"2025-08-11T22:23:26.910104Z","last_seen":"2026-06-02T09:18:21.451484Z","times_seen":6,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/burger.svg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /burger.svg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 354\r\nlast-modified: Sat, 24 Jan 2026 13:38:09 GMT\r\netag: \"6974cb41-162\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":354,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fa9f9b123f7e7f3411a60ae0405175d8","sha1":"05c1634dc710af0090b2f0b91ec89d74358e7031","sha256":"db4c805ac67997f9939b9019fff86ef2b4cff1de080e35b2988435b4f4a43c41","sha512":"48dc4d3bb80cd6ee8d452c9f42390a4283e5c17707b5c89067d613d1543965499aa83fd290d6ff208c0ecb6dd225803f91f8be191fac2e288dde7db754d7e3d8","ssdeep":"","tlshash":"0ee0126e360dac3af9534464f73df6f1d4ac51a74298b2a4c511093c750659eb03bda4","first_seen":"2025-08-11T22:23:26.900327Z","last_seen":"2026-06-02T09:18:21.437621Z","times_seen":6,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/chevron.svg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /chevron.svg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 173\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\netag: \"6974cb43-ad\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"80beaaca91dc3ad662358742ef6b8461","sha1":"891ee269db00a2779f52a270dacf968b81cf4275","sha256":"8216ab2f0085b6d5d4e1f104e6bbd95e8f97f05722cbd3813bb39343b3cef630","sha512":"0f9cb27698928cf681cd0986c0776d327566513d6077616b5b97e6f75dcf493a5ab8b699217271ad8017fd8d4bf550ce82e241edd6366cbeb95cae2def8e19f9","ssdeep":"","tlshash":"56c080d9e90ccd18b519c510d31d7165346a71e3128c415ced511330791c59a7c2f6ec","first_seen":"2025-07-03T08:55:45.402793Z","last_seen":"2026-06-02T09:18:21.447602Z","times_seen":16,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/audited-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:03.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /audited-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:03 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb43-846\"\r\nexpires: Sat, 25 Apr 2026 03:47:03 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2118,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 256x25, components 3","md5":"6d74863e9cc48d29b25b93cd0c7f0c63","sha1":"2798e85a7c7e0a43e3e8b606b938b84c0f868ab9","sha256":"bbad73c7866d31adec727f1f7db799e6e64d6c363b67a7427801fdb9b5ddd747","sha512":"8723169c310db3eaa95a0fcfb9943019bd52117dc6e6dd06490cba09558d7633b364b1a0ae0132b71fd9b00272dd6ea37f3c53aff5cd0eca247b321b4e256124","ssdeep":"","tlshash":"464118f6d3280888d5f0e87f12dd09299b1975388d81e74818c3f260d2be07a329e444","first_seen":"2026-03-26T03:47:30.377586Z","last_seen":"2026-06-02T09:18:21.465171Z","times_seen":3,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzverse.click/13-1.jpg","fqdn":"xyzverse.click","domain":"xyzverse.click","tld":"click"},"ip":{"addr":"198.23.210.53","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://xyzverse.click/","date":"2026-03-26T03:47:04.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyzverse.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 Jan 2026 13:31:21 GMT","end":"Fri, 24 Apr 2026 13:31:20 GMT"},"fingerprint":{"sha1":"D7:52:E7:DA:90:E1:76:8E:D6:BF:31:40:C5:F1:50:F2:EC:E0:1A:79","sha256":"66:CD:C4:8A:58:F8:98:DA:C5:8D:91:99:A7:5A:D3:5C:04:47:F7:A6:DA:40:F1:25:59:C6:53:F4:BA:10:55:42"}}},"request":{"raw":"GET /13-1.jpg HTTP/1.1\r\nHost: xyzverse.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzverse.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Mar 2026 03:47:04 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 24 Jan 2026 13:38:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6974cb44-56ea\"\r\nexpires: Sat, 25 Apr 2026 03:47:04 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22250,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 640x640, components 3","md5":"7ef2db703d979aaf3184bbb89b6f281e","sha1":"003e342535cd50b9a775e576b870653ae184e994","sha256":"3f44108976dc93422297c0a67165a4ba15796ced1a8355bacc1a67fa236add50","sha512":"424ae3112b1188a3aed1deff67f9771a0a2f43fb84bd974e7e9545d10a1bca3ce0adebe1ba5ddded9f84a12f004fdbb2c175d5b561e4ed606e4dc75b0f0e177b","ssdeep":"384:lzW5FCZ75X6ng1caX2S41/3J3/TkGzE2tM4k/GVX+quB+ra4qf:lzoFCZ75XdHXM1BPTkKpbkgXCkqf","tlshash":"eba2d0ad53aa4aaded259376085d53e32a4373e8fa01db8525b24ca1427cfc0d717bc4","first_seen":"2026-03-26T03:47:30.378451Z","last_seen":"2026-06-02T09:18:21.454003Z","times_seen":3,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"xyzverse.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}