{"report_id":"8e1c75e1-ee61-4eb9-bbff-f4f912412914","version":6,"status":"done","tags":[],"date":"2025-08-19T13:00:47Z","url":{"schema":"https","addr":"telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"telehbwyal.beauty","domain":"telehbwyal.beauty","tld":"beauty"},"ip":{"addr":"104.21.88.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"telehbwyal.beauty","domain":"telehbwyal.beauty","tld":"beauty"},"title":"telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response="},"submit":{"url":{"schema":"https","addr":"telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"telehbwyal.beauty","domain":"telehbwyal.beauty","tld":"beauty"},"ip":{"addr":"104.21.88.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-23T13:00:47Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"telehbwyal.beauty","ip":{"addr":"104.21.88.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-16","domain_rank":0,"first_seen":"2025-08-19T13:00:47.885819Z","last_seen":"2025-08-19T13:00:47.885819Z","alert_count":0,"request_count":2,"received_data":4015,"sent_data":1181,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","fqdn":"telehbwyal.beauty","domain":"telehbwyal.beauty","tld":"beauty"},"ip":{"addr":"104.21.88.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-19T13:00:26.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telehbwyal.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 Aug 2025 04:09:20 GMT","end":"Fri, 14 Nov 2025 05:07:54 GMT"},"fingerprint":{"sha1":"D5:57:BF:F8:D2:ED:BB:52:F4:C9:D3:E7:B6:6E:EA:4B:51:51:1A:47","sha256":"89:71:59:02:3A:98:C3:C1:36:D2:DA:34:1B:C8:2E:E4:C9:82:46:D1:89:23:9E:B1:BD:07:F5:FD:AD:C6:9A:5B"}}},"request":{"raw":"GET /cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response= HTTP/1.1\r\nHost: telehbwyal.beauty\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Tue, 19 Aug 2025 13:00:26 GMT\r\ncontent-length: 23\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpT3kURS0zp3%2FiiBFSfRXgNkVB%2F%2Bfgd0pURxhgK%2FFtiwTG3gQws9pMruHDQCoOpxNVDIKvLfDf2vA9mdyIZiNMjIWXieaIc48QdbeZIKXpmx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9719d57c39ac06d9-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"1862a245f1f02bd4477a17e9432e3a25","sha1":"5e9e7ba669c7c6e7aa7aede335b0b22f0a08b88f","sha256":"e999e13afc2c76a9b3523daa037814a97f9ad5310ee32c4dfe3b5d006a0ed73b","sha512":"d9a8704b10b2897fa29358a36d8f8a180a97f1752ac745065c11ca1698055fd59415d32ac54e451a2237dc460d8a465ffacdbfc7009bf8e2f4fd885acc189e16","ssdeep":"","tlshash":"6b70000a0800320022000820002082a2af808080000000088ee2cce00808080a002220","first_seen":"2025-04-28T11:02:45.558882Z","last_seen":"2026-04-11T17:39:11.544969Z","times_seen":43260,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":270,"dns":6,"connect":8,"send":0,"wait":19,"receive":0,"ssl":253},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telehbwyal.beauty/favicon.ico","fqdn":"telehbwyal.beauty","domain":"telehbwyal.beauty","tld":"beauty"},"ip":{"addr":"104.21.88.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=","date":"2025-08-19T13:00:27.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telehbwyal.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 16 Aug 2025 04:09:20 GMT","end":"Fri, 14 Nov 2025 05:07:54 GMT"},"fingerprint":{"sha1":"D5:57:BF:F8:D2:ED:BB:52:F4:C9:D3:E7:B6:6E:EA:4B:51:51:1A:47","sha256":"89:71:59:02:3A:98:C3:C1:36:D2:DA:34:1B:C8:2E:E4:C9:82:46:D1:89:23:9E:B1:BD:07:F5:FD:AD:C6:9A:5B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: telehbwyal.beauty\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://telehbwyal.beauty/cdn-cgi/phish-bypass?atok=zc4f0ofCmXs5PDvrbeVlpsKMXPSztqqpaABWhpbgIP4-1755598256.21187-0.0.1.1-%2F\u0026original_path=%2F\u0026cf-turnstile-response=\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 13:00:27 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Sat, 12 Jul 2025 16:35:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1dudEDvTdpZvYIo8nDzSSQP6LBLboKX90RWZ066OgqDqOVy6JmPkyZAtXOSH8DBbpCvUD3yVeR8%2BvS1WhB0bF9gqTV7TcCI5R3EeGWD7WSf1\"}]}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\netag: W/\"68728ec4-969\"\r\ncontent-encoding: br\r\ncf-ray: 9719d57d6abc06d9-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2409,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48 with \n- PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"1635ed0e8715c40d4bed875b7494a93a","sha1":"ca2c72821b30194b9b6daf9c8c0ce1723fe54614","sha256":"504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357","sha512":"f710268687fcd3da9bd9ffee9cbf166d21598cab5ff1172c510fd478f57300af7112f35132ba345a2242b65ff53cde9de6ebf0f1ea8cf7f5fce17c832a5a85d8","ssdeep":"","tlshash":"9c413ae3663eb676c5f6a6660c4f01002c1f80d4759aab3c364ae0f68c4316a0ae4a23","first_seen":"2023-06-20T23:38:38Z","last_seen":"2026-04-14T23:42:19.330707Z","times_seen":2043,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}