{"report_id":"8f6f9ff7-3d66-4439-a7e6-ddd20da26649","version":6,"status":"done","tags":[],"date":"2026-03-07T17:56:00Z","url":{"schema":"http","addr":"calliamnz.online/","fqdn":"calliamnz.online","domain":"calliamnz.online","tld":"online"},"ip":{"addr":"52.72.49.79","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.7695-alllnz-carrdllf.st/alianz","fqdn":"www.7695-alllnz-carrdllf.st","domain":"7695-alllnz-carrdllf.st","tld":"st"},"title":"7695-alllnz-carrdllf.st/alianz","dom":{"size":19010,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (19010), with no line terminators","md5":"4ac39336b6810fa823871072e9c064d2","sha1":"cb5e5c49e52912a36c99fa5edf5017c92cc17bf3","sha256":"5d91eb46ebd7fd253731d716d6f8260bab403c8bc0bf87f9f5c0c4f06e0c5d83","sha512":"96c48fd4a8308bffce21e9882b4d8a841156686f7caadf9a5b95c544733291234dbad5474d11188cd9d39b1e48c5822ea9959f40b3b787fc6a5139f480ddf0b8","ssdeep":"96:H5rsD0r6pV+CZXUgpk5POtQwb/4P4lHFj5OvMaST2GbSTFSMjSTCOu:SDH9XJ4P4lHFj2oMkO","tlshash":"74829ee17dd28c38f54516c8f0b1ea29a1d3f69bdce3d884e9d412f827caa94750d1a8","dom_hash":"domhash7625da211e2459b58c33fe71fe63a1d0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"calliamnz.online/","fqdn":"calliamnz.online","domain":"calliamnz.online","tld":"online"},"ip":{"addr":"52.72.49.79","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T17:56:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"www.7695-alllnz-carrdllf.st","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"www.7695-alllnz-carrdllf.st","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"calliamnz.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.7695-alllnz-carrdllf.st","ip":{"addr":"45.156.87.145","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":1732,"sent_data":1004,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"calliamnz.online","ip":{"addr":"52.72.49.79","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2026-03-03","domain_rank":0,"first_seen":"2026-03-07T17:56:00.453282Z","last_seen":"2026-03-07T17:56:00.453282Z","alert_count":1,"request_count":1,"received_data":319,"sent_data":485,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.7695-alllnz-carrdllf.st/alianz","fqdn":"www.7695-alllnz-carrdllf.st","domain":"7695-alllnz-carrdllf.st","tld":"st"},"ip":{"addr":"45.156.87.145","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T17:55:38.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"7695-alllnz-carrdllf.st","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 04:54:06 GMT","end":"Fri, 29 May 2026 04:54:05 GMT"},"fingerprint":{"sha1":"E2:76:3C:4B:3F:15:9C:71:D5:16:FF:76:DD:AD:1D:EB:FC:11:92:7C","sha256":"2C:66:BF:10:8C:75:FB:31:A6:CE:B6:BB:76:1D:28:38:19:ED:F0:D9:66:48:17:79:B6:2D:0E:C7:5C:66:9C:AF"}}},"request":{"raw":"GET /alianz HTTP/1.1\r\nHost: www.7695-alllnz-carrdllf.st\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 07 Mar 2026 17:55:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-DNS-Prefetch-Control: on\r\nStrict-Transport-Security: max-age=63072000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nPermissions-Policy: camera=(), microphone=(), geolocation=()\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self';\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"9d2271c23a3515cd6516800e80a496b6","sha1":"caaa35b8fedd368c00282a6e999708e6c7dbf3b8","sha256":"75dbb200786805a0d4547506e6bcb9596dc043fdb68b2b4e43e8f49e2294d602","sha512":"9cde5df7f086560d5a38e0151d4b1159206827367cbc5a84bc79addcea2669519649afa9ac072901594d8902107a335ce1b2f6ebe7d1baff4673f94416cd64a6","ssdeep":"","tlshash":"89a0112eb3b0bc88022382823822280a20a08200830a228cc8ca320cab000e020b200a","first_seen":"2026-01-25T05:53:39.095136Z","last_seen":"2026-03-14T20:40:56.06555Z","times_seen":3,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"www.7695-alllnz-carrdllf.st","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"www.7695-alllnz-carrdllf.st","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"calliamnz.online/","fqdn":"calliamnz.online","domain":"calliamnz.online","tld":"online"},"ip":{"addr":"52.72.49.79","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T17:55:38.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"calliamnz.online","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 17:41:29 GMT","end":"Mon, 01 Jun 2026 17:41:28 GMT"},"fingerprint":{"sha1":"09:EA:F3:A6:4F:CD:BF:29:9E:39:CA:5E:9F:E0:8C:83:E9:81:72:BC","sha256":"A5:28:26:B9:D7:E2:7E:21:C3:60:15:3F:65:6F:B4:00:8A:F2:B9:6D:65:7B:A3:10:33:3C:C6:2F:29:83:57:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: calliamnz.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 17:55:38 GMT\r\nlocation: https://www.7695-alllnz-carrdllf.st/alianz\r\ncontent-length: 0\r\nengine: Rebrandly.redirect, version 2.1\r\nstrict-transport-security: max-age=15552000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":83,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":775,"timings":{"blocked":340,"dns":141,"connect":95,"send":0,"wait":95,"receive":0,"ssl":100},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"calliamnz.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.7695-alllnz-carrdllf.st/alianz","fqdn":"www.7695-alllnz-carrdllf.st","domain":"7695-alllnz-carrdllf.st","tld":"st"},"ip":{"addr":"45.156.87.145","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T17:55:38.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"7695-alllnz-carrdllf.st","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 04:54:06 GMT","end":"Fri, 29 May 2026 04:54:05 GMT"},"fingerprint":{"sha1":"E2:76:3C:4B:3F:15:9C:71:D5:16:FF:76:DD:AD:1D:EB:FC:11:92:7C","sha256":"2C:66:BF:10:8C:75:FB:31:A6:CE:B6:BB:76:1D:28:38:19:ED:F0:D9:66:48:17:79:B6:2D:0E:C7:5C:66:9C:AF"}}},"request":{"raw":"GET /alianz HTTP/1.1\r\nHost: www.7695-alllnz-carrdllf.st\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 07 Mar 2026 17:55:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-DNS-Prefetch-Control: on\r\nStrict-Transport-Security: max-age=63072000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nPermissions-Policy: camera=(), microphone=(), geolocation=()\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self';\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":83,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"9d2271c23a3515cd6516800e80a496b6","sha1":"caaa35b8fedd368c00282a6e999708e6c7dbf3b8","sha256":"75dbb200786805a0d4547506e6bcb9596dc043fdb68b2b4e43e8f49e2294d602","sha512":"9cde5df7f086560d5a38e0151d4b1159206827367cbc5a84bc79addcea2669519649afa9ac072901594d8902107a335ce1b2f6ebe7d1baff4673f94416cd64a6","ssdeep":"","tlshash":"89a0112eb3b0bc88022382823822280a20a08200830a228cc8ca320cab000e020b200a","first_seen":"2026-01-25T05:53:39.095136Z","last_seen":"2026-03-14T20:40:56.06555Z","times_seen":3,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":61,"dns":15,"connect":19,"send":0,"wait":115,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"www.7695-alllnz-carrdllf.st","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"www.7695-alllnz-carrdllf.st","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}