{"report_id":"984bcbf4-bc8f-4afd-b3a5-685c312cc49b","version":6,"status":"done","tags":[],"date":"2025-11-30T20:24:04Z","url":{"schema":"http","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"104.21.32.236","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:neterror?e=dnsNotFound\u0026u=https%3A//sandbahn.com/x/dl%3Fp%3D1473%26clickid%3D%26siteid%3D\u0026c=UTF-8\u0026d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20sandbahn.com.","fqdn":"","domain":"","tld":""},"title":"Server Not Found","dom":{"size":7941,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (500)","md5":"d22b31bf7ec97533fcd08751ee067434","sha1":"67ce9d9fc48e83ac95b06652c1d8b4805823bcdf","sha256":"c8a08d74f3b6817b53232edb8c7e1317adde97bb53c76e77a8cbd85872f722fa","sha512":"b2c84f637da54020fc8310c73ac5b99fd973a3a13585a920ec0b20839dab08889759d39ad9222470e1f0a40760df4ac497608438744c6f017e1554d2b0cc3309","ssdeep":"96:rIPfVVvtARPy48S8k45USz+45RaIkata89+RzydNAIl9+kex8KdRonI7B1g/M:rIlZeRPyfS8LUSZRa2b9wm7I98IT","tlshash":"d0f162a862fa0d2b819386e938db7409bd01d297d35c24e5bf6d45f10fc7d61980f19b","dom_hash":"domhashc59d69afccb598c37df8c553a509577e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"104.21.32.236","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-04T20:24:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"8.pexeburay.com","ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-11","domain_rank":0,"first_seen":"2023-07-03T14:06:49Z","last_seen":"2024-12-21T15:30:47.379876Z","alert_count":16,"request_count":4,"received_data":113156,"sent_data":1868,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"kuolkoola.com","ip":{"addr":"172.67.195.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-20","domain_rank":47044,"first_seen":"2025-05-08T22:43:24.287422Z","last_seen":"2025-11-26T16:03:03.812603Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":498,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sandbahn.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2019-01-24","domain_rank":0,"first_seen":"2019-01-25T19:31:07Z","last_seen":"2025-11-27T12:22:02.624656Z","alert_count":1,"request_count":1,"received_data":0,"sent_data":544,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-04T02:04:14.551049Z","times_seen":365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"874284ead54c8ffa4e8ca6a19ad2ea46","sha1":"082afd1969f0efb91b43e83da5dfab345a2229d3","sha256":"4534c4f314ffebff83310b8e427675194e1e7424107cd41c2213226eb0ae7c56","sha512":"f8b2ed8210ac7f37ccda6f218c367902f003c61b4f6a2ac36b9a402570b9a5153a7e67caaefa779961bea5f75a67beeab2f2001d5c70e1739b85a3c81f023288","ssdeep":"","tlshash":"7c51e3bb48a712711ab751a64b1fb714356700771488dc01bface7047fa897b9125be8","size":3165,"data":"","first_seen":"2025-11-30T20:24:04.884702Z","last_seen":"2025-11-30T20:24:04.884702Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"062fd9276b8b132d729ec1c6d5d16971","sha1":"1dc9655168c0ef28f5388e9d1d544e999b6b25ef","sha256":"c8e63197ad2336ed35f59f35b74bd0c7d3baa9c06b17c811f2c8ea211bae663f","sha512":"c77f1174a048402ab4e87d12da172225f44b37269cffaf1b30593badda1dcd24f2a09254bd9be566dbc87d524af8880caeee8f826dbd210eb2cec9b818f0e7ed","ssdeep":"","tlshash":"0ac02b2e3480033c800303c9064ed2b07a239c320d818000387e53c15fd0c03c4482ee","size":155,"data":"","first_seen":"2023-04-07T14:49:21Z","last_seen":"2026-03-22T14:49:28.748151Z","times_seen":209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e8d92218ee3ebc50c02807f95053e1d","sha1":"471165c67069eb5e4a1a96bf3de5f2da1c8a1dff","sha256":"a7f50ca9fb45ef36eadc0461fd33f27d2f3032fcec793bcc869c43dba2b5bb73","sha512":"16db7c18eed45cc8d9339de68619a7014c18d80c7b2c813be30bf912e30c7f43a01272920e133025342e6ff76667232b6222b2286baa9e455f669a8d3e89d0ff","ssdeep":"","tlshash":"8801b4091af3545767cf68e3de4ea48c615a82db4286bf03fe0d728cdf2d4a9ca41135","size":695,"data":"","first_seen":"2023-03-07T16:08:17Z","last_seen":"2026-03-22T17:32:45.488241Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/199f8c6.php?utm_source=\u0026utm_campaign=","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","size":43506,"data":"","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0#","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d299fc4158f5ee271d32054f20c567b","sha1":"f7a0862ea30145dcb0a90604dd7898a40e53feb1","sha256":"c9ab2db9b28f51129edfd2aff30ad067245bd34b028991e08f56f7c947f60495","sha512":"cfd527d72368746c57394fde01a5bf34d2a2c64db14d77c41a73f02bd063c5d3a89edb8042774ec98a11cd77e5790004e4fd1d34025976df1dc2bcf49a1fc7bd","ssdeep":"384:hEO8LLwmwafzrI9INlsGx51lVEG42vx6jOv:2HLFNfaelsGL1l+G42vd","tlshash":"6ad26e1c8bf230b9a67fa17ea25f681478e3717b4084d501f5cd92406fd9a43c9ba6e8","size":30513,"data":"","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-04T02:04:14.551049Z","times_seen":365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0#","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"b65f134086b6517532dd42b3b6a1f86a","sha1":"45c2ccdaa4d730fc338059dfe12bf10e4a3ce6fa","sha256":"7a61efe5742dfe3e805d202026fc0c1f388870a5d49a01cfe488d0f044ba50cf","sha512":"4dda34f4de5c6d1b7c72c4c3bf63f342d6aa586f0da6248fafce598a4346e5d33d4aab0e52830f4e69580596b3a0a9b605cf70efb7e1132837bb88e164ee4190","ssdeep":"","tlshash":"cb5103bb48a712711ab711a64b1fb714352700370488dc01bface7047fa893b9125be9","size":3165,"data":"","first_seen":"2025-11-30T19:21:26.68045Z","last_seen":"2025-11-30T20:24:04.886894Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"8.pexeburay.com/favicon.ico","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8.pexeburay.com/index/m3?diff=0","date":"2025-11-30T20:23:41.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 8.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 20:23:41 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"636262bc-1007\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6QX7AeaMD0FABitykP0boE9ndDV4f6t7M7Je77zCvqMAMAAN%2FvrXib9lIZZ%2FtZLH9nYWn3VJlOLWSnshHyeaDPCCcKuAUWcrQXD5dU0%3D\"}]}\r\ncf-ray: 9a6d1065bf6d5691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4103,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4cdf3256cd7b8ec3917adb79d6bf457e","sha1":"bc615337e9223183a126c8fb649774866fb53e69","sha256":"fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0","sha512":"2bcd90a667b80393690e244a979e36e9f482b419e52302571a41412aac296aac1d58f81787b38d00a00257dca8bd3dce7cfe6ab8ef12aa3a91e0801ee3c3f21a","ssdeep":"96:LSDZ/I09Da01l+gmkyTt6Hk8nT2JCkun8i01FZZN:LSDS0tKg9E05T23un8h5N","tlshash":"2e818daf99b0d47f7938fa400dce8281e279256c197637ad94e5c5ee00a7b031bb0232","first_seen":"2023-04-08T14:37:37Z","last_seen":"2026-04-05T06:05:37.480303Z","times_seen":8551,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kuolkoola.com/77777","fqdn":"kuolkoola.com","domain":"kuolkoola.com","tld":"com"},"ip":{"addr":"172.67.195.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://8.pexeburay.com/index/m3?diff=0","date":"2025-11-30T20:23:42.802Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /77777 HTTP/1.1\r\nHost: kuolkoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://8.pexeburay.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 192\r\nOrigin: https://8.pexeburay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sandbahn.com/x/dl?p=1473\u0026clickid=\u0026siteid=","fqdn":"sandbahn.com","domain":"sandbahn.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-30T20:23:42.933Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /x/dl?p=1473\u0026clickid=\u0026siteid= HTTP/1.1\r\nHost: sandbahn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8.pexeburay.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"sandbahn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/index/m3?diff=0","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-30T20:23:41.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /index/m3?diff=0 HTTP/1.1\r\nHost: 8.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 30 Nov 2025 20:23:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=su2InkeinN1zp9GCAzTEmGT3ZisaDVLK6YWB5cWldT%2FvsaEg3uqjIT5GU7cMMi7LXgRqCeFY%2Ba1XzZnUXwqD%2FCAc7%2BU9YMSdkX%2FF7xU%3D\"}]}\r\ncf-ray: 9a6d1061fd9f56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56275,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12693), with CRLF, LF line terminators","md5":"c8be24ed89d03820f51b6e45bac26d33","sha1":"621f5477211170bd9a0ef437167e3fa60451763e","sha256":"08b773568e13724fbefd510c1e63cecff5470bb83611e0e28dc5f532924dbeb3","sha512":"36660df7a926ba64152ceaf954d37421a60b9ceb902a519c724cc7a32d33b4809bbcdb3ff1e28444e4c89bcb7f19e68cd2ff6af306742a50e9979c52f520db48","ssdeep":"768:0gLFNfaelsGLhO9e4NvraHEF2oGgDa8pbkK4k:0gxNCehhMfD2otDDkK4k","tlshash":"00436c2e8a4231555037d7bae79b2e0cfea7427741818446fedc9200aff5942c9a6fdc","first_seen":"2025-11-30T20:24:04.881801Z","last_seen":"2025-11-30T20:24:04.881801Z","times_seen":1,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":159,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/assets/styles/arrow.css?v1","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://8.pexeburay.com/index/m3?diff=0","date":"2025-11-30T20:23:41.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /assets/styles/arrow.css?v1 HTTP/1.1\r\nHost: 8.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 20:23:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 02 Nov 2022 12:29:48 GMT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\netag: W/\"636262bc-1a14\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hZMhjUeEZgPVNb7RltwJYmwf2P8c0UROE6sHBCBgtSNKfMe3eSHga2sW3Z3SqUQa3byvn9Us9j8BYngtRR48SQkaSqUK%2FJmPfDuLJT4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a6d10643f5d5691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6676,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ed4a61ae7235d0e7573766e78dd3fc02","sha1":"090b5cdab4ff3a3b87f491da06b4db99a8c51694","sha256":"ca50536990b949c20119f3134582c654fcd14fabce2517bbc5255fba7faa881b","sha512":"c2d58441829ea6697f14e85f01e1d0c006b6460cd110969578263423016232f407b40490eb5dfde4fbe02e47ac1e19c8db508b8fc0c7fea7a28920c0ad573165","ssdeep":"192:jKRrDP7WWP/8O+t6cjfwZVMLLmmGTA3P8JsRYJbwAzXJtMzZzINvOQpsLr6O:Y3MLLmmGTA3P8JsRWbwAzXJtMzZzSvO9","tlshash":"94d173236a5e2c46a05ed898efd09f4e261f41d7664f8c99fd80340d9fc89a48996f8c","first_seen":"2023-04-05T16:38:07Z","last_seen":"2026-04-04T02:04:14.539686Z","times_seen":391,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8.pexeburay.com/199f8c6.php?utm_source=\u0026utm_campaign=","fqdn":"8.pexeburay.com","domain":"pexeburay.com","tld":"com"},"ip":{"addr":"172.67.188.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8.pexeburay.com/index/m3?diff=0","date":"2025-11-30T20:23:41.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pexeburay.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 05:24:41 GMT","end":"Mon, 12 Jan 2026 06:23:15 GMT"},"fingerprint":{"sha1":"2B:0E:FA:A1:55:3A:3F:0F:15:BF:9B:C4:8A:5D:9D:A7:CA:DC:25:80","sha256":"F6:AC:C7:B2:D9:18:13:6E:8D:C7:4D:AF:E5:62:92:CF:A6:3D:A4:7D:A2:18:AF:F7:32:4E:9F:18:62:FD:7B:C3"}}},"request":{"raw":"GET /199f8c6.php?utm_source=\u0026utm_campaign= HTTP/1.1\r\nHost: 8.pexeburay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8.pexeburay.com/index/m3?diff=0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 30 Nov 2025 20:23:41 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SWFCx1EZSiIGOEWuFD5biuYAFkgLuESm1a0sp3Ww8HLNRfy2RtDF3bKeoBP5%2FMyWn9lo47Oua4Fk0h%2BQiubdrQrIBvevYGoprYf%2BsEM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a6d10647f635691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43506,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43458), with no line terminators","md5":"cce286a76c98655126ff55a5d756c2b9","sha1":"99eca2b5d02d57a7f6450cbdf902687ba16826d8","sha256":"9f3ad4589604825d80a022d66034f12bb86487f9215ecddc1f14499c7878f362","sha512":"2cadbc7194d6c75db3d962d25886f6c7aa1bdb8ba2ba7f8f9b23f8731862186dea096c7f3cb823f57c2d7fc10c302902d3ca2600642924039847e608deb53add","ssdeep":"768:jCEb5lCr9FbMv1gEEGZ2iPJT4VH4qiWDHV/8wUz:/AqJs14SDHV/8zz","tlshash":"20132c9932927025726ea9e1537f270af37e691748b55c00c603f8803a24edef227f9d","first_seen":"2025-09-06T15:06:29.605554Z","last_seen":"2025-12-03T12:51:21.521007Z","times_seen":212,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-30","alert":"Sinkholed","trigger":"8.pexeburay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}