{"report_id":"9ab0ca33-fd6e-4100-8155-5a9157e48d66","version":6,"status":"done","tags":[],"date":"2026-03-09T03:48:31Z","url":{"schema":"http","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"172.67.152.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"title":"Verifikasi Pengguna","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"172.67.152.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-13T03:48:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-09","alert":"Sinkholed","trigger":"w4q5.aqox0.biz.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"w4q5.aqox0.biz.id","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-19","domain_rank":0,"first_seen":"2026-03-09T03:48:32.241431Z","last_seen":"2026-03-09T03:48:32.241431Z","alert_count":3,"request_count":3,"received_data":77495,"sent_data":1533,"comment":"","tags":null,"fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-03-02T04:56:47.471326Z","alert_count":0,"request_count":2,"received_data":815945,"sent_data":826,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"219c3c2c5b9eec3a0dfc99f88df7ee0b","sha1":"74569c7f9d6dd76133eb4ea87d7d699467a34dbc","sha256":"d0c8a6fee7ab0701aef0acdb32dfdb60e23f5630f6cbfd9823517bb90b901950","sha512":"bf44cf275f21321a81d94ecc391cd83c23fab8fe670ce3534ee54bd7731c3171ea91d873d9ba74c6ca3530288828a27f2262837fb216b4a3faf88c93cd68c5eb","ssdeep":"","tlshash":"729002466215985403515656643185b558a100961407a416411db5556688549893b866","size":49,"data":"","first_seen":"2025-12-04T07:13:52.621616Z","last_seen":"2026-03-09T03:48:35.944033Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-09T03:48:08.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aqox0.biz.id","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 21:27:33 GMT","end":"Wed, 20 May 2026 21:27:32 GMT"},"fingerprint":{"sha1":"2D:D3:12:B9:B3:B8:C6:07:41:7D:A8:08:07:C1:32:F2:EC:E4:3F:92","sha256":"AB:77:87:7E:08:44:05:D0:1D:0E:49:79:A6:90:DF:88:AC:56:BE:5E:42:03:6A:8C:0F:9E:A3:AF:7E:12:54:13"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: w4q5.aqox0.biz.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=c456ac0579159f9c611292fe7f184a43; js_pass=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 09 Mar 2026 03:48:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\npriority: u=1,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: blob: https: http:; font-src 'self' data: https: http:; connect-src 'self' https: http: ws: wss:; media-src 'self' https: http:; object-src 'none'; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self'; base-uri 'self';\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nserver: cloudflare\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WClaCMlCzj%2BM1vTzMjBEa9pQN0ZMbS37zfsEeiZRReVMmYkyD9H8wVIIvN%2BqEv%2Byq7tWSRtw1gyTt6jpDTO%2FTutdBjIhttRLryTN8dtRUSTY\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9d971a2ff83b5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20728,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (17677)","md5":"9b2af3300c9d862cd7286c6dc7c4942b","sha1":"12c7168ec87fe1c7d3a3aff18eb3c412cbef3013","sha256":"1cfa838011573179255c3e08888856fae75eb85fd315094f94c2993b23a0adfb","sha512":"daf632678bc0a5a0bcd1eeade1b0c4396b5d92abf7a177656bc6a8e5e0ac3a4f39a4c2f2b5eebdd0ebcccead35947087017d738e7954c499ca409889220dea5c","ssdeep":"384:tcuFkPpKMgLBbyHyL4pxjTrP8aD03JrcXaTBDnW6YqXdedxlfxdD0OVOqmcZSsMD:tcuWKMsyHyL4pxjTrP8aD0egtTYqXdeu","tlshash":"4092ec847ee0e6072b9f0f93ba12aee9d47e9d5a34613507b71cbacc2bd1206c295534","first_seen":"2026-03-09T03:48:35.92791Z","last_seen":"2026-03-09T03:48:35.92791Z","times_seen":1,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-09","alert":"Sinkholed","trigger":"w4q5.aqox0.biz.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w4q5.aqox0.biz.id/","date":"2026-03-09T03:48:08.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://w4q5.aqox0.biz.id/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 09 Mar 2026 03:48:08 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::2szn2-1773027554730-a9f59c8a804b\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 533\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UFkUbysPYFKdKJjpu7VdrXrNsMgBWxdjWQbI%2FFJETGXJjK0TJkjWVnbgmyTB7cybMcBcBvMVaLOvzxmLV3Iezl95aG8afAH92wBg1OC9h2rXMg%3D%3D\"}]}\r\ncf-ray: 9d971a308f360883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":19,"dns":2,"connect":1,"send":0,"wait":6,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w4q5.aqox0.biz.id/","date":"2026-03-09T03:48:08.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://w4q5.aqox0.biz.id/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Mar 2026 03:48:08 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::crrwr-1770516958843-e8a5a5e1e05a\r\nlast-modified: Sun, 08 Feb 2026 02:15:59 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 2511129\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tDeyq4AkM%2BfwTajW3ZsJdLs80RiI0emqBZrQsh0N2RG9GtRrB0waBG%2F6kIPu%2FXDWW2%2BplfiLuK4DC%2BLXSt79T6HY2YK6rYzM%2FnUFWN9GjRz5Dw%3D%3D\"}]}\r\ncf-ray: 9d971a30af500883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-04-04T16:33:27.185311Z","times_seen":28795,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w4q5.aqox0.biz.id/fcode/verifytouch@1.1.3.js","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w4q5.aqox0.biz.id/","date":"2026-03-09T03:48:08.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aqox0.biz.id","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 21:27:33 GMT","end":"Wed, 20 May 2026 21:27:32 GMT"},"fingerprint":{"sha1":"2D:D3:12:B9:B3:B8:C6:07:41:7D:A8:08:07:C1:32:F2:EC:E4:3F:92","sha256":"AB:77:87:7E:08:44:05:D0:1D:0E:49:79:A6:90:DF:88:AC:56:BE:5E:42:03:6A:8C:0F:9E:A3:AF:7E:12:54:13"}}},"request":{"raw":"GET /fcode/verifytouch@1.1.3.js HTTP/1.1\r\nHost: w4q5.aqox0.biz.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://w4q5.aqox0.biz.id/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=c456ac0579159f9c611292fe7f184a43; js_pass=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 09 Mar 2026 03:48:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 12478\r\nlast-modified: Sat, 03 Jan 2026 23:09:48 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\npriority: u=2,i=?0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: blob: https: http:; font-src 'self' data: https: http:; connect-src 'self' https: http: ws: wss:; media-src 'self' https: http:; object-src 'none'; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self'; base-uri 'self';\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nserver: cloudflare\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ujzatAXxK8WLuF84iQ%2FFvs0LxsPZLu%2Bojv3rbbfdb42cP0yKpUUfwxv6jDOec%2FUYcOfutySRRA85HvZ1Pdd84vNJGwGuRZBq2jihbsZSoP4K\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d971a3079065a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53898,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (53898), with no line terminators","md5":"c0f4d2281c21f17e4f54e069ee101014","sha1":"0facd38ec3c7455afe3588469cefd03622cae385","sha256":"bc2c334de7451d1b93b232aebdaa5de0dbbc8194dc9a6ce58e2501238cfa3677","sha512":"424a5c2d85df0b708aa930b2fd1c57009d91915d3a9c8c302a6e61847e6f23af3096a9c0a02b7b725c77e3c4d7f47939bd6db25040fa85074ab00e3e581fb90b","ssdeep":"1536:QC9UEH64gVtcYlrU+Ph8/xhvr1VAkPQplqfnblgmd9r7u89NcXj0EId4/WXFlGT1:Qa+rU+wSkKqfnhd9r683sg4/WXFlMd9h","tlshash":"d43355802bd1de0f2e9f4a83be265de5c53e7f1a248163078b4cfe8869e521bd14d971","first_seen":"2026-03-09T03:48:35.93654Z","last_seen":"2026-03-09T03:48:35.93654Z","times_seen":1,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-09","alert":"Sinkholed","trigger":"w4q5.aqox0.biz.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w4q5.aqox0.biz.id/","fqdn":"w4q5.aqox0.biz.id","domain":"aqox0.biz.id","tld":"biz.id"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-09T03:48:08.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aqox0.biz.id","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 21:27:33 GMT","end":"Wed, 20 May 2026 21:27:32 GMT"},"fingerprint":{"sha1":"2D:D3:12:B9:B3:B8:C6:07:41:7D:A8:08:07:C1:32:F2:EC:E4:3F:92","sha256":"AB:77:87:7E:08:44:05:D0:1D:0E:49:79:A6:90:DF:88:AC:56:BE:5E:42:03:6A:8C:0F:9E:A3:AF:7E:12:54:13"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: w4q5.aqox0.biz.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"5dd18fcdd3118cf6520236e9f88ec979","sha1":"50c9dece974c98d9d1d9da617aad6c2fe405e346","sha256":"2cc65f0edc0800470319595cf9413fba1beb6ed545baa83430ae31b5bb78d4e3","sha512":"04dfdeb31c2d12822c8a81375bd2eb27b16951bff1e1f97b8eea039c3c5af0f2a0176e2c65015ad438e17d3ee2cff0ec17e05e4455c53dcf3e5b80e2423df8ca","ssdeep":"","tlshash":"03a022822e00c80003800a023030c0bc0ca00082080be002008cb00222882ca8c3bc22","first_seen":"2025-12-04T07:13:52.619687Z","last_seen":"2026-03-09T03:48:35.940731Z","times_seen":3,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":37,"dns":20,"connect":1,"send":0,"wait":64,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-09","alert":"Sinkholed","trigger":"w4q5.aqox0.biz.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}