{"report_id":"a0cee112-52e3-4bed-bc42-67f5f987ca8d","version":6,"status":"done","tags":[],"date":"2025-09-22T21:29:25Z","url":{"schema":"http","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"title":"로그인 | 헬카이브"},"submit":{"url":{"schema":"http","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-27T21:29:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"hellkaiv.net","ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-11","domain_rank":0,"first_seen":"2025-09-22T21:29:26.176895Z","last_seen":"2025-09-22T21:29:26.176895Z","alert_count":12,"request_count":12,"received_data":240284,"sent_data":8219,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:1.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"hellkaiv.net/js/placeholders.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d0203a3f2329c7375e057bcab052149","sha1":"3158adabd1844b531abf5bf9d196a9b08d0e24b9","sha256":"980b7c3657c19191a6eec108682f5d3dcb01c1c30a6ce4d379ab53db82549b13","sha512":"11761a83754d468e84d92aeb318de22e5ac4564780c7c5c51442fe8a6b8c4b9423228fa8ecae2307632611c4f9ada97b582f8aa288f48db19bd22fdb23dc2f25","ssdeep":"96:LeFKvsJcQH3ojWadgRA7C3rMpZtgPrUGvERRjPMvG:Le7cQH3Hadg/3GzavERhPMvG","tlshash":"56b1947e324677731da305e9f8abdc85b870a3f6b50b4c60e0a4e452393cce956b6d48","size":5103,"data":"","first_seen":"2023-03-07T01:16:17Z","last_seen":"2026-04-05T02:14:11.601283Z","times_seen":1633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery.menu.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f73efbc557fa24cd124e50e28a105ba","sha1":"6b6684e25cb8aa3e54683c6484799cfffdf1912b","sha256":"f07c41c8bcf1fbd4a888c6ba42b2f2f6096fd364f65e027b3ea07fd47fc773e3","sha512":"f1be234804b3cf4f36ef75c2a913577573519b0eb134be1931707da1929423227937a4144eb065e20d4d73ea3f59f2a38b07b3650fefd5eea637de8978174681","ssdeep":"","tlshash":"1e516a8cf61e92a544fb23226f2a5489db72061bc54a9f10bdbce8d10f7c5931094fbe","size":2930,"data":"","first_seen":"2023-03-07T21:32:43Z","last_seen":"2026-03-31T22:02:26.638662Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery-migrate-1.4.1.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7121994eec5320fbe6586463bf9651c2","sha1":"90532aff6d4121954254cdf04994d834f7ec169b","sha256":"48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d","sha512":"b74a2f03c64e883b9a34de43690429327dfb4aa230a7a6afca8150a16e3d84e98461245ff264c26368d9904562cc34fe219f71f951d364fa5c68c039b76776cd","ssdeep":"192:kZrk/GNyd31svs7wkX8KzJcqSDdAcHX4YE5NLR:srhNyNO0kkMKzFSDdAcIYwLR","tlshash":"2e22c79db29a70625fba35f8617fc11b717a94fc2118d9e4a08c8ed1387dc9d403ab39","size":10056,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-05T04:56:24.923077Z","times_seen":42735,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6dacf42081054d6b7aad5a4bc18bfdd9","sha1":"236c849fba1dbabacbe1ebb9557cd98d621482df","sha256":"a7de5aa493ebb64fa5e38114de96eb44167bd1763d1d1a47cc9db3073c01220e","sha512":"a5f78165a3da3dd5960de2234e78ff8219ac6c702d216c2b08a0f414efb8aedc9df286e6f38e0f69b0d569dabccda3a64bf80592d3449c9d21cf5915fa5e7229","ssdeep":"","tlshash":"92e0ecd3e15ced561202344d99cf6441edc2987891e2c25fbe4ec388530289f19fea1d","size":317,"data":"","first_seen":"2025-09-19T20:59:26.170317Z","last_seen":"2025-10-10T03:05:12.344938Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7fcf7b7e1f05b19e7114d27409549180","sha1":"d778b90e4e9c25951b5adcc228d970738d838363","sha256":"d09f90954e918161296eb5be28913fc3f0df059a5ab5d5967a7463e7a8756523","sha512":"933e6b99437ab3864c338d7a3bf2b267d24fe0c2c187eeea68f74dfabe5c51cfd64f8046710b6746f772cd7f42639695263ba7135db5b0afbfe6ec5225129da6","ssdeep":"","tlshash":"17f0a29898ffd7a6406ba5164cea8119722d50034a1986dc7cdc0bd0df00175845df69","size":588,"data":"","first_seen":"2023-07-19T19:26:03Z","last_seen":"2026-03-14T19:40:56.187143Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery-1.12.4.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","size":97163,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T04:34:34.084353Z","times_seen":67375,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/wrest.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2311ba719829adb363d3436deaa6e6f6","sha1":"71588cf5112818a86cc1afa025b04da937ad6f28","sha256":"c995f012d1a9994e1edfe4534e6249a2f7445ffea04a31a0ea400a475ca5e8ec","sha512":"136c37cef4c4dbd8764fe5d925d37e29ee9a0f4c153144e2ef30e0daeaf9d345c4f26474b64c1433cb51d50c402bf3b093c18a8f2741f7ea0669dc3a96fbe6e3","ssdeep":"192:SGz1IUaH4xKNWOAsOK20KIrKDTLKS7KafaypKzZK7vFdBPGDDWKD6AKocHKHsKqx:v/uncxnvBlr","tlshash":"863252add8ab28b5ab8314394afaa49d3b25d7334505c540bc4dc701cf94f7212e6bee","size":11096,"data":"","first_seen":"2023-03-07T01:29:36Z","last_seen":"2026-04-05T02:14:11.65706Z","times_seen":2982,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"e0cac5410845456b2c2839d64c0ccafb","sha1":"b32dcce9c12e8b8b6410328c77d515d5ca1226a2","sha256":"2d625d2603be5b879296d815dd30a232d10af89003a8e68d17caa36e83786b24","sha512":"9a23c989cb91450d313c24ac58e8b3782833ace16da934a7edaf8d488e505c3dbe4e2ce746d1d1d8cfb7d179b5df40f318d53498f09f3fa183095415c5e9b5d9","ssdeep":"","tlshash":"8c8000a008aa83820288822202028c00a00ca0200888ce08a0ac0a2a280e8a8803c020","size":27,"data":"","first_seen":"2023-05-06T04:41:08Z","last_seen":"2026-04-02T19:43:57.193306Z","times_seen":430,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/common.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"04420a2136ecde04ed314fbf7b756438","sha1":"e33ec77fa4455f84c4b85ed329beaaa307009d2c","sha256":"1b0ee3d84aef4f649bc8eb368a35c415b0e84eb45905a49c5d87c922fe968f2f","sha512":"2878971439957bdc155a5997e008d1a0532aa7810f96e71c4f5b981e0a54b5e2e6f3d64c788352ecdce5795451271e4509b28e32183d312dcfe4d91011ca02d9","ssdeep":"384:VA1YiyiFiWPKh7NW+7FYYRYtcDD/T+wAMreQMKzpkFdL8N:VADb0WP8FnYtcDD2meQgLY","tlshash":"c592b65db4f704a55077793daf6fa10830719823160ece087f1c8be05fa8666a1e6bed","size":21036,"data":"","first_seen":"2024-11-21T12:58:54.29181Z","last_seen":"2026-03-27T01:59:31.554418Z","times_seen":102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"hellkaiv.net/favicon.svg","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 447\r\nlast-modified: Fri, 12 Sep 2025 17:10:11 GMT\r\netag: \"68c453f3-1bf\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7e10d091a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":447,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2f1bf17b285d5158c4b0801c49f21b76","sha1":"a251eb0bf9e1a0fa25762394adffaadde4c96860","sha256":"4ce5e3d85bb7d826b3f38a8e8d0ca1384c21ede082e42151db4ca41429e6fcb9","sha512":"e86e25202d2b537fb08f03961460005eb89e164a4ebf747e59d09fbf576d62d50a2f81bdf7885227349f33e036e9704c8421cd1aac98f1c2310c626e1275bc06","ssdeep":"","tlshash":"faf0e550b1dcd42dc100860d0aa869e832c7f0838f4d0214f896792edeb59c3bce63ad","first_seen":"2025-09-19T18:33:22.251234Z","last_seen":"2025-10-10T03:05:12.133478Z","times_seen":9,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T21:08:58.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\np3p: CP=\"ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC\"\r\nexpires: 0\r\nlast-modified: Mon, 22 Sep 2025 21:08:59 GMT\r\ncache-control: pre-check=0, post-check=0, max-age=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000;\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-xss-protection: 1; mode=block\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; HttpOnly; Secure; Path=/\nPHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; HttpOnly; SameSite=None; Secure; Path=/\n2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D; HttpOnly; Secure; Path=/; Max-Age=86400; Expires=Tue, 23 Sep 2025 21:08:59 GMT\r\ncf-ray: 9834c7dc2d1e0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:1.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3955,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3a19d65bf78bea87f4fdb4cd1f6ca620","sha1":"5cf8b763bba6c79eb645f928eda4e5a815e8a67f","sha256":"f1ffa6c23ec2cc4478f5d4e058af9f45efb400c9aca248f112f79c18d715d697","sha512":"87a37e3b2aa433019decd7777bf50c121b054e3ec1b3b42b7c2a4ad5281d55f81fdf585682cc6a56ac795a67de93457de13871101f567a3ab2f3478f6074df11","ssdeep":"","tlshash":"df8155632db8d967034640945eea61199b8dd00b91c2c50cf5fc83905f42fee66f796c","first_seen":"2025-09-22T21:29:35.917863Z","last_seen":"2025-09-22T21:29:35.917863Z","times_seen":1,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":26,"dns":5,"connect":1,"send":0,"wait":168,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/theme/basic/css/default.css?ver=2303229","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /theme/basic/css/default.css?ver=2303229 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 11 Sep 2025 06:34:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5e-6b45\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcbc1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27461,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e99c775f3db5ae321ccc6eb079e8d99b","sha1":"c78941e6a3a48205a05308d520d3eb34641c72f8","sha256":"8c6db11a3c2d3acf28ee4224a4dedf47391d00151aca4b7673fbc2832fa67164","sha512":"0806ff7a573d4ca3b0ac936713a9ec3fefb7848b53d0a7a29d0b15e0100942cbcc2b3bbd186ee37999d94439970c13f8c9b66b24e87f697a396ac67533d0aff6","ssdeep":"384:6Oqwgm9D7SAulJyZPosZT2uGoDJ8AU7HNvxZqh79IlovaLBdsga1JsX:xge7S+T2IDJYNvrM79Ilovaddsga1KX","tlshash":"60c2a83163905114b12bd271bd90ffde3078d036e0571a7eeb95bb75ca8e4ea0a32b49","first_seen":"2025-09-19T18:33:22.217425Z","last_seen":"2025-10-10T03:05:12.165826Z","times_seen":9,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/skin/member/basic/style.css?ver=2303229","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /skin/member/basic/style.css?ver=2303229 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 11 Sep 2025 06:34:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5e-5385\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcbe1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21381,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"bf2a81f7f432f076efca6fa636abb135","sha1":"7dacb83cec7218f69a894074ae4b5c2c6d9f9516","sha256":"720fbf742ec232219ff36e42dbdd614435dbb4210a23c3ec28c9db7dd71327a3","sha512":"d73fe9a92211ac6bc745e6b78dd1a59e8e0dca44c75c00d69cdbe1e93004bfc79035e2f2320b0fea411db1f2a44d58518160e8a5d993d7cbf3215ee3ce626642","ssdeep":"192:UA9YWprpUpKIF5gsfctoPTDrNJVM/TiDdVXBhpEfbR6Sv8pJ2Pzl1NRTRsH/W1gD:X9oH8UqkvdF/hKvyEHjGvpN5V","tlshash":"a2a2c931a7541126b03be277bd907be93c857015a01f5a7aeb963b38cc8b46b1b7234d","first_seen":"2025-09-22T21:29:35.922402Z","last_seen":"2025-12-18T04:04:03.483051Z","times_seen":4,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery-1.12.4.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/jquery-1.12.4.min.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-17b8b\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcbf1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97163,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32077)","md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T04:34:34.084353Z","times_seen":67375,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/common.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/common.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-527a\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7df3cc81a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21114,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (494)","md5":"04420a2136ecde04ed314fbf7b756438","sha1":"e33ec77fa4455f84c4b85ed329beaaa307009d2c","sha256":"1b0ee3d84aef4f649bc8eb368a35c415b0e84eb45905a49c5d87c922fe968f2f","sha512":"2878971439957bdc155a5997e008d1a0532aa7810f96e71c4f5b981e0a54b5e2e6f3d64c788352ecdce5795451271e4509b28e32183d312dcfe4d91011ca02d9","ssdeep":"384:VA1YiyiFiWPKh7NW+7FYYRYtcDD/T+wAMreQMKzpkFdL8N:VADb0WP8FnYtcDD2meQgLY","tlshash":"c592b65db4f704a55077793daf6fa10830719823160ece087f1c8be05fa8666a1e6bed","first_seen":"2024-11-21T12:58:54.29181Z","last_seen":"2026-03-27T01:59:31.554418Z","times_seen":102,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/wrest.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/wrest.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-2b58\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7df3cc91a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11096,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"2311ba719829adb363d3436deaa6e6f6","sha1":"71588cf5112818a86cc1afa025b04da937ad6f28","sha256":"c995f012d1a9994e1edfe4534e6249a2f7445ffea04a31a0ea400a475ca5e8ec","sha512":"136c37cef4c4dbd8764fe5d925d37e29ee9a0f4c153144e2ef30e0daeaf9d345c4f26474b64c1433cb51d50c402bf3b093c18a8f2741f7ea0669dc3a96fbe6e3","ssdeep":"192:SGz1IUaH4xKNWOAsOK20KIrKDTLKS7KafaypKzZK7vFdBPGDDWKD6AKocHKHsKqx:v/uncxnvBlr","tlshash":"863252add8ab28b5ab8314394afaa49d3b25d7334505c540bc4dc701cf94f7212e6bee","first_seen":"2023-03-07T01:29:36Z","last_seen":"2026-04-05T02:14:11.65706Z","times_seen":2982,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/font-awesome/css/font-awesome.min.css?ver=2303229","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/font-awesome/css/font-awesome.min.css?ver=2303229 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-7918\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcbd1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-05T05:26:25.288381Z","times_seen":237036,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":171,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery-migrate-1.4.1.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/jquery-migrate-1.4.1.min.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-2748\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcc01a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10056,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9959)","md5":"7121994eec5320fbe6586463bf9651c2","sha1":"90532aff6d4121954254cdf04994d834f7ec169b","sha256":"48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d","sha512":"b74a2f03c64e883b9a34de43690429327dfb4aa230a7a6afca8150a16e3d84e98461245ff264c26368d9904562cc34fe219f71f951d364fa5c68c039b76776cd","ssdeep":"192:kZrk/GNyd31svs7wkX8KzJcqSDdAcHX4YE5NLR:srhNyNO0kkMKzFSDdAcIYwLR","tlshash":"2e22c79db29a70625fba35f8617fc11b717a94fc2118d9e4a08c8ed1387dc9d403ab39","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-05T04:56:24.923077Z","times_seen":42735,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/jquery.menu.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/jquery.menu.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-b72\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7defcc11a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2930,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"9f73efbc557fa24cd124e50e28a105ba","sha1":"6b6684e25cb8aa3e54683c6484799cfffdf1912b","sha256":"f07c41c8bcf1fbd4a888c6ba42b2f2f6096fd364f65e027b3ea07fd47fc773e3","sha512":"f1be234804b3cf4f36ef75c2a913577573519b0eb134be1931707da1929423227937a4144eb065e20d4d73ea3f59f2a38b07b3650fefd5eea637de8978174681","ssdeep":"","tlshash":"1e516a8cf61e92a544fb23226f2a5489db72061bc54a9f10bdbce8d10f7c5931094fbe","first_seen":"2023-03-07T21:32:43Z","last_seen":"2026-03-31T22:02:26.638662Z","times_seen":648,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/js/placeholders.min.js?ver=2304171","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /js/placeholders.min.js?ver=2304171 HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 11 Sep 2025 06:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68c26d5c-13ef\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7df3cca1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5103,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3907), with CRLF line terminators","md5":"7d0203a3f2329c7375e057bcab052149","sha1":"3158adabd1844b531abf5bf9d196a9b08d0e24b9","sha256":"980b7c3657c19191a6eec108682f5d3dcb01c1c30a6ce4d379ab53db82549b13","sha512":"11761a83754d468e84d92aeb318de22e5ac4564780c7c5c51442fe8a6b8c4b9423228fa8ecae2307632611c4f9ada97b582f8aa288f48db19bd22fdb23dc2f25","ssdeep":"96:LeFKvsJcQH3ojWadgRA7C3rMpZtgPrUGvERRjPMvG:Le7cQH3Hadg/3GzavERhPMvG","tlshash":"56b1947e324677731da305e9f8abdc85b870a3f6b50b4c60e0a4e452393cce956b6d48","first_seen":"2023-03-07T01:16:17Z","last_seen":"2026-04-05T02:14:11.601283Z","times_seen":1633,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hellkaiv.net/theme/basic/img/require.png","fqdn":"hellkaiv.net","domain":"hellkaiv.net","tld":"net"},"ip":{"addr":"104.21.2.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://hellkaiv.net/bbs/login.php?url=https://hellkaiv.net/bbs/board.php?bo_table=clys\u0026wr_id=5732\u0026wr_id=5732","date":"2025-09-22T21:08:59.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellkaiv.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 14:01:50 GMT","end":"Wed, 10 Dec 2025 14:59:10 GMT"},"fingerprint":{"sha1":"D5:D1:FA:3E:EF:38:D0:66:C1:5B:B5:7E:1B:0E:9D:CC:D6:A3:95:BA","sha256":"71:E4:08:31:2A:7C:64:37:70:45:FD:E2:17:B2:CE:8E:E6:94:0F:AC:96:91:1C:71:39:AD:5B:C0:30:10:B2:B9"}}},"request":{"raw":"GET /theme/basic/img/require.png HTTP/1.1\r\nHost: hellkaiv.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://hellkaiv.net/theme/basic/css/default.css?ver=2303229\r\nCookie: PHPSESSID=hqpnkntrqnan4h3rnfmjfsl5ev; 2a0d2363701f23f8a75028924a3af643=ODFmNGU0NDkwZGIyMzQ5Yjk3ZDhiNDMzNzhhYmI1NmJmZTUzNzI3YmE2NGQyYWMzYzU3ZmFmYzFkMmQ0NzU0Nw%3D%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 21:08:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 2922\r\nlast-modified: Thu, 11 Sep 2025 06:34:06 GMT\r\netag: \"68c26d5e-b6a\"\r\nexpires: Mon, 29 Sep 2025 21:08:59 GMT\r\ncache-control: max-age=604800, public, no-transform\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9834c7e09d021a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2922,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced","md5":"cbc94efd68347377684b19aafac3ddf0","sha1":"6b1445e415a6306cbeae35e5ae5e3f01cafd9781","sha256":"ecca28ad16cd2edfd30fc15789f4cda71cfd3eb63d6773c6b6437c65742a56fe","sha512":"06ba37a1e1f5d48ea27e761c8a8279fc18e42c8b111403f8c86a61460139a395cdb8fb5b77b5bcb9bd7839dd92fd7be43ca505fb9edcad6017b718fce7403447","ssdeep":"","tlshash":"b5517dafd9b0e08e69cd75810dcd0203d769233cc99b363890e259de0055d0b6f66075","first_seen":"2023-05-06T04:41:08Z","last_seen":"2026-03-31T21:40:02.366065Z","times_seen":368,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"hellkaiv.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}