{"report_id":"a2b8bcaf-8cba-4683-8cbe-8aa0408083d5","version":6,"status":"done","tags":[],"date":"2025-12-08T23:52:15Z","url":{"schema":"http","addr":"asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/","fqdn":"asnrrsamsa.com","domain":"asnrrsamsa.com","tld":"com"},"ip":{"addr":"23.105.175.18","port":0,"asn":30633,"as":"LEASEWEB-USA-WDC","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/","fqdn":"asnrrsamsa.com","domain":"asnrrsamsa.com","tld":"com"},"title":"Loading...","dom":{"size":546,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (546), with no line terminators","md5":"04c1ccf2571125ca2cfde5c3502d40c7","sha1":"214cc07590eeb5594402d32a23c3c5a03e3f3a94","sha256":"2c056473573d06a76dc41d6a4bc63f3e1f7b38d274e6fc86460290cbdedff114","sha512":"b2c92ea897c376d6f2e2b993f73b9e8c38cef8498a95f310e4d0fea118674952420130ffca4e9fbaf932adc30b7ae151149181b8fd0c9b971278f9406f851bc5","ssdeep":"","tlshash":"aef020ef0c8ecc4de5d062c28ce4924840c241e1195559e882e625f16a3a39fed52534","dom_hash":"domhashe98967f55dc4c8790ce3bbe6efd98a2f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/","fqdn":"asnrrsamsa.com","domain":"asnrrsamsa.com","tld":"com"},"ip":{"addr":"23.105.175.18","port":0,"asn":30633,"as":"LEASEWEB-USA-WDC","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-12T23:52:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"asnrrsamsa.com","ip":{"addr":"94.75.193.71","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2022-08-18","domain_rank":6615868,"first_seen":"2022-08-19T05:50:04Z","last_seen":"2025-12-03T12:01:16.285758Z","alert_count":12,"request_count":2,"received_data":1177,"sent_data":1104,"comment":"","tags":null,"fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/","fqdn":"asnrrsamsa.com","domain":"asnrrsamsa.com","tld":"com"},"ip":{"addr":"94.75.193.71","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-08T23:51:52.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asnrrsamsa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Oct 2025 07:56:13 GMT","end":"Wed, 31 Dec 2025 07:56:12 GMT"},"fingerprint":{"sha1":"D9:73:E6:99:24:73:99:24:A0:85:D9:4F:E1:1D:B3:E4:A7:E5:C9:4E","sha256":"46:97:30:14:E3:B5:BF:FB:E1:68:4C:F1:3A:0A:9C:26:E9:ED:E0:35:92:6C:1D:62:D9:C8:E4:FB:70:F7:91:14"}}},"request":{"raw":"GET /imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/ HTTP/1.1\r\nHost: asnrrsamsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile\r\ncache-control: max-age=0, private, must-revalidate\r\ncontent-length: 546\r\ncontent-type: text/html; charset=utf-8\r\ndate: Mon, 08 Dec 2025 23:51:52 GMT\r\nserver: Cowboy\r\nset-cookie: sid=def9bc4d-d490-11f0-b1b8-93c42ae0733d; path=/; domain=.asnrrsamsa.com; expires=Sun, 27 Dec 2093 03:05:59 GMT; max-age=2147483647; secure; HttpOnly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]},{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]}],"data":{"size":546,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (546), with no line terminators","md5":"e1c656f10e36b1aed03ebe9d036a7be1","sha1":"1a7943155be870b8724d63acf9850cc7d46e022d","sha256":"e902665e2cbdbecb0b998550669d767c18421f1dbf061e3ef45ee5e441c4e6da","sha512":"a140a7faed85bf212b236b0ac9c5606960a61f6f59d822591545074c15e85b821e4ff4b3e97f788bde60046f1fcdec605a0ab57fc1f0e81d5575d9673bc1535c","ssdeep":"","tlshash":"49f020ef0c8ec84de5d062c28ce4924840c641e1195559ec82eb39f06a3a39fed56534","first_seen":"2025-12-08T23:52:16.032527Z","last_seen":"2025-12-08T23:52:16.032527Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":136,"dns":69,"connect":27,"send":0,"wait":30,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"asnrrsamsa.com/favicon.ico","fqdn":"asnrrsamsa.com","domain":"asnrrsamsa.com","tld":"com"},"ip":{"addr":"94.75.193.71","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/","date":"2025-12-08T23:51:53.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asnrrsamsa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Oct 2025 07:56:13 GMT","end":"Wed, 31 Dec 2025 07:56:12 GMT"},"fingerprint":{"sha1":"D9:73:E6:99:24:73:99:24:A0:85:D9:4F:E1:1D:B3:E4:A7:E5:C9:4E","sha256":"46:97:30:14:E3:B5:BF:FB:E1:68:4C:F1:3A:0A:9C:26:E9:ED:E0:35:92:6C:1D:62:D9:C8:E4:FB:70:F7:91:14"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: asnrrsamsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://asnrrsamsa.com/imgs/krewa/nqxa.php?id=6i56oskv\u0026s5=3159\u0026lip=192.168.122.105\u0026win=Unk/\r\nCookie: sid=def9bc4d-d490-11f0-b1b8-93c42ae0733d\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: max-age=0, private, must-revalidate\r\ncontent-length: 9\r\ndate: Mon, 08 Dec 2025 23:51:52 GMT\r\nserver: Cowboy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Erlang","description":"Erlang is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system.","website":"https://www.erlang.org","common_platform_enumeration":"cpe:2.3:a:erlang:erlang%2fotp:*:*:*:*:*:*:*:*","icon":"Erlang.png","categories":["Programming languages"]},{"name":"Cowboy","description":"Cowboy is a small, fast, modular HTTP server written in Erlang.","website":"https://github.com/ninenines/cowboy","common_platform_enumeration":"","icon":"Cowboy.png","categories":["Web servers"]}],"data":{"size":9,"size_decoded":0,"mime_type":"image/x-icon","magic":"ASCII text, with no line terminators","md5":"d8f4a1993546cc4b850cde3599e27aec","sha1":"094b763b4cfcc0b05e5d040581cd513c3ca08067","sha256":"907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9","sha512":"7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6","ssdeep":"","tlshash":"4a50000c0003030c0000003000c00030000c03000c0000300000c00c00000000c000cc","first_seen":"2023-03-08T07:11:06Z","last_seen":"2026-04-03T23:52:26.375563Z","times_seen":18806,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-08","alert":"Sinkholed","trigger":"asnrrsamsa.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}