{"report_id":"a2f1f67f-18f5-4dc9-bf91-8b6dd2b6796f","version":0,"status":"done","tags":[],"date":"2026-06-20T04:51:59Z","url":{"schema":"http","addr":"957zi.ffeokvl.org/","fqdn":"957zi.ffeokvl.org","domain":"ffeokvl.org","tld":"org"},"ip":{"addr":"43.230.113.171","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"New Private Tab","dom":{"size":4247,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5bd5223437d63a806ee559f8febce56c","sha1":"a4e5d3f551ce72cc7402125872fb577c7a4f38f8","sha256":"e39e1abe240a53584bfb577c40d14e9c4a27a4d01ff0dac3bfb1cee3a45446d7","sha512":"7d5472474b97e45380dd3c9af66b8447eace6b52d6685e53c55c6a34265892d3c4a13f3c6f576530bb7ed8c3ebce574895a2d5a152ee0f8e2f008fd6aff0986d","ssdeep":"96:DJFs1Bx13gb61j1l0T7gx10UFZV4jl22D+i8kDNLeOl:H61rpnmULV4jM2D+z0sI","tlshash":"b99151a444f1663b18a386a9e9d07f47af816607ce8d29407baf40e31f87d54846f20c","dom_hash":"domhashe55c5b0a9b0c37e90d2a11b31f2bc448","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"957zi.ffeokvl.org/","fqdn":"957zi.ffeokvl.org","domain":"ffeokvl.org","tld":"org"},"ip":{"addr":"43.230.113.171","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-25T04:51:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"957zi.ffeokvl.org","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-08-11","domain_rank":0,"first_seen":"2026-06-20T04:51:59.719851Z","last_seen":"2026-06-20T04:51:59.719851Z","alert_count":9,"request_count":3,"received_data":8308,"sent_data":1374,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"957zi.ffeokvl.org/","fqdn":"957zi.ffeokvl.org","domain":"ffeokvl.org","tld":"org"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T04:51:52.261Z","timestamp":1781931112261,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 957zi.ffeokvl.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T02:29:52.920518Z","times_seen":16623839,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"957zi.ffeokvl.org/","fqdn":"957zi.ffeokvl.org","domain":"ffeokvl.org","tld":"org"},"ip":{"addr":"43.228.232.131","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T04:51:32.393Z","timestamp":1781931092393,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ffeokvl.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Jun 2026 16:58:11 GMT","end":"Tue, 01 Sep 2026 17:56:40 GMT"},"fingerprint":{"sha1":"96:DA:3E:A6:71:CF:97:A4:5D:50:92:5D:FE:A9:EE:C4:46:1C:50:14","sha256":"97:6F:2B:27:C1:67:B7:E8:9F:39:F0:B5:25:D6:38:D2:C3:4C:13:C9:AD:43:BF:BC:E9:D3:C7:E1:46:33:2E:EF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 957zi.ffeokvl.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 522 \r\ndate: Sat, 20 Jun 2026 04:51:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7247\r\nretry-after: 120\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\npriority: u=0,i\r\nserver: cloudflare\r\ncf-ray: a0e828b008b9b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7247,"size_decoded":7699,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (510)","md5":"64cf752446815c015b2f17568f9db4bd","sha1":"343f4f8bc7f613fbd2a259cb33ab064a93398c5d","sha256":"110d493b2d77859ce86301a46fcffe793138500ac62b1e39395c2529336b0a62","sha512":"7890b09e392fca9cd6886d0ee3bcb51179d663951eaedd8b049811851b241977286fd962bf27ae01d507df8edb40b2af0400691e9745d27e6dd7240139243cb3","ssdeep":"96:1j9jwIjYjXDK/D9KUrG4Fh8/G4FwI424FCr+skKm/jotQmHB+dWS47RJluaQxP:1j9jhjYjTK/BXeOYVyjoWQ+D47vlpeP","tlshash":"13e16672b1f5127600a381923695fb6a79e0c613c7ef4494b7ecc6732f9ee81e903294","first_seen":"2026-06-20T04:52:02.14295Z","last_seen":"2026-06-20T04:52:02.14295Z","times_seen":1,"resource_available":true,"data":null}},"time_used":19697,"timings":{"blocked":-1,"dns":70,"connect":19,"send":0,"wait":19608,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"957zi.ffeokvl.org/","fqdn":"957zi.ffeokvl.org","domain":"ffeokvl.org","tld":"org"},"ip":{"addr":"43.230.114.220","port":80,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-20T04:51:52.235Z","timestamp":1781931112235,"http_version":"HTTP/1.1","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 957zi.ffeokvl.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sat, 20 Jun 2026 04:51:52 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://957zi.ffeokvl.org/\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6twkoLJtgHh1cLDlYfBihcqqx3s5DujqMWXzV1d0Ris5OgOBtRgkToIrlEIEuHMR%2FLmTVxiNL%2BV70wmT%2BonV1n2Fk1zMKbHcazgsHKgB2YQ3KkPn%2FMQmruRUf7c4qYZnpJCUfg%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a0e8292b8e5a0883-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T02:29:52.920518Z","times_seen":16623839,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-20","alert":"Sinkholed","trigger":"957zi.ffeokvl.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}