{"report_id":"a4f78c5e-e13d-4a9d-8403-8f3152880271","version":6,"status":"done","tags":[],"date":"2026-05-05T08:10:38Z","url":{"schema":"http","addr":"fiw9fksk-333.xyz","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":0,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"final":{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"title":"Pepe.wtf","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fiw9fksk-333.xyz","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":0,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-09T08:10:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fiw9fksk-333.xyz","ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"domain_registered":"2026-05-03","domain_rank":0,"first_seen":"2026-05-05T08:10:39.405801Z","last_seen":"2026-05-05T08:10:39.405801Z","alert_count":7,"request_count":7,"received_data":6178880,"sent_data":3158,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/vendor-4e4cece16a1a791d.min.js","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"95e7da6ed91fdb53d857bdf63eca1c5b","sha1":"bc3257f7ba997afab7b1dce81bff8d2713b1698f","sha256":"8d4f68ece52c10d96692c8fc594f16170119903cdaf58b4dafe20f1aad56cd0b","sha512":"718d4590a4ea8b919800239c15f4345ba05b21b2c656c4bf42770ac7d602249fce54a87344ca0f287833c3fc526f7cfa1bfb8e07a98768a85c2ad03f42f63b00","ssdeep":"768:f2YSNcO9bAxNbAx8LOLADAd5U5ntPfmuhIAV22c17sb1Dh8cmnYEcyqYUb4izLcf:QoQAbHmBAMj","tlshash":"4343d5e52927e0d88e5520ede477e806e4640e63cdacf1a3e66cdcd1741ef22844727b","size":60263,"data":"","first_seen":"2026-05-05T08:10:43.299983Z","last_seen":"2026-06-24T20:47:44.785294Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":true,"md5":"261fa5f948bd99fdf005f80595805744","sha1":"51d57156b1974322b3ba8542f48893082199d5e1","sha256":"1dcf3b0e1f92d593867169c5ee26771d2f3b77f552eee6c73beba961b91d61b7","sha512":"532ff30dfdd593068e7afc5f98cb1bc72408e594f297911c0a7c590c97a2ed6be6b91981322dfe3b3e90f21241404ae8692139732372f119279dbdf29f3ae429","ssdeep":"","tlshash":"a6015927222233707ce9d5dca8b6dd8e39bb501ae40a0090a09f944d1834bc644f7bec","size":847,"data":"","first_seen":"2023-03-07T01:03:07Z","last_seen":"2026-06-07T04:19:30.117869Z","times_seen":3602,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:13.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fiw9fksk-333.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:14 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\ncache-control: no-cache\r\nlast-modified: Sun, 03 May 2026 21:15:48 GMT\r\ncast-mode: default\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 206\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:14\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 3d52276d7befa8e34bda5eb066c33635\r\ncdn-cache: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T08:30:46.278943Z","times_seen":16969290,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":138,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/favicon.ico","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:14.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fiw9fksk-333.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T08:30:46.278943Z","times_seen":16969290,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:14.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fiw9fksk-333.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:14 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\ncache-control: no-cache\r\nlast-modified: Sun, 03 May 2026 21:15:48 GMT\r\ncast-mode: default\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 206\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:14\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: b8a7a51cfcdf1cb4a62b9ba9c4042165\r\ncdn-cache: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19417,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (19115)","md5":"bf7d23d0c0dfb8d00cb4b2c58ffb5ed0","sha1":"90bb2d8fefd71f00454fdd88876701d61c00e826","sha256":"05f3afc829dd7366396ec4c00a7ed3924f3cd83815050511e603ea0d1880fd05","sha512":"d9d9bd1347d89b028ff979d3521cd72123be96b5b997ffb769c23535ad5f94a6b38a92d8fac1152b2bf41675284f15856eb21e15ca06b6871d8846bb9d74b680","ssdeep":"384:oG1usQ4xGL5thid/Y/ZX03SkgjGPLDfW2E2J2B2vC7:oArGL5idQN01ffTC7","tlshash":"08928d3beac32a1d5103cecd6bd8dd418c7ded47e655b4fda8178821cf8bb61918250a","first_seen":"2026-05-05T08:10:43.29052Z","last_seen":"2026-05-05T08:10:43.29052Z","times_seen":1,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/secureproxy?e=jscdn/getFile","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:14.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fiw9fksk-333.xyz/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://fiw9fksk-333.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"gyligteukurts8b38a9r\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache\r\ncontent-encoding: gzip\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nYX500Wc5Qywuem%2FbpHZRCtdUp0VJ9xp2qUhn54jQc%2BWdwdadyd5pgQ8qkqhfA73Zy1e511CqFgI1L%2BNAFyQn4z8qoqqgvVPukuZQm4kGggrEc6JhKGQtaVJA54iqPIUZxfKc6w%3D\"}]}\r\ncf-ray: 9f6e447facf13ee4-AMS\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:14\r\ncdn-requesttime: 0\r\ncdn-requestid: b48e5d2e3495dd4be635d254464a38e3\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4822176,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dda729578787ccda0808cbc1b1433cc1","sha1":"1ff21a0a81d3a157198ad513e94c3d873aba7dca","sha256":"9116a2bece7da91fbcae83aa43bc9ac490d6dd082a66795f02b2ee643e11d3e9","sha512":"e87e3bc0d153bd6963a5be65341f47278ca173bcabe48500f9e05e4a8188309e44ec510f8b2e945105c5af8aae04155130268acad4c40224831e8a0ec131b30e","ssdeep":"24576:TXV8/8Yae0PgGswPpBroS7InwbjtsJshJuEbdLq:TX7OwPEZJsNq","tlshash":"be2533615db7fe494f4c9e69347b7d03a9425f82c44ca8cbe932e8c0156c33681e9b6b","first_seen":"2026-05-05T08:10:43.293215Z","last_seen":"2026-05-05T08:12:43.740602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/favicon.ico","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:14.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fiw9fksk-333.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:14 GMT\r\ncontent-type: image/x-icon\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=2592000\r\netag: W/\"69f6d66e-2bfc\"\r\nlast-modified: Sun, 03 May 2026 05:00:30 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:14\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 29d12d73a2840d5d3690f8a92f84d6da\r\ncdn-cache: MISS\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":11260,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"990a35c5a46642306be2f9b4d3f21f39","sha1":"59353cddc43220167f4de6f1fd3c8e087dc90bc3","sha256":"6bbba7f7ad2f28a06f508020e13d9479254ce3baf7aefcde2e022c1013f6ee53","sha512":"f945b93dbe94195affa6b6d3fb98d1ca1b34adcb75ccaf866a588eadfe4c84cbc73a969b6ce55aaeae2cd9e484ae4831fe341484221bceb26db3dbfa50fc68de","ssdeep":"192:Q2BMsIO3lTS4zvDnKAXDjdzAtC8AAgTttO2a/iaLxJxuPEo+IHTsrXvkhOw:QGMsIO3l77nKg3SC8Stk2a/bTl5kmXvw","tlshash":"5632be1cf6f6614c8fd20537b851409aa37e06135198893c2588f19c6d632fe6359dcf","first_seen":"2026-05-05T08:10:43.294635Z","last_seen":"2026-06-24T20:47:44.782805Z","times_seen":6,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-05T08:10:13.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:13 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\ncache-control: no-cache\r\nlast-modified: Sun, 03 May 2026 21:15:48 GMT\r\ncast-mode: default\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 206\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:13\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: ae20f43264267fbf7c2f74dc061cc842\r\ncdn-cache: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1260495,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (35062)","md5":"0726dd7e9085519e89a5ccd63e23913d","sha1":"e602fb95f905b8acd90034330a71ae197988e5fc","sha256":"443f4c217c5f7c3a6868f5ffc930fb63a8b70df7ce6521103299556f93732d12","sha512":"231d6f1b91994adc6a404b1ebfe9325e93ef5dafaf0edd087d0b4670f335777833730a87821fa532573eb2a9f95b4fe706aa542d4a912cc5deb56120927b0adc","ssdeep":"12288:FZGE89AcuCwfK5g/yTKYGvy1txPR1txKQAEstNJy5gC/0/RWHiduFM5ikUiXM1jA:fh89luCwTykyfhAEsXwC55Ci8O","tlshash":"a725f237b04a390e5927893670c47f982d3e5407eb26abb9b4463b3cc7c78951623b5d","first_seen":"2026-05-05T08:10:43.29802Z","last_seen":"2026-05-05T08:12:43.748314Z","times_seen":2,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":116,"dns":99,"connect":1,"send":0,"wait":139,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fiw9fksk-333.xyz/vendor-4e4cece16a1a791d.min.js","fqdn":"fiw9fksk-333.xyz","domain":"fiw9fksk-333.xyz","tld":"xyz"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fiw9fksk-333.xyz/","date":"2026-05-05T08:10:13.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fiw9fksk-333.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 May 2026 04:26:08 GMT","end":"Sat, 01 Aug 2026 04:26:07 GMT"},"fingerprint":{"sha1":"4F:C0:B3:39:47:1C:8C:02:86:DF:95:FC:11:96:41:43:C7:65:A7:76","sha256":"65:54:C6:65:AD:00:67:D2:53:0E:DF:1E:B3:84:33:25:48:BB:D2:A0:D3:B6:CC:12:1D:58:B8:88:15:33:63:83"}}},"request":{"raw":"GET /vendor-4e4cece16a1a791d.min.js HTTP/1.1\r\nHost: fiw9fksk-333.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fiw9fksk-333.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 05 May 2026 08:10:13 GMT\r\ncontent-type: application/javascript\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 5789095\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: br\r\netag: W/\"69f6d66e-eb67\"\r\nlast-modified: Sun, 03 May 2026 05:00:30 GMT\r\ncast-mode: default\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncdn-proxyver: 1.51\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 830\r\ncdn-cachedat: 05/05/2026 08:10:13\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 6e92e778a384430cc8f590e721720932\r\ncdn-cache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":60263,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (60263), with no line terminators","md5":"95e7da6ed91fdb53d857bdf63eca1c5b","sha1":"bc3257f7ba997afab7b1dce81bff8d2713b1698f","sha256":"8d4f68ece52c10d96692c8fc594f16170119903cdaf58b4dafe20f1aad56cd0b","sha512":"718d4590a4ea8b919800239c15f4345ba05b21b2c656c4bf42770ac7d602249fce54a87344ca0f287833c3fc526f7cfa1bfb8e07a98768a85c2ad03f42f63b00","ssdeep":"768:f2YSNcO9bAxNbAx8LOLADAd5U5ntPfmuhIAV22c17sb1Dh8cmnYEcyqYUb4izLcf:QoQAbHmBAMj","tlshash":"4343d5e52927e0d88e5520ede477e806e4640e63cdacf1a3e66cdcd1741ef22844727b","first_seen":"2026-05-05T08:10:43.299983Z","last_seen":"2026-06-24T20:47:44.785294Z","times_seen":4,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-05","alert":"Sinkholed","trigger":"fiw9fksk-333.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}
