{"report_id":"a5bd9aaa-04fa-4117-9594-2ceb2ee4cd08","version":0,"status":"done","tags":[],"date":"2026-06-09T16:51:55Z","url":{"schema":"http","addr":"newqiballwyf.life/","fqdn":"newqiballwyf.life","domain":"newqiballwyf.life","tld":"life"},"ip":{"addr":"216.120.131.66","port":0,"asn":209242,"as":"Cloudflare London, LLC","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"https","addr":"www.newqiballwyf.life/","fqdn":"www.newqiballwyf.life","domain":"newqiballwyf.life","tld":"life"},"title":"newqiball","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"newqiballwyf.life/","fqdn":"newqiballwyf.life","domain":"newqiballwyf.life","tld":"life"},"ip":{"addr":"216.120.131.66","port":0,"asn":209242,"as":"Cloudflare London, LLC","country":"Canada","country_code":"CA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-14T16:51:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"www.newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"www.newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"newqiballwyf.life","ip":{"addr":"216.120.131.66","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Canada","country_code":"CA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":400,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.newqiballwyf.life","ip":{"addr":"104.17.247.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":1863058,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"static.staticdj.com","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2018-11-09","domain_rank":341496,"first_seen":"2019-04-04T15:19:18Z","last_seen":"2026-06-05T10:00:09.477969Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":484,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"static.staticdj.com/cuttlefish/v1/spz.min.js","fqdn":"static.staticdj.com","domain":"staticdj.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.newqiballwyf.life/","date":"2026-06-09T16:51:39.045Z","timestamp":1781023899045,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /cuttlefish/v1/spz.min.js HTTP/1.1\r\nHost: static.staticdj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.newqiballwyf.life\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.newqiballwyf.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T09:16:45.266678Z","times_seen":16465744,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"newqiballwyf.life/","fqdn":"newqiballwyf.life","domain":"newqiballwyf.life","tld":"life"},"ip":{"addr":"216.120.131.66","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-09T16:51:21.131Z","timestamp":1781023881131,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"newqiballwyf.life","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 01:22:45 GMT","end":"Sun, 12 Jul 2026 01:22:44 GMT"},"fingerprint":{"sha1":"4F:8F:B1:9B:08:7D:F3:07:CA:BE:21:11:AE:4E:38:35:DC:CF:44:5C","sha256":"0E:95:25:D8:27:2B:96:57:FB:81:71:7F:74:DD:16:37:A9:A3:24:6C:DF:A0:59:A2:79:40:61:DE:27:06:ED:6F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: newqiballwyf.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ncontent-type: text/html; charset=utf-8\r\nlocation: //www.newqiballwyf.life/\r\nrequest-id: 3a085f91-4406-4cca-a966-d2ee1e015a6c\r\nstrict-transport-security: max-age=315360000; includeSubdomains\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-powered-by: ASP.NET\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 59\r\ndate: Tue, 09 Jun 2026 16:51:21 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T09:16:45.266678Z","times_seen":16465744,"resource_available":true,"data":null}},"time_used":578,"timings":{"blocked":-1,"dns":65,"connect":1,"send":0,"wait":163,"receive":0,"ssl":348},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.newqiballwyf.life/","fqdn":"www.newqiballwyf.life","domain":"newqiballwyf.life","tld":"life"},"ip":{"addr":"104.17.247.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-09T16:51:21.719Z","timestamp":1781023881719,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.newqiballwyf.life","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Jun 2026 09:15:27 GMT","end":"Sat, 05 Sep 2026 10:15:19 GMT"},"fingerprint":{"sha1":"85:46:16:80:41:74:09:DE:9B:16:9B:5F:7A:72:9A:45:01:F1:4C:53","sha256":"62:86:F6:E5:A4:47:5A:83:FE:92:14:08:BC:85:5D:37:C4:AC:7A:1F:5E:29:4C:17:D9:AA:6F:D2:26:C9:CD:3A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.newqiballwyf.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Tue, 09 Jun 2026 16:51:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 202646\r\ncf-ray: a091a3fd28e31a30-OSL\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nlink: \u003chttps://img.staticdj.com\u003e; rel=preconnect, \u003chttps://static.staticdj.com\u003e; rel=preconnect\r\nserver: cloudflare\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=315360000; includeSubdomains\r\nvary: Accept-Encoding, Accept-Encoding\r\ncontent-security-policy: frame-ancestors 'self' https://www.newqiballwyf.life http://*.newqiballwyf.life;, upgrade-insecure-requests\r\nrecommend-channel: collection_id\r\nrequest-id: dd029d5e-8acf-497c-90a8-6253212f6537\r\nx-cache-seconds: -1\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-page-type: 15\r\nx-powered-by: ASP.NET\r\nx-response-entrypoint-name: entrypoint-aws-saas\r\nx-store-id: 1982838\r\nx-store-locale: en-US\r\nx-worker-name: husky-az-worker-prod\r\nset-cookie: client_id=1781023881963270; Path=/; Domain=newqiballwyf.life; Max-Age=31536000; Secure; SameSite=None\n_c_id=1781023881963920123; Path=/; Max-Age=31536000; Secure; SameSite=None\nsw_session=6a28448b935ab; expires=Tue, 09-Jun-2026 17:14:43 GMT; path=/; httponly\nstore_locale=en-US; expires=Wed, 09-Jun-2027 16:51:23 GMT; path=/; secure; httponly; samesite=None\npage_render_time=1613; path=/\npage_time=1649; Path=/\ngate_time=1671; Path=/\n__cf_bm=d6b4N1LUacgMdRaj3Ucp1cVAYvzM2BJUmIVpJujJbXw-1781023881.7835999-1.0.1.1-HeI5i.TLzWQ265Obn_8hyfVUddAQfLotaZlY6_vUwFNDdcd1HVqoWLocl4nNYa0PQPzWaK_kyaX9xGah4TCx..qvQp8s89EVXS31hGIzBR.YlgataSTDYvjuJKU7CiUh; HttpOnly; SameSite=None; Secure; Path=/; Domain=www.newqiballwyf.life; Expires=Tue, 09 Jun 2026 17:21:23 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xaucwoO5VSYSiZ4uzX6W3qNyloT3RIDvOrhEsz0GBjU2Cmt2Aoi%2FM%2B%2FD6Yd4s3b2woLdChY6MInGudv%2FBA2NFGx2PZ39aNCJCgLyBwyU533Jw17%2FGCQqZPLKoBGDCZxXCYLE%2F8%2Bj1A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\npriority: u=0,i\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: db;dur=30.81;desc=\"trips=21\", before_action;dur=29.88, render_ast;dur=198.1;desc=\"trips=2231,hit=2226\", request;dur=2284.45;desc=\"trips=221\", request_preload;dur=1619.96;desc=\"trips=80\", request_render;dur=664.7;desc=\"trips=141\", render_content;dur=1031.5, render_layout;dur=223.78, render;dur=1255.28, processing;dur=1615.8, page;dur=1649, gate;dur=1671, cfRequestDuration;dur=1862.999916, cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1860540,"size_decoded":205164,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (32465)","md5":"640f48fe0abb01673f9a620c4525d0a7","sha1":"cc948eb9291a7b33b4e8a1fa78457dba8248809d","sha256":"fcbbb06f49a8723467e1598fdb5e18cfdff9acef3ed8fe1c61f7719b07314419","sha512":"f364b96cc5abdc6f75c15eedbf4069029375f02f4040d2c8faa5011b22d2c2d05060dc045f23a8c86a7f8d5cccd60f7524e77f067d56169e85ddf66202ace60c","ssdeep":"6144:Ar3lqAn3xEY/hTHRUw9PR3i/ZYq3R+dsxgOFzEG9a98HroBqlwu2o+GIl54/Ggj0:qGQBqT//jNZO3UFdcigRkR2","tlshash":"b12509a075f131759c6350f6823f8b3bb566e083e649a880b6fc4215afc4e56cb63b5c","first_seen":"2026-06-09T16:52:00.396693Z","last_seen":"2026-06-09T16:52:00.396693Z","times_seen":1,"resource_available":true,"data":null}},"time_used":16883,"timings":{"blocked":-1,"dns":52,"connect":13,"send":0,"wait":16788,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"www.newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-09","alert":"Sinkholed","trigger":"www.newqiballwyf.life","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}