{"report_id":"a5c49722-2601-44ad-b08d-8eaa9cf9fdaa","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-30T21:51:14Z","url":{"schema":"http","addr":"igit.me/CZPNo","fqdn":"igit.me","domain":"igit.me","tld":"me"},"ip":{"addr":"184.174.39.202","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"title":"Wetransfer - Partage de document.","dom":{"size":3858,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"09f1423bd2a4ee7e2f995d1ef1b410cc","sha1":"a6ad5d65ac71845bb40b0b429dc18e728a6be79b","sha256":"8f81d1b510cd944bd1a64df77d3f7623e5d08b1e8decbc1c07c9ff283b471da6","sha512":"d367f288454e2a3ef4d2d2995dc207e25e6368a948bca6b0267da2b2547a0e55c8e3fe7b1f61dea892f20d81ca170783d9c16529a91796a7d849239dc85baae9","ssdeep":"","tlshash":"7981449b06eb811d6023916f3b9d730178a6823bd76bfd253d4e8358afcd44a40e279c","dom_hash":"domhashb85991a21c2f7fed6c86ab6808d90a46","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"igit.me/CZPNo","fqdn":"igit.me","domain":"igit.me","tld":"me"},"ip":{"addr":"184.174.39.202","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-04T21:51:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-30","alert":"Detects file containing Telegram Bot API","trigger":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"igit.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-30","alert":"Phishing Block","trigger":"igit.me","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-28T22:22:13.875484Z","alert_count":0,"request_count":1,"received_data":12272,"sent_data":551,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"3482865.zk622872.web.hosting-test.net","ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"domain_registered":"2010-08-27","domain_rank":0,"first_seen":"2026-06-30T17:41:44.518791Z","last_seen":"2026-06-30T17:41:44.518791Z","alert_count":24,"request_count":7,"received_data":113942,"sent_data":3488,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-28T22:19:26.805281Z","alert_count":0,"request_count":2,"received_data":98266,"sent_data":1192,"comment":"","tags":null,"fingerprints":null},{"fqdn":"igit.me","ip":{"addr":"184.174.39.202","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-08-25T22:28:24.900578Z","last_seen":"2026-06-30T17:39:59.197269Z","alert_count":2,"request_count":1,"received_data":1195,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"md5":"2bb492a827a2f3423750ad813135a323","sha1":"22b8b40e1f9457d10f08d9b3909d4ad450c39269","sha256":"d7e5a9d3f3c1ffeb446ddb68558eee566e03e34df1f497d9075424616e2d25d6","sha512":"6e9c93e7cf6d506add25381b3a653c14cb7fe00ee6e3ef08bbc44ff824871467360457b5278f8ce14698147621ff91a2802f721ff78c0a9869e0960be28a3603","size":8835,"token":"7222390260:AAFY9xXwZ9qAyZdARVCqWcheIC108k5nOWM","is_revoked":false,"bot":{"token":"7222390260:AAFY9xXwZ9qAyZdARVCqWcheIC108k5nOWM","user_id":"7222390260","username":"douahoudefatchelog00_bot","first_name":"douahoudefatchelog_bot","last_name":"","chat":{"chat_id":"1762758640","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":2}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"21b1f8800abd430177d3efdd7a72aeea","sha1":"810985ecdcd0915b65ae52ead3dd859d2a8ccda4","sha256":"ba45ca8171908ce3df26db04ae303faba3c2cb1dd85565440a8923843e0da4d0","sha512":"e54fbd5cf7f3d5a537a2c2630e5af8864412532041ac591becbdde7c27be8c2cc5c82541885aa0b3544f275d2db01c5b6d5961571e358d91a9042a02b9cccac5","ssdeep":"","tlshash":"13b0123a19a0457001a7f119174fd91016320047b0889e10390c0c450f9485c21d1a46","size":106,"data":"","first_seen":"2026-06-30T19:45:34.959011Z","last_seen":"2026-06-30T23:52:15.910641Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"4a42352693e353437b3bbe53ba06615c","sha1":"c629827567c44c8b5351c2ae02a0cf1cd79447d9","sha256":"fbf6080444d404ebe63f647a5cdda717266140cb0a6ae3bc5019781685ef2ca5","sha512":"8cd964b87596540c5e1282215dd640aa02609aa7acf1c2433bc3a17b6c52047a375b3a020939b67310920f8a4e0d16b29536e9b81314e187416428541c0e856a","ssdeep":"","tlshash":"5e112c3930e8a23ec7c2609d30bde3a83e7c10522a071040806ddc6dac10d57d86fdbe","size":1074,"data":"","first_seen":"2024-09-25T14:39:41Z","last_seen":"2026-06-30T23:52:15.911402Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"2bb492a827a2f3423750ad813135a323","sha1":"22b8b40e1f9457d10f08d9b3909d4ad450c39269","sha256":"d7e5a9d3f3c1ffeb446ddb68558eee566e03e34df1f497d9075424616e2d25d6","sha512":"6e9c93e7cf6d506add25381b3a653c14cb7fe00ee6e3ef08bbc44ff824871467360457b5278f8ce14698147621ff91a2802f721ff78c0a9869e0960be28a3603","ssdeep":"192:6BfsE7+mriPvRK66OVdgz8qCy2CV0klfKbOm+EgnTBjrCCyZT:qB6PJKk793kuO6MTY","tlshash":"54022f884ee2245b030b7a6a236752e4ee71474795c4cf0a36cd90849f4ca2bdfe3e74","size":8835,"data":"","first_seen":"2026-06-30T19:45:34.961866Z","last_seen":"2026-06-30T23:52:15.912338Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-30","alert":"Detects file containing Telegram Bot API","trigger":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"475b4d3c841c373b26be9af2472eabf6","sha1":"7a97a4c2068d4d1a7ad218b826a326033884dd22","sha256":"f06dd14f2ecd60a8a17545794a30f7f707ac97bdecdf22977638cf671e449be1","sha512":"e026155dcafeff41045acf3b6abfb4105698d9284e950ca09cfd9f6cc7025d445547b61dbc4dbf3544185b02911080583ac324e0644fca55ba184483b6472994","ssdeep":"","tlshash":"58d0977368aac934a7d4004e30fae3e9391011e82b03350085cecc7eaa20d8384a2c8d","size":247,"data":"","first_seen":"2024-09-25T14:39:41Z","last_seen":"2026-06-30T23:52:15.912958Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"introduction_type":"scriptElement","is_inline":true,"md5":"14df20c86283109c2e455f4d3505fd39","sha1":"3c41d4955063f59c7969f7543109445055a656e4","sha256":"344e4ddd1397ab002ec07950a38a86682294b046440f19042ba2f2d43720b3ec","sha512":"c0ee2ea5afb5b4d58e2f3b9ce4b4592ccb6f38cba6d07d1b567ba349d587d38a60edbedc686c6b05b85e3a84e394d9a59ffb327bbb6d474babcb662e43f15ff9","ssdeep":"","tlshash":"fe3168aa42afc60d5276621f318d7700b8a3437f9f6779267e0d86583fd901a41f4b68","size":1795,"data":"","first_seen":"2026-06-30T19:45:34.964007Z","last_seen":"2026-06-30T23:52:15.913651Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/favicon.ico","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","date":"2026-06-30T21:50:43.838Z","timestamp":1782856243838,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-ray: wn32812:0.000/wa32812:D=178\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":1578,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"93a5c5dfbe4d163cc191c1b139ddd356","sha1":"77a92e094cfdc24341d75ff1de75643820f2f2ae","sha256":"a4f2522a3f2d7f415a5f2349d01755816f5522d046356743cfdbe1673304edbf","sha512":"1f26effef031f6e6c8dddd9dabfcb334c5ea9090377eb081a39d6f935822c99ca1aff0c13f9bcbb9e59e37de56921e75877f8990737eb318d0761ca1533c037a","ssdeep":"","tlshash":"a171329b06eb811d6023916f3b9d7301b8a2863bd75bfc253d4e8358afcd44a40e279c","first_seen":"2026-01-18T10:52:03.855468Z","last_seen":"2026-06-30T23:52:15.909479Z","times_seen":109,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","date":"2026-06-30T21:50:43.444Z","timestamp":1782856243444,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-ray: wn32812:0.000/wa32812:D=324\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":1578,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"93a5c5dfbe4d163cc191c1b139ddd356","sha1":"77a92e094cfdc24341d75ff1de75643820f2f2ae","sha256":"a4f2522a3f2d7f415a5f2349d01755816f5522d046356743cfdbe1673304edbf","sha512":"1f26effef031f6e6c8dddd9dabfcb334c5ea9090377eb081a39d6f935822c99ca1aff0c13f9bcbb9e59e37de56921e75877f8990737eb318d0761ca1533c037a","ssdeep":"","tlshash":"a171329b06eb811d6023916f3b9d7301b8a2863bd75bfc253d4e8358afcd44a40e279c","first_seen":"2026-01-18T10:52:03.855468Z","last_seen":"2026-06-30T23:52:15.909479Z","times_seen":109,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":57,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","date":"2026-06-30T21:50:43.578Z","timestamp":1782856243578,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-ray: wn32812:0.000/wa32812:D=269\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":1578,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"93a5c5dfbe4d163cc191c1b139ddd356","sha1":"77a92e094cfdc24341d75ff1de75643820f2f2ae","sha256":"a4f2522a3f2d7f415a5f2349d01755816f5522d046356743cfdbe1673304edbf","sha512":"1f26effef031f6e6c8dddd9dabfcb334c5ea9090377eb081a39d6f935822c99ca1aff0c13f9bcbb9e59e37de56921e75877f8990737eb318d0761ca1533c037a","ssdeep":"","tlshash":"a171329b06eb811d6023916f3b9d7301b8a2863bd75bfc253d4e8358afcd44a40e279c","first_seen":"2026-01-18T10:52:03.855468Z","last_seen":"2026-06-30T23:52:15.909479Z","times_seen":109,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":54,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html","date":"2026-06-30T21:50:43.937Z","timestamp":1782856243937,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:09 GMT","end":"Mon, 31 Aug 2026 08:38:08 GMT"},"fingerprint":{"sha1":"AD:F1:0B:84:58:92:40:26:B7:10:85:A1:EA:3E:80:1E:FD:E6:A8:F3","sha256":"8F:94:50:CA:96:9B:D0:F9:09:5A:E2:3D:DC:C3:5D:F5:E0:80:CB:17:17:30:2C:CF:86:BD:FB:8B:1B:0B:6D:DE"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: http://3482865.zk622872.web.hosting-test.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 26 Jun 2026 18:12:11 GMT\r\nexpires: Sat, 26 Jun 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 358712\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48320,"size_decoded":49133,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-07-01T01:20:20.138435Z","times_seen":296986,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":2,"connect":31,"send":0,"wait":18,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html","date":"2026-06-30T21:50:43.951Z","timestamp":1782856243951,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:09 GMT","end":"Mon, 31 Aug 2026 08:38:08 GMT"},"fingerprint":{"sha1":"AD:F1:0B:84:58:92:40:26:B7:10:85:A1:EA:3E:80:1E:FD:E6:A8:F3","sha256":"8F:94:50:CA:96:9B:D0:F9:09:5A:E2:3D:DC:C3:5D:F5:E0:80:CB:17:17:30:2C:CF:86:BD:FB:8B:1B:0B:6D:DE"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: http://3482865.zk622872.web.hosting-test.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 26 Jun 2026 18:12:11 GMT\r\nexpires: Sat, 26 Jun 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 358712\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48320,"size_decoded":49133,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-07-01T01:20:20.138435Z","times_seen":296986,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":20,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-30T21:50:42.862Z","timestamp":1782856242862,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /webtransfer/webtransfertoutdomaine/ HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://igit.me/\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T01:18:47.480228Z","times_seen":16875722,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/dnm.png","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","date":"2026-06-30T21:50:43.452Z","timestamp":1782856243452,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /webtransfer/webtransfertoutdomaine/dnm.png HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: image/png\r\nContent-Length: 26332\r\nLast-Modified: Fri, 27 Sep 2024 07:30:50 GMT\r\nConnection: keep-alive\r\nETag: \"66f65f2a-66dc\"\r\nx-ray: wn32812:0.000/\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26332,"size_decoded":26589,"mime_type":"image/png","magic":"PNG image data, 600 x 284, 8-bit/color RGBA, non-interlaced","md5":"d9b46c196045ac3cd1236292deeeb0a7","sha1":"92bc080dff9a36c2756ce38ee0f414337f066e8c","sha256":"c0a7d6239f6e930d6ef11fb635d79591877f23217034924e09d9fbb4d4ce0fa0","sha512":"94d6616ef9f7466c3d7b1dfba5aa672263e150f7b9963128382c570a72f3b182b733c7442095196d7f6d9778d07984c1718fd68282fcd131ca5331265aebb279","ssdeep":"768:rSa1tfEsDJnGDcHnsnpa0KkBAptlTIvo/:rSEtfEa44MpykBKttIA/","tlshash":"c3c2e09784770fa3da35197b1d2791757cfa8c97780f00ac04853ab5c9127b15bade0b","first_seen":"2024-09-25T14:39:41Z","last_seen":"2026-06-30T23:52:15.910053Z","times_seen":18,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":51,"dns":0,"connect":0,"send":0,"wait":58,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"igit.me/CZPNo","fqdn":"igit.me","domain":"igit.me","tld":"me"},"ip":{"addr":"184.174.39.202","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-30T21:50:41.558Z","timestamp":1782856241558,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"igit.me","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 May 2026 11:34:23 GMT","end":"Fri, 21 Aug 2026 11:34:22 GMT"},"fingerprint":{"sha1":"FA:36:21:19:2A:B8:59:AD:34:11:47:65:0A:23:9E:D2:84:D7:1D:95","sha256":"22:A6:82:4D:B3:8D:1A:54:1D:BE:11:23:EA:B2:2B:02:1C:AA:19:6F:01:32:78:CD:C4:1D:20:16:6A:6D:D9:73"}}},"request":{"raw":"GET /CZPNo HTTP/1.1\r\nHost: igit.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 30 Jun 2026 21:50:41 GMT\r\nServer: Apache/2.4.58 (Ubuntu)\r\nCache-Control: no-cache, private\r\nSet-Cookie: XSRF-TOKEN=eyJpdiI6IkV4THR4QmVKVktYT09jQ25iTzRFNnc9PSIsInZhbHVlIjoiV1FqZDRHU2pPVWJPbVcyc0Q5SEpXYStiV2tVNUpldlhPUmM1WFpabmptNllNNlVIWXJSZmxrVDR4T1JjSEVLU3FiendNYi9KRnNpaTJLM0c5MUZaZFZDTlNlREFuZmhuU0JFWDRhODdTRTBsK3NFRnRNeTU0L09pU3pJQWQ2ZDIiLCJtYWMiOiI0ZDM4ZWM2ZDc2NDI5MDdmMWJkNWUxZTdhYTg1YmQ4OTdlOTQ5ZDRhZDU1MDgxYTFhZTY2OGExMjU5YzYzNmZiIiwidGFnIjoiIn0%3D; expires=Tue, 30 Jun 2026 23:50:42 GMT; Max-Age=7200; path=/; secure; samesite=lax\nlaravel_session=eyJpdiI6Ik1zQmFLM0tkbjJUNzhmSDhoWW4xSVE9PSIsInZhbHVlIjoicWpKbk45RlJ6ekNFMDJ6MTg4QlRsUGxJVTJORUZlOGh0Ky9rWEI4K1F0K3VDL0RibmZxblU3dXAwMGUzRGtOS0VHMWRqajBuYnR2M1k4blk1ZDNTbzRyTkxkVTh2eEVoL3ZSZTZlUzRYejlYamxEWldWUVZYSXRpQ0oxWkJRV0oiLCJtYWMiOiJlMTBhMjU0NTQxNmU0ODRiNWRlOWM5ZjJkMTE2MjgwOTY5Mjg1MjAzNTE1MmE0MDZkYjlmZjhjOTJiNzFiMDg0IiwidGFnIjoiIn0%3D; expires=Tue, 30 Jun 2026 23:50:42 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-01T01:18:47.480228Z","times_seen":16875722,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"igit.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-30","alert":"Phishing Block","trigger":"igit.me","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","date":"2026-06-30T21:50:43.549Z","timestamp":1782856243549,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-ray: wn32812:0.000/wa32812:D=238\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":1578,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"93a5c5dfbe4d163cc191c1b139ddd356","sha1":"77a92e094cfdc24341d75ff1de75643820f2f2ae","sha256":"a4f2522a3f2d7f415a5f2349d01755816f5522d046356743cfdbe1673304edbf","sha512":"1f26effef031f6e6c8dddd9dabfcb334c5ea9090377eb081a39d6f935822c99ca1aff0c13f9bcbb9e59e37de56921e75877f8990737eb318d0761ca1533c037a","ssdeep":"","tlshash":"a171329b06eb811d6023916f3b9d7301b8a2863bd75bfc253d4e8358afcd44a40e279c","first_seen":"2026-01-18T10:52:03.855468Z","last_seen":"2026-06-30T23:52:15.909479Z","times_seen":109,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","fqdn":"3482865.zk622872.web.hosting-test.net","domain":"hosting-test.net","tld":"net"},"ip":{"addr":"91.206.200.198","port":80,"asn":200000,"as":"Hosting Ukraine LTD","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-30T21:50:43.181Z","timestamp":1782856243181,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /webtransfer/webtransfertoutdomaine/ HTTP/1.1\r\nHost: 3482865.zk622872.web.hosting-test.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 30 Jun 2026 21:50:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-ray: wn32812:0.000/wa32812:D=346\r\nLast-Modified: Fri, 27 Sep 2024 07:32:07 GMT\r\nETag: W/\"11530-62314da2d8bc0\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70960,"size_decoded":38535,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (35995), with CRLF line terminators","md5":"b668ed429ee3079d78e53f621fcb9942","sha1":"0a6b8d5bc4145e49d00b2c194a78f5b36d870fca","sha256":"6911cd8e6321f4ffa64bade62919378aaf9410851a11f94908977694745ef511","sha512":"fc26012b4d28472d733721e3b8489beeea0d86c9277162e3988358ab51ee6039ebc2728649ea84590d06da5762b21ceae177323627148cc796cecf7d5500ec91","ssdeep":"768:hq2/s2/Pk8M3e2GAlDymkC5HMFal1Z1hp0jfn9qOOeuLsgFTqOhqMhpPJ5Uvkgzu:p/N/P8O2GAlDEOlhpoJZggOc8JOkN","tlshash":"65636b2429018e6edfb74cd1f692bde8fd2615cfc257c55ab69d01006fe26168ac3eb0","first_seen":"2024-10-11T08:38:18.853451Z","last_seen":"2026-06-30T23:52:15.908647Z","times_seen":5,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":31,"connect":57,"send":0,"wait":59,"receive":116,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-30","alert":"Detects file containing Telegram Bot API","trigger":"3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-30","alert":"Sinkholed","trigger":"3482865.zk622872.web.hosting-test.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans:400,700\u0026subset=latin,cyrillic","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://3482865.zk622872.web.hosting-test.net/webtransfer/webtransfertoutdomaine/webtransfer_files/saved_resource.html","date":"2026-06-30T21:50:43.830Z","timestamp":1782856243830,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:10 GMT","end":"Mon, 31 Aug 2026 08:38:09 GMT"},"fingerprint":{"sha1":"8A:2F:DC:6F:C0:09:07:D3:E5:9C:B7:EE:C2:C4:63:DC:59:36:B5:1B","sha256":"64:7C:E4:55:AB:5C:58:7E:89:F1:19:3B:95:DB:7B:4B:E6:75:42:2C:0C:51:2E:66:85:F5:BB:51:58:08:39:19"}}},"request":{"raw":"GET /css?family=Open+Sans:400,700\u0026subset=latin,cyrillic HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://3482865.zk622872.web.hosting-test.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 30 Jun 2026 21:50:43 GMT\r\ndate: Tue, 30 Jun 2026 21:50:43 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11588,"size_decoded":2334,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"28e0e3d1db179a6b0b454a6a42a382b7","sha1":"637e0ca2efa06fb7bcdadb1ed0cade98aa6f6c08","sha256":"f1251b5aa44c40639d940adcbebe2d7d88573dfac9a2ba63d71ca06ea67bbad9","sha512":"bfe57657f404dacdef4e7bed130a8a739fcc007f9f6d6a9a81d57f10a25776048b664cf58ddc935c6dcecd6fb7ac373b74b03367ae91be7e9ce4badf853fbd3a","ssdeep":"192:wCAAN21/rqbnbqGIwV4Razq4CZZE2s6rqmnbqGIwV4YfzvY:TjXqY4nU8qY4Z","tlshash":"bc322ba00017185067431de623de7e34ee0fa2657044d0766bfd8b9beedad6963b431d","first_seen":"2025-09-17T00:46:50.629094Z","last_seen":"2026-06-30T23:52:15.90632Z","times_seen":11147,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":4,"connect":15,"send":0,"wait":33,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
