{"report_id":"a86fc050-17f9-46d6-84ad-a09502a600e9","version":6,"status":"done","tags":[],"date":"2025-08-24T17:55:21Z","url":{"schema":"http","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"title":"403 Forbidden"},"submit":{"url":{"schema":"http","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-28T17:55:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-24","alert":"Sinkholed","trigger":"sdfaklfsdklffjsdfj.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"sdfaklfsdklffjsdfj.com","ip":{"addr":"104.21.59.126","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-17","domain_rank":0,"first_seen":"2025-08-18T21:40:39.911693Z","last_seen":"2025-08-18T21:40:39.911693Z","alert_count":4,"request_count":4,"received_data":2878,"sent_data":1840,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-24T17:54:58.849Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: sdfaklfsdklffjsdfj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sun, 24 Aug 2025 17:54:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nLocation: https://sdfaklfsdklffjsdfj.com/\r\nCf-Cache-Status: DYNAMIC\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jWBomLrTeuaK%2Bz%2BWixrrXK9naGz4Jfkid5%2BBB7OfhY7udGoh3dwBs3wsza8a86tvIrGCdyofUmTiaPqG5a9aj4sklbI71noDYJsgRGzKazEWbfWVfk4%3D\"}]}\r\nCF-RAY: 9744b7cf8f914434-ARN\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T10:47:07.00812Z","times_seen":13371829,"resource_available":true,"data":null}},"time_used":612,"timings":{"blocked":254,"dns":0,"connect":259,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-24","alert":"Sinkholed","trigger":"sdfaklfsdklffjsdfj.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-24T17:54:59.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sdfaklfsdklffjsdfj.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 10:11:33 GMT","end":"Sat, 15 Nov 2025 11:09:13 GMT"},"fingerprint":{"sha1":"B7:AB:61:9C:4B:38:75:4A:9B:69:0C:DD:5A:74:C1:8D:DC:67:FC:18","sha256":"91:02:AF:F2:46:C5:03:3D:89:85:87:09:BE:3F:C0:45:FF:2D:90:93:48:D6:20:DC:4A:CF:56:FE:0A:59:D9:7F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: sdfaklfsdklffjsdfj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\nserver: cloudflare\r\ndate: Sun, 24 Aug 2025 17:54:59 GMT\r\ncontent-type: text/html\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w%2BYZI9fEfv8fJdsSI1jVh83vN6%2BIuTOXwyY6g6fs5yJ7sfpO7hnDPE5AbCMnzx1j24bDCjq9RF3vQ6R6kfUBhP5OtkZz3wMlSmTYZoycVzqm3Oqb0zo%3D\"}]}\r\ncf-ray: 9744b7d02f16b9db-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1d1ed962f2c3b3101433906b6b71e395","sha1":"323b3ebdc78e3e6f9581706771cbd61bfed318a4","sha256":"2de2499f4e5f896995ee7ebaa527a39b75f520f98e12110ec6c156a2433dbe75","sha512":"5fafbbe993daaffcadae26c8db453bf195c30dea475dccdfa89166f58bb900004a81e21ca42ce1c61f8a8c85587b4d934a953082a1fb1a5256eb9502fcc92883","ssdeep":"","tlshash":"d6c08c67351e3c0ce7a322b422c36aa0d08bd3b088da1a10c640025331c31278ac7315","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-05T08:16:05.376116Z","times_seen":1848,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-24","alert":"Sinkholed","trigger":"sdfaklfsdklffjsdfj.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdfaklfsdklffjsdfj.com/favicon.ico","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sdfaklfsdklffjsdfj.com/","date":"2025-08-24T17:54:59.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sdfaklfsdklffjsdfj.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 10:11:33 GMT","end":"Sat, 15 Nov 2025 11:09:13 GMT"},"fingerprint":{"sha1":"B7:AB:61:9C:4B:38:75:4A:9B:69:0C:DD:5A:74:C1:8D:DC:67:FC:18","sha256":"91:02:AF:F2:46:C5:03:3D:89:85:87:09:BE:3F:C0:45:FF:2D:90:93:48:D6:20:DC:4A:CF:56:FE:0A:59:D9:7F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sdfaklfsdklffjsdfj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sdfaklfsdklffjsdfj.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 24 Aug 2025 17:54:59 GMT\r\ncontent-type: image/gif\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nlast-modified: Sun, 24 Aug 2025 17:54:59 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vARzqFXUYknGDNHngtLSQBxSBzSu7%2Bi0woa8TjOerPBfiTPK37%2BCsRqB52%2BIOUgkpQHLa3ANtE5Q1OHVaNzeHyt7cP5wIM91PnF%2Bnjo7Abj14KZGwpU%3D\"}]}\r\ncf-ray: 9744b7d12f6bb9db-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":88,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 16","md5":"2edea5dee3d58d42787d78db6d118350","sha1":"7e20c163404028aefc16c3413d406ddd9385012c","sha256":"189ac3382fd132e6ab9030541722aff0974612f7021dd89dae3af1071bac3321","sha512":"1400ff7e146dc67d57d7ffcf2d4f951db8f28a1d65550aa3f5d4cd2ae5d2a8e70170d6b78d4a25c21cfd19e867102111f856d4f4f710d57e227c2362959e1cd1","ssdeep":"","tlshash":"44b012628685c07dd1851071248cd304306640141036015d365c062b598d2928030831","first_seen":"2023-05-03T00:26:08Z","last_seen":"2026-04-04T18:32:45.610809Z","times_seen":414,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-24","alert":"Sinkholed","trigger":"sdfaklfsdklffjsdfj.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdfaklfsdklffjsdfj.com/","fqdn":"sdfaklfsdklffjsdfj.com","domain":"sdfaklfsdklffjsdfj.com","tld":"com"},"ip":{"addr":"104.21.59.126","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-24T17:54:58.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sdfaklfsdklffjsdfj.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 10:11:33 GMT","end":"Sat, 15 Nov 2025 11:09:13 GMT"},"fingerprint":{"sha1":"B7:AB:61:9C:4B:38:75:4A:9B:69:0C:DD:5A:74:C1:8D:DC:67:FC:18","sha256":"91:02:AF:F2:46:C5:03:3D:89:85:87:09:BE:3F:C0:45:FF:2D:90:93:48:D6:20:DC:4A:CF:56:FE:0A:59:D9:7F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: sdfaklfsdklffjsdfj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 24 Aug 2025 17:54:58 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2vrw%2B53RXF4nLXTBCbQJqvV019G6NWOSNGTEjhnJPs5UyBqWMxwfdsC0OpC%2FqDuSNza4B61%2Flc3U6FbkwtbXG4%2F5SYFtZiX7brTby7VS5p%2FygoT0ATM%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9744b7cc4e994434-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1d1ed962f2c3b3101433906b6b71e395","sha1":"323b3ebdc78e3e6f9581706771cbd61bfed318a4","sha256":"2de2499f4e5f896995ee7ebaa527a39b75f520f98e12110ec6c156a2433dbe75","sha512":"5fafbbe993daaffcadae26c8db453bf195c30dea475dccdfa89166f58bb900004a81e21ca42ce1c61f8a8c85587b4d934a953082a1fb1a5256eb9502fcc92883","ssdeep":"","tlshash":"d6c08c67351e3c0ce7a322b422c36aa0d08bd3b088da1a10c640025331c31278ac7315","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-05T08:16:05.376116Z","times_seen":1848,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":47,"dns":1,"connect":8,"send":0,"wait":149,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-24","alert":"Sinkholed","trigger":"sdfaklfsdklffjsdfj.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}