{"report_id":"ac46738b-6909-40b5-be8a-280f4116ae68","version":6,"status":"done","tags":[],"date":"2025-05-05T12:07:05Z","url":{"schema":"https","addr":"proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=","fqdn":"proposai-babyionlabs.app","domain":"proposai-babyionlabs.app","tld":"app"},"ip":{"addr":"172.67.134.145","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=","fqdn":"proposai-babyionlabs.app","domain":"proposai-babyionlabs.app","tld":"app"},"title":"403 Forbidden"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-14T12:07:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"proposai-babyionlabs.app","ip":{"addr":"172.67.134.145","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-05-03T12:55:17.340574Z","last_seen":"2025-05-03T12:55:17.340574Z","alert_count":3,"request_count":3,"received_data":11049,"sent_data":2454,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=","fqdn":"proposai-babyionlabs.app","domain":"proposai-babyionlabs.app","tld":"app"},"ip":{"addr":"172.67.134.145","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-05T12:06:43.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"proposai-babyionlabs.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 28 Apr 2025 14:09:14 GMT","end":"Sun, 27 Jul 2025 15:07:56 GMT"},"fingerprint":{"sha1":"D8:65:20:64:F6:1E:2D:F4:24:D1:AA:2D:4D:AA:25:49:C2:1F:A8:55","sha256":"29:B2:3E:48:CB:EA:C9:3F:DF:4C:BB:4F:E1:CC:C0:87:30:84:67:A0:8B:D9:06:5B:86:F2:FF:03:3F:EA:9B:9F"}}},"request":{"raw":"GET /cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response= HTTP/1.1\r\nHost: proposai-babyionlabs.app\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Mon, 05 May 2025 12:06:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 93b01d0d1b12feb9-AMS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":5226,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (534)","md5":"e6b33228a29ec29aeb081da4d80a45a7","sha1":"f24ddade5c627da3597a6f6f37543fb5b05bf3e5","sha256":"31674b3496d3e68a5b2b43cbf0df069158043bdad63b71bf7c31bbc81a8a88bd","sha512":"98ab4b419607124a020c3b45646574351517342b3e90186e9ace2661cf0a83235a625955b8cc63d1829652ccc2795b37be40c448977cb6fec0e28c0e29e1eb30","ssdeep":"96:fjFj7jOj8HDK/D5DMFGzj+i9GpjcKDRgDqzdk2M7RLlvaQxPbK:fjFj7jOj8jK/VoQPSjcKDRQqzC2M71lo","tlshash":"c1b18672fabd017f10939272b1bd670a7aa0c157db9b059076bcc2711f8ef45aa432c1","first_seen":"2025-05-05T12:07:05.36484Z","last_seen":"2025-05-05T12:07:05.36484Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":91,"dns":25,"connect":20,"send":0,"wait":35,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=","fqdn":"proposai-babyionlabs.app","domain":"proposai-babyionlabs.app","tld":"app"},"ip":{"addr":"172.67.134.145","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-05T12:06:44.156Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response= HTTP/1.1\r\nHost: proposai-babyionlabs.app\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Mon, 05 May 2025 12:06:44 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nCF-RAY: 93b01d0e283b796d-AMS\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":151,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"c371fa8374a06a3c0535fc341d454236","sha1":"441671eacb9398792d435443beaddd3fc5fa1910","sha256":"eed0b81a2fbdd1c5a9f80705885fc5bbf346ba428a79ff7a13ec8491c6a8e96c","sha512":"16aea603a9259ebe5229f9b6660be132305922c296684490ce7ba3f1999c7fc4aa7e3f89f43c480bb0ba8cd47d32fc8ab8cf4e496418cc53a5aec8f2af78c714","ssdeep":"","tlshash":"aec08c26356e3c0ca6a321b502c3aaa0e082c330489a18104700420330c31a68ac3355","first_seen":"2023-04-14T10:39:22Z","last_seen":"2026-04-04T13:08:42.959443Z","times_seen":113551,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":19,"dns":1,"connect":20,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"proposai-babyionlabs.app/favicon.ico","fqdn":"proposai-babyionlabs.app","domain":"proposai-babyionlabs.app","tld":"app"},"ip":{"addr":"172.67.134.145","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=","date":"2025-05-05T12:06:44.300Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: proposai-babyionlabs.app\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://proposai-babyionlabs.app/cdn-cgi/phish-bypass?atok=RklHl9NSj4GDzK0m8rpK0dgWvuyWEixHk7dMBQFs0bs-1746387270.1204393-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3Dtoo_7Mzsc9rPOJ8pU1dVsIAwhbIxhA.yUVEvBTRrBNE-1746311897.0592844-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253D74Oxr6FNDusG4Qv9fS4.92CoWl2hXkUkZFLaNeKLD1Q-1746219534.4330518-0.0.1.1-%25252F%2526cf-turnstile-response%253D%26cf-turnstile-response%3D\u0026cf-turnstile-response=\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Mon, 05 May 2025 12:06:44 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Frame-Options: SAMEORIGIN\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ESbD3%2B5CFWPFJqB%2BYt34lvsSsFmfAQo1uW0CwSF9UynuYbJ9G44ou3wV0iRkNT9F%2B4tm1egNIFdwxlxv%2BiRoANxycowBY1wk8BW%2BUdkXcS%2F0k3d%2BjFGbLMlJfWXghuTFB5sL6nUaMfV85Zc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 93b01d0ee898796d-AMS\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":4556,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (394)","md5":"e1796e865bc8c68c12c095c4d07b2b13","sha1":"18ccd43c3e9fc06f316976ea33f1bd8e72a63646","sha256":"93b2d7426b734edde0a2a29b860f5418d687c3868298667f7f7e40058e04a4c3","sha512":"7e73a74b9555f3456221c3343f982b7254101f77e4f61d3ec6377a3a58855a226e69612f2c1f12c773963e6cc953fd009300731ecf7bb8d9577a60b2d05c8e6b","ssdeep":"96:1j9jwIjYjUDK/D5DMF+BOiUAtkZLmmbrR79PaQxJbGD:1j9jhjYjIK/Vo+trkZ6mbrl9ieJGD","tlshash":"2f918232f9bd117f10d3916261bda7097aa5c147db9b099036bcc1761f8ef45aa232c1","first_seen":"2025-05-05T12:07:05.368169Z","last_seen":"2025-05-05T12:07:05.368169Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-05","alert":"Sinkholed","trigger":"proposai-babyionlabs.app","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}