{"report_id":"acddd49a-95fe-49c5-9dd0-b8d0a42d2d21","version":6,"status":"done","tags":[],"date":"2025-12-23T06:49:57Z","url":{"schema":"http","addr":"krdh4.shop/","fqdn":"krdh4.shop","domain":"krdh4.shop","tld":"shop"},"ip":{"addr":"202.91.34.190","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"detkuf.krdh9.autos/","fqdn":"detkuf.krdh9.autos","domain":"krdh9.autos","tld":"autos"},"title":"狂人导航","dom":{"size":15284,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14706), with no line terminators","md5":"9f65290374831dfd2450c19a684a7761","sha1":"b9ac00aac8a2f85ae9d5f3d486211733000d9315","sha256":"ddc1ff2a4cb33eee17bbab0e085169b6c59651862923828df499241b69ae2bbf","sha512":"4a6832536420272060dd47532b023b62f5d552a1c8098ead560ddaf69c31c3b08e4e905aaab163896a3ddd4b05c048efd485f265ea672f77e032aa1db0ed0f99","ssdeep":"384:rag43cLT7dhoVQestWiBM1CXsxEQGzbIfx1ZEKfGeaYWvB4sfoZjw8lqF10Qlpaz:ragz7dhoVpJWu","tlshash":"e162517711d5318ef733e69c64a1361e50a301b7c6a58dd2b0a23ec2ddc5ae1e41ab8f","dom_hash":"domhash272ce9fafed124330320f84f79a33df3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"krdh4.shop/","fqdn":"krdh4.shop","domain":"krdh4.shop","tld":"shop"},"ip":{"addr":"202.91.34.190","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-27T06:49:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"detkuf.krdh9.autos","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"detkuf.krdh9.autos","ip":{"addr":"185.186.147.226","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":3,"received_data":177985,"sent_data":1389,"comment":"","tags":null,"fingerprints":null},{"fqdn":"krdh4.shop","ip":{"addr":"103.99.179.160","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-23T06:49:57.408922Z","last_seen":"2025-12-23T06:49:57.408922Z","alert_count":0,"request_count":1,"received_data":15593,"sent_data":479,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"detkuf.krdh9.autos/","fqdn":"detkuf.krdh9.autos","domain":"krdh9.autos","tld":"autos"},"ip":{"addr":"185.186.147.226","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dcec4cf881b3217bbd4e6c6283e0f0da","sha1":"ccb7fd9c2c80f240c2b440d9a539baa6f8464ecd","sha256":"9658db1ec24b0ce4988a7c90c5fefa1716d166db29db0b1d4a51ae27a29f0fcb","sha512":"823db128d03f8bf4e748d873e2ce4475ef3693b369826e2cfef66b53d337343ab5eff21d220b58621ba3c1fdcf98a728887b4556f437fd2959cfc7bdf7d93d14","ssdeep":"","tlshash":"d2e0f19db481f0c5acc971727ed09725ec5477253403883113342ce1121526ec55eb8e","size":405,"data":"","first_seen":"2025-02-27T05:59:21.579697Z","last_seen":"2026-04-14T00:57:36.934022Z","times_seen":101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"detkuf.krdh9.autos/","fqdn":"detkuf.krdh9.autos","domain":"krdh9.autos","tld":"autos"},"ip":{"addr":"185.186.147.226","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T06:49:35.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.krdh9.autos","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 22 Oct 2025 09:44:06 GMT","end":"Tue, 20 Jan 2026 09:44:05 GMT"},"fingerprint":{"sha1":"5D:4E:EE:F0:C2:3D:79:9F:64:1A:17:64:D1:20:79:45:8E:19:5B:09","sha256":"B0:23:FC:83:4A:05:4E:37:F3:83:8D:B2:F5:04:CC:F4:E9:A7:7F:32:53:10:3B:94:DD:13:47:0E:F5:FF:59:00"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: detkuf.krdh9.autos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Tue, 23 Dec 2025 06:49:35 GMT\r\ncontent-type: text/html;charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\ncontent-encoding: gzip\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMsSf ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15323,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14721), with no line terminators","md5":"f0976a0c9e41fc7bcf151d602a1218a8","sha1":"8678929ea74cae46c24ced0e4a421992d6aaf813","sha256":"9c2775c4ff7d55f8f0c8ee0c22241f964d6b97b2acaa3946d7c794bc38bf569e","sha512":"f8866efa27c63f93ba300a3147f55c4c6320cc9fafa8e1f26c8ef7788806314750ed44721e99e2f443010a9e674bb1892c4e70d2486431bf97367653bf1e1b10","ssdeep":"384:tagk3cLT7dhoVQestWiBM1CXsxEQGzbIfx1ZEKfGeaYWvB4sfoZjw8lqF10Qlpaz:tagv7dhoVpJWu","tlshash":"7962527711d5318ef733e69c64a1361e50a301b7c6a58dd2b0923ec2ddc5ae5e40ab8f","first_seen":"2025-12-23T06:50:01.820421Z","last_seen":"2025-12-23T06:50:01.820421Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1045,"timings":{"blocked":424,"dns":70,"connect":167,"send":0,"wait":197,"receive":0,"ssl":182},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"detkuf.krdh9.autos","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"detkuf.krdh9.autos/000/flink/analytics.php","fqdn":"detkuf.krdh9.autos","domain":"krdh9.autos","tld":"autos"},"ip":{"addr":"185.186.147.226","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://detkuf.krdh9.autos/","date":"2025-12-23T06:49:36.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.krdh9.autos","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 22 Oct 2025 09:44:06 GMT","end":"Tue, 20 Jan 2026 09:44:05 GMT"},"fingerprint":{"sha1":"5D:4E:EE:F0:C2:3D:79:9F:64:1A:17:64:D1:20:79:45:8E:19:5B:09","sha256":"B0:23:FC:83:4A:05:4E:37:F3:83:8D:B2:F5:04:CC:F4:E9:A7:7F:32:53:10:3B:94:DD:13:47:0E:F5:FF:59:00"}}},"request":{"raw":"POST /000/flink/analytics.php HTTP/1.1\r\nHost: detkuf.krdh9.autos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 9\r\nOrigin: https://detkuf.krdh9.autos\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"referrer="}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: https://www.xzylm.com\r\ndate: Tue, 23 Dec 2025 06:49:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"detkuf.krdh9.autos","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"detkuf.krdh9.autos/favicon.ico","fqdn":"detkuf.krdh9.autos","domain":"krdh9.autos","tld":"autos"},"ip":{"addr":"185.186.147.226","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://detkuf.krdh9.autos/","date":"2025-12-23T06:49:36.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.krdh9.autos","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 22 Oct 2025 09:44:06 GMT","end":"Tue, 20 Jan 2026 09:44:05 GMT"},"fingerprint":{"sha1":"5D:4E:EE:F0:C2:3D:79:9F:64:1A:17:64:D1:20:79:45:8E:19:5B:09","sha256":"B0:23:FC:83:4A:05:4E:37:F3:83:8D:B2:F5:04:CC:F4:E9:A7:7F:32:53:10:3B:94:DD:13:47:0E:F5:FF:59:00"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: detkuf.krdh9.autos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/x-icon\r\ncontent-length: 161862\r\nlast-modified: Sat, 12 Dec 2020 16:55:10 GMT\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncache-control: public, max-age=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":161862,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"e59878ad4b4f1f40d15e939fcac27d27","sha1":"0cf6331e15751e9375bc838b7f249dc9518ae573","sha256":"6e95c48cca528fb63d022418d5c9ee62cb1c55ad40f9ac6f95485082b9c86374","sha512":"883b4100e6b9fec7844a6e58bcc881c5a6a6e8ea546a34654db75c57aeeeb13c89b1513121b8fd85c954a904b8ec211b32db92bce94d90ea6cef9099f7b6910b","ssdeep":"1536:PhLwUE0XHJwFQWQxXg8o9Rit92nQHsuq8P46PTpOt3RLq5uWivwr:ZLwUEKJHlxQT9Utb+Lp5vwr","tlshash":"dff339cd7e02ddadca2944b84c7e98d4ed05bd347912c862bb98770b16b3d26a9304df","first_seen":"2025-12-02T01:27:22.794651Z","last_seen":"2025-12-23T06:50:01.825282Z","times_seen":3,"resource_available":false,"data":null}},"time_used":671,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":443,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-23","alert":"Sinkholed","trigger":"detkuf.krdh9.autos","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"krdh4.shop/","fqdn":"krdh4.shop","domain":"krdh4.shop","tld":"shop"},"ip":{"addr":"103.99.179.160","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-23T06:49:34.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.krdh4.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 08:46:18 GMT","end":"Mon, 09 Mar 2026 08:46:17 GMT"},"fingerprint":{"sha1":"6C:4B:59:C9:FE:DB:88:D2:D7:B3:7D:F5:C8:90:8A:0E:1C:26:9D:4E","sha256":"59:E9:B3:D8:8A:A6:35:78:1E:E2:F5:84:2F:68:BE:D1:AA:A6:BB:6B:57:0D:35:AA:AE:58:58:31:3C:E8:F8:52"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: krdh4.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: https://www.xzylm.com\r\ndate: Tue, 23 Dec 2025 06:49:35 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://detkuf.krdh9.autos/\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMsSfW])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":15323,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":831,"timings":{"blocked":334,"dns":11,"connect":154,"send":0,"wait":162,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}