{"report_id":"b82ecbee-fbbf-40cf-a34c-b2929fbd77e2","version":6,"status":"done","tags":[],"date":"2026-03-29T12:15:37Z","url":{"schema":"https","addr":"ca.gov-zxq.info","fqdn":"ca.gov-zxq.info","domain":"gov-zxq.info","tld":"info"},"ip":{"addr":"43.165.68.78","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"ca.gov-zxq.info/","fqdn":"ca.gov-zxq.info","domain":"gov-zxq.info","tld":"info"},"title":"Welcome to OpenResty!","dom":{"size":128620,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (21701)","md5":"d3e91d61c0111eb95d17ed804d1b268a","sha1":"f0e9cc2f035e22aba4dedafde18af6097444722b","sha256":"278fcc893dc1eddb379f4e17d54d59682254b5afac0799b097558cafdf83efa9","sha512":"d27072849cf06d6793326c474651392a75d345da7c15f496d37cec112ac10c4f76e8a8d11502db70cd54f94c8c038ec949bac3faabdd6a959006e6bd6692979d","ssdeep":"3072:aI+edP2O+bkfAlfknyoC6CQGMEmGjwxTFO9AUVgiFgb1ech:2e1XKk4+y16tGErOAvcm1Lh","tlshash":"26c301f052e3290d5fd14462f8a46f8aae9b4a47dac29cb572cc4a4defdc898035f50d","dom_hash":"domhash4e172ad15285a069ca03b45c49097c90","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ca.gov-zxq.info","fqdn":"ca.gov-zxq.info","domain":"gov-zxq.info","tld":"info"},"ip":{"addr":"43.165.68.78","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-03T12:15:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-29","alert":"Phishing Block","trigger":"ca.gov-zxq.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ca.gov-zxq.info","ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-29T02:57:09.312051Z","last_seen":"2026-03-29T02:57:09.312051Z","alert_count":6,"request_count":2,"received_data":129232,"sent_data":921,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ca.gov-zxq.info/","fqdn":"ca.gov-zxq.info","domain":"gov-zxq.info","tld":"info"},"ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T12:15:15.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ca.gov-zxq.info","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:30:47 GMT","end":"Wed, 24 Jun 2026 11:30:46 GMT"},"fingerprint":{"sha1":"5B:29:75:79:5F:7F:C3:E6:5C:40:75:35:96:C6:39:CC:D1:40:57:27","sha256":"8A:DA:31:10:96:2D:F1:D8:FF:C7:D8:8B:C3:E9:53:CB:D8:BC:7C:D6:0A:39:FE:76:88:D8:6A:72:31:7C:76:2B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ca.gov-zxq.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.29.2.1\r\ndate: Sun, 29 Mar 2026 12:15:15 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 27 Feb 2026 09:33:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a16501-1f686\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":128646,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (21703)","md5":"ea5d46b6f3e98c47da3c37f4fde94924","sha1":"837fd5e3bf8e56420333083d28ccf1c8ceb66a3c","sha256":"8d374d23d4bc454767b8d4eeda8c3020a4f878a29207e31d74f6a1e55d4b7c4b","sha512":"153f18f070bc285f7e40acf01270cf7ea412991237b1a8a05cd008f1defbb6bbe60f97d5672d1caee9b1a57d9f90efd10f691ea0a726d1573bb828b80c035a58","ssdeep":"3072:cI+eAP0O+bkftlfknyoC6CQGM3mGjwxTAO9nUVgiFgb1eco:weKJKkV+y16tGtrPnvcm1Lo","tlshash":"5cc301f052e3290d5fd14462f8a46f8abd9b4a87dac29cb572cc4a49efdc898035f50d","first_seen":"2024-02-26T17:39:06Z","last_seen":"2026-04-04T19:52:01.486087Z","times_seen":137,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":191,"dns":0,"connect":93,"send":0,"wait":91,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-29","alert":"Phishing Block","trigger":"ca.gov-zxq.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ca.gov-zxq.info/favicon.ico","fqdn":"ca.gov-zxq.info","domain":"gov-zxq.info","tld":"info"},"ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ca.gov-zxq.info/","date":"2026-03-29T12:15:16.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ca.gov-zxq.info","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 11:30:47 GMT","end":"Wed, 24 Jun 2026 11:30:46 GMT"},"fingerprint":{"sha1":"5B:29:75:79:5F:7F:C3:E6:5C:40:75:35:96:C6:39:CC:D1:40:57:27","sha256":"8A:DA:31:10:96:2D:F1:D8:FF:C7:D8:8B:C3:E9:53:CB:D8:BC:7C:D6:0A:39:FE:76:88:D8:6A:72:31:7C:76:2B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ca.gov-zxq.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca.gov-zxq.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.29.2.1\r\ndate: Sun, 29 Mar 2026 12:15:16 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a6362fdf7b89ef682ac999be37962628","sha1":"f7b0aa3e1f989184042d276cff04f6cb8119fd9f","sha256":"da9f084f6ae275049c7ef113c1d67a63d0cd7cc23cabecc4fcb80bf93edd902e","sha512":"6b7b1fca60e7ace3cc3a8486c59fd7b0b369d6ead3e260946dced0819eb673d65ea9a225955c67dcaac3f9fd4d7ac9f424f065f5adc4c66060fe128548cba7bc","ssdeep":"","tlshash":"1dc02b2d64137c0c8663307676c370a0c1978337f57e41218440805730cf1998bc33ab","first_seen":"2026-02-28T20:19:07.990456Z","last_seen":"2026-04-04T20:11:44.462549Z","times_seen":358,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-29","alert":"Sinkholed","trigger":"ca.gov-zxq.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-29","alert":"Phishing Block","trigger":"ca.gov-zxq.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}