{"report_id":"b9abf02a-7ab9-40c7-851b-edf95d83e890","version":6,"status":"done","tags":[],"date":"2025-09-28T12:28:44Z","url":{"schema":"http","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"172.67.142.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"title":"r4u3wimgjurp.xyz/"},"submit":{"url":{"schema":"http","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"172.67.142.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-02T12:28:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ios.qzaz9aeq2c5ir.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"r4u3wimgjurp.xyz","ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-25","domain_rank":0,"first_seen":"2025-09-28T12:28:44.595423Z","last_seen":"2025-09-28T12:28:44.595423Z","alert_count":0,"request_count":7,"received_data":84610,"sent_data":3600,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]}]},{"fqdn":"owu6nmnzz6.xyz","ip":{"addr":"4.144.72.5","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-02","domain_rank":0,"first_seen":"2025-07-15T06:24:00.590703Z","last_seen":"2025-09-13T13:06:12.903231Z","alert_count":0,"request_count":1,"received_data":1096,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"api.zy6ey8victtid.xyz","ip":{"addr":"154.38.109.70","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-09-16","domain_rank":0,"first_seen":"2025-09-28T12:28:44.609013Z","last_seen":"2025-09-28T12:28:44.609013Z","alert_count":8,"request_count":4,"received_data":5656,"sent_data":2148,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ios.qzaz9aeq2c5ir.xyz","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-09-16","domain_rank":0,"first_seen":"2025-09-28T12:28:44.610887Z","last_seen":"2025-09-28T12:28:44.610887Z","alert_count":1,"request_count":1,"received_data":0,"sent_data":532,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2512414f817df8312569d55032748f81","sha1":"13467df6e962aa77bb36867ff1412e1ba9f8feb1","sha256":"e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de","sha512":"db6e4298746d519b0987bfa0feb89c39315718e178418e482b1c10c76439eae343afabf2db35ffaaa26c7ee6a3855084d39e9b88d35b11f87c354ceaf38874a0","ssdeep":"","tlshash":"a590029525c25101965295d4455b5c8450658675249569809180956259550205125cbc","size":47,"data":"","first_seen":"2023-04-11T22:25:25Z","last_seen":"2026-04-06T09:40:13.550941Z","times_seen":19304,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"338997726a7a4e48ca76a9f8e62bb61c","sha1":"b4e6db24e9bec601334e2cdbacd6334b23cd876e","sha256":"efa9f979cbda2c36ae550d06e23ffe7a7b741d077ea02de2e384c7884ce375b9","sha512":"a378e7ba9476a6fda47bff5c91567345041b4c55005ecd0a25a7150e9bc1916d3915369118ce9422a5b249904fa57d6caf796e5959801aefd4d02f76eb1bad0c","ssdeep":"","tlshash":"621100b93a1a6534c5c5408b317ee7a83d3220717b02a084c36ccc289d18e8714efcbe","size":902,"data":"","first_seen":"2025-09-28T12:28:53.08787Z","last_seen":"2025-09-28T12:28:53.08787Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/assets/js/iframe.js?t=2024008101313","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"544e2f8d13dc5c5ab837cc02abfd9a6a","sha1":"a75b8fb0d6c6f5bf10638c4a09f2ba6e6855a4e9","sha256":"28aa884da0f04f5b4bdaf111e5f13a085dd4ae92e00adb872fed20ad968d1732","sha512":"112e6a8118b811026aebea7df50b691caa6f336a1ee047a70068c57b173fbfaed4a1156d27dc1e4946ab91fc10f3a6faf5eae3203b0c76333782f37c895a1a59","ssdeep":"192:EDQ9CFIMh1gZ1PiRDkEtU4mV7ntFfiqO5Trzo14Wp2LRGoRXoH7F9VzbB+adV9rk:ED2WIMHgZ16RDkEtU4uDtJiqO5Trzo1S","tlshash":"d0222152f9c03d5533ca0fab396f5c88d0160746bdc7788af1d0a8107b9d61aeae46f8","size":10784,"data":"","first_seen":"2025-07-15T06:24:07.023877Z","last_seen":"2025-11-16T03:15:22.624704Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"486d0b08d4a1c53687b8675c32ecfd3e","sha1":"ed54d748c7cd1b1fc6f58d910c92c82115449ce5","sha256":"2927bfa57cd439bd2c220a8abfbba4afcc61cfa0d1c4acd04b8d40841ffedeef","sha512":"c4bbfd751ac6beda7990534cd34a7bd2edbda539d4b717a8fd6306ae5c3b20ac71454789d84cbb325471ab2367aeff7472389d0250e21dc391c3b29e662a187d","ssdeep":"","tlshash":"7ea022832b0c038cc3388ccb0f083b0220e383020e2e00f0aa82800ff038c003320b38","size":74,"data":"","first_seen":"2024-04-27T00:36:27Z","last_seen":"2026-01-12T08:43:42.020845Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-06T10:09:45.765016Z","times_seen":207881,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-06T10:11:10.802941Z","times_seen":600289,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"aeaeb9c6d7356f5c1d67b1bf92e169fe","sha1":"bff19bbd98eba0c4cf7a1e49c8f4cc0a2c3aff10","sha256":"c37d61a8816869088cf06573aad35ad57d6e96aa3d6f2ff91450cc179e1dfb5e","sha512":"b9c8d577651e778edd5dd96822641a63a9589f77f3650d3ac56b29ae112dec8a61d372113a128a80c82b90db3d0492b98e8195c4f308c4236473ee9ec6bcb35b","ssdeep":"","tlshash":"07d023f92875c9307194014b70b6e398356020e07725e140d3c9cd7f5e22dd794f1959","size":217,"data":"","first_seen":"2025-09-28T12:28:53.108943Z","last_seen":"2025-09-28T12:28:53.108943Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/assets/js/crypto-js.min.js","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8b215ef1c396901ab19c41a7ac42cd7","sha1":"00e971d00ca3e26ef1bc0f7586e16c5e30296ebe","sha256":"817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010","sha512":"7b673e3b43efcad7a491d24b73cd831df6ba2daf133caccedbf0c503ded87874db8830b028cce5a2ea4933a2e57ff5b82b5f7e376d60172a65564bf32f8a59c5","ssdeep":"768:JxMJNNuN2XlYGu0kG+QZfrORTIM9OT81KMpBs9oQvu:0Jw2hu0uifrIhdXs9oau","tlshash":"4b232ac1a19c605163a774d00d3f750bb553363a460a85ecfa68e9eeecbc6da903dd38","size":47576,"data":"","first_seen":"2023-03-10T18:36:37Z","last_seen":"2026-04-05T10:47:19.617239Z","times_seen":936,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1b9258db27bce56f027845b113acb902","sha1":"a9a8c8f24c04e49737bd5efa3c62c586a36b9b12","sha256":"e09742ec9f0a50b47f6cc14a2758075f0ef97976eb1696e4d30c5ae583a493d9","sha512":"51a67950fea2093f3336bfec39ebc5d58077c67e45a81117088e496eca8f7d868e644f84f8bea6261611836edd84144fd9f9484080977ce90d69df62c3e2197b","ssdeep":"192:xJxxstNRaZ9dyLS/vunq03iKzUPH8oYvLhJ6ini0NTNErGVG:XxxstN+9ULS/vu73ifJYv9Uinb4rG0","tlshash":"91220895bec89133c3b431b404736acd24a69f8990f0599bec10ed787e72386fa97d49","size":10032,"data":"","first_seen":"2025-09-28T11:43:23.493119Z","last_seen":"2025-09-28T12:31:00.829843Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"5c9b25f278919562ec53034a6748e467","sha1":"f28b80ad9960ae42452205541ec070e821e8cee1","sha256":"7f945ac7b5f37e7026e77800a39db651dbbc69578301f383ce90c158c3caeeca","sha512":"6d7570ac813d9ba16dbd2d48ecc0cd8a08ff18d8f8a85e103f3a00b52dfab5752b68cdf5086ab8436a5c362480b024a3e9aed0a06d97a998ff5d9f31e79e49a2","ssdeep":"","tlshash":"7ba0025a33d417717ef888cf864502e400f522bd173551ecd2d75507f676d406720b24","size":75,"data":"","first_seen":"2024-05-18T10:03:13Z","last_seen":"2025-10-19T17:49:58.421633Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/assets/js/crypto-js.min.js","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:23.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET /assets/js/crypto-js.min.js HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r4u3wimgjurp.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 12:28:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 22 Sep 2025 07:43:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bne93UXQTvcfRSedWImgbPn4U%2BdS4IEXSB7JxKD%2F0dozGPHVOXpSHraiPj0oTUSjdg70Wl9gZADqvH14bKE3MgtIJqTI714AK%2B%2B%2FQt3j\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68d0fe0f-b9d8\"\r\ncontent-encoding: br\r\ncf-ray: 98633d86b8875687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47576,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (47576), with no line terminators","md5":"c8b215ef1c396901ab19c41a7ac42cd7","sha1":"00e971d00ca3e26ef1bc0f7586e16c5e30296ebe","sha256":"817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010","sha512":"7b673e3b43efcad7a491d24b73cd831df6ba2daf133caccedbf0c503ded87874db8830b028cce5a2ea4933a2e57ff5b82b5f7e376d60172a65564bf32f8a59c5","ssdeep":"768:JxMJNNuN2XlYGu0kG+QZfrORTIM9OT81KMpBs9oQvu:0Jw2hu0uifrIhdXs9oau","tlshash":"4b232ac1a19c605163a774d00d3f750bb553363a460a85ecfa68e9eeecbc6da903dd38","first_seen":"2023-03-10T18:36:37Z","last_seen":"2026-04-05T10:47:19.617239Z","times_seen":936,"resource_available":true,"data":null}},"time_used":457,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":457,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"owu6nmnzz6.xyz/","fqdn":"owu6nmnzz6.xyz","domain":"owu6nmnzz6.xyz","tld":"xyz"},"ip":{"addr":"4.144.72.5","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:24.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"owu6nmnzz6.xyz","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Sun, 12 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"DA:61:C1:C8:B4:3B:65:15:71:4A:1A:73:0F:2A:07:EB:F1:1B:62:CC","sha256":"F8:5E:CF:F3:E3:3C:CC:37:8A:12:18:87:36:FD:6F:F7:C1:CC:EE:86:AC:02:6F:DA:9E:8F:2F:0D:4A:20:D4:4D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: owu6nmnzz6.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r4u3wimgjurp.xyz/\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 20\r\ncloudservicediscount: CDN\r\ncontent-disposition: attachment\r\ncontent-type: text/plain\r\ndate: Sun, 28 Sep 2025 12:28:25 GMT\r\netag: \"d5a5867a3f5f885fd20e8418709a9d1a\"\r\nlast-modified: Sun, 28 Sep 2025 07:02:32 GMT\r\nnginx-hit: 1\r\nserver: openresty\r\nvia: EA-HKG-EDGE6-CACHE4[2],EA-HKG-EDGE6-CACHE4[0,TCP_HIT,0],EA-HKG-GLOBAL1-CACHE12[3],EA-HKG-GLOBAL1-CACHE37[0,TCP_HIT,2]\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nx-amz-request-id: 000001998F21DF279542B8072D43F10E\r\nx-amz-tagging-count: 0\r\nx-cache: BYPASS\r\nx-ccdn-cachettl: 60\r\nx-ccdn-expires: 60\r\nx-ccdn-req-id-46b1: 788d395f4b0982746895bee44e38d55c\r\nx-hcs-proxy-type: 1\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncontent-length: 203\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":203,"size_decoded":0,"mime_type":"text/plain","magic":"JSON text data","md5":"d5a5867a3f5f885fd20e8418709a9d1a","sha1":"013244aad72fe61dfca6d31dadf6814b0540d87d","sha256":"b68cb8aa3da2cfdbd412a2a28ecb3728575412f428801fe0ac0538d3af189aa5","sha512":"60279bb05766305ffeaeb3982bdcd4ff26497c4a990e3cccfb1b8f04e8faa373f9dfc34aea9bbe61641a152705aaebf06dd3ed2d263aa22f4c7d094772bb96a5","ssdeep":"","tlshash":"25d012e33134064fd794568cb4843b399e0f901d4fecc2c0c88da4172c01470d4a370c","first_seen":"2025-09-28T12:28:53.046668Z","last_seen":"2025-09-28T12:28:53.046668Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2453,"timings":{"blocked":1119,"dns":625,"connect":213,"send":0,"wait":215,"receive":0,"ssl":279},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/cdn-cgi/challenge-platform/h/b/jsd/r/0.4930130686978998:1759058728:dap3fU2rtkTfHwKTqV7mGmHRm3FRuUNbk9eWfXIDwc8/98633d837dd55687","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:24.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.4930130686978998:1759058728:dap3fU2rtkTfHwKTqV7mGmHRm3FRuUNbk9eWfXIDwc8/98633d837dd55687 HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12096\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r4u3wimgjurp.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Sun, 28 Sep 2025 12:28:24 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=ZM2KFdxKNwOxdsOF0aSBgfzuFfkRoAUw6EJmFBSGmbM-1759062504-1.2.1.1-0FIO2dndiF_.lxp3m_.lnweDPH4t72RPfyy0qmqPQtQhCGlwVMl_MNeZIHYwrqrgFG_krhZNTYtUWf9RQxivhmA.p8lkXKjV2Wo.KtQYQhn__QYsInhq4Qi_E55qjC9TDB0DquJVdCwriKc5yW4dgoHQ5gLVKO9Sd03XTPHGUo0sLiNvk1nULsSOrQcNHG4JPSL6g4dmxg6jjaa5X8FgkJaCWgcVrG2Vs4XyK3ZyVkE; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=r4u3wimgjurp.xyz; Expires=Mon, 28 Sep 2026 12:28:24 GMT\r\nserver: cloudflare\r\ncf-ray: 98633d8ceafe56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/favicon.ico","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:24.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r4u3wimgjurp.xyz/\r\nCookie: cf_clearance=ZM2KFdxKNwOxdsOF0aSBgfzuFfkRoAUw6EJmFBSGmbM-1759062504-1.2.1.1-0FIO2dndiF_.lxp3m_.lnweDPH4t72RPfyy0qmqPQtQhCGlwVMl_MNeZIHYwrqrgFG_krhZNTYtUWf9RQxivhmA.p8lkXKjV2Wo.KtQYQhn__QYsInhq4Qi_E55qjC9TDB0DquJVdCwriKc5yW4dgoHQ5gLVKO9Sd03XTPHGUo0sLiNvk1nULsSOrQcNHG4JPSL6g4dmxg6jjaa5X8FgkJaCWgcVrG2Vs4XyK3ZyVkE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sun, 28 Sep 2025 12:28:24 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=40P2xYrPzIkjtozUkgk5MMz524ve%2FxwOI125eXA2lMaJrCFAro4aTt5pJGB7idovlr49O5vGy6qgbFFz0ZFok47r6dM448xnT3757RtK\"}]}\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncf-ray: 98633d8d1b0056bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"cd94ee8947fb17c796bc7589bb22080c","sha1":"4897b412263b7bcc6c15d26336736d6fcb57e8b4","sha256":"1ef15ba02f0d5df1ffd5007a1d7fca47bd1275b608b59032c994cc09a5d1d90c","sha512":"0a4490f62ec3f27ea791925c02d2bc3966452ae3a6427b4b8a365b60af5512a504bf9dd41b9f51ae30a3ffea98bb85dd074d49d2c7918965f0b4c776763c5a39","ssdeep":"","tlshash":"3dc02b6d36137c4cc6a3317422c3b090c0c6933764fa41120400814771cf2998ac3397","first_seen":"2023-04-17T04:32:01Z","last_seen":"2026-04-05T00:59:26.563197Z","times_seen":173,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.zy6ey8victtid.xyz/fast-endecode/main/request","fqdn":"api.zy6ey8victtid.xyz","domain":"zy6ey8victtid.xyz","tld":"xyz"},"ip":{"addr":"154.38.109.70","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:26.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.zy6ey8victtid.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 06:02:02 GMT","end":"Sat, 27 Dec 2025 06:02:01 GMT"},"fingerprint":{"sha1":"7A:81:0D:86:AB:63:D5:71:A1:AA:45:8A:EC:3C:16:54:77:31:DE:44","sha256":"31:D3:C4:8D:49:5E:36:3B:5F:D6:5D:5A:FE:17:A2:86:6A:80:52:9C:55:AB:36:91:E3:A3:C5:C1:55:CA:7E:AE"}}},"request":{"raw":"POST /fast-endecode/main/request HTTP/1.1\r\nHost: api.zy6ey8victtid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r4u3wimgjurp.xyz/\r\nContent-Type: application/json\r\nContent-Length: 96\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Sun, 28 Sep 2025 12:28:26 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding, Origin\r\nContent-Encoding: gzip\r\nX-Via-FW: 0e1844f,-\r\nSet-Cookie: __fw_uid_https=61f4f7bfaa1fdbc631bf52eced0c320f; max-age=31536000; path=/; HttpOnly; secure\r\nX-Cache: bypass\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":2080,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0ec1f1000d567b03c074c2513b5f8495","sha1":"f522f44f859a26a15fe9ae1ffbeeb6be3a905dd7","sha256":"fbd582e8db3f33408fc5fe2f31c86246aa13164874344a7a64b1fca350d9c7c9","sha512":"3ff0428c764e4befda1480d9e08c89ec60cd9e749884d7d6a095c727aaa1ac25ea11129764385c5f9a8cc7e25928a633245ea371177c1929019a7e27a8f97e57","ssdeep":"","tlshash":"66412aa82a2210c08e3d3fd369e179f692053ef07cd64ac0d617e4e8579b8f1115d226","first_seen":"2025-09-28T12:28:53.058638Z","last_seen":"2025-09-28T12:28:53.058638Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1202,"timings":{"blocked":-1,"dns":122,"connect":217,"send":0,"wait":225,"receive":0,"ssl":452},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ios.qzaz9aeq2c5ir.xyz/web3289/","fqdn":"ios.qzaz9aeq2c5ir.xyz","domain":"qzaz9aeq2c5ir.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:26.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qzaz9aeq2c5ir.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 09:17:21 GMT","end":"Tue, 16 Dec 2025 10:13:37 GMT"},"fingerprint":{"sha1":"DC:76:5E:FA:A6:1D:77:FF:CC:06:60:E1:C7:00:42:C8:8D:44:6C:46","sha256":"5D:BA:6D:6B:05:37:C3:66:44:CD:91:86:CB:FB:84:D3:56:FB:F7:59:85:3C:7D:7A:61:57:0D:E9:CD:B5:8E:84"}}},"request":{"raw":"GET /web3289/ HTTP/1.1\r\nHost: ios.qzaz9aeq2c5ir.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r4u3wimgjurp.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":438,"timings":{"blocked":219,"dns":55,"connect":2,"send":0,"wait":0,"receive":0,"ssl":162},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"ios.qzaz9aeq2c5ir.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zy6ey8victtid.xyz/fast-endecode/main/request","fqdn":"api.zy6ey8victtid.xyz","domain":"zy6ey8victtid.xyz","tld":"xyz"},"ip":{"addr":"154.38.109.70","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:27.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.zy6ey8victtid.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 06:02:02 GMT","end":"Sat, 27 Dec 2025 06:02:01 GMT"},"fingerprint":{"sha1":"7A:81:0D:86:AB:63:D5:71:A1:AA:45:8A:EC:3C:16:54:77:31:DE:44","sha256":"31:D3:C4:8D:49:5E:36:3B:5F:D6:5D:5A:FE:17:A2:86:6A:80:52:9C:55:AB:36:91:E3:A3:C5:C1:55:CA:7E:AE"}}},"request":{"raw":"POST /fast-endecode/main/request HTTP/1.1\r\nHost: api.zy6ey8victtid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r4u3wimgjurp.xyz/\r\nContent-Type: application/json\r\nContent-Length: 96\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Sun, 28 Sep 2025 12:28:27 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding, Origin\r\nContent-Encoding: gzip\r\nX-Via-FW: 0e1844f,-\r\nSet-Cookie: __fw_uid_https=375018f25f8fea9728d661a7d9c84907; max-age=31536000; path=/; HttpOnly; secure\r\nX-Cache: bypass\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":2080,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"5801e52a9d2b395b9f2b5d0f59129b72","sha1":"f414cfe2e3dbfa90a32cf46a334e48a64b655b61","sha256":"ad9fbd02d81f756f2913ea800a224e64601c514415b31b2f7c344001ce187692","sha512":"06cc967416c4c181c51dc549d076aa27548c799a90e8cb468c0a10709bc5e445d187e5355d00c51cd4a14f38764da709882fdeed6002ba77325d0d660ee3acba","ssdeep":"","tlshash":"6d411c9469c71b57a789a247a2415be301867ab5910e834e9da851ceb325f936f04019","first_seen":"2025-09-28T12:28:53.063498Z","last_seen":"2025-09-28T12:28:53.063498Z","times_seen":1,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-28T12:28:22.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 12:28:23 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 22 Sep 2025 07:43:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ewkwxBGsruJ4OnEvbKvfUwOFoi7Vz4FVt9PAjYXg2hju6Xa2cPy2UGvItWyUz0Nu9I0UVtOWHLc%2Bq4BMnGWlx4hv2hZqaBGUGqREBiQE\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98633d837dd55687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"crypto-js","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]}],"data":{"size":2263,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (926)","md5":"a266637a3f077a6c144b605fbbf18ce4","sha1":"2f2eafcd10ca7704bb3cd962654330ae1c14bcc7","sha256":"9319a81d2e8214972e7c33d6c9b23a317daeeb31da4ff599e2bb05eac2a5f6e6","sha512":"04db5e6beb7d7d960af6dd01c3e9285dd6368503de732cdf0652e31cb13b17e95eff9c88e15d71fb9ccee4cd399df8650e0debcaa52c6d9ea2dae1d98111c2fd","ssdeep":"","tlshash":"c24140762e77412ca482815526f9f3593e3150137b02c444f3ede9758f44e8a88dbebe","first_seen":"2025-09-28T12:28:53.068467Z","last_seen":"2025-09-28T12:28:53.068467Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1841,"timings":{"blocked":696,"dns":3,"connect":2,"send":0,"wait":449,"receive":0,"ssl":691},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/assets/js/iframe.js?t=2024008101313","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:23.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET /assets/js/iframe.js?t=2024008101313 HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r4u3wimgjurp.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 28 Sep 2025 12:28:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 22 Sep 2025 07:43:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6uTj9UfkuOhQP%2F31qcokf8bc74kKsPJIPfC2bYsU02AQqtlFOALhDWSWoZ32G2KsPZdgARUMWX2LG7aEG053GYhipIVo%2BD704KHL8gws\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68d0fe0f-2a20\"\r\ncontent-encoding: br\r\ncf-ray: 98633d86b8895687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10784,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10773)","md5":"544e2f8d13dc5c5ab837cc02abfd9a6a","sha1":"a75b8fb0d6c6f5bf10638c4a09f2ba6e6855a4e9","sha256":"28aa884da0f04f5b4bdaf111e5f13a085dd4ae92e00adb872fed20ad968d1732","sha512":"112e6a8118b811026aebea7df50b691caa6f336a1ee047a70068c57b173fbfaed4a1156d27dc1e4946ab91fc10f3a6faf5eae3203b0c76333782f37c895a1a59","ssdeep":"192:EDQ9CFIMh1gZ1PiRDkEtU4mV7ntFfiqO5Trzo14Wp2LRGoRXoH7F9VzbB+adV9rk:ED2WIMHgZ16RDkEtU4uDtJiqO5Trzo1S","tlshash":"d0222152f9c03d5533ca0fab396f5c88d0160746bdc7788af1d0a8107b9d61aeae46f8","first_seen":"2025-07-15T06:24:07.023877Z","last_seen":"2025-11-16T03:15:22.624704Z","times_seen":6,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.zy6ey8victtid.xyz/fast-endecode/main/request","fqdn":"api.zy6ey8victtid.xyz","domain":"zy6ey8victtid.xyz","tld":"xyz"},"ip":{"addr":"154.38.109.70","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:25.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.zy6ey8victtid.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 06:02:02 GMT","end":"Sat, 27 Dec 2025 06:02:01 GMT"},"fingerprint":{"sha1":"7A:81:0D:86:AB:63:D5:71:A1:AA:45:8A:EC:3C:16:54:77:31:DE:44","sha256":"31:D3:C4:8D:49:5E:36:3B:5F:D6:5D:5A:FE:17:A2:86:6A:80:52:9C:55:AB:36:91:E3:A3:C5:C1:55:CA:7E:AE"}}},"request":{"raw":"OPTIONS /fast-endecode/main/request HTTP/1.1\r\nHost: api.zy6ey8victtid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://r4u3wimgjurp.xyz/\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Sun, 28 Sep 2025 12:28:26 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Headers: content-type\r\nX-Via-FW: 0e1844f,-\r\nSet-Cookie: __fw_uid_https=91567ccbf60238a80d64a13df18eec72; max-age=31536000; path=/; HttpOnly; secure\r\nX-Cache: bypass\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":1738,"timings":{"blocked":763,"dns":121,"connect":208,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.zy6ey8victtid.xyz/fast-endecode/main/request","fqdn":"api.zy6ey8victtid.xyz","domain":"zy6ey8victtid.xyz","tld":"xyz"},"ip":{"addr":"154.38.109.70","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:26.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"api.zy6ey8victtid.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Sep 2025 06:02:02 GMT","end":"Sat, 27 Dec 2025 06:02:01 GMT"},"fingerprint":{"sha1":"7A:81:0D:86:AB:63:D5:71:A1:AA:45:8A:EC:3C:16:54:77:31:DE:44","sha256":"31:D3:C4:8D:49:5E:36:3B:5F:D6:5D:5A:FE:17:A2:86:6A:80:52:9C:55:AB:36:91:E3:A3:C5:C1:55:CA:7E:AE"}}},"request":{"raw":"OPTIONS /fast-endecode/main/request HTTP/1.1\r\nHost: api.zy6ey8victtid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://r4u3wimgjurp.xyz/\r\nOrigin: https://r4u3wimgjurp.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nDate: Sun, 28 Sep 2025 12:28:27 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Headers: content-type\r\nX-Via-FW: 0e1844f,-\r\nSet-Cookie: __fw_uid_https=568f301812772051c107ce62af0af2d3; max-age=31536000; path=/; HttpOnly; secure\r\nX-Cache: bypass\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"api.zy6ey8victtid.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:24.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Sun, 28 Sep 2025 12:28:24 GMT\r\nserver: cloudflare\r\ncf-ray: 98633d8c7afa56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10032,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r4u3wimgjurp.xyz/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"r4u3wimgjurp.xyz","domain":"r4u3wimgjurp.xyz","tld":"xyz"},"ip":{"addr":"104.21.27.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r4u3wimgjurp.xyz/","date":"2025-09-28T12:28:24.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r4u3wimgjurp.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 Aug 2025 05:02:20 GMT","end":"Mon, 17 Nov 2025 06:00:26 GMT"},"fingerprint":{"sha1":"28:97:45:2A:6D:DE:BF:B4:28:0C:B7:F0:C0:29:8D:0C:5B:A3:A9:92","sha256":"10:CA:13:82:2C:4D:6C:AA:48:11:CB:49:53:EB:B1:F5:92:94:F2:BC:7D:15:C2:15:CA:86:57:5D:4F:A0:0B:6A"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: r4u3wimgjurp.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Sun, 28 Sep 2025 12:28:24 GMT\r\nserver: cloudflare\r\ncf-ray: 98633d8c9afd56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10032,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10032), with no line terminators","md5":"1b9258db27bce56f027845b113acb902","sha1":"a9a8c8f24c04e49737bd5efa3c62c586a36b9b12","sha256":"e09742ec9f0a50b47f6cc14a2758075f0ef97976eb1696e4d30c5ae583a493d9","sha512":"51a67950fea2093f3336bfec39ebc5d58077c67e45a81117088e496eca8f7d868e644f84f8bea6261611836edd84144fd9f9484080977ce90d69df62c3e2197b","ssdeep":"192:xJxxstNRaZ9dyLS/vunq03iKzUPH8oYvLhJ6ini0NTNErGVG:XxxstN+9ULS/vu73ifJYv9Uinb4rG0","tlshash":"91220895bec89133c3b431b404736acd24a69f8990f0599bec10ed787e72386fa97d49","first_seen":"2025-09-28T11:43:23.493119Z","last_seen":"2025-09-28T12:31:00.829843Z","times_seen":4,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}