{"report_id":"bc144f41-998d-4024-b5fa-6017cac75f70","version":6,"status":"done","tags":["phishing","kali365","aitm"],"date":"2026-04-27T04:48:23Z","url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"title":"Microsoft User shared a document with you","dom":{"size":18674,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7529)","md5":"667f4e2bc104cdeef925257c3709173b","sha1":"ed860012f5a0ea500fbf0a85a6da2da5535cd0fa","sha256":"4e2f258d0832882d0c1d0b0a1d01161c8571d798f2622985d6f5e627db7807fe","sha512":"6429e4c1d690726b9cd29ad721f9bc22c35495df72664f009e4a90c69c545d1025598706a608ba595a46e7aa3961eef270d325109636f365da64a649ca728ab5","ssdeep":"384:lJh1BAOMj1eicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:j9bUeicNp+uPn4CW9yguGbPcFejO17sN","tlshash":"57823b2bb1d8053ab313e297ec43238ab0214ed6fe6bbe81458d519c01dabfac377554","dom_hash":"domhashea95be312806fa650c95e49886e3a44a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T04:48:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":2,"analyzer":8}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T04:48:00Z","timestamp":1777265280,"ip_dst":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34852,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI","source":"{\"timestamp\":\"2026-04-27T04:48:00.799717+0000\",\"flow_id\":194020491925109,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":34852,\"dest_ip\":\"172.67.203.222\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2051768,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_03_22\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Cloudflare_Workers\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Cloudflare_Workers\"],\"updated_at\":[\"2024_03_22\"]}},\"tls\":{\"sni\":\"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2644,\"start\":\"2026-04-27T04:48:00.792181+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"summary":[{"fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-24T00:03:57.513983Z","last_seen":"2026-04-24T00:03:57.513983Z","alert_count":15,"request_count":3,"received_data":23907,"sent_data":1518,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"api.kali365.xyz","ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-18","domain_rank":0,"first_seen":"2026-04-20T01:49:57.021198Z","last_seen":"2026-04-27T01:54:27.087104Z","alert_count":24,"request_count":6,"received_data":5406,"sent_data":2634,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"48173f0e33e22fc61bf2b8cfa0baa4b0","sha1":"b56d34656360c7e8fdab3d7775583ed343bb0428","sha256":"fdada2c2bac0f71a49a16afd44136b49bf07b8a7031d8d1a85fdf9471d206a06","sha512":"8bbe0d2571bb44279a8cbd10cba53c6ff61361dceb3cb9b6aa0adff487356ed237697cf77213d0224b8b5bc32abe47b7e82703334a04a126502c3b5968a8f148","ssdeep":"","tlshash":"60e092aa334531451ba795baf53fcb18783730636c06da54622aad901fa8b2ca11298d","size":380,"data":"","first_seen":"2026-04-27T04:48:23.970251Z","last_seen":"2026-04-27T04:48:23.970251Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6e1bda734d20935aef1ac561c3cf8e4","sha1":"f3db6e73b05ed9b73ca730a1cde2e985375dec87","sha256":"909032f309d3418b24e6904399e7d3aed8448e46eafb48aacb861f3a55efbccd","sha512":"428bdaafec995e7dd4945e84d9d0ed4d3fbbc616bb16d02f9f3428be1565b921c5a07147b3dcfe4f64335e7121013b5a5b12614263b1734a73d0db233b794a1d","ssdeep":"","tlshash":"7a3184e2f2bb04398ac922f7e87957c97c324a19fd47c106d53d0c2459a0f87613aed0","size":1708,"data":"","first_seen":"2026-04-27T04:48:23.972491Z","last_seen":"2026-04-27T04:48:23.972491Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"53d58ea86b09f571484a9e3b228df96f","sha1":"2ae2a2bc6d657bf300e3c24dab3e549c0fcddaa5","sha256":"cbb52fa1621177dac77beb51837bdfa92482b9e4b7f697687f76fd99d5563341","sha512":"f4889d85c6024f402c0e3631844e2c9f92f0c720ca3698c714595ec663d650f9a8e2cf054fc9c17f28744ca6700be08519f4f83be793c1f2a7e96268a1d0194a","ssdeep":"192:QSMqKu1pypQer0NVVknIbQixufq9bPiUexFejbHJmQs1JI8vqwOYkDy1f:QSdKIypdr0NbqPixuGbPcFej1mQs17s8","tlshash":"ed32d80ef8d88a6a7712b27bcc431285b5254ed6ff6dbdc5054d809c01aabbcc3bb465","size":10975,"data":"","first_seen":"2026-04-22T09:54:35.923662Z","last_seen":"2026-04-27T13:39:45.048786Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"1d28486a96a8f4b1b07c9e607a2cd679","sha1":"cac6695951befceca50c505ee75898e4522770cd","sha256":"7a142c65549aaeef3a272e568b4736fc52d99b9512da0cf3cdcc87e39bb170d9","sha512":"ec51fd21d78247b1de7ced6d25b3c20b3faeb32f23a7b735b1ff4afad9ea7839e68f4bb0c58264795c6ee2ea2e0735ec865e7e07c837c95b968c7135086db205","ssdeep":"384:pJWEAO+teicNp+usxYCYS7ZspZtjQR8q6:XJb2eicNp+uPCTwwmx","tlshash":"8642197bf2c8043ef313d1d3a462578b30646a99beab9b4582dd226841c5bffc367644","size":12540,"data":"","first_seen":"2026-04-27T04:48:23.975423Z","last_seen":"2026-04-27T04:48:23.975423Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:06.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:48:06 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xhY%2B8gclp8j5bJGDAZ5WpJFQYI%2F3w1gbUfYUl3WmlC71SfEEdEHTrDVEEDr7X2szExRGfXTO2HtJC8Phsjd32nqnYVF5OgdeQe2Wm6rrzytHE%2BloB3%2BIOSYTIkJahZ0GHC0%3D\"}]}\r\ncf-ray: 9f2b31699a7c120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:15.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:48:15 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8LEwjPxb18HZeyLYL%2F0%2F2yN60DcCZxL6cXe2Ch%2F1krvVOaAchTvA68VwH%2FOXjVJ4J2Bd%2FyZCB37fGRmN1TWbrcjksBHeA0o%2Bvp2UIIbaC03aQVmgfz6XpSDK%2FG0APLYbcKs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b31a2aa7c569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:18.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:48:18 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1Jn2IjiAtPdA%2BY8scg0896i4TGpZ0ml%2BAPsebDKHm8vkHTGbZFSjy%2FcgMFL1pPOUms%2BGEjnMvqFsjEmTvJnn%2BIHse64MFbeVt1E6W3M3yt650JXF6t7mDPiXfw3FKX%2FYtEM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b31b5badd569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:09.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:48:09 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SpV1RWQ2Q69JuWdOuMKJw8H4MdnpP59nAh%2BG3dyp3P4s9anGidRGygNuTZcTeQgE9JosgYkPGfCi%2Bjas6Ha%2Fv3gpFp%2Bz0t6clbpeCTCL8C9cwN1A0GGy3CikEuSYE1VpCM0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b317c9977569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:12.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Apr 2026 04:48:12 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wLDVnyC%2FTTiQZGvEy4Rvmqzlfx41PKKZdmpmkIXOehne4MmftWoxZYKgeSBHFA3ZKGYqFJUMcyWy760b59M7lF%2BSS%2BZnm17Mo6AL4UeDNYNhJK09tRZDgIlha2%2F3MBw2%2Fs4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f2b318faa2f569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T04:48:00.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /l/Isolex@slurpmail.net HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:48:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TGRBaDjKUlZmqoN1IpbrEgGwnfQ%2FkavGkYrcozfV5X6w2ZXLTHO0%2FnEuMH1dXBRA2C0lmcH5IABLdcnY1SZ8Up8a0IKMDugArSLJ20rnbIgwaf8TjSNVSbmjSzhJkAFD5k1Ep7DlMvS375b0V6bjvFolE5eo%2FV9nkA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9f2b31451fea2678-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1417,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"99a2a58fa627468cbb646768b4e7d35b","sha1":"820eb97828694d437be085f31d4046c8c87bfc59","sha256":"4ee4e379d6abe395ebf4e1a73742ffc8f52c1e58b02f654d16db55e2d0903119","sha512":"60a1eba2924460e03e6976a941bdc0e9f65a41618d923b762b851211510017746c95f48dcd4537985cdc036c870aa773363c98de3bca983791db2698a4583995","ssdeep":"","tlshash":"0f21eba75d812001662384e1f432d65cbcd39d63e507d740b6d576ac4fd46dc4d1138c","first_seen":"2026-04-27T04:48:23.961102Z","last_seen":"2026-04-27T04:48:23.961102Z","times_seen":1,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":22,"dns":6,"connect":1,"send":0,"wait":75,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/favicon.ico","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:01.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:48:01 GMT\r\npriority: u=6,i=?0\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fWCjwoASTrms0WmMM%2BavwES0mCDsFf4iQjBFp1Y8fXvAdOU4Vk%2Ff39Oi0ZNvefJzIfynIzVJucuT0Uq7rQWXPT7xNUUqjweLjXTNLcGVwMbWDLz9ZEnVYtpmE60Q1A6ks14gB%2Bxb%2BA2MJInPRgngXhiOd%2BCWUj97yA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f2b31468bbb3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1411,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"c5afc40d61e6b37e12a0c178c5a5715c","sha1":"832be18fdd05532737228402df6aa8af95417c62","sha256":"f6c64525cb41052b81c32808e2db7ae02ca1ae8908f92ba413edb07359b5f7cd","sha512":"b8803fb441c61623fb7f7f50eded79ad412ed4e4af61ed1bc859626e5794a21e0eb29b9d2e785dee9db68e01381a562842f7db90d09e76ca038d0624099ae5e2","ssdeep":"","tlshash":"f621b96a6d813005766388a1b532d75cbcd39963ed07eb40b5d1b6bc8fc4bcc496278c","first_seen":"2026-04-27T04:48:23.963975Z","last_seen":"2026-04-27T04:48:23.963975Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/lp/Isolex","fqdn":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","domain":"p-5jwrf2lw.workers.dev","tld":"workers.dev"},"ip":{"addr":"172.67.203.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:03.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"p-5jwrf2lw.workers.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 12:12:18 GMT","end":"Sun, 19 Jul 2026 12:12:17 GMT"},"fingerprint":{"sha1":"B7:5C:49:4D:7D:34:C6:A2:22:02:9A:74:5C:51:A3:FF:09:54:EA:79","sha256":"6D:A3:D2:F9:C6:9B:C1:7A:B8:92:15:54:86:B2:AC:E2:23:98:9F:EC:FD:E8:B2:EA:A9:E8:1C:2B:D5:F1:7B:71"}}},"request":{"raw":"GET /lp/Isolex HTTP/1.1\r\nHost: twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 27 Apr 2026 04:48:03 GMT\r\npriority: u=4,i=?0\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\ncache-control: no-store, no-cache, must-revalidate, private\r\nreferrer-policy: no-referrer\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet, noimageindex\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BlWvGpZv29f0QHl9nsQncXGkRK2WHcTGrffnb28jM4UpopWkTpaGX7pkeI5vhfuMPFwoJd5PZC85j77Z31qCqQ774Uk6IiFej6u8nHqHd8GHVxwTRGlRCJ%2B4IS6OruUocElHdnG8o3tLCdY0dcAygUxZtAy51TXf2Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f2b3152dc113181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18660,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7529)","md5":"8eec7f54a81e7b1074f30503571b7563","sha1":"22ba6916c1d01df8bd643c42264f2fa6c9650918","sha256":"6309505ae440f37188f83e06815a24c3ce1c49e98d9a888ff0f12d90179f8b93","sha512":"0df09bcc9e997afa089afc610ca369bf7f46092b88e874566600555810f7a1c5d096c5278d733f4485654e9866721ab92f582c3902857e4a36e90b186241d6d1","ssdeep":"384:pJWEAO+teicNp+usxYnSdKIypdr0NbqPixuGbPcFej1mQs17sxGI:XJb2eicNp+uPn4CW9yguGbPcFejO17sN","tlshash":"31823b2bb5d8053eb313e257ec02238a70214e96fe2bbe85458d519c01d9bfac377654","first_seen":"2026-04-27T04:48:23.966474Z","last_seen":"2026-04-27T04:48:23.966474Z","times_seen":1,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":471,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-27","alert":"Phishing Block","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"twhsl-qkns-r1he.p-5jwrf2lw.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Kali365 Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kali365","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"api.kali365.xyz/api/status/1462321","fqdn":"api.kali365.xyz","domain":"kali365.xyz","tld":"xyz"},"ip":{"addr":"172.67.191.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev/l/Isolex@slurpmail.net","date":"2026-04-27T04:48:03.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kali365.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Apr 2026 16:56:09 GMT","end":"Fri, 17 Jul 2026 16:56:08 GMT"},"fingerprint":{"sha1":"55:5B:31:11:3B:A6:35:92:CD:55:49:23:44:0C:05:5D:E6:B9:1F:C5","sha256":"9B:B5:F0:82:1C:72:5B:76:F0:66:19:CE:4F:28:2C:21:B1:C3:BC:FE:A2:D9:5C:F1:AC:FC:A9:AD:0E:D0:21:77"}}},"request":{"raw":"GET /api/status/1462321 HTTP/1.1\r\nHost: api.kali365.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 04:48:03 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://twhsl-qkns-r1he.p-5jwrf2lw.workers.dev\r\nvary: Origin, Cookie\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-robots-tag: noindex, nofollow, noarchive, nosnippet\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JXhKACR0Ic1H24n%2BImHJQCcv2iPnkqh937dXsttPE7hGzJfK5XYk%2FcNn0PbkxH0mJIIDI2%2ByG19V2VyrMXbY9DCUGxU%2FmgTdksKRmc0FZgGRagJuVohbGKXnfOWwbE1%2BPJw%3D\"}]}\r\ncf-ray: 9f2b31560e21120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1991b7c8ec390f5af45312fc0e09944c","sha1":"d61cf78973a9c26e718fb9fe1cb3c8533893d95f","sha256":"e83c12db5ee3c62282c295c521fa51a10e6cfff8e247c64f09838dbc134bd385","sha512":"80bed01bd6f8fecdcfe32308c4dc471907a48a7418c73be4874046c51c9bcf013cbc53bd0e4fc92afb3020d0c08fb675611712f81799a9a1bf593c4dfd8c8480","ssdeep":"","tlshash":"e9700022280800000ac80800e0000238baa0ca80002ba0c0280c80288820880e008000","first_seen":"2026-03-04T14:57:38.603599Z","last_seen":"2026-04-27T14:22:02.176863Z","times_seen":641,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":99,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.kali365.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}