{"report_id":"d6521751-aba3-4a2b-be23-a6ba810eff77","version":6,"status":"done","tags":[],"date":"2026-06-02T06:12:17Z","url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"ip":{"addr":"172.67.137.234","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"title":"Marketplace Access Queue","dom":{"size":5032,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"1f94b3b4289c5f69fabb59c9ea50c3b9","sha1":"5f80ab72bcf6daae3c81042882e63d6e1d5f4a15","sha256":"83de6da3f6ce909ecb8b49ed04e69eb6fc15b623a89c8340326da17e3090603a","sha512":"633312d5d9fc21a1817eef38779b74883006c451068b316c2554893176128be219f6bf1aed1623e4d51f70132eb726986915b2e6e7fe112bfc48665fadc1a182","ssdeep":"96:nubyhxCJ0Gh1H+LEwxdPPLQNqHFBxjCFBGuYnPBHFBoUJ1KUkUKJ1PUKJ1+J1KUl:ub+80Qh+/xdPTFSFQd5FNPKUkUKPPUKW","tlshash":"15a1106b45e30143b813b1699ff90b492a65d503d50bcc6cbfee269c8f85dd48ca27a8","dom_hash":"domhash171e1f7cd9402dc2b58bb46cf9d30435","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"ip":{"addr":"172.67.137.234","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T06:12:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","ip":{"addr":"104.21.62.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-02T06:09:49.976687Z","last_seen":"2026-06-02T06:09:49.976687Z","alert_count":3,"request_count":3,"received_data":46952,"sent_data":1686,"comment":"","tags":null,"fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"ip":{"addr":"104.21.62.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:11:57.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:52:45 GMT","end":"Tue, 25 Aug 2026 16:52:44 GMT"},"fingerprint":{"sha1":"BB:3D:68:17:DB:CD:9F:0A:30:E1:AB:6E:1C:79:31:7A:89:FC:66:CA","sha256":"F7:A2:1C:D2:C6:9F:F8:92:17:67:61:A6:D8:21:1C:CA:FD:EF:87:6B:8A:C9:DE:38:65:23:A6:4C:AC:B0:7E:12"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: crown=LaU3lByrWSHBcGV\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 02 Jun 2026 06:11:59 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\npriority: u=1,i=?0\r\nset-cookie: PHPSESSID=j377ta71r37kcck0m01uct3hjd; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QchxO8zi206Ve%2FU2T%2BtWeX3SaxcuuKOtyrHtN%2F4bwMNz78c3UoPjWYJeDPUsyre5Cs6Mf6JT7Iw%2Fi38EnPMCHhP%2FwjTU%2BU6FCQ9oe%2FZ%2BORrFylD%2F4zV1VW%2Bt8AJauFy80LKuEPZpVCc6BXNPxRxRsSV2rC9dMCAURIEvL%2BVFc2sewavtGm%2B8kNwe3v6o1mU%3D\"}]}\r\ncf-ray: a0544db98b00b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5050,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"0b5d99775326f04d834c44c8bef50411","sha1":"b1c7ba6fa672ce014c1d54e9bd4c81fca35f1ad7","sha256":"af6126ede29d420a1d3e67fad1a80f320da99ef663ced9569e205b31c5253e7e","sha512":"e08260e3912fbe9aec93b69dd725bc01729c826ccea64cce56c4b353543ef5333a9bbaaba773260d42253175d3e789d845277800c4ccdc520d4baeea8970bdb0","ssdeep":"96:ebyhxCJ0Gh1H+LEwxdPPLQNqHFBxjCFBGuYnPBHFBoUJ1KUkUKJ1PUKJ1+J1KUYA:eb+80Qh+/xdPTFSFQd5FNPKUkUKPPUKU","tlshash":"bba1126b45e30143b813b1699ff90b492a65d503d50bcc6cbfee369c8f85dd48ca2768","first_seen":"2026-02-22T15:51:51.047545Z","last_seen":"2026-06-02T06:13:40.148142Z","times_seen":15,"resource_available":true,"data":null}},"time_used":2569,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2569,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/favicon.ico","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"ip":{"addr":"104.21.62.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","date":"2026-06-02T06:11:59.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:52:45 GMT","end":"Tue, 25 Aug 2026 16:52:44 GMT"},"fingerprint":{"sha1":"BB:3D:68:17:DB:CD:9F:0A:30:E1:AB:6E:1C:79:31:7A:89:FC:66:CA","sha256":"F7:A2:1C:D2:C6:9F:F8:92:17:67:61:A6:D8:21:1C:CA:FD:EF:87:6B:8A:C9:DE:38:65:23:A6:4C:AC:B0:7E:12"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/\r\nCookie: crown=LaU3lByrWSHBcGV; PHPSESSID=j377ta71r37kcck0m01uct3hjd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 02 Jun 2026 06:11:59 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nage: 151\r\nlast-modified: Tue, 02 Jun 2026 06:09:27 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ypWyEfAwZEd7vY%2FFoPC%2BkLNqgDah%2B4oZ7PdhE8LYgZmCGedS3XcOyqsZBqQw6VqeTj4auMHvRZMC94sNts%2BtUCc07suASEf8Lk1Xm32Tz4n%2FPsq5faLOGOR1K35kmQ%2BRm8Jwj%2FfnjYWBqgZGkEsCEzG3ea5fyHGxQT2daPqQOuT17si6oBiKwGcvI8tvfuI%3D\"}]}\r\ncf-ray: a0544dc9cb59b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34494,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"04a688ac7e053c2752b914f4ec8ba08b","sha1":"3c25fb52d553ed124b4aed7cb377c54fa7beda71","sha256":"8d486efd88a64d8843e9481a2121ef30177627308caf31f48070f065668285c8","sha512":"0c2978a752050c543f027eed9cf9056f8f7c9d4ac18afc1e16ceb9926d37e266e846305331c708d07271fac24a764a6634acf496a36ced5319b41f6a3b977c49","ssdeep":"192:CSzaied0S++NXX0RxOwDYXUAAsj4Gi2pC8IOS4sv31pOizZTBvUDB:hu2hMX0XOgk4F2ppFw31/gDB","tlshash":"f6135507fe22f739e7f802b47cfd02946459e2c70559aef9acd262509ccc46668c52be","first_seen":"2026-02-22T15:51:51.049887Z","last_seen":"2026-06-02T06:13:40.148888Z","times_seen":13,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz/","fqdn":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","domain":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","tld":"xyz"},"ip":{"addr":"104.21.62.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T06:11:56.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:52:45 GMT","end":"Tue, 25 Aug 2026 16:52:44 GMT"},"fingerprint":{"sha1":"BB:3D:68:17:DB:CD:9F:0A:30:E1:AB:6E:1C:79:31:7A:89:FC:66:CA","sha256":"F7:A2:1C:D2:C6:9F:F8:92:17:67:61:A6:D8:21:1C:CA:FD:EF:87:6B:8A:C9:DE:38:65:23:A6:4C:AC:B0:7E:12"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 06:11:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: crown=LaU3lByrWSHBcGV; expires=Wed, 03 Jun 2026 02:11:56 GMT; Max-Age=72000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lQcm1vvKQN1Ml2TSUHFF9imvJCUGYjk5L3Y%2Fi9WygWewqu%2FZjc%2FVmU%2FRpZDMy%2FsPY3anGPWWRLscyHi%2BiqNSKCtyaGF69SN8CgGQyjDQ4u6VZxZjarDonWhN9%2Bj7DInII9CIxTh127FWWnKMjFVzPZ5peAu%2Fcdo72lrmLFzqMpQq8f0TEeCA%2FaNPuJi%2F0qM%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: a0544db6ef6a5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5035,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"9eddeecdaa884343e7fcbc86e298e86f","sha1":"f86f1ae7f209b56e2038579897184194bd899b28","sha256":"d497b78476883719c5b2f206ab63a16e29100ea4771cb1118eaa857f02f4849e","sha512":"a31e361148f34742eee5cde1f64bb80f17eb7107bde681f6e5d5d03c23914c3eefde9d2b2690c32814958463b338f993edd0c6528519e7c105ac208c36c3e479","ssdeep":"96:ebe8xCJ0Gh1H+LEwxdPPLQNqHFBxjCFBGuYnPBHFBoUJ1KUkUKJ1PUKJ1+J1KUYA:eb380Qh+/xdPTFSFQd5FNPKUkUKPPUKU","tlshash":"dea1105b45e30142b813b1699ff90b492a65d503d50bcc6cbfee369c8f85dd48ca23a8","first_seen":"2026-02-22T15:51:51.044117Z","last_seen":"2026-06-02T06:13:40.150932Z","times_seen":15,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":17,"dns":1,"connect":1,"send":0,"wait":141,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"crownipsgwzaj3eby5pienlzanam5qjreedgvvqlctlkllx7l2x8nyyd.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}