{"report_id":"dd10a15d-a2a2-4575-ab1e-da1b123c9990","version":6,"status":"done","tags":[],"date":"2025-10-18T09:32:28Z","url":{"schema":"http","addr":"leqvl.astoup.cfd/snvzmfqii","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"leqvl.astoup.cfd/y1.html","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"title":"デバイス環境の安全確認"},"submit":{"url":{"schema":"http","addr":"leqvl.astoup.cfd/snvzmfqii","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-22T09:32:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"leqvl.astoup.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"leqvl.astoup.cfd","ip":{"addr":"104.21.1.36","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-17","domain_rank":0,"first_seen":"2025-10-18T09:32:28.160324Z","last_seen":"2025-10-18T09:32:28.160324Z","alert_count":3,"request_count":3,"received_data":15491,"sent_data":1580,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"leqvl.astoup.cfd/y1.html","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c9a17252028441ab5974f1e73ce76a9b","sha1":"45417ff780b32e0b3b214ce24fa5f7fef41f72c6","sha256":"9ca0c5175ac776f6cbdd9f6d3a1bf1849e7a863a3f8b306669e956893b040cee","sha512":"a56cdde83d49719656543be4764753e449071254455a9113035851d545509015d4429641f5ed754162c03c57966fef72e0d0adde7b652746dff0b381876676a6","ssdeep":"48:dLGA6Zf7KaSxG1CT8pwXaCx8pY+K5diiH/JOH//0HGjDP8moy5gvlbLnrGvwIKHI:9qfa8iKIbiiH/YH/GGjJoo8brG7r/T","tlshash":"8f8102796da718200ef3b47a739b7181b4200023a480ea54be9d83d94f51ad0d5b9fe6","size":4104,"data":"","first_seen":"2025-10-12T17:20:03.876629Z","last_seen":"2025-10-22T10:56:05.247639Z","times_seen":411,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"leqvl.astoup.cfd/favicon.ico","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leqvl.astoup.cfd/y1.html","date":"2025-10-18T09:32:07.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"astoup.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Oct 2025 23:47:31 GMT","end":"Thu, 15 Jan 2026 00:44:40 GMT"},"fingerprint":{"sha1":"1A:B8:3D:7C:E1:64:74:5F:80:03:48:87:C1:AE:F8:CD:72:7E:A5:33","sha256":"36:35:C5:06:DA:28:59:9E:22:2E:82:FB:5D:40:09:5E:B7:D5:3C:1C:C1:68:6D:8D:B7:5A:97:AC:38:34:F5:25"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: leqvl.astoup.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leqvl.astoup.cfd/y1.html\r\nCookie: SITE_TOTAL_ID=aPNellDHPa7xh02-ciRVQQAAHwg\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 18 Oct 2025 09:32:07 GMT\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XKFV6bSADa7NiX%2BO1nDQjycjVT1wfKuteeDg0gnIz7BQbLjgvZzNws6YqbLEGMn0ZYRUEG%2FYGJqHlWp2StEbE382Z%2BYAJuIB5eIQNaTO\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 990706d169685691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":262,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"91de0883544772140997010cd32a55af","sha1":"26a0d293fa1e5503429b4bafdd62b64671603068","sha256":"1a6f7eee8848324899d7b5e76a2dc1f90394614b8150b9bd92037aabef316b79","sha512":"71a3f63cb26f0bf250332587a39af825508de7e1537d853ba4fe473b63707ddf2e89f529b9e0ba88167f8e70ea8dc7f845147a728c09e0ae845e1cf01bf1c983","ssdeep":"","tlshash":"5fd02eae908332d7081214a039c211c22b8813fab47981a86d86e8875268a3ecc8a2c9","first_seen":"2025-10-18T09:32:29.236258Z","last_seen":"2025-10-18T09:32:29.236258Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"leqvl.astoup.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leqvl.astoup.cfd/snvzmfqii","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T09:32:05.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"astoup.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Oct 2025 23:47:31 GMT","end":"Thu, 15 Jan 2026 00:44:40 GMT"},"fingerprint":{"sha1":"1A:B8:3D:7C:E1:64:74:5F:80:03:48:87:C1:AE:F8:CD:72:7E:A5:33","sha256":"36:35:C5:06:DA:28:59:9E:22:2E:82:FB:5D:40:09:5E:B7:D5:3C:1C:C1:68:6D:8D:B7:5A:97:AC:38:34:F5:25"}}},"request":{"raw":"GET /snvzmfqii HTTP/1.1\r\nHost: leqvl.astoup.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Oct 2025 09:32:06 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Cookie,Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kh%2FTevDkhERdqQWHwYt1KrV3mOIvOi%2B%2BzuS%2F8P9AK56ZTZZXJCph%2B1nr6EaIzCFhT2ez6Z27HJY2R7tI9DJV4yCRve4nwj0GLpskGJvZ%2F84%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: SITE_TOTAL_ID=aPNellDHPa7xh02-ciRVQQAAHwg; HttpOnly; Path=/; Max-Age=31536000\r\ncf-ray: 990706c79baa32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1829,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b21c17ce592bee5034bcb3dc343105bf","sha1":"9710fbc5a89ef3ab9bb8ec89508c27964fbca64b","sha256":"575d8dcc42a37ca364b8340b284ebec4fd1914c0603fa688eacc6ef4ff5b8096","sha512":"a682074b9cf654039beacdfb441c17d45a5a8b15b8fe72d77670b41b65f32645959cd329db4222556660e873477d9b1e251c095e009188e135717815d9928013","ssdeep":"","tlshash":"a0310c9605a31001a827d5602ff6770927a6e913874bc9583fdd2389cf8678ddea37ac","first_seen":"2025-10-18T09:32:29.239687Z","last_seen":"2025-10-18T09:32:29.239687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":853,"timings":{"blocked":72,"dns":35,"connect":14,"send":0,"wait":709,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"leqvl.astoup.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leqvl.astoup.cfd/y1.html","fqdn":"leqvl.astoup.cfd","domain":"astoup.cfd","tld":"cfd"},"ip":{"addr":"104.21.1.36","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T09:32:06.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"astoup.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Oct 2025 23:47:31 GMT","end":"Thu, 15 Jan 2026 00:44:40 GMT"},"fingerprint":{"sha1":"1A:B8:3D:7C:E1:64:74:5F:80:03:48:87:C1:AE:F8:CD:72:7E:A5:33","sha256":"36:35:C5:06:DA:28:59:9E:22:2E:82:FB:5D:40:09:5E:B7:D5:3C:1C:C1:68:6D:8D:B7:5A:97:AC:38:34:F5:25"}}},"request":{"raw":"GET /y1.html HTTP/1.1\r\nHost: leqvl.astoup.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leqvl.astoup.cfd/snvzmfqii\r\nCookie: SITE_TOTAL_ID=aPNellDHPa7xh02-ciRVQQAAHwg\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 Oct 2025 09:32:07 GMT\r\nserver: cloudflare\r\nvary: Cookie,Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\ncontent-type: text/html\r\nlast-modified: Sun, 12 Oct 2025 16:09:52 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VISxPOv%2FlBr1e33GB98xBGc49zJLx4%2FHQe%2BECp%2FxCqLKLWur93qISVFkr%2FYlFCIhZYzAMvIsyrnWdzlQCf%2FGgIl91df%2FJ0oRfCRxLKB1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\npriority: u=1,i=?0\r\ncf-ray: 990706cd99395691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11474,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (344)","md5":"ba2fd17b95b754215432e0915014200f","sha1":"925579004930b7f54c728f67fdd87b50831ad247","sha256":"7550c104873557f990fbe09902bfb43d10f09808b80ab034dcad54e7a954c6a1","sha512":"ce6012e284df53c61d2e6cc88fa5b5c942c1e250530a3b964c4f08f776e9e6972224ad96b6195bb82fd651454f245c8b7df805b94b67c5639e8198ef4add59ae","ssdeep":"192:ZTM0xK4diq9sZ6kgq90twzogOiTKMZoI96VXBhgDyJXLx8tVS5q7iK35F5r/4:xRC9L4","tlshash":"193286be9fa314113e53b5343ba2628176218013d445de68becc9398cf45bd0ece6be9","first_seen":"2025-10-12T17:20:03.86351Z","last_seen":"2025-10-22T10:56:05.19871Z","times_seen":411,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"leqvl.astoup.cfd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}