{"report_id":"de79923e-a99a-4bb4-bb04-1fa74128fee1","version":6,"status":"done","tags":[],"date":"2025-10-13T13:09:41Z","url":{"schema":"http","addr":"inficoz.xyz/injectstatus.txt","fqdn":"inficoz.xyz","domain":"inficoz.xyz","tld":"xyz"},"ip":{"addr":"82.26.104.41","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"inficoz.xyz/injectstatus.txt","fqdn":"inficoz.xyz","domain":"inficoz.xyz","tld":"xyz"},"title":"inficoz.xyz/injectstatus.txt"},"submit":{"url":{"schema":"http","addr":"inficoz.xyz/injectstatus.txt","fqdn":"inficoz.xyz","domain":"inficoz.xyz","tld":"xyz"},"ip":{"addr":"82.26.104.41","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-17T13:09:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"inficoz.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"inficoz.xyz","ip":{"addr":"82.26.104.41","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-04-14","domain_rank":0,"first_seen":"2025-04-14T13:47:48.541291Z","last_seen":"2025-04-14T13:47:48.541291Z","alert_count":2,"request_count":2,"received_data":4926,"sent_data":941,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"inficoz.xyz/injectstatus.txt","fqdn":"inficoz.xyz","domain":"inficoz.xyz","tld":"xyz"},"ip":{"addr":"82.26.104.41","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-13T13:09:16.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inficoz.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 Aug 2025 08:16:44 GMT","end":"Fri, 14 Nov 2025 08:16:43 GMT"},"fingerprint":{"sha1":"A1:C3:0D:BA:B2:73:89:8D:73:BD:45:77:A0:AF:E0:BB:88:7B:2B:D9","sha256":"DA:90:B7:2A:51:F2:00:B5:9C:AC:A4:AA:D4:7E:03:BF:8B:F3:A1:C8:49:CF:69:27:1B:15:23:E2:D9:86:D5:95"}}},"request":{"raw":"GET /injectstatus.txt HTTP/1.1\r\nHost: inficoz.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 13 Oct 2025 13:09:17 GMT\r\ncontent-type: text/plain\r\ncontent-length: 2\r\nx-accel-version: 0.01\r\nlast-modified: Sat, 11 Oct 2025 06:55:19 GMT\r\netag: \"2-640dc84735097\"\r\naccept-ranges: bytes\r\nx-powered-by: PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text","md5":"b026324c6904b2a9cb4b88d6d61c81d1","sha1":"e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e","sha256":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","sha512":"3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686","ssdeep":"","tlshash":"c71000000c000000000000000000000000000000000000000000003000000000000000","first_seen":"2023-03-07T12:04:17Z","last_seen":"2026-05-02T09:09:05.885201Z","times_seen":1144,"resource_available":true,"data":null}},"time_used":1804,"timings":{"blocked":802,"dns":403,"connect":195,"send":0,"wait":200,"receive":0,"ssl":202},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"inficoz.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"inficoz.xyz/favicon.ico","fqdn":"inficoz.xyz","domain":"inficoz.xyz","tld":"xyz"},"ip":{"addr":"82.26.104.41","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://inficoz.xyz/injectstatus.txt","date":"2025-10-13T13:09:17.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inficoz.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 Aug 2025 08:16:44 GMT","end":"Fri, 14 Nov 2025 08:16:43 GMT"},"fingerprint":{"sha1":"A1:C3:0D:BA:B2:73:89:8D:73:BD:45:77:A0:AF:E0:BB:88:7B:2B:D9","sha256":"DA:90:B7:2A:51:F2:00:B5:9C:AC:A4:AA:D4:7E:03:BF:8B:F3:A1:C8:49:CF:69:27:1B:15:23:E2:D9:86:D5:95"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: inficoz.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://inficoz.xyz/injectstatus.txt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\nserver: nginx\r\ndate: Mon, 13 Oct 2025 13:09:18 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 4393\r\ncache-control: no-cache, no-store, must-revalidate\r\nstatus: 500 Internal Server Error\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4393,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1040)","md5":"dd00e91998b01090a0302ec57e5f1bc3","sha1":"ef61edc0d52bc97383dd3dec039d946ff5efe03a","sha256":"df5f1f5419d33eba5807a26c96194b6d625afe99307fc0b84f0b8796833bc8f4","sha512":"9db50db705a083b3471796e9df3fc7ec6f5a112af9d95972a562fb2493e0153eea93afb1aac88872a731e969e3fb1b1f8849a7832b1d551484087ef3de900b03","ssdeep":"48:0v4Y5g51ex0By6NnVGEWS0wOWkb+LiQFKtN86c8/043LpiZBRliBh+ooTx/zBlD/:fYq51eeGEryDb+LiwKtNzZ7UZXcwBg3W","tlshash":"ae91d73322d0001732955fe13597578e7a23ad17c66b864976aec129ff85ee3478332c","first_seen":"2025-10-13T13:09:42.624234Z","last_seen":"2025-10-13T13:09:42.624234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":562,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"inficoz.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}