{"report_id":"e2eeec29-40f7-4eac-8ed3-59e04686ad07","version":6,"status":"done","tags":[],"date":"2025-11-23T10:33:17Z","url":{"schema":"http","addr":"thoi.asioy.xyz/vp7jGkkn/9a73044af04988f33b5163552f?_t=1763890383484\u0026p=w","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"172.67.136.209","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"thoi.asioy.xyz/static/404.html","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"title":"thoi.asioy.xyz/static/404.html","dom":{"size":42,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"8a225e3dd1af4fd2c16044e961b2260a","sha1":"062d14b22ce27d9002a5abfb11781281cce940f2","sha256":"5c119650354a092b8f976e4df5b0250e5b82657b1f746c1bf86b76421a8e7611","sha512":"5740aff316a332af558639da578459315c69f9c3c117ae1cc11d973b4f4c0817d94eac2129b4765fab1c7d22167d1e2e5471bf385fdd7a4dbb33eab1005e99fa","ssdeep":"","tlshash":"679004fdd051000d5d3135d00dc113411c14735530114f0415c034f4d704115cc431cc","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"thoi.asioy.xyz/vp7jGkkn/9a73044af04988f33b5163552f?_t=1763890383484\u0026p=w","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"172.67.136.209","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-28T10:33:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"thoi.asioy.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"thoi.asioy.xyz","ip":{"addr":"104.21.78.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-25","domain_rank":0,"first_seen":"2025-11-23T10:33:17.780494Z","last_seen":"2025-11-23T10:33:17.780495Z","alert_count":3,"request_count":3,"received_data":2851,"sent_data":1488,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"thoi.asioy.xyz/vp7jGkkn/9a73044af04988f33b5163552f?_t=1763890383484\u0026p=w","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"104.21.78.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"68b329da9893e34099c7d8ad5cb9c940","sha1":"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc","sha256":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sha512":"be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09","ssdeep":"","tlshash":"c700000000000000c00000300000000030300000000000000000000000000000000000","size":1,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-05-26T18:18:34.415613Z","times_seen":207227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thoi.asioy.xyz/tiaotiao/j.php?wid=vp7q3nay\u0026p=w","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"bfe49044c2d2b00ae8f83eec015f81c4","sha1":"dc52e618f98a2378d8de64602d8ad8802dc9569c","sha256":"c346613c32e1f64e094b7daee399cffebc2afa141c4c29d3f5601d051b628a39","sha512":"16972fb6ea5ff1f5d476d4473d712e5159806197d1a55f107d0cc9415828db84e350324eed2ab2b9b7ae9805060de835167ea0d752e703d47894de28a001645c","ssdeep":"","tlshash":"2ff0dd661a17a8265535411a0b6a3108729331533162ec0075cdad80ff30b1a6b39ef8","size":626,"data":"","first_seen":"2025-11-23T10:33:21.619889Z","last_seen":"2025-11-23T10:33:21.619889Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"thoi.asioy.xyz/static/404.html","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"104.21.78.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-23T10:32:56.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asioy.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 08:39:03 GMT","end":"Fri, 23 Jan 2026 09:37:49 GMT"},"fingerprint":{"sha1":"34:3B:AB:9E:C0:26:B7:F5:06:B8:83:E3:89:5A:84:94:75:DA:C6:39","sha256":"89:F3:9A:C0:23:2E:F8:98:E5:23:C3:7E:07:47:75:63:E7:F4:BB:52:3F:7E:E2:86:8E:54:84:EA:13:09:60:B2"}}},"request":{"raw":"GET /static/404.html HTTP/1.1\r\nHost: thoi.asioy.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 23 Nov 2025 10:32:56 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rergrM0lRMlFJcoGZdknLYKjrzvRAi6Q8o5qW7ss%2BNNSC1Qjsmvy9Ag%2FtiRqKgPZD9WFdSGVX7gnYBC2eVgQlFh8ehMboiRj20iCKg%3D%3D\"}]}\r\nlast-modified: Fri, 05 Sep 2025 11:43:28 GMT\r\npriority: u=1,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\netag: W/\"68bacce0-3\"\r\ncf-ray: 9a3001660b4256c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"4f4adcbf8c6f66dcfc8a3282ac2bf10a","sha1":"c35a9fc52bb556c79f8fa540df587a2bf465b940","sha256":"6b3c238ebcf1f3c07cf0e556faa82c6b8fe96840ff4b6b7e9962a2d855843a0b","sha512":"0d15d65c1a988dfc8cc58f515a9bb56cbaf1ff5cb0a5554700bc9af20a26c0470a83c8eb46e16175154a6bcaad7e280bbfd837a768f9f094da770b7bd3849f88","ssdeep":"","tlshash":"c72000000000000000000000000000000000c0000000000000000000c0000000000000","first_seen":"2023-03-14T15:28:33Z","last_seen":"2026-05-26T07:06:39.439048Z","times_seen":3324,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"thoi.asioy.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thoi.asioy.xyz/favicon.ico","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"104.21.78.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://thoi.asioy.xyz/static/404.html","date":"2025-11-23T10:32:56.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asioy.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 08:39:03 GMT","end":"Fri, 23 Jan 2026 09:37:49 GMT"},"fingerprint":{"sha1":"34:3B:AB:9E:C0:26:B7:F5:06:B8:83:E3:89:5A:84:94:75:DA:C6:39","sha256":"89:F3:9A:C0:23:2E:F8:98:E5:23:C3:7E:07:47:75:63:E7:F4:BB:52:3F:7E:E2:86:8E:54:84:EA:13:09:60:B2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: thoi.asioy.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://thoi.asioy.xyz/static/404.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 23 Nov 2025 10:32:56 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Fri, 04 Jul 2025 08:28:44 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"686790bc-12d\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X3VYYxqS7%2Fpq9phdjKzoVaTPjY0Pxffj3vIk80FAzQDaa1CCJSum2nHYkdusI3s8d%2F0t5tJxTKZXbgVxI65OccTviofM6kSsUB%2FQWA%3D%3D\"}]}\r\ncf-ray: 9a300166bb4656c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":301,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"3f80d9a005fad8bbc1a4c7e36ec41f19","sha1":"19ad96a1d849d73c1d8e6aa75ed8a6dac995d60b","sha256":"88f022f8c92f2b94ff3ab00b957520dd1a386bd135efe0e213d2a91bab0ece76","sha512":"7d6ef17cb4b57df899a9f89b7361fd5b6107f4df4bb4662c88d99e18c0722cafb8c0ab58335d81abd1ec75b9a2eec27f3a213acf79730e2a12a85a3d548bfe12","ssdeep":"","tlshash":"75e0e7dd43c5dc3a81bb5359115f2ae04cb31ff40710f405d2a454306f3cc41adb5215","first_seen":"2025-09-13T05:07:46.863674Z","last_seen":"2026-03-25T06:25:32.695996Z","times_seen":325,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"thoi.asioy.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thoi.asioy.xyz/vp7jGkkn/9a73044af04988f33b5163552f?_t=1763890383484\u0026p=w","fqdn":"thoi.asioy.xyz","domain":"asioy.xyz","tld":"xyz"},"ip":{"addr":"104.21.78.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-23T10:32:55.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"asioy.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 08:39:03 GMT","end":"Fri, 23 Jan 2026 09:37:49 GMT"},"fingerprint":{"sha1":"34:3B:AB:9E:C0:26:B7:F5:06:B8:83:E3:89:5A:84:94:75:DA:C6:39","sha256":"89:F3:9A:C0:23:2E:F8:98:E5:23:C3:7E:07:47:75:63:E7:F4:BB:52:3F:7E:E2:86:8E:54:84:EA:13:09:60:B2"}}},"request":{"raw":"GET /vp7jGkkn/9a73044af04988f33b5163552f?_t=1763890383484\u0026p=w HTTP/1.1\r\nHost: thoi.asioy.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 10:32:55 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WauTTQXImbq3X%2FX784Zp51X8DNZpf%2FA2Bf7g8m2WccnO8d7GMiw4Liy4jb9GH9CwHOjcq5Mar%2BEnqhSzZ3qzHwp9qlj8FoiOivfqDg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a300163f917b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":698,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"04405c86801810c3f06a6e74b7f70e2f","sha1":"057203deccf00472c703cb0808f64b5752c987ff","sha256":"924dda9ebd8290a6abcc6f6860994a653fb4c4bda7ebd03e4aea84d40d143636","sha512":"90d9e7004770b3e6d2e00df70321bbc6020c25fe70a64e0022515d917c722bd5869426c232f1bd6f61fbc0a5efc189c5c478c09ca877e5453e95419f852976f4","ssdeep":"","tlshash":"da012d8b7ba4862e02b861841deeb50cc02b45d9c0b19c1073ecd2ce26d5bf3ccb712a","first_seen":"2025-11-23T10:33:21.615632Z","last_seen":"2025-11-23T10:33:21.615632Z","times_seen":1,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":81,"dns":61,"connect":1,"send":0,"wait":79,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"thoi.asioy.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}