{"report_id":"e7e8c732-a5fe-45cf-b6c0-8234281549d2","version":6,"status":"done","tags":[],"date":"2026-04-04T12:18:12Z","url":{"schema":"http","addr":"kushy-prod.xyz","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"kushy-prod.xyz/","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"title":"Kushy Prod | Grow. Risk. Earn","dom":{"size":8171,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1120)","md5":"187450c23b789ce86a24e71b5e52130f","sha1":"94967b57840bc759ce4122d75018fcf9a050ebe0","sha256":"7000f8f06adae2a2dc56abf559f80a36a6cc8f14ea6d22e31840886fbbadafdd","sha512":"3fff5f9ddba749931ffdbb164138773abb80726867fa077b96d6f78c8eecd2375478f882aa60f9480d4c4bc3382bce31a3373cfdef966d6e2dc14933301dac6f","ssdeep":"192:o+//8WBeaJNN3sqVRehyEfdWHiTf1CfXMqtU:os3s0RexdWHYf1CfXMqtU","tlshash":"14f151b069f4106f0487c2c29b6a9b1e6fe8e923f559584973fc03c5dfa3d86c90b528","dom_hash":"domhash73d1df6addc3f2e8c9f3e62ab0e990ca","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kushy-prod.xyz","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-09T12:18:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"kushy-prod.xyz","ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-04-04T12:18:13.48687Z","last_seen":"2026-04-04T12:18:13.48687Z","alert_count":20,"request_count":10,"received_data":1013453,"sent_data":4593,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"PHP:8.3.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kushy-prod.xyz/","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"33a646a90b8683deae6ea1fef5071bd7","sha1":"ef220a255730007c0fdc531ff1dd6c03d4af497d","sha256":"cbd610e034d8aa975583e81be55f86b2a5fa2a7029ca2e57d0d1b89fdd947b93","sha512":"7061cd614bd2f35152f0f32de2bb2d4b48e4569f8f23f1611b2b0e777f6c887395813c0a5fdf7635cd2c4dfb8b26107f0e4669a68ca62f91983a8f896eb95864","ssdeep":"","tlshash":"27c0226481b0c4e1ad1c009a123cea4826502a6a019274cfc2bcda8aa42cfe007c8940","size":187,"data":"","first_seen":"2026-04-04T12:18:18.149261Z","last_seen":"2026-04-04T12:18:18.149261Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/De8HFbqV.php?s=%2Fipfs%2F6epV69ah8WWZP6nr6uDceA767bba4b93f709c17757f72fcacaf7da%3Ft%3D1775305071551","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4314ad4235931da3ad21b89b8f47ed96","sha1":"719f6f025e24036aa7e6eaa422fee3451e857f09","sha256":"234792549b6bc5ada2975729e1d7fe9c06af898664a2caa9d47b0eef0d2bb101","sha512":"7b73d92774ece4435c786f42f82269f6a134cff680c40251e9d9c4ee692be08b9c1b233580c3ae06891df95d6c80a25c0192d6a875a457f8bdab4b278900e0a5","ssdeep":"6144:Ih5gDHkAOsstbFZFSXwRTMsS8chPcsdJs3wFYYH/3h8qcPOQA12Lcv0q:osEAnXwRTMP8chPc730WW","tlshash":"f7d4eac2ab09157340ca2eb5047b42afdf882d4d078ba85077f9afd9d74578230eee59","size":622959,"data":"","first_seen":"2026-04-04T12:18:18.146611Z","last_seen":"2026-04-04T12:18:18.146611Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kushy-prod.xyz/leavee.JPG","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /leavee.JPG HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 27 Mar 2026 18:27:07 GMT\r\netag: \"1304-69c6cbfb-24518401c74d5b16;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 4868\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":4868,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 98x97, components 3","md5":"6b7f2aa2ad1e9dc460bd95cc25e0d401","sha1":"c8daea15ee68a8f333746e1f50811304346b1d87","sha256":"0e82c595745f82b6e2eb0be0c14c78ce135c222d5a5881cf0b4fb8c608eefcf0","sha512":"ac44683786fe32712b64f3b9ceaf82ef4b544875677100401a2cc5394770f0e464e2e7204fcf797e1ec92324832f7fe11a8840743fc6e00b98877ff3803819a8","ssdeep":"96:VWIpkPTk09sFQzdEzIVUh5U6Gn5P/66GH6sVmSOIg:VWmkrkeOudY5C/EH9Q","tlshash":"8ba14c3b554f6ec1d967a8315cea12c4e16724863ac8a8067bddf8cb673c9d02c78985","first_seen":"2026-04-01T03:17:23.509588Z","last_seen":"2026-04-04T12:18:18.125298Z","times_seen":2,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/KP%20LOOGO.JPG","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /KP%20LOOGO.JPG HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 27 Mar 2026 18:27:06 GMT\r\netag: \"22ec-69c6cbfa-33642acf5e0cf809;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 8940\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":8940,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 161x143, components 3","md5":"faf8e60fc1f349ee94fbb7a1b8df4c12","sha1":"aaf970829120f4648c677f3f13887ceb0134c5d2","sha256":"4b7e09265cbc42280158d78ea41447e39e22f2f8d548e293785c602b6d57716a","sha512":"222533de58ff319a1e61692542ed0ca98d94b557cc9cf1ca031071b7d6122dd2b5b5a7e0fc3581e1256979eb277aee56084bee4948c4e74ec540af1f787f5f73","ssdeep":"192:VkTkeOukiN1byHFFDXERq0SDHitEVtioU7TWoxR0c6:m41uki1byHXEU46VYzD6","tlshash":"6902a0ba9e567dc0d169acb054f10bca64a37505e3895226f1cf7cd3173c6e80e53352","first_seen":"2026-04-01T03:17:23.513111Z","last_seen":"2026-04-04T12:18:18.129055Z","times_seen":2,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/282-40x40.jpg","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /282-40x40.jpg HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 27 Mar 2026 18:27:06 GMT\r\netag: \"424-69c6cbfa-d335246852db9945;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 1060\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1060,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 40x40, components 3","md5":"04f79164f2b633568a603e295b9d3914","sha1":"1fd0fd2eaa364eae6806e1ce4ff0a223e28751b1","sha256":"d865b831e525b5a1b41c4d904305ff9f71ff32371074b76ba7da81c8ec809109","sha512":"a2a23eb91c9eecb5fa2d62ca41f2a40d486400f6e05d4db0865cea69ec5c33d078a2befb00620bac60a100f79cd197f24e53ecf8d0c99082cebda6bffff1cb53","ssdeep":"","tlshash":"f711efb36b014903eb62133505897709a7059d5927047b7b22825e08bc9defc8cc96a6","first_seen":"2026-03-25T19:26:46.645312Z","last_seen":"2026-04-04T12:18:18.132683Z","times_seen":4,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/De8HFbqV.php?s=%2Fjmpd%2F","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:53.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"POST /De8HFbqV.php?s=%2Fjmpd%2F HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kushy-prod.xyz/\r\ncontent-type: application/json\r\nContent-Length: 1448\r\nOrigin: https://kushy-prod.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1448,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBxAKuAiMAFgAHAy8DIADkAigAAAIBRgMAAO8nhn2XtsKCAX-uDMvNfn3GMBCLf2UCAACfMW6UHErsNBTjhE8HpAfKCDwByJV4PpfIPeyreUXV6E0gnUPUr6RiQu1mdclJBrQsBE9pbbqGAMFvCMoemCDPMpaJ4KulXGLqhgCaBxZZlbbdIvXiFtijZ5HsTJfCvSD3GMh8qfdrl3tjGlQ-nNIKYqNB3i6Tsvr43rtOFo7LExgA-TnFPmts4VBwkMWfYVD3AVKKE1zvo0_hxLMs8ZrO8hNfRA6jzfo1LSsfYfyMj0AKfKgRhEny87mZ4ZzeDcSV8OMD8MRLAuMJYw93I6R0H7PesRrAkhYL_FQ4GfICqlWXte9odQ_h0ez4zs5I62xR_VG0XeB6hVhrasnHLhWCDNUbckZi-6fKlH4yggD6tIERkFbVHax8Ssdl74x9YSaRq30tA4BkgP5iCIURRXd94q2Fnk2jhKeNEXQVmfbA-Jbf1hIPgZTBBnGOuitrXvhtRbThE8_zdtt0kU1Zu9Lt78dCuITPi0Qm0kBhOpAYp132jJDCWxvAY_oVreGDJDDls1EQ9Cw8fO32sXmzmEzRnoQ2EOwa98iGMqxFsHOjWDV4i9he37szl9Z-_DjiUeDOIJ_3Ym52D_jkfk25bI97tKwQOMRPUXOGUGmXQ0aggzeCxNznlwbBdjlIrYVvg-y5NEhIFw7syeYZlGrcWRQ3jHQyJaeiD6X1Fd_Nuvl70GbtCX0ygY3w8_UYVuhKX03BziV0KaGiyudmnycSGi8w6Ilfwdx5fuNKXS3EZiv8J2U2KNYxHvTcLRYDntcoSEP3ia20W9NvUdStQs9udwgWSX5z7oHqhSb0A4Kq1P1TzO8d3bXx8KYK1H1XM9pq1W3Mvo7C5HMLz7n8Td1uwm2LyVs76j6yINgBe83Tqv2Mas_7Q6juI_Kl4aFPlNXusMvdru-TRbAi5F1U_mo3EkRhvT19YJPDH432jm3igCICV4EenueYfiyp0eKFPLjV9Y77QM68WMvWwDUoNaFriVG_sWpiaZnTB_UuwiCcdmryKd2qruvVCvAGT8Wk6lyDCOI2AWV7lezmh456DoqpDBwQBMIbFzhzGAd_2a29NRM6HsIMnCmpqTCPvYqwsZ9Piic5inNlbvkPJKy6p6o_47jB4W0Bdma0FA5_Yo3NWCZl6wAwY9MqTDR5v1al4h0Q\",\"challenge\":\"eyJpZCI6Il9VeTlGNXFOYWJkNHZmcUtaTDRyN0EiLCJub25jZSI6Nzg1LCJoYXNoIjoiMDA0NWU0Y2M0MzE2ZDIxODM0YmFhNGQyZTcxMWJkMTQ0ODY0NWZlM2E5M2MzOWQxNzkwNGUyNjY5ODVmZTgyOSJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\nx-powered-by: PHP/8.3.30\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sat, 04 Apr 2026 12:17:53 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"PHP:8.3.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T17:47:03.427672Z","times_seen":13386520,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T12:17:51.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 27 Mar 2026 18:27:06 GMT\r\netag: \"1f0a-69c6cbfa-2ea73ba9ee0a4651;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2342\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7946,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1120)","md5":"6c82721f8778f973ad2db22629dc7e50","sha1":"8992302460f38da003b8c0e42eda4b812172039c","sha256":"736804ab6cc08880f04ddc37905b16b494586f8ce8c88e0ecd6dc147edf5ac26","sha512":"5a58d5529b00ff2851d9de9eeccbc54ab02ca43ef22c190e79db35bf1662562e9cb375b02b8b083eaa499b69e2d4b07c939604cd4ceb390e364887501c85aebb","ssdeep":"192:ew//8WBeaJNN2VRehyEfdWHiTf1CfXMqti:eioRexdWHYf1CfXMqti","tlshash":"89f132b469f4106f0583c2c29b669b5a6fe8e923f44a584973fc03c6dfa3d46c90b52c","first_seen":"2026-04-04T12:18:18.136585Z","last_seen":"2026-04-04T12:18:18.136585Z","times_seen":1,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":148,"dns":82,"connect":29,"send":0,"wait":31,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/style.css","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 27 Mar 2026 18:27:07 GMT\r\netag: \"2fb1-69c6cbfb-97dfd29b281945ef;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2592\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12209,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f83b7313530900a785fd414f31787c0a","sha1":"bec7127d7a4f64d01a3b22b6623c205cb776405a","sha256":"9578e0988c0fc19967422d07c8859a94e3edd2e3471e787448977006b7517454","sha512":"29f17d0bfcacc1ce781bec17d40229d70550cbcd931904c9788607a43fd25662362810b8bf832089d9ea2128f8c23ccb3970b12d31fd398bdd9534f13050806d","ssdeep":"192:HdMdRYJsTKCkooIUd2+WQyJKUcQMDPE5kKhP1QN8fl5NDLlXPjK8ZmZjmqy/LKpR:9KR/TXm","tlshash":"604234a36ba70a64751bd8596bfbc78a736c9143c00ed93d7ec4214c4f491ed91a2f8c","first_seen":"2026-04-01T03:17:23.517744Z","last_seen":"2026-04-04T12:18:18.140151Z","times_seen":2,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/LOGO.62af53d153cc5cfef43b7f5eb89a085d.png","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /LOGO.62af53d153cc5cfef43b7f5eb89a085d.png HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 27 Mar 2026 18:27:07 GMT\r\netag: \"2a07b-69c6cbfb-12ecaa9bd665c8fc;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 172155\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":172155,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 972 x 840, 8-bit colormap, non-interlaced","md5":"62af53d153cc5cfef43b7f5eb89a085d","sha1":"647185266fb981106f72ef6fd00b01f6e43c1c25","sha256":"005868bc54cfab45a0f094ad1912c416c87c3065bea1d663d7bf7f40acc74018","sha512":"72527e48a6b4f339d6e54911f3252dd143f4a8365e6ee5c0428f7f0f8f8cf3004600011fc11993413f50262fda6ff4161e2d5a02067f0a3dd01c648ca53bc9b0","ssdeep":"3072:2fs+mxDSTOx4X7IPMpDl2A0UdOv7O9J9ZkBbA4mjXypEKydo:5NUOxS7IAcmdj9+BcXQGdo","tlshash":"0ff312d0ff8b2eabe513df00067b4bf054bd6e0eb1b017ab2ea594014c9992c9195bf5","first_seen":"2026-04-01T03:17:23.510655Z","last_seen":"2026-04-04T12:18:18.142433Z","times_seen":2,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/dice.JPG","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /dice.JPG HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 27 Mar 2026 18:27:06 GMT\r\netag: \"1a3c-69c6cbfa-bda6e89423218dd8;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 6716\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6716,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 129x96, components 3","md5":"91f1699df43967ed0be6a9f21096c80d","sha1":"ea76495413507019ffbd94a32ffcd2c05bc70eb1","sha256":"a6bf49eddb5d7c5d14862f1904415000a24a936fec894dcf2db494f817586457","sha512":"d431b57ed9207300b6a426b1f72ef7c620999a1a229aae3547c979f65339a04549724ffca1d325e952a1f34edf41d9eecd7fdccd000e569086bbcf7b8b741c41","ssdeep":"192:FkNkeOufu1nxW1GFG0O2LZX7IPFLboQOFBKaGWS38mT:Wu1ufUnxW1i1ONS5Gxn","tlshash":"2bd16f2a1a929ed2ea2bbab285e502c7e13f040775d0751db2dff963c73d5c25688143","first_seen":"2026-04-01T03:17:23.511747Z","last_seen":"2026-04-04T12:18:18.144807Z","times_seen":2,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/De8HFbqV.php?s=%2Fipfs%2F6epV69ah8WWZP6nr6uDceA767bba4b93f709c17757f72fcacaf7da%3Ft%3D1775305071551","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /De8HFbqV.php?s=%2Fipfs%2F6epV69ah8WWZP6nr6uDceA767bba4b93f709c17757f72fcacaf7da%3Ft%3D1775305071551 HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: PHP/8.3.30\r\naccess-control-max-age: 3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 04 Apr 2026 12:17:52 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\nretry-after: 60\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"PHP:8.3.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":622959,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4314ad4235931da3ad21b89b8f47ed96","sha1":"719f6f025e24036aa7e6eaa422fee3451e857f09","sha256":"234792549b6bc5ada2975729e1d7fe9c06af898664a2caa9d47b0eef0d2bb101","sha512":"7b73d92774ece4435c786f42f82269f6a134cff680c40251e9d9c4ee692be08b9c1b233580c3ae06891df95d6c80a25c0192d6a875a457f8bdab4b278900e0a5","ssdeep":"6144:Ih5gDHkAOsstbFZFSXwRTMsS8chPcsdJs3wFYYH/3h8qcPOQA12Lcv0q:osEAnXwRTMP8chPc730WW","tlshash":"f7d4eac2ab09157340ca2eb5047b42afdf882d4d078ba85077f9afd9d74578230eee59","first_seen":"2026-04-04T12:18:18.146611Z","last_seen":"2026-04-04T12:18:18.146611Z","times_seen":1,"resource_available":true,"data":null}},"time_used":594,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":582,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kushy-prod.xyz/LOGO.62af53d153cc5cfef43b7f5eb89a085d.png","fqdn":"kushy-prod.xyz","domain":"kushy-prod.xyz","tld":"xyz"},"ip":{"addr":"145.79.20.99","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kushy-prod.xyz/","date":"2026-04-04T12:17:51.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kushy-prod.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:51:45 GMT","end":"Thu, 25 Jun 2026 17:51:44 GMT"},"fingerprint":{"sha1":"75:C3:55:82:EE:B6:B7:D8:30:72:3D:A2:D7:F5:17:8D:FB:39:8C:FA","sha256":"E8:FA:A7:90:F6:B4:15:0B:DA:04:6D:22:96:90:C1:EB:C5:4D:51:81:88:B6:4D:8E:38:BF:13:8D:03:03:DC:E7"}}},"request":{"raw":"GET /LOGO.62af53d153cc5cfef43b7f5eb89a085d.png HTTP/1.1\r\nHost: kushy-prod.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kushy-prod.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 11 Apr 2026 12:17:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 27 Mar 2026 18:27:07 GMT\r\netag: \"2a07b-69c6cbfb-12ecaa9bd665c8fc;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 172155\r\ndate: Sat, 04 Apr 2026 12:17:51 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":172155,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 972 x 840, 8-bit colormap, non-interlaced","md5":"62af53d153cc5cfef43b7f5eb89a085d","sha1":"647185266fb981106f72ef6fd00b01f6e43c1c25","sha256":"005868bc54cfab45a0f094ad1912c416c87c3065bea1d663d7bf7f40acc74018","sha512":"72527e48a6b4f339d6e54911f3252dd143f4a8365e6ee5c0428f7f0f8f8cf3004600011fc11993413f50262fda6ff4161e2d5a02067f0a3dd01c648ca53bc9b0","ssdeep":"3072:2fs+mxDSTOx4X7IPMpDl2A0UdOv7O9J9ZkBbA4mjXypEKydo:5NUOxS7IAcmdj9+BcXQGdo","tlshash":"0ff312d0ff8b2eabe513df00067b4bf054bd6e0eb1b017ab2ea594014c9992c9195bf5","first_seen":"2026-04-01T03:17:23.510655Z","last_seen":"2026-04-04T12:18:18.142433Z","times_seen":2,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"kushy-prod.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}