{"report_id":"f9fa5385-7255-4bd5-b180-ce1ef241579c","version":6,"status":"done","tags":[],"date":"2026-05-31T13:08:40Z","url":{"schema":"http","addr":"gouidekdc.eu.cc","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":0,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"gouidekdc.eu.cc/","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"title":"gouidekdc.eu.cc/","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gouidekdc.eu.cc","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":0,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-05T13:08:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gouidekdc.eu.cc","ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"domain_registered":"1997-10-13","domain_rank":0,"first_seen":"2026-05-31T13:08:41.62717Z","last_seen":"2026-05-31T13:08:41.62717Z","alert_count":24,"request_count":6,"received_data":3321934,"sent_data":2693,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"gouidekdc.eu.cc/","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-31T13:08:17.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:06 GMT\r\ncontent-type: text/html\r\ncontent-length: 741\r\nlast-modified: Wed, 27 May 2026 08:11:15 GMT\r\netag: \"6a16a723-2e5\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":741,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, CR, LF line terminators","md5":"0b3118cf3622b7fde25733c5401de6f0","sha1":"ca994a0b51e544dd8f88187f2b27c9d911fe9ec4","sha256":"6168b47242f5120706c185a2d095ae66e5047c709059796c8d0ee502e53b22a4","sha512":"e68fa62d330cbb710ee1f97e08d3894e237e87eaa896794a6c6b6b9a020d15ab2b2bb6803ee625720a715fb4316a084637053fc899a10880877790b3cc9999de","ssdeep":"","tlshash":"d201900528a08d5603701700bea2d11cdd93a7478606ae9070faa0bf1f917468d9bc74","first_seen":"2026-05-31T13:08:43.995839Z","last_seen":"2026-05-31T13:38:24.962024Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1532,"timings":{"blocked":689,"dns":373,"connect":154,"send":0,"wait":154,"receive":0,"ssl":159},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gouidekdc.eu.cc/assets/vendor-modules-CLxD4Smg.css","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gouidekdc.eu.cc/","date":"2026-05-31T13:08:18.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET /assets/vendor-modules-CLxD4Smg.css HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gouidekdc.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:06 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 27 May 2026 08:11:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a16a72d-31dd\"\r\nexpires: Mon, 01 Jun 2026 01:07:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12765,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12749), with no line terminators","md5":"e295dedf95dad6cd7549edece708af8b","sha1":"c43bb8d6e6a8b48b4c4fd4f11bd7bec02ded7e6b","sha256":"0fd40a4a9795367945dbf57646911e1389455ed012b33b7677428ec505dc43d0","sha512":"54f7e44a3b9e31947a872b1a5cafe6606fd3378a0b2b3befcc69fc4accc98c8dcd78256cd66eca2251427f7697ca9badae2280c55d3d6856b8a4608e8102d009","ssdeep":"384:/FG7FJ13HzuvHJt4QbFJLICl5IJ3H3sC8lh:9G7VuvHJtMw","tlshash":"e542155eeb624937182346ae36c6f9755a35ddd1cb012786f3445201bec2db622c3f36","first_seen":"2026-04-10T13:37:32.071083Z","last_seen":"2026-05-31T13:38:24.963561Z","times_seen":5,"resource_available":false,"data":null}},"time_used":616,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":616,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gouidekdc.eu.cc/assets/index-D36fqelW.js","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gouidekdc.eu.cc/","date":"2026-05-31T13:08:18.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET /assets/index-D36fqelW.js HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gouidekdc.eu.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 27 May 2026 08:11:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a16a728-933a5\"\r\nexpires: Mon, 01 Jun 2026 01:07:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":603045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64414), with no line terminators","md5":"ee1ed7a6e2d47d887d9361d0e491441b","sha1":"6be24e2c2a960deb3cc6f231f72b879e856e65b4","sha256":"7baca63bbb83495310830f20d45ceeb7196f1fa3de99e4a6d152def251364d9c","sha512":"f4269aa02fa8e8ca3586cebe6973fa88e6e3e8f6def2448d23162882571b669fc31fb7e5594e27d197847b846615c470fbf5432ea76ba69f02c5ca821ccaa9cd","ssdeep":"12288:DHi4Z6avlpZr2uO+EJ+NqBw6fK9R7naXiDX3RDLXM3Pw6k:hZ6avb1yaR7naXiDhDzM3Pw6k","tlshash":"2ed47374b5c0a06ea1062da73b2f79e8d2777858630d88cedd0eb51c769333b91e06b5","first_seen":"2026-05-31T13:08:43.998284Z","last_seen":"2026-05-31T13:38:24.962876Z","times_seen":2,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gouidekdc.eu.cc/assets/index-BW74eFso.css","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gouidekdc.eu.cc/","date":"2026-05-31T13:08:18.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET /assets/index-BW74eFso.css HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gouidekdc.eu.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:06 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 27 May 2026 08:11:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a16a727-1de153\"\r\nexpires: Mon, 01 Jun 2026 01:07:06 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1958227,"size_decoded":0,"mime_type":"text/css","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"965c2b72125b9c0c5060c65e413d69b6","sha1":"c831de857e79fb40ba35cab406452a8732f12ffc","sha256":"ae084985a5e2a370ee676923d94e42ce8ce22cfc2191018fe90a6854f44232f3","sha512":"c820be3ce44ca83f24fee363a6babb926920266ac25e2f324d50564dae1deb5cfd4967acdbf046ed90cd65d8297a17e09bc76f5f1316159927915089c1b78700","ssdeep":"6144:F1f4TEepLs1xy6ABx17U1SVkO723LoM75fqsUHTrwFQ0j1qOXRZh0cRJqeQt7/dg:Fi3pwav5I1S2OM75Yvij1qOX9etE2u5j","tlshash":"a1255f21891321aba733af79a7e50548ff592b739e1706a5bacc30584ff06f82711d9c","first_seen":"2026-05-31T13:08:44.015234Z","last_seen":"2026-05-31T13:38:24.95857Z","times_seen":3,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":615,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gouidekdc.eu.cc/assets/vendor-modules-B7fI7D2f.js","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gouidekdc.eu.cc/","date":"2026-05-31T13:08:19.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET /assets/vendor-modules-B7fI7D2f.js HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gouidekdc.eu.cc/assets/index-D36fqelW.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 27 May 2026 08:11:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a16a72d-b5549\"\r\nexpires: Mon, 01 Jun 2026 01:07:07 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":742729,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"a10a987326f9feed4ebc73884cfdec12","sha1":"adb85fa125be8f116d4449331ef2698cee072564","sha256":"7494733bc5cc75b8665c5ef79c1f90c925d26019103ac7f126e63caf134190b3","sha512":"4cf59ebdf7f87d6c30a90c66ee49509de58759481ac09abc9bb39a44a894eca8a2fbda926984b7254750234d23a10154ab49970c21a7aa13e2ac2fb3d1be78e7","ssdeep":"6144:jusnUKKJ3OZsCpCW3kaVmcTkonX3AIUtujw:Nn9KJ3OZFpC2B3u","tlshash":"31f4c31db6f724224663a1b95b2f6006b63980032d0dfd957a9c83841f8e63d92f7bdd","first_seen":"2026-05-31T13:08:44.016699Z","last_seen":"2026-05-31T13:38:24.960436Z","times_seen":3,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gouidekdc.eu.cc/fav.png","fqdn":"gouidekdc.eu.cc","domain":"gouidekdc.eu.cc","tld":"eu.cc"},"ip":{"addr":"103.143.239.125","port":443,"asn":138152,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gouidekdc.eu.cc/","date":"2026-05-31T13:08:19.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gouidekdc.eu.cc","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 15:26:54 GMT","end":"Thu, 20 Aug 2026 15:26:53 GMT"},"fingerprint":{"sha1":"EF:BB:A7:1B:57:AB:F8:AB:0B:DA:FA:B9:A6:AA:DE:6C:BE:59:2E:1E","sha256":"29:8F:CA:E6:39:5A:1D:37:33:B2:A2:A7:A5:E9:4A:16:FD:54:FB:F3:67:08:CC:7C:79:5D:A5:F4:D3:0B:21:4A"}}},"request":{"raw":"GET /fav.png HTTP/1.1\r\nHost: gouidekdc.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gouidekdc.eu.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 May 2026 13:07:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 27 May 2026 08:11:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a16a722-569\"\r\nexpires: Tue, 30 Jun 2026 13:07:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-05-31T13:38:24.96133Z","times_seen":1906,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"gouidekdc.eu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-31","alert":"Phishing Block","trigger":"gouidekdc.eu.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}