{"report_id":"08474a6c-e332-4e38-8a17-1bc128583d25","version":6,"status":"done","tags":[],"date":"2026-03-07T12:45:43Z","url":{"schema":"http","addr":"nemo89.net","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"nemo89.net/","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"title":"NEMO89 : NEMO 89 PUBG Mobile Update Terbaru Penuh Seru","dom":{"size":188389,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (42321)","md5":"eb3c05f3f0e2afcf2e04bb93fcc30ca3","sha1":"de2721b39e563abdc30d0dc41efffafb218d1042","sha256":"893dde971d047fbb38ca40828a1b07ca23b431e3fd137e453f2b70073270f524","sha512":"82f8fb8a6f510c529da5530b4021428bfdbb0e56af3c609798dbc4c423d6786bb9362414f36d383aa38cf6dbfe6c6ad180698b95cc27621ead17f6082205335d","ssdeep":"768:shnWk5F4g5A4WR2v5j1HtyQh6zhi2VMnUYvtRhFU5JV8CuC7LmZFUkVx1HXEXAWf:wZ5F4g5A4WR2v5D6EBwn+EX900","tlshash":"8b04c662284d015f6127c791a0f8f5bb9d55d90fc9328a85f4aeabccc781f42767a32c","dom_hash":"domhash27e485371d07b37a24529cfd5bade9ab","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"nemo89.net","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T12:45:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"nemo89.net","ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":312,"request_count":78,"received_data":2033729,"sent_data":36956,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"cdn.ampproject.org","ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2015-08-31","domain_rank":3289,"first_seen":"2015-10-09T04:27:01Z","last_seen":"2026-03-02T07:14:51.852352Z","alert_count":0,"request_count":5,"received_data":340655,"sent_data":2252,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.ampproject.org/rtv/012601162341000/v0/amp-loader-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd1e9230f8bce15f2278c5a542892ab4","sha1":"3cc51cd0547626645b968d0abf7db7d3cf81ea0b","sha256":"b8b1fd0ca593bd5a92c5d53632f316d98505bcbfe63069dec8cc248edf8f10b8","sha512":"e3799fca7e4e2562d5ba055e657a6b5ac5eb5dbd1b424a58dbe497a1e34f8346a5cd32a40358f5321105a00b9eee3fcef9e416532088bdeb09c53150d8a29e40","ssdeep":"384:Ho39KdedznnH/axp6ulqaa5F4g5A4WR2vCk:I39KMdTfaD6ulDa5F4g5A4WR2vCk","tlshash":"0c42a460a60ba2ac530342f488f5b856757ccd4fb8104079f0604ededf8ae54bdbb96e","size":12361,"data":"","first_seen":"2026-01-27T19:56:43.459766Z","last_seen":"2026-05-03T11:30:06.97582Z","times_seen":340,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-bind-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"920f912c96b9f765bd48268aed9e247e","sha1":"a92d7399f3c20e997d854f699a6175848405a5b0","sha256":"50967b8c93756d78aae4937a33646501744a94d3c0d7d7cacaa2c74b3ac0f090","sha512":"b808abc3af44a5607437b95a058c7a71650517cc9f66d4a473f8ced66d1010268c08d823db3ec81379c7e161edef617cf766e1ad89d0e1eb70cd5bdd61867c29","ssdeep":"768:lXCsqZrGK6LtckYuN3WMoT+TfmdURuSlnc5Ql0p43fHL3+k4OGeUiBIKHX4hR0Zd:dqOdLtLYUESdcw3ze5VJzkFnJ2U","tlshash":"a913ebb53292a43747d648e694377012e32d2956300ac8e8f1aceecb7c77955b1b5e3c","size":41951,"data":"","first_seen":"2026-01-27T22:09:22.884947Z","last_seen":"2026-03-17T21:41:49.822487Z","times_seen":222,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-anim-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"44f2b013639f8aa043f9e4a06772c284","sha1":"9bdc3848eeb9d64f57af9c3a7d382df775eb4baf","sha256":"fb165f97e946cb1766950277393535b031b7f3b8197ee7707eb59b69898b24fd","sha512":"ace7763f3bd8b5f8791abef78cec2abe1b12a35f5fd0cab3d992ef25f16aa03bc289b361dae2edb7e4fd30ab3b68d5f65e8adc34e67a1d7b5442e768dbbc4a0f","ssdeep":"","tlshash":"a671c7b83186b5769f973ce245275401fa39643a3407c868b168decf293ac5624b6f3c","size":3802,"data":"","first_seen":"2026-01-27T22:09:22.829762Z","last_seen":"2026-03-17T21:41:49.770725Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7aed616980682321cddfb9b8cf5562c","sha1":"eef8ab735f5db076a2d75e2aa0eed2a906e5acf3","sha256":"a7ecf95bf8e77d736137458ca0e73cd7d0bbf0b56be119719ea3676fa92e6a87","sha512":"b073068035bdade94cbacabe7d4b3e5e7d441fdcf45f6a0e861ee7923844150f3bd033f57c1a2881b4f8d0d21326d02f660a07f0d7e64010c3ba8f3d95abc509","ssdeep":"3072:5HZ1lahpWCJEM51jrASXXMdrRrNWeEUFgmlMg3:L1lahpWCJEM51/AHdrRrNWnUFgOB","tlshash":"7524d5a63296b03247e555f5d4774002e3296998340b806cf86ceecb7cb9d86b1b6f7c","size":228233,"data":"","first_seen":"2026-01-27T19:56:43.462935Z","last_seen":"2026-03-17T21:41:49.827118Z","times_seen":383,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-populer.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-populer.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"dea1-695c5804-c8cfa;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 43035\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":56993,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9b5331391c7d50582ee916756fbccc31","sha1":"10989f055b81a637a148081ac4011f0ec500d40c","sha256":"2e9b99156dfb4277494ed9647c2b5dabaa3ee655e2183de5f7310723bb72febb","sha512":"23489f7a23267e7e04f8382729c728de5561889598e15cfa1214f8ede30d8271c9dfdab8cc21e81bc82e828b0d6a32ac5c9e748920c8f9dcd690fcb7bd670951","ssdeep":"1536:iuI1afH2p4JUzDb28zmsXytBQKG7QF63cNEF3MnybQa:iuI6Wp4JEDb286sXePnRKFmybZ","tlshash":"d943f2423f007f784a72d285516cd15eed36684f39909f9f7ff38986a26e6181ca40de","first_seen":"2025-09-25T02:02:35.071904Z","last_seen":"2026-06-04T17:11:45.460139Z","times_seen":130,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/habanero.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/habanero.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"b6c-695c5804-c8d09;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2924\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2924,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"6fdcf2c4077e1a01c1387becb47eab76","sha1":"9e644b73bbfbd059798cb3f38a50afbb6d51c947","sha256":"063b0b0af325dd011bb3cd4f69e62c3ebb3e2a8033a9f255552a1ee6a47cc842","sha512":"0519f574e77eeb96f2b534b554d6e52300fdaa50c27711e3674e8b22400534ddf89a3a2e2d029b3e455f98423d4a1433964cfc05abb7ba29d32425256e1fa9b1","ssdeep":"","tlshash":"8c513e4cbb83da0ca18c7b521cf65106a71385869c81b8b4ed4fe40f4c70aeb5d5c9cb","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.967884Z","times_seen":1654,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/btpn.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/btpn.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"8c3-695c5804-c8ccc;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2243\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2243,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"976c8fc9ca31651f1c1ac1a0bca5f8b5","sha1":"475e902161a298719789a4ef4d23c2a873c599ac","sha256":"45482f8a293b7acb55f6a149ecc4854bb2eec381edf7ea5e470a2d8941cf1afc","sha512":"8538e4af5b9d5df88cdae37c2ce17d76091b11697e908eb4ac3da485ba8805f0dc66fc49f29cf9736ec14758000e383734b7827cfb03c17108b28c5a14b0bcf6","ssdeep":"","tlshash":"6a41f788da018d0253cfc96b3ce544464d22a940c6e4e6b7538a80890dbe0fdaf6edcb","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.012233Z","times_seen":1491,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/xl.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/xl.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"99a-695c5804-c8cdc;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2458\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2458,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"84094baf12f6cd3d4d8cf7557478370f","sha1":"6adfff2597d1986ca93211709d92364b7f31994f","sha256":"d64a7c2b38bd2b08c842b2f714e402f0ee9ed9884171a6e1e95f57cd57ccf748","sha512":"dc262d4198e9b38b9cac4987ac803b9ec8e2466510793608869213a56110a44f696935d767fa4ddebd00873886715bb784ff039fe24fae0c166530cb14e90849","ssdeep":"","tlshash":"9751f80da68218158beb99c106ea40224f064f44ce84e0e7b44ed4665ab42ec6dad9d7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:29.973406Z","times_seen":1516,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/Neko%20Fortune.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/Neko%20Fortune.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1478-695c5804-c8ce7;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5240\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5240,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"41d046726c7027afa163c27e5b38b67f","sha1":"65651805cc461c7b9f4e630cfb65e8417ef24832","sha256":"eaa15efa36dd1c5ce1fc3557000f90b8b445180378be86aa837fcb98e6a9684e","sha512":"a98a0ceafb17a5fbaab03345af9308ba426708323565f2a01dd2b73d456af8cce111a3f071623f48be8203f6943adf634660d1687afa8de9f0540436a8c3393a","ssdeep":"96:Q6Elbw+iswrmEJoFYPo0sruao1WlKC+UnVdDB/LYJ5u7b95Tg19NfQ2:QfwYwr9oF0iruajAFyhL88DWX9","tlshash":"bfb1af2b1f30161cf10e727611022b16eaa9fc733324a8b2ac44e3e417c4d52b4ab7d7","first_seen":"2025-09-25T02:02:35.038102Z","last_seen":"2026-06-04T15:06:29.861425Z","times_seen":129,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-gacor.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-gacor.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1ca0-695c5804-c8cf5;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 4955\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7328,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"28be3ebe36b4f622b2c016a5b982ee96","sha1":"67cdee1777292763762d3e6bf2ed7be8d1778358","sha256":"728f042de7cb294c66d0ca3d71e2347b826069bf11aeea349e1fb455a80d5dae","sha512":"f83ced0fbe98802d88bd8405f0b38aa036c4f6c8fa95f334fbaa22bbcb3a66ee5901f985ca98c470214756d7ac0810964cfba6244ed23cb014cc91d5409813ab","ssdeep":"96:DDFFFFFFFFFojifevUtedzLnxFuSeznsKj90kt3x2YNNIfsCTUpBDKunKZhuiXu/:D0iix1Lnx4dzHj90ktTh+CEuiMyeSm","tlshash":"3ee16d29a178e46fdfe99177a06344642f1e5063f772a7c04ea203f35b49e5104aadfc","first_seen":"2025-09-25T02:02:34.993923Z","last_seen":"2026-06-04T17:11:45.463088Z","times_seen":131,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/linkaja.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/linkaja.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"9a3-695c5804-c8cd2;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2467\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"aa19546f0fa57ec054f592623dde7e62","sha1":"19fa186480ac2121f2647bfa6446c6a9a88f3fdd","sha256":"800b3f95f81e845bc3bc92ecf7880f2c7f57a15e0dc3f855bfd3e591b783c7ec","sha512":"13c85136e6887167c1be424dc4b18b1f4773a67c4495e3f83884c6bc1fb143d02c9b0609940661a6e1f26f953f581e1fa128437b0a314bc00533fd9549065af7","ssdeep":"","tlshash":"7b512b14fd116c42829ceca544dbd2a289175b44dad8e47bb4ffd01209f12b98b311c7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.028137Z","times_seen":1514,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/Lato-Regular.woff2","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/Lato-Regular.woff2 HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"423.5\",amp_style_sanitizer;dur=\"270.1\",amp_tag_and_attribute_sanitizer;dur=\"136.0\",amp_optimizer;dur=\"29.4\"\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15838\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]}],"data":{"size":161987,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"335556eed9912432c290c3d4818b7a85","sha1":"16a8961c3b7fbc4001473c3422ad61d93f915c8f","sha256":"a5bc6f7205a325b9014c1abf4a31993375a2fdbe01b691646edcefd99d1b67bb","sha512":"9f68dd7a2ed75f31f7de895fb8da59ec46de5d61ea0c76aaf866761e65eef84739a6fc49d4024260db0be6ace4a0acc70ee7ec7033cb721b95a00bf3d5a04a9d","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8VnBEXhiCckE+uwUks0j7rfJs:Nq6RqCnyEXt0Z","tlshash":"2cf3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.778822Z","last_seen":"2026-03-07T12:59:33.687492Z","times_seen":2,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-bind-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:50 GMT","end":"Mon, 20 Apr 2026 08:39:49 GMT"},"fingerprint":{"sha1":"95:AF:DB:72:07:D8:8F:52:E5:50:5C:6A:7A:F5:37:62:9E:55:88:49","sha256":"D1:8D:14:23:A3:DB:4A:37:E4:DE:50:BF:5D:73:5C:7F:30:F3:46:52:1D:EA:45:33:50:95:61:CD:CC:ED:6D:6A"}}},"request":{"raw":"GET /v0/amp-bind-0.1.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://nemo89.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 13873\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nexpires: Sat, 07 Mar 2026 12:45:18 GMT\r\ncache-control: private, max-age=604800, stale-while-revalidate=604800\r\netag: \"600a9367bd5133e5\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41957,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (41829)","md5":"920f912c96b9f765bd48268aed9e247e","sha1":"a92d7399f3c20e997d854f699a6175848405a5b0","sha256":"50967b8c93756d78aae4937a33646501744a94d3c0d7d7cacaa2c74b3ac0f090","sha512":"b808abc3af44a5607437b95a058c7a71650517cc9f66d4a473f8ced66d1010268c08d823db3ec81379c7e161edef617cf766e1ad89d0e1eb70cd5bdd61867c29","ssdeep":"768:lXCsqZrGK6LtckYuN3WMoT+TfmdURuSlnc5Ql0p43fHL3+k4OGeUiBIKHX4hR0Zd:dqOdLtLYUESdcw3ze5VJzkFnJ2U","tlshash":"a913ebb53292a43747d648e694377012e32d2956300ac8e8f1aceecb7c77955b1b5e3c","first_seen":"2026-01-27T22:09:22.884947Z","last_seen":"2026-03-17T21:41:49.822487Z","times_seen":222,"resource_available":true,"data":null}},"time_used":552,"timings":{"blocked":234,"dns":64,"connect":21,"send":0,"wait":58,"receive":5,"ssl":164},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/Le%20Viking.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/Le%20Viking.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"327a-695c5804-c8ced;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12922\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12922,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c3b51320fc483052de8391c15096316e","sha1":"9a8340609ab955cebfc53733d98c44102aaec792","sha256":"cf7beda32b380c24aca22a99291192a50b35dbd0b0690070b0945a69c9725b53","sha512":"daab3ee7f5d19956d6ce7c13df57580e04b5b9fe1c0c787c8aea7bc52b38424b8fa8b92a3a69537f8ddd7ff7491c0d52b680c45ecb85453fbf0b022c94ceb77e","ssdeep":"192:8WZP7Djip4+ksw4AJTfjOIefVMPTd7uuXhFrLBW3D0mmzPXgLHdYUKLJa:VZPXU4gOOD9MLZnrVcD0mmzEdT+4","tlshash":"a942d0ba8f6b006b683f3b6815a7f811251d637db50a01dd30af53198bbe660345e5cf","first_seen":"2025-09-25T02:02:34.974897Z","last_seen":"2026-06-05T15:33:51.939311Z","times_seen":83,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/Wings%20Of%20Iguazu.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/Wings%20Of%20Iguazu.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1860-695c5804-c8cea;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6240\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6240,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5d941d4b5b6dfcefc0010f31add7311d","sha1":"daa0295797ff378d35310dfad70312acee3bf7e0","sha256":"417405331f2dcb7467482474ce7da3489a4631a70c9acb89712d503d0435b74f","sha512":"2bdcd387443727b5be7d543f2eaa7d6ef9d8f197b8668b305f5503681458d40fde7091481aabb3de43178d34ff02186549ba6315667f8534bcaa01b124e5a2b0","ssdeep":"96:mV6Elbw+iTEh/IEo/Nz6psMqURF6BVlrMQtKoFhQjhhpvTVzYdQpLzvuhHKmsIVF:UfwMh/UupgBXHtK2IlYdm3iqFYV/","tlshash":"3fd18ee823301e7cf97806b8ac69765a7f316988f256991c50879d8f360de4a7f5304f","first_seen":"2025-09-25T02:02:35.050208Z","last_seen":"2026-06-04T15:06:29.836995Z","times_seen":129,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-togel.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-togel.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"50e-695c5804-c8cff;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 549\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1294,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"543c5d9a228553f77ea0d0d61de2c665","sha1":"18f393c1b981e2734dc90562825db6efd2dae323","sha256":"214f275621639f21c27a6bcc94a2f8657eec6c75fa36e2b1d396fe42abccbdaf","sha512":"0ad6e4f0081dc80bfd91b5d9979cf3326bf1dc438a2f03e6df56e0c5e6e27fd6be9e5152b2e96be0051f74717ea7279462d0d66e426064f9dfd1dacd73b7cdb5","ssdeep":"","tlshash":"9e2128bcdbac620c6a47df854b26d3501b4f60b43326e2ba8d5fc2b472034d8c187894","first_seen":"2025-09-25T02:02:35.035746Z","last_seen":"2026-06-04T17:11:45.452556Z","times_seen":132,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/pragmatic.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/pragmatic.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"f70-695c5804-c8d0f;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 3952\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3952,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"2b7c9803856443d10c0ec7ba404448c3","sha1":"02dd3b31dd3934519bbf7f06335e556c66d3b3b9","sha256":"63aca758fa264a3c3ef204bac37c08e30dd8d06a308bd77194884a343a086dbb","sha512":"ca1492e4fc6743741ae13ced3558bc2d4d136021ccb39d425d0ce73f42ae27fb9715960c740b98ae643c7068f022262c349c231cebda78c2991d050250a0a6ba","ssdeep":"","tlshash":"c1815c29f2c05f059194996258fd293791f25e50d5a08e3e8bebc47408282fa897ccff","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.991634Z","times_seen":1653,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/bjb.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/bjb.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"af1-695c5804-c8cc9;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2801\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"0c352bba8c9f63f53360785ea6b0b89f","sha1":"b69681d8e5dc381c3c716a0eff800c194865ba29","sha256":"cd619749431bdcb7d09e5a62bc4cd4ed17119e8ae6fe783cfe2b4ceb43d95993","sha512":"bea94e91a2dbb8cd33273be1222ebea8bfe1db00febe2d055a436fc5f5a5ecbdb23d2a61ff6e377215684024a8d2fae9b254c1cdc88835b002639c40d0780863","ssdeep":"","tlshash":"0f517c0de5853e079418c6927dfe60221c228980c6c0ea57281fcc06bb701c94f7bcef","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:29.968531Z","times_seen":1369,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/fa-regular-400.eot#iefix","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/fa-regular-400.eot HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"424.9\",amp_style_sanitizer;dur=\"288.7\",amp_tag_and_attribute_sanitizer;dur=\"99.1\",amp_optimizer;dur=\"24.0\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15929\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":161987,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"2631803209bd324e57d3a274ea5b0050","sha1":"b739a95b878ac9236f6516c073a6b92d828cfbf9","sha256":"c2caf10cd355efa7d06ffba621c493361e3c34b9d0e42ec948d99aeca0d5e885","sha512":"ce3f9b6f0c21ff8d771dabffb04253064f002260ad0da212f2684b2869fda209b5f581b73e9266f50b7eaeeec031b2eed78571214ca50d126a5c6422f14c87a2","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8LnBEXhiCckE+uwUks0j7rfJb:Nq6RqCnwEXt0m","tlshash":"4af3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.799171Z","last_seen":"2026-03-07T12:59:33.684654Z","times_seen":2,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/Three%20Crazy%20Piggies.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/Three%20Crazy%20Piggies.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1482-695c5804-c8ce9;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5250\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5250,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5098507192ef5d73c90657b648e95c6f","sha1":"4cebb84c75b2261a8b2005310dfa34a7fa437061","sha256":"f7b4f08e3c45be0709b621b29c53a6a52172baa0a972066a926ecc75dc2ae71f","sha512":"3636174b8bbc11a026f0360c4258db27444edefba31b50049b9fe1332fad29531d39b728123bf4b46237082056645e3f1bfaeccbe2c6cc4b3301429f438af0a9","ssdeep":"96:m6Elbw+ioqa0QcKpcvWRH3kiS3N8sTFMV/rchZbiC9ue:mfw8v0QwvWdUiiRTFq2Z+/e","tlshash":"06b17f21c3949e29d12873f335b73743dbed791b5e409b8606c44b6e0714695e3cd62b","first_seen":"2025-09-25T02:02:34.963666Z","last_seen":"2026-06-04T15:06:29.818507Z","times_seen":129,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Time%20Spinners.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Time%20Spinners.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"172e-695c5804-c8ce3;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5934\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5934,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e7ffd96938ffbacc1e2157d4170eef61","sha1":"dce1f92e1c2807242bd1988a3419c86d1e7f10f5","sha256":"1c539364438d581703c90aadbb3b919fb0848241246b8c87896049899286ff2b","sha512":"33a14bb6a42cf9b0204b133bf9307c2580cdb7f11df093b1b8ea25071f5850e6fb3d40d8baaabc0df457071c40f34c5b08baceafe06b4171de064fad38d0e3f4","ssdeep":"96:EqDIW7XllJ/FajXzsA5LXTCZDF2SRO0pxgDlCXQ+3PEwUjWY3xfPXtinFZrrjL0r:ETSXlX/FajjDLXGZDFpRO04EXcwZepPz","tlshash":"eac18e91d14b89d27a559789422025ffcae792316abe5f4f2ba86f4b03c1280247ccc7","first_seen":"2025-09-25T02:02:34.999296Z","last_seen":"2026-06-01T06:53:15.690791Z","times_seen":64,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-beranda.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-beranda.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"279-695c5804-c8cf2;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 366\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":633,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ce9319d68508af5b4cb02f2be099c4d7","sha1":"068ed6d403ba85b7b422b945ec1fb0be3cc03953","sha256":"4cd403b39fbba4ba333bbaa04098f4884e4a711a6b38380f85d95d7614022aa7","sha512":"d6289390cca854592a56cf5ded2a9b56a1ad244e4be5e9f993560612bf1665d73966e6151eafc3316cc4499e55221fe09b2f152b71e355bce8e6e27a69ffc1d7","ssdeep":"","tlshash":"04f0ddb453c5af3c8c65abe4ce7138f4748e10be51d483a9c750c1709182dd07694cde","first_seen":"2025-09-25T02:02:34.972533Z","last_seen":"2026-06-04T17:11:45.455272Z","times_seen":133,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-sports.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-sports.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"8d5-695c5804-c8cfc;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1050\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2261,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b20a49fddd0d926e7e58ed50a11d79a1","sha1":"11f10538f09b7253a1fbb831f6da312736d17576","sha256":"4a42f32fe9b71b31d4d4d31598631d21cbc718119c28b24337aef5b3f4d8052a","sha512":"898fde53fc5660117b20afc22e0f8184d83d687911cc5fbae99cc165581f29620d954d47ad980bd0d60e4d0332b9384112f331f5fb7505ac21bfc641c47d459e","ssdeep":"","tlshash":"32419b7b9b8cc15c29479308cf72d0a4574f60beb27fe6b259aee3b061578a4e053d14","first_seen":"2025-09-25T02:02:34.973644Z","last_seen":"2026-06-04T17:11:45.459515Z","times_seen":131,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-fishing.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-fishing.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"3373-695c5804-c8cf4;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 4860\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13171,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"439bdfe15387b76ef423f9fbf3025e60","sha1":"113e188775ed15cb01b501661d259044f68fd062","sha256":"d504d730aaf9d549072f3d71aa56cf02ad7066ccf1e64bf34c620a07a56322b5","sha512":"7cee952c3305707b269e7dbacb7fbdae4020177fae5f6585557d93b59e72e32a273826a196b3b3b609b4f9d72c00e3726845c74ac2ec94e917304f453bccf6b2","ssdeep":"384:Io8mhbe1nfrX9GxO2O1pBtdKvSea+nmUKwR0hHPb:Umhy1nfrtGYHX9KKea+nmU/R0B","tlshash":"124240ed8b71e9dd1bc27d1ffe31329aae1d70f92a729664c27fd28a1092cd49304815","first_seen":"2025-09-25T02:02:35.012022Z","last_seen":"2026-06-04T17:11:45.449628Z","times_seen":132,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/uploads/2026/01/Planet-Favicon-150x150.jpg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/Planet-Favicon-150x150.jpg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1f51-695c50c4-c8004;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:01:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8017\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8017,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 150x150, components 3","md5":"bafdfb87934932085499ea9f4d05873f","sha1":"79b3ea9f07634a5616de2b36495cad591c4da282","sha256":"7bafef8eae15056685866d66821d18ed47183ff023e4d6ce56f89df7fb1fef9f","sha512":"c95d5cea8c123aaff7b20c301fa828592237979632ae075b67c5a5959b612d56d93c3c5530216f4cf0dd15b204846869114fb5700b16b6e402bedf1c006c00fa","ssdeep":"192:g7nPn5ivj2v/kW/SLlAye7PikZaH2Wgx+:SnP5ivj2nj6LlAylkrWgx+","tlshash":"12f16e87bf856a19fb201d78ec891212d16499f2a6f4ab324170c6bfc794cf894c497e","first_seen":"2024-12-22T23:16:57.780931Z","last_seen":"2026-06-01T05:43:25.5777Z","times_seen":66,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T12:45:17.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://nemo89.net/wp-json/wp/v2/pages/13\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://nemo89.net/\u003e; rel=shortlink\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"379.9\",amp_style_sanitizer;dur=\"238.8\",amp_tag_and_attribute_sanitizer;dur=\"121.1\",amp_optimizer;dur=\"21.1\"\r\nvary: Accept-Encoding\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 16849\r\ndate: Sat, 07 Mar 2026 12:45:17 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":165073,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (42274), with CRLF, LF line terminators","md5":"969e31f40ea6a25321c333d60b0ea2f1","sha1":"119e8babe8863c3edc06cad279a8b042cc0ff299","sha256":"f7e5f8d997591fe014198d8741b7ea6b1ef442726541db6df5aee49e8bdebfed","sha512":"b4b77fd4cb5b1f56686de5bf1da16a2494c349f71150a6d4b8ece5ce0e8b9ce9a39716bc649cfd095864643f282dcb80d6265acd1970d9740bb07d01952c17e5","ssdeep":"768:HhnWlQ/UXyCh6zhi2VMnUYvtRhFU5JV8CuC7LmZFUkVVnBEXAiCckE+uwUks0j73:NkV6EBwnqEXg04","tlshash":"5af3c863284e102f7127c79171f8f5ab5d85d80bca328685f5aebbc8c741e527a7632c","first_seen":"2026-03-07T12:45:50.814009Z","last_seen":"2026-03-07T22:55:38.850773Z","times_seen":3,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":101,"dns":52,"connect":19,"send":0,"wait":20,"receive":20,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:50 GMT","end":"Mon, 20 Apr 2026 08:39:49 GMT"},"fingerprint":{"sha1":"95:AF:DB:72:07:D8:8F:52:E5:50:5C:6A:7A:F5:37:62:9E:55:88:49","sha256":"D1:8D:14:23:A3:DB:4A:37:E4:DE:50:BF:5D:73:5C:7F:30:F3:46:52:1D:EA:45:33:50:95:61:CD:CC:ED:6D:6A"}}},"request":{"raw":"GET /v0.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://nemo89.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 63517\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nexpires: Sat, 07 Mar 2026 12:45:18 GMT\r\ncache-control: private, max-age=3000, stale-while-revalidate=1206600\r\netag: \"5c6bb66c7739a4cb\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":228233,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64621)","md5":"c7aed616980682321cddfb9b8cf5562c","sha1":"eef8ab735f5db076a2d75e2aa0eed2a906e5acf3","sha256":"a7ecf95bf8e77d736137458ca0e73cd7d0bbf0b56be119719ea3676fa92e6a87","sha512":"b073068035bdade94cbacabe7d4b3e5e7d441fdcf45f6a0e861ee7923844150f3bd033f57c1a2881b4f8d0d21326d02f660a07f0d7e64010c3ba8f3d95abc509","ssdeep":"3072:5HZ1lahpWCJEM51jrASXXMdrRrNWeEUFgmlMg3:L1lahpWCJEM51/AHdrRrNWnUFgOB","tlshash":"7524d5a63296b03247e555f5d4774002e3296998340b806cf86ceecb7cb9d86b1b6f7c","first_seen":"2026-01-27T19:56:43.462935Z","last_seen":"2026-03-17T21:41:49.827118Z","times_seen":383,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":236,"dns":64,"connect":21,"send":0,"wait":31,"receive":37,"ssl":167},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/Wild%20Bounty%20Showdown.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/Wild%20Bounty%20Showdown.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"29a2-695c5804-c8cf0;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10658\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10658,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7800b3dd65b012e5a998c3f4e2551649","sha1":"a8a8d9438fc391fe55aa3a878ae515f2c5076980","sha256":"1db58d5601dd8d3b42dec6c2a01eb97cc812efb938b5b6045453a2fb84d383af","sha512":"d66c8b299d8d0d5fa06742a9eff9e8c4e9f4a6c316a4a5ee81ca5e02a0f1401b87d512c090884096123667554743fbddb33a78b83c89c29cd227ce4638dde2cf","ssdeep":"192:l8M3mgHPWbCB0EWae68rC3hxS4jr7CtJ6id/xZP+bRmElxMUd4s:eaB0l6P3hxS4jCr6E/xKL+KN","tlshash":"f422d007ad40547194ae3363ce78e98757e0260962cd7fb1eab2e8b41d27212d5e60e1","first_seen":"2024-04-29T04:54:20Z","last_seen":"2026-06-05T23:37:24.090549Z","times_seen":525,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-telegram.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-telegram.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1c2-695c5804-c8cfe;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 278\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":450,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"130e17bb2e5677382f4f4c7a3d0dbddd","sha1":"5ed1cc7f6c854de08e060a28d3189ac2361441f9","sha256":"36376f530cd534fcffa169655bfa1e630cf4859fbf44421b23c3ebb6accec7b6","sha512":"544973680718bebace3bbfad0e04a2f8fe44d57e73cf3cbc24e11877e4899f5550fb5c9e3afd13059454f9d7c1c8d47d8078f26de3e35a583f4d718fb55d3dc1","ssdeep":"","tlshash":"8bf05c3dc289d232ee0f47715b64b1a844c7e2aea4c556ec90d52a30b013bc4711d5ce","first_seen":"2025-09-25T02:02:35.0703Z","last_seen":"2026-06-04T17:11:45.466446Z","times_seen":132,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-new.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-new.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"7b52-695c5804-c8cf9;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 23589\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":31570,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a173b42136ae2cc120ffb3ed1c86f012","sha1":"e51c4ab12a6f22969239cba878300bf73c694ddb","sha256":"df07b31dff5f94f7d9834abe032a71c2ae90750bbec1b7a4c9065534a5d06a0d","sha512":"09b399ebbef75f2b7f69f829f83102c1febae661477e6fbb916cadd9feb23d461e3a7d2cf144a9aa9c1d9a1bb6f41b5afa66abf8ef28f4185f9ca7eb96523ee7","ssdeep":"768:F8PtxoRbbfdykklFZvuVni4ubPxVsfPcoV1O:F8PoR/dDavUnUPIM","tlshash":"10e2e00fce8da7ac5106125c303bbdae0cdc5f0d800c7aeeb5c2b5a725e755540b6b19","first_seen":"2025-09-25T02:02:35.015663Z","last_seen":"2026-06-04T17:11:45.453108Z","times_seen":131,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/sexygaming.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/sexygaming.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"14c1-695c5804-c8d11;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 5313\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5313,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"c5aee88302f1236b8cc069d281a05905","sha1":"048d3123ca73c3f9f4e432378ea4cfcf467de417","sha256":"ab8a18edde422524883a5beb8842c4008f032de7f45601c2b37d7e40be19ac98","sha512":"7a18e0b8691f451f47dd0cd7a91052abddc353e332a9a19fd00dd2e01ea45a2565bf23eb170fd940e989f12adfb78a18cc8cb9ce9d8c136665eebf3e7611fa7a","ssdeep":"96:aqQqwG/92LyPMnYMuvdjEnGg4aD4Hn468sZTbZCzN6idRw:aqNrwyUYTdjCg468vdO","tlshash":"22b17d99eb1b58817e6aeca23cdb0bc385069082a415768b3ff784af1ca5155074f9ca","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.958522Z","times_seen":1631,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/idnlive.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/idnlive.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"9ea-695c5804-c8d0a;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2538\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2538,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"57238310e793f343a2749339be32a3ac","sha1":"95bb671a06008427ede2e08a5463dcca1562a644","sha256":"620a982845b3e7a490990f96b64c2c594bb4d418058873c2a3691e2d86b0cb07","sha512":"233da09c46f08c7b3c28d84317b19761490a6f28aebded877ac5941638cff99a7ec7ab61dcf2de28e71904a131a3333d1f4a8eee2e1f07fc80be9b90cf5a1ef4","ssdeep":"","tlshash":"4d512cce9a129a428aa9e54724e80011862b0a414860afdcf54bdc972d7617f416b7de","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.026423Z","times_seen":1521,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/v0/amp-anim-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:50 GMT","end":"Mon, 20 Apr 2026 08:39:49 GMT"},"fingerprint":{"sha1":"95:AF:DB:72:07:D8:8F:52:E5:50:5C:6A:7A:F5:37:62:9E:55:88:49","sha256":"D1:8D:14:23:A3:DB:4A:37:E4:DE:50:BF:5D:73:5C:7F:30:F3:46:52:1D:EA:45:33:50:95:61:CD:CC:ED:6D:6A"}}},"request":{"raw":"GET /v0/amp-anim-0.1.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://nemo89.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 1671\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nexpires: Sat, 07 Mar 2026 12:45:18 GMT\r\ncache-control: private, max-age=604800, stale-while-revalidate=604800\r\netag: \"46c263938b19c9bc\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3802,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3688)","md5":"44f2b013639f8aa043f9e4a06772c284","sha1":"9bdc3848eeb9d64f57af9c3a7d382df775eb4baf","sha256":"fb165f97e946cb1766950277393535b031b7f3b8197ee7707eb59b69898b24fd","sha512":"ace7763f3bd8b5f8791abef78cec2abe1b12a35f5fd0cab3d992ef25f16aa03bc289b361dae2edb7e4fd30ab3b68d5f65e8adc34e67a1d7b5442e768dbbc4a0f","ssdeep":"","tlshash":"a671c7b83186b5769f973ce245275401fa39643a3407c868b168decf293ac5624b6f3c","first_seen":"2026-01-27T22:09:22.829762Z","last_seen":"2026-03-17T21:41:49.770725Z","times_seen":219,"resource_available":true,"data":null}},"time_used":514,"timings":{"blocked":231,"dns":64,"connect":21,"send":0,"wait":32,"receive":1,"ssl":158},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/logo.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/logo.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"68b3-695c5804-c8d06;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 26803\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":26803,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 54, 8-bit/color RGBA, non-interlaced","md5":"3568649b1f1079f8737f919c6a534b27","sha1":"609341655a4cea00d1e016467107d23830013482","sha256":"8ecac4cc7b015d45c560a07c61a9e0498d8ca5955f84dfe9c90d8683a400dc44","sha512":"c0b64a39dbd5f23deeb7c5a8c06e1a6c5ecfc99df5d1c4566baf6363f838f66b2ef3d30bf5a461f3a9217346c1826f5d126b2ccc472a5c26963b6ccd3a9052c5","ssdeep":"384:bN0d7IkEMNaq6kVbbbMM138ytttxRzywgSG5rIeW4LYMY0nFuI99zX2sKV63Z8F4:47IlMobeAQttxwqGEMXn1Ssb870Ii","tlshash":"f5c2e1dff29a0976be52779db8b6284c1a4dae90327d8478098178beec7c1d43410f97","first_seen":"2026-03-07T12:45:50.832947Z","last_seen":"2026-03-07T22:55:38.871266Z","times_seen":3,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/ttg.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/ttg.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"c56-695c5804-c8d13;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 3158\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3158,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"f177a8c24f7d00627f779b1544f26d7b","sha1":"1f88ae42b70427e917294beb790bda84321cd08c","sha256":"2c7aa701640a5b7503e3ace14124357537d5698ad832c1217a7c3290ccb64372","sha512":"dc8232386fc9dc22e3cebe562d6c708aa078294ea16f30b4d0d8bf1349e0fe743d9a8b3a7f287732f46e8eae0a60e2f2b4674298bcbf78b7fbbe20d4eb5d02b2","ssdeep":"","tlshash":"66511b52f65a6c4255eda08478f294338a3305120a54f0a5d67b484b8d8b3ea77cdaee","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.992491Z","times_seen":1645,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/allbet.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/allbet.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"183a-695c5804-c8d07;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 6202\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6202,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"65385a0b00807c78e9ee11e5e845f395","sha1":"856fc5558ff9ab52c6393ae0cbf830cae288d13f","sha256":"9339336ebd83063c8f03b0572ed4a5c91f3c12452145115387cb78d51980ac37","sha512":"452b8c645cbd6a457b2da98743b2de9e07b022e67f503f716946bf5bdeca3a5ab37b7ec759593679485d22ecee3747f48616324fcfec1e8ed569e7eeffc7dca7","ssdeep":"192:aq/ECTu1GWg09EuSqUrf6RxlO8not0Ww66P7g40Hv:aq/nu1GWRaORrLj9L0Hv","tlshash":"bad1af25ef83053188a9ecb095b226b7003fc7841d30d63579eadc995d319bae4fe5c9","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:30.009658Z","times_seen":1627,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/permata.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/permata.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"a3f-695c5804-c8cd8;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2623\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"806f1354ac8e117d1752f9b2e317c551","sha1":"a989006a1c24fd9c5c5cc8eaf48be64a9eabcffe","sha256":"71eb5481c8ca4c22d6723f161b36d8a333ff30bdd2c90018b2b3cd2f5a5ce315","sha512":"b7633840558abf2a4145b874c4c00e4b57c3f9eb3043a0ec2d5b4b94b4ea426c8a6bb661808c86565090f03185aae964fc0584059d54beb12eead460f1a8766d","ssdeep":"","tlshash":"61512b01f9044c01e489ae8134e38569d83b5582e7f5f036b19ae8672b645ba4e7e9c7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.011379Z","times_seen":1493,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Buffalo%20Stack'n'Sync.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Buffalo%20Stack'n'Sync.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1e50-695c5804-c8cdf;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7760\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7760,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8b03fe749c7c8307d9e182d41b6808fe","sha1":"8657443137f70a4a1568bd404e4357760ba423bd","sha256":"2d338c7c80d6202ab2b9fc09db452051917a330dd02a2215187bfe0bf9ef6406","sha512":"e195fa1e356673795cb5eb0046a60f9a04d137ac37d5665123856928c322b77e586d8047a9930925a4869b172be86ce964ef5b49e7b8726d0a55a13c0126c81e","ssdeep":"192:Kr3bC1AV6OQj0S/PbhlhUJuewASjI+IDVL/:Kr3bmBHjv/jhrUqM+IDVL/","tlshash":"9af19e11a155413f5283adccb1e041d88add30895369fa851879efc6bc75b8e77c2e86","first_seen":"2025-09-25T02:02:35.022986Z","last_seen":"2026-06-01T06:53:15.696997Z","times_seen":64,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/The%20Great%20Icescape.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/The%20Great%20Icescape.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1742-695c5804-c8ce8;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5954\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5954,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34dc64013c1fa892e7630f5bc7bf2886","sha1":"ae075deee9b93ce9dbfb0008a4d211c77aac93d3","sha256":"b6d99a4bd7666994bca181ef32e98ea98992b7d558bfadb8f71d551b1e9ba94a","sha512":"c0fedfcb6eeb0c60876b0bdf63af181aa24dfba054a9c28c4f93bf282d2b66c33ed11bf4f743578c5724e103df21f143db65833d66b88671047f6dd5f93274e3","ssdeep":"96:B6Elbw+iTaBbyAN0QyaS32X2NVcx5lhK/UnU6bZlCyCl7GK4NzLj7:BfwPa9FN0QyadGcjjK/UnUWZlUGK41L","tlshash":"99c16d18f364016eec20a5b63a8c5e22c72d696007efa6cddc8157575a48cc5a13deb5","first_seen":"2025-09-25T02:02:35.047765Z","last_seen":"2026-06-01T06:53:15.667338Z","times_seen":58,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-livechat.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-livechat.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"294-695c5804-c8cf8;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 373\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0fe74872581c27e3f51f93a18e19a1d0","sha1":"de2f2c1faa635b94fbb43565b3dd4e60a0621730","sha256":"c299f2ad30eabe7a952a624f3b77e999c3247fb224aa31f3bbc9e1febd72698b","sha512":"5d6d8ae6e8aaed964219222ca6326e6351f6734a2a6efc8923c8416891cc4763075deeaf7a61f948f376d7fbb53b48b4fa4769ceaef6f63aa5926df21d7afddc","ssdeep":"","tlshash":"ec0123c6db14f2b444ccbf0d8f281924f362703a9a7aad8c402a79a48402ec97944d08","first_seen":"2025-09-25T02:02:35.003499Z","last_seen":"2026-06-04T17:11:45.446058Z","times_seen":132,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-livechat-gray.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-livechat-gray.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"294-695c5804-c8cf7;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 373\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0fe74872581c27e3f51f93a18e19a1d0","sha1":"de2f2c1faa635b94fbb43565b3dd4e60a0621730","sha256":"c299f2ad30eabe7a952a624f3b77e999c3247fb224aa31f3bbc9e1febd72698b","sha512":"5d6d8ae6e8aaed964219222ca6326e6351f6734a2a6efc8923c8416891cc4763075deeaf7a61f948f376d7fbb53b48b4fa4769ceaef6f63aa5926df21d7afddc","ssdeep":"","tlshash":"ec0123c6db14f2b444ccbf0d8f281924f362703a9a7aad8c402a79a48402ec97944d08","first_seen":"2025-09-25T02:02:35.003499Z","last_seen":"2026-06-04T17:11:45.446058Z","times_seen":132,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/telkomsel.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/telkomsel.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"aa8-695c5804-c8cda;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2728\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"ccfef8b817b38862ea38cd51ad5eda48","sha1":"7bc6d8db79a495b725ad203aa9228e9178b8ac0b","sha256":"1efc5dce3145bdeabd5c9549aa768207802f3d94f85af872e74e936dc6c6e32d","sha512":"dcb90a21a291fb3d2bafb121ecadd54cae3dbc1972a5058f943c9e3335fe40efd0684adce586a469094a3e9bbeb73f89942c2da48a363ff6e9ea8351cf168002","ssdeep":"","tlshash":"ab510ac8f9856811b2556d9728f86037ce095880cdf0e09669d7f122687c1fdddadcf6","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.021784Z","times_seen":1518,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/axis.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/axis.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"775-695c5804-c8cc7;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 1909\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1909,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"8a33ceba37cba67565691bad0b376d11","sha1":"524d0127ba8fb90930c258d1f6dccc2e021596d4","sha256":"da7d51e54f2ec453b76dde1951be25a7e76d2cbd19ceb53b07bca4a09d950c94","sha512":"a3ecb95fc952a21271163c09059df357a3b3b0e94dfdd98f676b5edd4fcc20456e26f384b796acf63f6fe925919c8056b479a95833b1bd6962881993f1298d82","ssdeep":"","tlshash":"6641f9cbc0c3ac01f5aa951028f711229d1249449fd1e46ab9dfd81625b45f59d28dd7","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.037554Z","times_seen":1510,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/ovo.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/ovo.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"90b-695c5804-c8cd6;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2315\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2315,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"c651afdf017b6e14b8ccf644fffb90e3","sha1":"cdefc9ffd4d0a101dd34fa8d0d72f31e20c203be","sha256":"860d314b9b8e36b5b22a81e02ea6d13290d85203ecb2e0ee3803ff5115ded872","sha512":"fc639ac833e9f4f15c6238d0c39ca5753acf20769db0a0a204a1554cfaf5fdb6bdcd75ad8f4fbb3643e9b11a9979548f9d4d6794eab648a875a202e86a293c59","ssdeep":"","tlshash":"d0412b46e6929d06079cfa9164e702bad6610f90e4f0e82b749ed40d0fe42fc6a6d5d3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:29.998435Z","times_seen":1522,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/Fortune%20Dragon.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/Fortune%20Dragon.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"16c4-695c5804-c8ce5;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5828\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5828,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"897df53cdb67ef1b74a7df726fc42400","sha1":"2ae99ca4a0b1c2a3f79e2f5bd55898119dc0784a","sha256":"96be1b48eba2f8db7179d53d2f09013955b73014aa09d36bcd771323f7386aff","sha512":"68fd2972ce8fbac3834692819abb8af0d938907a597c7b15b6c8572cd1bbf2f25985549e651e6d08677c460dbfceaea6587a97b1a0a104cb66fde5becdf7ac55","ssdeep":"96:e6Elbw+ixz/mOl4BrPaRyG3BGZxn+SpZ8hhD7KWkP76cfcSKu3M1W8LuadGcCpQW:efwduOl4IyNx+SpZiJKH75fcnLuatIWg","tlshash":"0cc18d692b98ba94e514c33097f10bc597ccbbb3924e9ba781b291804d3e546a99d1c2","first_seen":"2025-09-25T02:02:35.027683Z","last_seen":"2026-06-04T15:06:29.829458Z","times_seen":129,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-whatsapp.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-whatsapp.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"414-695c5804-c8d02;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 568\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1044,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c07eb2ac90ea41e70e261e97ab9d5349","sha1":"f66a1436d1c8a522cb850f890f565fbd4332b509","sha256":"c99c3511b150e8ec6c46e1e9461ac50cca157b21de6389e90d04f994f96d2dfc","sha512":"2a17cf3431b2959fac6814b28554d6679bc913766a2b9cf6d6877a789ff157a357536bb6f358e05099f83db1460652af92f955ed8ae7dfa68fc6a6712c661a26","ssdeep":"","tlshash":"32113ea8e34491b9ae2ba3a4861575f4b44924de90d5223487b0dab0b6226e4b25d0dd","first_seen":"2025-09-25T02:02:34.990836Z","last_seen":"2026-06-04T17:11:45.44911Z","times_seen":132,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/maybank.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/maybank.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"b4f-695c5804-c8cd4;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2895\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2895,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"ca7aee98071b2d3880f94ca3dc8842d4","sha1":"eee1e7f874e610c4facdd9a8e3002b31a90af582","sha256":"77173f10f7b5dad589d402a81d207260826935ab02ae7cc52f7d9298f6a38eb1","sha512":"6a4850a3964c179cb5b567ed7e616330dd83581f2da688c8345274a25f93d195607f104da1cd8f6f10e3ecf1f3b5856fc33ec05d31ae454300ce89955a2aa583","ssdeep":"","tlshash":"43512aaceb10ac44936dd54019caa63eba334ac0cae9e1da314fcc045b911fce41f2c3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.021088Z","times_seen":1472,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/shopeepay.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/shopeepay.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"a19-695c5804-c8cd9;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2585\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"410210f0e9a527ac10a6edce706a3e52","sha1":"41ac0fbaf4e303490de0da44bbcc2ddf0957d93a","sha256":"b546d30527e6237059995da8fa60d0ee5b99a8a1beaf0d9ca885323926d9dbf2","sha512":"7e6134ee07e54cd0800c5302d78a289b304b13641649ca46f4faad5df1966a49aa0202390cc06398a7c7a740fc84bf41b17b26a098d11b2d19424412241703e6","ssdeep":"","tlshash":"a3513acef606a90263dfed0834d79413c9036ec4d3f6e072d58ad44614a82f9a9e99d3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.038973Z","times_seen":1512,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/jenius.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/jenius.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"a1a-695c5804-c8cd1;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2586\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2586,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"a526cd682aa74c97bdb4e9062dd3bb47","sha1":"9a576b670aa5ff27c5377431444a5b6e6fad059a","sha256":"887520873e323d8af25fc9ca54158e474139b38d78f0ae1097ba0bd27c09084c","sha512":"bd14d5c0424148137d6093f709b8a22265701ebeae2345415449e022c52f28e3f01e1709c06df9becfbf8af1a28539c6d60ddb0d0b828a4d70762e408f24ba02","ssdeep":"","tlshash":"5f51e729d445af023a0ce44724fa817baa0785c0cfe2f12bd58fd5372d647d999991cb","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.029839Z","times_seen":1504,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/rtv/012601162341000/ww.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:50 GMT","end":"Mon, 20 Apr 2026 08:39:49 GMT"},"fingerprint":{"sha1":"95:AF:DB:72:07:D8:8F:52:E5:50:5C:6A:7A:F5:37:62:9E:55:88:49","sha256":"D1:8D:14:23:A3:DB:4A:37:E4:DE:50:BF:5D:73:5C:7F:30:F3:46:52:1D:EA:45:33:50:95:61:CD:CC:ED:6D:6A"}}},"request":{"raw":"GET /rtv/012601162341000/ww.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/plain\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nOrigin: https://nemo89.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 13075\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 04 Mar 2026 17:35:36 GMT\r\nexpires: Thu, 04 Mar 2027 17:35:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 241783\r\netag: \"54a305cbe6398cb1\"\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46254,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (46134)","md5":"ae1a533f5fcbc6d77649865baadcf779","sha1":"11d87f9dc9031f15f26e636b09bd7df85c6b8f3f","sha256":"23d57a688e0f7e979a43d516b9b21bfc56c6183329940c5f9ca3b244a45e787f","sha512":"767309f8f0a83122216f03d0607ba7c32c35ef07d0e05e460b317c3cbcf77b40431f5443444cbc1b4e3546787b2a6732a6fc248e3826f821106e12c7f48793ba","ssdeep":"768:bCIFhdWYDWBmSV7rpB67Whklyn2fUHDjkL5TN8pPcsKdN4emH+7URkhVMgyb9Q:hd/SD78fU/ZepwkmgOG","tlshash":"c9231ab433a6546f839290e5005a3009d67f2c6a3007d9fcfa38eed63db199795b6e34","first_seen":"2026-01-27T22:09:22.89681Z","last_seen":"2026-03-17T21:41:49.769784Z","times_seen":222,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/fa-brands-400.eot#iefix","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/fa-brands-400.eot HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"554.2\",amp_style_sanitizer;dur=\"282.9\",amp_tag_and_attribute_sanitizer;dur=\"235.8\",amp_optimizer;dur=\"26.2\"\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15840\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}],"data":{"size":161986,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"4aa4a5f4df587e5955f49b8dbc89d091","sha1":"d2048e7f2579ec522d5a5358ee2b3c60bef8cedb","sha256":"fb12880d13b5f389c1268383930804a1696a7bbc20c4a54ddd12387ca4ae54d2","sha512":"a61ef8725cc9da088111294cfd9d80d9988b1a8c78157594077203f765bfee1f14efd24718488d394353a86c8bcc601884c7e459efe20832764cae1e54edc0b2","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8TnBEXhiCckE+uwUks0j7rfJs:Nq6RqCnCEXt0Z","tlshash":"cbf3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.873495Z","last_seen":"2026-03-07T12:59:33.723401Z","times_seen":2,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/joker.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/joker.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1173-695c5804-c8d0c;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 4467\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"d6046ada089141ed514a2c248ba348a9","sha1":"ac6af3ec4c8d0025c3498501f0b5ff169f50fdab","sha256":"a5894ebe20a0a276641ce8fe77f073ea3127a35e307937d00d46606a6d07e5e1","sha512":"9bec604475449cfffc72317d9ece25fb7ec460b1f463d288052c6a436d26848116b60832425da59d040aa1f43ed4964d575442480231030d8e797a89daa3a494","ssdeep":"96:aqQRGY0xUhfkh08d2luU5IqeesF93z/mc1MYtWum:aq+0xUS2U2lueny93z/mcyYtWum","tlshash":"fe918e58dd037e0e5d5e0a9230e85d9688bb8502deb4b81e78d7c2cb42f8166c85f6f7","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.971963Z","times_seen":1637,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/gopay.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/gopay.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"a06-695c5804-c8cd0;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2566\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2566,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"b8771de54536e9d754dc58a51d9da827","sha1":"5740b8950fb4137da7040b6e929fef6a371504d1","sha256":"450c5693b4a594e025753ada485c95646f6f9b95434887a2b9be52776aad1397","sha512":"6388ef540f6228b2423372814408aaa0bdc01ea66dc9dcaee162c9b0813677177fadac544b34ac7f6b3b472bfd186b9f1d6a86921e3f5794a6b2fa9fa8a06f9b","ssdeep":"","tlshash":"fd511a1dfd04bc43315de2671ce15526ca04acc0cde1da2bb65fc417aa746d04aaa9ef","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.029031Z","times_seen":1523,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Roma.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Roma.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"2424-695c5804-c8ce2;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9252\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9252,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d33ce31bdc98f4c6474acac4a34da5e9","sha1":"0c4dfabe91c8dee1f46c78cbbee8049fa3531669","sha256":"20f53cd7539667979bac8f6a176c0f7be1b8d4a90004bb9d57fd8a82aad91859","sha512":"fd06616ea37f9da9bd17912b2e8facb2c09eb4fb6d2e426034484a429e268d60b282670bc0c24b8855969caf079338c3a0598730edc1356222bfe7786831c24f","ssdeep":"192:swo6B0mBIscYj/mgbecyesPqfJudBnXuZp2uQcFrv:swVBXBMGO8eRqB0uzecx","tlshash":"f712bfff0e954575b689ff7de79323ab2a28800cf289ed6500149e99162fc9501b8936","first_seen":"2025-09-25T02:02:35.052978Z","last_seen":"2026-06-01T06:53:15.636073Z","times_seen":64,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/uploads/2026/01/Planet-Favicon-300x300.jpg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/uploads/2026/01/Planet-Favicon-300x300.jpg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"3595-695c50c4-c8002;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:01:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13717\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13717,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x300, components 3","md5":"d8667b82a80394cfddcb6ad4f451bea4","sha1":"32af8fe9eca8d934e9d707df261c2f6ee36b8c78","sha256":"ebe45ab04827122764db65fa59c30704ae64f584770ff3aa5a77a4ff63132059","sha512":"74635a12f17e412a7a32e6b2fd0f728a77f3d379b3d5f362cca2682bd0670302d848c4acf0c99b7b2ef5c7636886cbdff7e2b9f3b042b8a3c78be7ced45d12ce","ssdeep":"384:SnP5ivj2/Kbp5VZsBSQ4rJV6aEe8MSlPrX:SPwSc1WTxPT","tlshash":"1d527c47ff811548ef226d3cdc4e211186a8a9f1a6b0f831357e9ed9d3d2cfb6985508","first_seen":"2024-12-22T23:16:57.778257Z","last_seen":"2026-06-01T05:43:25.576902Z","times_seen":66,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/spadegaming.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/spadegaming.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"c52-695c5804-c8d12;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 3154\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"320cfbe4a80279d60708101c0b0e43f4","sha1":"944fff69fc23e6acf1abeada1854e9234805f5e4","sha256":"5737cdb9d5e20e199690ce65b1477bf50e6d76e6ff3af2ae1a3916eb52277f6b","sha512":"cd06cd28bcdbf5a094d9bd2650e182cead0348ae5e904529ade137b00e57261b3b48b4de5ec2801cf5f2ff3e820e2764b9b83d7e3e057e4b3a2ea42f13e83aef","ssdeep":"","tlshash":"99514d5ac712dd80508e8d0738e1e976e53574004b71a938bed98dde391c6e3cc68ee7","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.95755Z","times_seen":1652,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/dana.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/dana.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"952-695c5804-c8cce;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2386\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2386,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"0ac7748e31189f27ac5971efcd30a7eb","sha1":"dd29489b4fcd79567d7c278c3eaf6388a76c77a8","sha256":"5c92696fd590f184864bf00db29cb20da1b443dfc93f8377f14461f35b09f547","sha512":"b62c34f57eefae9fd1754964e314dfc792c7466baef2b08c7331889b47a222f0d981f8a03de2db56fa97083e90bed1d011cd9c655fffe7e5f0d84ea82057a3a6","ssdeep":"","tlshash":"2b410ac9f512bd2166587c825dcb81378531808448f1f922989ef04dbe782eabd3cde3","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:29.974113Z","times_seen":1522,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/jackpot.gif","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/jackpot.gif HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"90bd-695c5804-c8d05;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/gif\r\ncontent-length: 37053\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":37053,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 944 x 152","md5":"2db6bb8775f0312defaf176544726df5","sha1":"5ffdc40d70d46f801ed3f988c30d727fe17a78c5","sha256":"6d789a7d1e3560c6df74997949c65ebde1b16658e8e0ddaa393e86d1d7330670","sha512":"6d4729c69aa242cb0e4b984af8e04f6569d930e43797e00010ccef18bb7db91af9dc5e7e84abd9b7a94163d92477e3095a4c28fcf84d6013e9c85d68bfa04912","ssdeep":"768:yCxHuViCTGQJlGLXkTWuugIwbOSrCioqNoamMTF1V1mS8/q7ipig1KZBNY:yCZZCTGSMLXCWt8trCvOoamcfLip11Ka","tlshash":"18f2e035ed1e4d82c52724d8574b8ae83d42e2d45e7aedbd60e2f1223cd076c886bf19","first_seen":"2025-09-25T02:02:34.970764Z","last_seen":"2026-06-01T06:53:15.703325Z","times_seen":63,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/slider/slider.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/slider/slider.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"26bde-695c5804-c8d14;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 158686\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":158686,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0005ab9f715bb3f0d812b1cfb15d87c4","sha1":"c04587935c87df260c3e7e0f199d4d20d38486dd","sha256":"8597b9409d200192c88e38fdd110285b3fa175c53163857c0530e1fa77b3e2d2","sha512":"3eb9e2800e8e561cd70ca34767840caca7dfb75eff70987aaae4f1fa1ed53ed416a6695364f7f1fff28ae394031b06c9eb44b5b1636a1eb649437eff6633b33f","ssdeep":"3072:fySce4FMnR2oRDFbpwzOjt+uXkmDV4sxEvkJRGN1OmrmaI/rirUyh3Zy8m8Fl3B9:a1e4SpDd+CRLASy1JqfrirUyh3Zyp8FV","tlshash":"6ef312b4b4cdae61e5a5102d43fa4d5f8b93610d6be40fa0926cfc1819371f6b64b2e3","first_seen":"2025-10-07T20:46:55.783795Z","last_seen":"2026-05-30T13:33:05.010291Z","times_seen":18,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/Gates%20of%20Olympus%201000.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/Gates%20of%20Olympus%201000.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"2fa4-695c5804-c8ceb;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12196\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12196,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6cbc2a96150423822c4c04382e4aa9f8","sha1":"10492967ae2f75ca8a947cdad1e5726fb1823ab3","sha256":"6f8db2adc18a2fd5ac5d2486d9852fd9685d5e00a8bb7e8078a665e253ce890b","sha512":"f43cb3b940dfda3772eedbee0d597b89901f313edbdfd8273e55b7e59aad7696429d63048ed418bbf9e65522681cd6ef5de9d08411535e1661852e42f2608b13","ssdeep":"192:Uhm5Z59cFUJ+3Wfqjx1BbHgl+OOqa9tcTG9plC9YySAXFA/uzQuJWyLKDYVnXePr:Uh4Z5Gi+3WfqL9Hgl+OOL9iGxCxIuAyA","tlshash":"0042b0c8eec02bd1b41c5649cc2ddf159b2a1691975c0f78b3aee274cc3a7775614382","first_seen":"2024-04-29T04:54:22Z","last_seen":"2026-06-05T16:36:32.732432Z","times_seen":260,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-slots.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-slots.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"3fc-695c5804-c8cfb;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 477\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1020,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"23b95a3d61204dbae99ee9598c232b84","sha1":"b2d1f47c47ffd9936018f8cd546c5bbc11eda960","sha256":"46ef029cae9dd6690787975ce9693cd0dbbb5bb11a308e22e6782bb1ca551fdc","sha512":"216fcad4ff2d0d72e2228e30299896a089d8a4bea0a231fbeb10fd76d1f28a2e59d18c6829ff8873ca3d24defddbb699522c1591fb159714a0144064718eef3b","ssdeep":"","tlshash":"f611af2d4500f7ec60a1d5b9af66af52207830c9b47e824456e3cf20e282df6f49d0d1","first_seen":"2025-09-25T02:02:35.02144Z","last_seen":"2026-06-04T17:11:45.462487Z","times_seen":131,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/cq9.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/cq9.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"ede-695c5804-c8d08;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 3806\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3806,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"bf1d52938982261ddcc79fb95c2a67f4","sha1":"f51ff53053d641f7cf4bde754fc958e48d682656","sha256":"c919e7e1680f99113b1a2d673dd57218002ba9ca1b020c51d5aa035778038ff7","sha512":"0d5e74d3d48092626a8c2cee6fea119b29efab3fdf5aebcfa3a61c26dc02cd7ccdbf9e7655cfef3b9effa0fb9497338516bd8e03a85680f100bc286aab7eae7f","ssdeep":"","tlshash":"85716b68e6422841968cf5d6a4a81c637d2f00400b90e930c4dfc46a3eb6ab14b9d6cf","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.967205Z","times_seen":1652,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/digital_sans_ef_medium.woff2","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/digital_sans_ef_medium.woff2 HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"537.0\",amp_style_sanitizer;dur=\"349.8\",amp_tag_and_attribute_sanitizer;dur=\"146.5\",amp_optimizer;dur=\"58.2\"\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15839\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}],"data":{"size":161997,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"e2decd3a833242dad103e35ff9580de1","sha1":"bfcde86e314fefe43abca37b4abcabd58cf00b73","sha256":"7c9e36922169288e376c08c025c16c642bebf9f6482963524b5de93b62b66dc8","sha512":"4829406ba6f66e22ce14e81a220e0925150705a6aca9237f0cfa2a3c6b0c479e82f7384977d491339a4cddfe016cd32143f6eda7b05c12247497360e388f38be","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8AnBEXhiCckE+uwUks0j7rfJs:Nq6RqCnPEXt0Z","tlshash":"58f3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.899084Z","last_seen":"2026-03-07T12:59:33.699011Z","times_seen":2,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/fa-solid-900.eot#iefix","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/fa-solid-900.eot HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"647.0\",amp_style_sanitizer;dur=\"430.2\",amp_tag_and_attribute_sanitizer;dur=\"199.7\",amp_optimizer;dur=\"46.0\"\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15935\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":161985,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"85b7d6098a0acfaa0b5612694314d888","sha1":"d249a56f085da97c41a145ea4f47f61cc8d5eed9","sha256":"5292fdedbf2e66809c402801261e58f6421733842f328df2e682b5f677151932","sha512":"1fcd3566c7a6c61f2ce3868f7ccde06f9a628239e72e1902a90425b3014043f4d5aea74b12bd48790b464b46fdab49c80db5e06aa22f5a1b4ee1d5b7228b37f2","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8HnBEXhiCckE+uwUks0j7rfJs:Nq6RqCngEXt0Z","tlshash":"88f3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.901165Z","last_seen":"2026-03-07T12:59:33.724613Z","times_seen":2,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/Mahjong%20Ways.gif","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/Mahjong%20Ways.gif HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"13fad-695c5804-c8cee;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/gif\r\ncontent-length: 81837\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":81837,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"a2e5134ebaa93315a86b0d69163b87d9","sha1":"70ea77e3cf924c13523796486f7ab694906980ef","sha256":"b45397312e01ae46b807087abab702066eaaba929ead200d8a53bed66f6bbe37","sha512":"c8a186418297a0094e1a67b8e4454d4910134bc0c4d3c214031248fa9a9694bc2f54d35c6dac6070d351c7580985e22cfdef784786fc458e9494088593046ea2","ssdeep":"1536:NzfPCNollEoNgIrK9IYJHsX9fu4CdB5194DcPzlTL0hXCTH2sqywrv+1eC:dCNolGmKWY9KFNUf4QPgCLlCI/","tlshash":"8c83021ede12d751f91b66b35268cddd0edb1a358c81200b51a5f4ae2ce359b6320b3f","first_seen":"2025-09-25T02:02:34.979949Z","last_seen":"2026-06-01T06:53:15.62942Z","times_seen":58,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Feng%20Huang.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Feng%20Huang.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"203a-695c5804-c8ce0;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8250\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8250,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9c1e45bd3f6db2dd2757f6e44977c945","sha1":"12c31a68871dc1b119f722053efac48e62a517cf","sha256":"d91d320907956a26833e20b412d744cbff46db5e3917b81610de826bce0685b1","sha512":"b5b64f7e9e4ca9a3f0092bf0a8c6912b17b7ba91e7d0bfd57ff89e8bf6729ee626ffc8e93eaa1c47437991598006dc927aee80ddb1450e3d9846824fd6f56032","ssdeep":"192:qfwUFdwS3P8rEHNNs13leADl+k/8oFGOqXEJYMYtI7EDPfZX:qfwUX7fHNSNQSF/qXOJ2HZX","tlshash":"7202b0848e309985d99633f4d8b9336cf6b430736eb5fb84356104344794fcb7655d42","first_seen":"2025-09-25T02:02:35.018128Z","last_seen":"2026-06-01T06:53:15.645108Z","times_seen":58,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Lucky%20Fortunes.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Lucky%20Fortunes.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1e66-695c5804-c8ce1;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7782\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7782,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"276f3d9ac51e53ff9c004e120d69ce82","sha1":"b92ae46f9ec9d036db7129875ba7519ca8f99333","sha256":"d4d886caba27a3487dc596be2b956cf0bd995c785b2d670ac1aaa91cb04f72e4","sha512":"041c3c10b6916abdab46583de7ef3491bbf7b764980e557e7ba2df806ce15f5492577bf0fb263603d5b134f3b803187f354ab26641b91c75381d03da196c848b","ssdeep":"192:wfwF6Tnr/0afi2/4zOwJmh568GE3ivqUMqD5xlFA8g:wfwir/SP/A5JGESvqoAp","tlshash":"5ef1af5a295a37f2d18a8a3581005b4cbeb32e30df6fda204d0748d50d34f8aa1791e7","first_seen":"2025-09-25T02:02:35.005291Z","last_seen":"2026-06-01T06:53:15.691395Z","times_seen":58,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/sabasports.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/sabasports.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1269-695c5804-c8d10;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 4713\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"1f3020b661a06afe96a458859c3c7cff","sha1":"1a2bdc2e90543265d04d42670522c53105f5acbf","sha256":"ff82fe6d37d4c0a8714b16d18ce5d08f75968e686e1b71c30a783124f7dedc59","sha512":"2da36480856b22b46cc5b39f81ce86787b0ba260b9ebece4a715075c9bb48dbb90acd45b524ed317564f3f9060071ed0ff1ed454aa86a3ca935d018e015541eb","ssdeep":"96:aqQ+8/tARsjA+dRXr2zC0kyUh/jIDuseHh46WMy8HOM9TORnAy:aqz8/OejA+bXrO3ky0/jseCZMy8HOMmh","tlshash":"c1a17d0cf75eac09354268c230f9914399500df4c86a902af504ecdb2ab83f9ca9e5ef","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:30.001966Z","times_seen":1597,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/danamon.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/danamon.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"940-695c5804-c8ccf;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2368\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2368,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"3838d4b8102304883356ccf668653507","sha1":"65c93b99f83f22c41e339cfee892f80d6a0c1294","sha256":"73b1a331ae0d571fdfd8fd37b2d8b61d7bc40b7d5da1cfcedc36bcde48483f75","sha512":"edd8c2d85ed9345f153ba92047cc995fb15c720a6f7e7d8caee162e70c519d021abddf5abf988c5ba54c66702fa8fcb64397b9bac1c01223f555ca8052fd5099","ssdeep":"","tlshash":"b54108acd562d801964fad4030fbc33d8a614b409de1e10ae8adc16625a40ff6c5f0c7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.02013Z","times_seen":1484,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Popular%20Games/Fortune%20Gems%202.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Popular%20Games/Fortune%20Gems%202.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1e2a-695c5804-c8ce6;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7722\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7722,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"395767ab50723b40425b2a6a25fbede3","sha1":"c3d21776170226aa219a67fb750f3d60d6113c31","sha256":"ffb1d637971247d2da54592361d5686f79031f68129d1b26711380b0500a16f7","sha512":"1e0b02a6bd5ccfffb75abc36f5ab2c22bd4e78ba9b0e5100becf8e5205ef60843befe1ba8e52335ff6992be9fb772a3b19186d4d0624d3f1e4552f4d5509c380","ssdeep":"192:sfw2Evm5UEAvQGp5pOGjOHZNCV3yhgubzIuF:sfw2v+EyzTOHZFC8/F","tlshash":"95f1b07713a029cdd5122ef5c4ee9fc3a394d1230962a44757f915752c193cc7db61ca","first_seen":"2025-09-25T02:02:34.981732Z","last_seen":"2026-06-04T15:06:29.884464Z","times_seen":129,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/microgaming.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/microgaming.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"2315-695c5804-c8d0d;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 8981\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8981,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 600, 4-bit colormap, non-interlaced","md5":"35024fae2032dd7b3dc0b010485f7a0f","sha1":"dc34e370159f57dd72a3dba7651fd32830b06134","sha256":"a378192e0e408800f48c068c8b2b88841fe8dff5214c81f0f5bca386ab155794","sha512":"ba24370710fc7075072300b1c47bf4cca12de32e0dd24272b6961c19319d8b1701f8e1ccde37822f9e1d062e8d756319f14a49485f3722d1e7c705c363ea69ae","ssdeep":"192:M1eSS3IF+3ASIJ4vcwEZ2y9Y4eEcBXRhv9uY12RD2xUR5ZBe:y+3IF+144vcwAXm4MR9scULPe","tlshash":"4902bfd7bd432528d002f4f15aaf417a9dcd62436fc0664f400db9d07acaf9981bb182","first_seen":"2024-12-22T07:43:19.401885Z","last_seen":"2026-06-06T01:06:05.380687Z","times_seen":814,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/mandiri.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/mandiri.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"98a-695c5804-c8cd3;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2442\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"e81bd4992f0fe10cad81a83263d92ef7","sha1":"08b015eb1504581d3b9c858fd6770047b3698f70","sha256":"6b00a56d5961243a4cf2e0c59cfae414a8b3b528c7778eb3fae99e52a64913f9","sha512":"f9654ae9fb05790b84233d161227d0838eddb5225e3ea730dbdf67f15c1b2762cd06217e51faafb769c3f1fc38dbced9cb982f015cd6f5fb7a8037cfc4e329b8","ssdeep":"","tlshash":"b4510b8bc1d78d4147e5ca9131f2505f0d5246a0d7f5d029f98fd051a6f82f92a148d7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.036041Z","times_seen":1490,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/bni.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/bni.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"968-695c5804-c8cca;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2408\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2408,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"f974c6e54d22a2874c8bd0a5e0dd6280","sha1":"c155e13074e0908eebceaebed81db17d3e67f366","sha256":"1c0d8f733026c0d9d8ea471bee766e2398937de1b9c02d023c015757a425cea2","sha512":"2db584e2104003fc6ade26feaf40e73661cfa04128071ce9627865e57006b7514a025ffa7265a6d206aa53d44c39e9d7ff7bb2e8345dc31b9dafd6b26a9e924e","ssdeep":"","tlshash":"df410a4cb786a480e1cda69310ea4223c9154540ced6f56b541ee80b89681f8ddee5cf","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:29.972703Z","times_seen":1492,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/bri.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/bri.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"a54-695c5804-c8ccb;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2644\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2644,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"33b1568e97e2d3eb1f0e1fc24c13844c","sha1":"e76fd8087d2b1c706db27e318e728dadbb7cd2d9","sha256":"da04be9d1425d3021cff275d345cc1528863d6f93b48068f7867145424211039","sha512":"730731d241b2dbb9b740b8a592327904f7474fc8038e11b500bca4ec2d240766ef62b97288497765c85fb605a9f70746bcae1a67ab6b75110f9071c3fc0da164","ssdeep":"","tlshash":"25512b9de5274d41a3cddc403874e165c9639dc0cbe1f4a3fb0ec58a5d226e494591d7","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:30.002829Z","times_seen":1492,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/panin.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/panin.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"9d5-695c5804-c8cd7;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2517\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2517,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"c73d8ac115c9d42d48b2a3184c198271","sha1":"d86449166ea1fa2d8581516a68f1d720ff16233f","sha256":"cf7cf632c75859639c5e47534b6760c9ac44013dcd5d7bfe4c045cca5414432a","sha512":"cf89a4ed50cc1a7cbdf02c6589df7e55b7c49eb3f31208d41e288fe46cee5de39379808280ccae7052fefe9a892cb1d78cbfc54576f0a2981b67e2a352a4e4fb","ssdeep":"","tlshash":"2f5109cbf842ad11a24e848624e741398f07c960a9e4fc71714ec42e1b386f6e96c9df","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.003656Z","times_seen":1484,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/Mahjong%20Wins%203.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/Mahjong%20Wins%203.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"37a4-695c5804-c8cef;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14244\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14244,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d77012127b4754e84eb8050a7eace03f","sha1":"eece540673490d59a9f11d4a07589813dfc4d1ba","sha256":"8cb5020541a925d56097ec88e9f8221509aba0382ef7536d0b3f02df2ee3593a","sha512":"a53df62b62239c867e19b30fc025bfa586ad3fbd1f4d80713c23848463dae312660aca9d752a3b8541a9a89c9a144bf8b50baf724ccabeab57a46ce6f5afa76d","ssdeep":"384:KR4s1yyOl1jgYPl4GFDSC6rLn6GcdxoZr4:reCrjtt4EDSCu6G4xoZE","tlshash":"1252e1acfd1152b0c7300df90f3e0c9462c6a712129dab79d6c5c29e9f44c1637a9317","first_seen":"2025-04-20T20:42:45.306905Z","last_seen":"2026-06-05T15:33:51.991111Z","times_seen":336,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/bca.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/bca.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"a25-695c5804-c8cc8;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2597\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2597,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"7218454f8ed20e47c89c49f43dc865a8","sha1":"b3fe2c42a0ef40da7db91efd05fb16be761bbc7c","sha256":"a0effe9a2c5b748a827c592cff324be42a330b94f053bd596dbe4b45f2c18152","sha512":"843f06f1b1bfaad41cb112a544753066f22c40738164e790231f0e4bc10c1f1a0e9b804a15149a538779556a00dd303098ded75d9892e7c246219aecc694104e","ssdeep":"","tlshash":"2e51198ce8525d40b61ee1a03ac2057f92128dc0cfd1e90df8adc80e13353e497288d3","first_seen":"2024-05-24T12:00:55Z","last_seen":"2026-06-06T03:48:29.997618Z","times_seen":1490,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/bank/tri.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:19.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/bank/tri.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:19 GMT\r\netag: \"844-695c5804-c8cdb;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 2116\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2116,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 26, 8-bit/color RGBA, non-interlaced","md5":"a9332787c6c2381c0a4a5d6211e61883","sha1":"8b7837da9a9f5ac5a05479d256620f6c106e8235","sha256":"86a466018abf53f7175f4909de0826d5a8d405082ac2355b55d7d196fd47d2dd","sha512":"b7493b3a7b53cca8e2f63e5d6788d26b3b8c5af4adedc51d9db25fdfcff9a84d44af024762596b98e0ebd79278bf1d653cfa1e70b5eee6cf2c2ac3b1622b8f1b","ssdeep":"","tlshash":"2941e998d5631c41578ae98b28e14b278a0249c0d5b0c55771bbc04f87341fda8ae4db","first_seen":"2024-05-24T12:00:56Z","last_seen":"2026-06-06T03:48:30.027246Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Special%20Games/JetX.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Special%20Games/JetX.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"16c6-695c5804-c8cec;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5830\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5830,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f0ec730764c6550e6da7c6f99a4bab98","sha1":"37013abcef16123a3933becef728dc24aba78043","sha256":"af899bc8a9bb5abae7cb388fb2e56757fbcbdb54e37b864fcd9e1bb307749487","sha512":"e509db809c2481f99201a97e66ac8ace2c973c587500e73c501d3008fb07cbec587e74a4cea34e99b06d5bc4e9c194f41ae635909a6ab5411ffbb0b3e3754499","ssdeep":"96:tAzn3yZiIDDjtuzOcONbPouT+CPTUUagR/IzLAvNqQad4AAwGwISwS5dzjpWKXZi:tNoIDDjozOBgQam/IIvcNfAbwIS1rsi8","tlshash":"f1c18efa14a690f7e78285981456a7c183ec1e97f6c59b441f52024c0a9552fff18ee4","first_seen":"2025-09-06T23:59:48.495899Z","last_seen":"2026-06-01T06:53:15.638112Z","times_seen":78,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/poker.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/poker.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"7c2-695c5804-c8d04;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 905\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1986,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f7358a3ce96703fdff679df4a742014e","sha1":"c013e734b1af0025d3584de388732dd57c287b41","sha256":"16a942ac22edf9d492ffa4c2540e47a9a2e0840cbe2c11880e0eaf55b0a010e6","sha512":"0739a381b2196318e7617b3fc05ab5fb7ed08abc080a67a63b0293df3c24f3681b86bef06ffb4ba76a0e565b61a5a1bf08bb84998ad9a629096da1d73ac4ef6a","ssdeep":"","tlshash":"4f419a3a4260c7fd8ae6e5fe9f61a864508550cd82bbc70586f0865096e39d9f11d0d3","first_seen":"2025-09-25T02:02:34.992525Z","last_seen":"2026-06-04T17:11:45.450802Z","times_seen":131,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.ampproject.org/rtv/012601162341000/v0/amp-loader-0.1.mjs","fqdn":"cdn.ampproject.org","domain":"ampproject.org","tld":"org"},"ip":{"addr":"172.217.20.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"misc-sni.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:50 GMT","end":"Mon, 20 Apr 2026 08:39:49 GMT"},"fingerprint":{"sha1":"95:AF:DB:72:07:D8:8F:52:E5:50:5C:6A:7A:F5:37:62:9E:55:88:49","sha256":"D1:8D:14:23:A3:DB:4A:37:E4:DE:50:BF:5D:73:5C:7F:30:F3:46:52:1D:EA:45:33:50:95:61:CD:CC:ED:6D:6A"}}},"request":{"raw":"GET /rtv/012601162341000/v0/amp-loader-0.1.mjs HTTP/1.1\r\nHost: cdn.ampproject.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://nemo89.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"amphtml-china-available\"\r\nreport-to: {\"group\":\"amphtml-china-available\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/amphtml-china-available\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 3937\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 04 Mar 2026 14:21:25 GMT\r\nexpires: Thu, 04 Mar 2027 14:21:25 GMT\r\ncache-control: public, max-age=31536000\r\netag: \"92b17aa6d09710e7\"\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 253433\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12361,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (12245)","md5":"fd1e9230f8bce15f2278c5a542892ab4","sha1":"3cc51cd0547626645b968d0abf7db7d3cf81ea0b","sha256":"b8b1fd0ca593bd5a92c5d53632f316d98505bcbfe63069dec8cc248edf8f10b8","sha512":"e3799fca7e4e2562d5ba055e657a6b5ac5eb5dbd1b424a58dbe497a1e34f8346a5cd32a40358f5321105a00b9eee3fcef9e416532088bdeb09c53150d8a29e40","ssdeep":"384:Ho39KdedznnH/axp6ulqaa5F4g5A4WR2vCk:I39KMdTfaD6ulDa5F4g5A4WR2vCk","tlshash":"0c42a460a60ba2ac530342f488f5b856757ccd4fb8104079f0604ededf8ae54bdbb96e","first_seen":"2026-01-27T19:56:43.459766Z","last_seen":"2026-05-03T11:30:06.97582Z","times_seen":340,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/pgsoft.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/pgsoft.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"11d5-695c5804-c8d0e;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 4565\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4565,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"07fdf68f6b80703be8dff396a5a89029","sha1":"20f259c2d1d5d61f611079cf2a0b9d15166208b4","sha256":"9c318ff5d70915d892c4f289c1e2e8c7008341feca61bb191df37cbfcb43a28d","sha512":"1e3dd3c89973d138ea3706b02b76f9e8c1450b01b01a9c6e51b055b445cfdcd154be5080004028b53a6ac3d7e629aa54ee74e12191081d287620e89cda2c96e1","ssdeep":"96:aqQ5GZ6y9rpNUfJRttoj7YA9IF9s/IPqeW+ygQdnvW:aq3p7YkkAqF9QIPi+y/e","tlshash":"1d915c4df002842536c6ea93c4d3f026a8d34dc1a5d5e72602ab881aaeb71a75d5dbe3","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.995611Z","times_seen":1653,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/advanced_dot_digital7.eot","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/advanced_dot_digital7.eot HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nemo89.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"415.3\",amp_style_sanitizer;dur=\"265.4\",amp_tag_and_attribute_sanitizer;dur=\"114.2\",amp_optimizer;dur=\"31.2\"\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: gzip\r\ncontent-length: 15936\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":161994,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"53b1e1dded8f94205754b99476c27cf2","sha1":"7e1a3c358cdf97d783b98f9df96171e7f68d1393","sha256":"341b6aabe97c9faab41a49ab18a0187f52309ad1bc19e17f5c9d6fc4554bedb4","sha512":"97c160661d066ce5bf77457e26fbafb981fa0bd4d48293d78513aebbb3e1bdae6f771762dc5abdcc24a3c5e0fc5b9d334affca8ab71868a283f36e7dd459f9dd","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8unBEXhiCckE+uwUks0j7rfJb:Nq6RqCn7EXt0m","tlshash":"abf3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.922406Z","last_seen":"2026-03-07T12:59:33.721742Z","times_seen":2,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/games/Hot%20Games/Wild%20Bounty%20Showdown.webp","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/games/Hot%20Games/Wild%20Bounty%20Showdown.webp HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"1834-695c5804-c8ce4;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6196\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6196,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"04789699d360ba305785aef1407eee67","sha1":"9a0b403fdd35fe82c40b4bd39ca0244693abe02a","sha256":"4d3eea87daa41005804dd41a0a755c263f8e04bb3043fff526f88a2a1601c0e2","sha512":"e4d3e155c8d4ce0e4d97dd8877284d965541233cb6f35ada09095c13d3fa0a630bc72694511ad5cc3fcc9fcd49e0fd1551723e960db77227aece60fe2a3c2aba","ssdeep":"192:4fwVdvRcGZwUrAKo87Sk9OpnGSBM/NO+dA/tvi+t:4fwVHwUOjFnSNnctXt","tlshash":"d4d18ea153549f0fc8e90bf611600f57a3d936748dc7e6b938a14841dbddad59ac02c7","first_seen":"2025-09-25T02:02:35.07574Z","last_seen":"2026-06-01T06:53:15.646348Z","times_seen":58,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/webfonts/digital_sans_ef_medium.woff","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /webfonts/digital_sans_ef_medium.woff HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\naccess-control-allow-origin: https://nemo89.net\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nlink: \u003chttps://nemo89.net/wp-json/\u003e; rel=\"https://api.w.org/\"\r\ncontent-type: text/html; charset=utf-8\r\nserver-timing: amp_sanitizer;dur=\"332.3\",amp_style_sanitizer;dur=\"221.5\",amp_tag_and_attribute_sanitizer;dur=\"97.5\",amp_optimizer;dur=\"21.2\"\r\nx-litespeed-cache: hit\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AMP for WordPress:2.5.5; mode=standard","description":"AMP for WordPress automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site.","website":"https://amp-wp.org","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress:6.9.1","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}],"data":{"size":161996,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (41015), with CRLF, LF line terminators","md5":"f16d61019d2566ebbe6e4fc48d61be40","sha1":"7384ec49cda2188210880bbf6db54b5ae1c3bda6","sha256":"f577cc4d8251b5ec903c9b4fa3dc1040ad282954f801921343aabddcdd4567e4","sha512":"2e6ee190121779354c13ffc2b891ecb928ce398fcc8aab0689a935dab26fd75237e86edba21b8b625e21f308ea09bc14320105d8a6bfe44abdaf72214ea90842","ssdeep":"768:HhnWi/UXyCh6lTzVMnUYvtRhFU5Jn8CuC7LmZFU8gnBEXhiCckE+uwUks0j7rfJb:Nq6RqCntEXt0m","tlshash":"42f3b763284e106f7127c79171f8f5ab5d85d80bca328685f5aeb7c8c741e127a7a32c","first_seen":"2026-03-07T12:45:50.925699Z","last_seen":"2026-03-07T12:59:33.670129Z","times_seen":2,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/provider/ioncasino.png","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/provider/ioncasino.png HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"c94-695c5804-c8d0b;;;\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 3220\r\naccept-ranges: bytes\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced","md5":"f52b79a28e4fe23c2d7034200ec49243","sha1":"9e7090b05b1e04a59609aaa74023d254829c9b86","sha256":"2f413a04bfddefa9057a4a1c09ffebb389b048bff9a62717f64a292f2257d288","sha512":"a869da32caf575eed45a705779742b96901ea431bc4722131c930c0909359141abaf346ae6d43bf29a67235d8f8ff3f4c2d8a6eb86932aa52671175129dfa8fa","ssdeep":"","tlshash":"1b611a5e9e119c0d785ad94138f8a09bc632c144a870e905bad29d2bbd342fb9495cff","first_seen":"2023-12-01T04:11:56Z","last_seen":"2026-06-06T03:48:29.95398Z","times_seen":1630,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nemo89.net/wp-content/themes/oranges/images/icon/icon-casino.svg","fqdn":"nemo89.net","domain":"nemo89.net","tld":"net"},"ip":{"addr":"79.133.46.236","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nemo89.net/","date":"2026-03-07T12:45:18.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nemo89.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 23:13:08 GMT","end":"Wed, 03 Jun 2026 23:13:07 GMT"},"fingerprint":{"sha1":"2A:58:B3:A1:4D:F8:00:5D:1C:11:6C:78:F3:10:E6:00:39:51:9C:74","sha256":"60:BE:AD:7A:45:BB:50:23:AC:FC:89:63:AC:31:E2:38:28:65:3E:DB:2A:D2:87:CC:B0:4C:1C:58:C2:97:0C:04"}}},"request":{"raw":"GET /wp-content/themes/oranges/images/icon/icon-casino.svg HTTP/1.1\r\nHost: nemo89.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nemo89.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 14 Mar 2026 12:45:18 GMT\r\netag: \"146b-695c5804-c8cf3;br\"\r\nlast-modified: Tue, 06 Jan 2026 00:32:04 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 2112\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 12:45:18 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5227,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"11d84174da9ed030c46d7df69e7486e0","sha1":"747a92c88f9760a926f518ba66f83e1ed3b97309","sha256":"abaa7df6ed39ef011610889e1b0ecb24ad24badd7bb5bf863ba46ff817a69297","sha512":"c6fac7d69cfb5a601b94f4d5a11a64412dd53b1680a50deb1e4f9fcdfac19248aa5fcc221168b589e4d42434bd1c5ca7a471c338a18dfbb2e0f9a4c14104d410","ssdeep":"96:sAR9jIvbvmuC/Alpsr5rQPgoJvMzptEL0OhM7tROV0fTPyF7LEXbQjpamgspeDX0:sAfmuH2sr5rQPpEptExM7tzTPyBLKMgI","tlshash":"bbb1687d4350c3bcaed9d5fd9f6290a4908d50ced1bbc34587eac66096e38e9f20d0a6","first_seen":"2025-09-25T02:02:35.010693Z","last_seen":"2026-06-04T17:11:45.451985Z","times_seen":131,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-07","alert":"Phishing Block","trigger":"nemo89.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nemo89.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}