{"report_id":"2d5565af-ee84-45d1-b085-16f3e50c16a3","version":6,"status":"done","tags":[],"date":"2025-09-06T07:56:22Z","url":{"schema":"http","addr":"fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","fqdn":"fx.sternswellman.help","domain":"sternswellman.help","tld":"help"},"ip":{"addr":"23.109.170.72","port":0,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"title":"New Private Tab"},"submit":{"url":{"schema":"http","addr":"fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","fqdn":"fx.sternswellman.help","domain":"sternswellman.help","tld":"help"},"ip":{"addr":"23.109.170.72","port":0,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-11T07:56:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":42822,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.519653+0000\",\"flow_id\":1183920235218950,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.255.103.170\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":42822,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=fx.sternswellman.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"5C:92:4D:65:ED:2D:0C:02:65:F6:66:89:73:24:70:EB\",\"fingerprint\":\"c4:09:1e:36:c6:0d:0f:7b:7e:f3:48:80:6b:39:18:ba:e9:35:f2:ba\",\"sni\":\"fx.sternswellman.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-08-25T00:00:00\",\"notafter\":\"2025-11-23T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4025,\"start\":\"2025-09-06T07:56:00.460806+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":32880,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.915660+0000\",\"flow_id\":2163786959030540,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"94.242.236.144\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":32880,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wrathypenitis.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:82:53:4F:F3:04:F0:DF:56:51:F8:96:71:76:8C:AB:F1\",\"fingerprint\":\"57:1c:3c:d5:c1:f2:62:8a:e4:97:ab:47:08:1d:6d:20:a7:31:0f:f1\",\"sni\":\"wrathypenitis.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-07-21T00:00:00\",\"notafter\":\"2025-10-19T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1460,\"bytes_toclient\":4019,\"start\":\"2025-09-06T07:56:00.854284+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":32874,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.920033+0000\",\"flow_id\":1170348138563485,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"94.242.236.144\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":32874,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wrathypenitis.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:82:53:4F:F3:04:F0:DF:56:51:F8:96:71:76:8C:AB:F1\",\"fingerprint\":\"57:1c:3c:d5:c1:f2:62:8a:e4:97:ab:47:08:1d:6d:20:a7:31:0f:f1\",\"sni\":\"wrathypenitis.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-07-21T00:00:00\",\"notafter\":\"2025-10-19T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1460,\"bytes_toclient\":4019,\"start\":\"2025-09-06T07:56:00.853917+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"fx.sternswellman.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"wrathypenitis.help","ip":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-07-21","domain_rank":0,"first_seen":"2025-08-21T05:46:19.017165Z","last_seen":"2025-09-04T19:27:16.170004Z","alert_count":2,"request_count":2,"received_data":1151,"sent_data":1135,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fx.sternswellman.help","ip":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-08-25","domain_rank":0,"first_seen":"2025-08-26T19:58:05.929132Z","last_seen":"2025-09-03T01:51:07.058514Z","alert_count":2,"request_count":2,"received_data":17509,"sent_data":1544,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":42822,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.519653+0000\",\"flow_id\":1183920235218950,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.255.103.170\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":42822,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=fx.sternswellman.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"5C:92:4D:65:ED:2D:0C:02:65:F6:66:89:73:24:70:EB\",\"fingerprint\":\"c4:09:1e:36:c6:0d:0f:7b:7e:f3:48:80:6b:39:18:ba:e9:35:f2:ba\",\"sni\":\"fx.sternswellman.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-08-25T00:00:00\",\"notafter\":\"2025-11-23T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1329,\"bytes_toclient\":4025,\"start\":\"2025-09-06T07:56:00.460806+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":32880,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.915660+0000\",\"flow_id\":2163786959030540,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"94.242.236.144\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":32880,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wrathypenitis.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:82:53:4F:F3:04:F0:DF:56:51:F8:96:71:76:8C:AB:F1\",\"fingerprint\":\"57:1c:3c:d5:c1:f2:62:8a:e4:97:ab:47:08:1d:6d:20:a7:31:0f:f1\",\"sni\":\"wrathypenitis.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-07-21T00:00:00\",\"notafter\":\"2025-10-19T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1460,\"bytes_toclient\":4019,\"start\":\"2025-09-06T07:56:00.854284+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-06T07:56:00Z","timestamp":1757145360,"ip_dst":{"addr":"172.18.0.22","port":32874,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-09-06T07:56:00.920033+0000\",\"flow_id\":1170348138563485,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"94.242.236.144\",\"src_port\":443,\"dest_ip\":\"172.18.0.22\",\"dest_port\":32874,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wrathypenitis.help\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"00:82:53:4F:F3:04:F0:DF:56:51:F8:96:71:76:8C:AB:F1\",\"fingerprint\":\"57:1c:3c:d5:c1:f2:62:8a:e4:97:ab:47:08:1d:6d:20:a7:31:0f:f1\",\"sni\":\"wrathypenitis.help\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-07-21T00:00:00\",\"notafter\":\"2025-10-19T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"76fd782f81a37e6b32ec21bbc9fb4c00\",\"string\":\"771,47,0-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1460,\"bytes_toclient\":4019,\"start\":\"2025-09-06T07:56:00.853917+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","fqdn":"fx.sternswellman.help","domain":"sternswellman.help","tld":"help"},"ip":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"e9309cc39357fa36dd58d8652724424d","sha1":"990211916e0207ec821b0005bed4c9275f7a3b49","sha256":"cbb3cb2e39570affc4f6191374a8c2092c8ae9f6db625b363513f4cc10e7ad18","sha512":"ea11e668aa1278a95dff9b7bd5bdd8d1185da7de81969111cbadfe6bc7f2ccd2ef7c4699e14bec9ec7237aef24ce8895f59013fee228dd80b398f9d9c353824b","ssdeep":"384:Lmz98BqXqJAqOwKlF+QM6tY3imvHulIP8WU70cGD:LmWUXqJ5OwKlF+QbC3hPulIP8WU7UD","tlshash":"d252e9f0f3e161bd8fd65dfae1359202a1b66c003ec999f8c12a1a107f4158ad377e99","size":14261,"data":"","first_seen":"2025-09-06T07:56:23.019844Z","last_seen":"2025-09-06T07:56:23.019844Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Ffx.sternswellman.help","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","date":"2025-09-06T07:56:00.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 21 Jul 2025 00:00:00 GMT","end":"Sun, 19 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"57:1C:3C:D5:C1:F2:62:8A:E4:97:AB:47:08:1D:6D:20:A7:31:0F:F1","sha256":"D5:34:58:63:74:58:D1:71:8E:01:AA:80:04:67:17:F5:C4:2B:DD:52:20:24:6B:9C:67:2B:D8:E4:7B:18:74:22"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Ffx.sternswellman.help HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://fx.sternswellman.help/\r\nOrigin: https://fx.sternswellman.help\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Sep 2025 07:56:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://fx.sternswellman.help\r\nAccess-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for\r\nAccess-Control-Max-Age: 600\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":82,"dns":9,"connect":21,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Ffx.sternswellman.help","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"94.242.236.144","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","date":"2025-09-06T07:56:00.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 21 Jul 2025 00:00:00 GMT","end":"Sun, 19 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"57:1C:3C:D5:C1:F2:62:8A:E4:97:AB:47:08:1D:6D:20:A7:31:0F:F1","sha256":"D5:34:58:63:74:58:D1:71:8E:01:AA:80:04:67:17:F5:C4:2B:DD:52:20:24:6B:9C:67:2B:D8:E4:7B:18:74:22"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Ffx.sternswellman.help HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fx.sternswellman.help/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://fx.sternswellman.help\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Sep 2025 07:56:00 GMT\r\nContent-Type: application/json\r\nContent-Length: 32\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://fx.sternswellman.help\r\nAccess-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for\r\nAccess-Control-Max-Age: 600\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nSet-Cookie: a97fa794a0f9=67f523b51024a452748b9f; expires=Mon, 13 Jan 2053 15:17:44 GMT; domain=wrathypenitis.help; path=/; secure; SameSite=None\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8d5904f2336358a765e1882daa774364","sha1":"297bea9131efea1d493e156dddecb37c3572eeab","sha256":"a5425b3c91f181084c34a5d25aac91c1f401e3a973ce98c70bcf99974b4f0de5","sha512":"199e98465da5753eb65dbcb00f6232335f340c0ae542bc464784195740a8548b3a756b74abb8940af7b6a5b22db93722810035f54f4bfb9c73874299b4169700","ssdeep":"","tlshash":"d080045d11d414151751d145cc10401311003df150c400003011054d01504704450541","first_seen":"2025-09-06T07:56:23.008168Z","last_seen":"2025-09-06T07:56:23.008168Z","times_seen":1,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":4,"dns":13,"connect":22,"send":0,"wait":18,"receive":1,"ssl":104},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fx.sternswellman.help/favicon.ico","fqdn":"fx.sternswellman.help","domain":"sternswellman.help","tld":"help"},"ip":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","date":"2025-09-06T07:56:00.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fx.sternswellman.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Sun, 23 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"C4:09:1E:36:C6:0D:0F:7B:7E:F3:48:80:6B:39:18:BA:E9:35:F2:BA","sha256":"B4:A0:1C:32:83:D7:E5:5C:16:67:2D:78:08:0D:C4:41:7E:06:0D:C4:98:E8:40:C2:94:7B:06:68:CB:39:C5:3C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fx.sternswellman.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/\r\nCookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjA9l6BadnCbbYMXXgFZhEDwxyZGfu5%2B2zxLp5XKcVpAjYTkrrM6yKvDnl5qkBPcNuBRwfdin8PX5AHF0ewd9h0wUrWyOzi8kes%2FgYZbM%2FWfLJe7ByNuABeWjfDzT72l%2F4KmjSBo2gGh3uqQC%2B9%2BwFe7x3U\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Sep 2025 07:56:00 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1406\r\nLast-Modified: Fri, 05 Sep 2025 13:24:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"68bae4a8-57e\"\r\nExpires: Sun, 07 Sep 2025 07:56:00 GMT\r\nCache-Control: max-age=86400\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-04-04T04:31:44.275461Z","times_seen":19304,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"fx.sternswellman.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fx.sternswellman.help/iyVAVlPHygfnUtCXuTAJktsX/78053/","fqdn":"fx.sternswellman.help","domain":"sternswellman.help","tld":"help"},"ip":{"addr":"172.255.103.170","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-06T07:56:00.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fx.sternswellman.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Sun, 23 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"C4:09:1E:36:C6:0D:0F:7B:7E:F3:48:80:6B:39:18:BA:E9:35:F2:BA","sha256":"B4:A0:1C:32:83:D7:E5:5C:16:67:2D:78:08:0D:C4:41:7E:06:0D:C4:98:E8:40:C2:94:7B:06:68:CB:39:C5:3C"}}},"request":{"raw":"GET /iyVAVlPHygfnUtCXuTAJktsX/78053/ HTTP/1.1\r\nHost: fx.sternswellman.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Sep 2025 07:56:00 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nSet-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Sun, 07-Sep-2025 07:56:00 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjA9l6BadnCbbYMXXgFZhEDwxyZGfu5%2B2zxLp5XKcVpAjYTkrrM6yKvDnl5qkBPcNuBRwfdin8PX5AHF0ewd9h0wUrWyOzi8kes%2FgYZbM%2FWfLJe7ByNuABeWjfDzT72l%2F4KmjSBo2gGh3uqQC%2B9%2BwFe7x3U; expires=Sun, 07-Sep-2025 07:56:00 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14564,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (14301)","md5":"5d99e6dbc6a65f604c367be3718a1a67","sha1":"b95349b0b720a41910a6643e76cc99b691ca82a2","sha256":"72d2e905cdb9b2fb53b736afe3c6e80c50f2eda7e94b8129abb4f3bd56cbbd80","sha512":"a4a49867b392ec68a5610547747705601aadfa5a0a13d5c7452730583dad4ca61cc5b83d0c53822fcdbbddc63889df37a02ebcc9e0b55b69f1afa1c606f48ecc","ssdeep":"384:8mz98BqXqJAqOwKlF+QM6tY3imvHulIP8WU70cGJ:8mWUXqJ5OwKlF+QbC3hPulIP8WU7UJ","tlshash":"4a62faf0f3e161bd8fd65deae1359202a1b65c003ec999f8c16a1a107f4168ad377e98","first_seen":"2025-09-06T07:56:23.018822Z","last_seen":"2025-09-06T07:56:23.018822Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":161,"dns":57,"connect":18,"send":0,"wait":23,"receive":1,"ssl":85},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-06","alert":"Sinkholed","trigger":"fx.sternswellman.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}