{"report_id":"2f274086-88fb-4639-b585-012a1f282fbb","version":6,"status":"done","tags":[],"date":"2026-03-22T12:30:40Z","url":{"schema":"http","addr":"echo.airtimesat.io","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"echo.airtimesat.io/login","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"title":"ECHO.TSMP","dom":{"size":69377,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"11d6bc328977a91be24da5c5d05f22e9","sha1":"6c9c05c7e877112011520d253f886fc41982ecb9","sha256":"464cb0ba1d3a2d5ebd0eaac3381e63d4a472fb7b39e7e19e18b7aa0decd0e8f3","sha512":"960dabc2a9545e95ef4c0ab3c993bd26b04603455aa74e271d01c2baa52f1f6293bad998b7f6ea29fa9dae171e02e2685065ea17cfdf8f5bb305804e1e55fba8","ssdeep":"768:Asmq5fhuGHZFRzRK7QgJUPMs/Y4qL7QgJUPMs/Y4q27QgJUPMs/Y4qdW5dUTD3pX:55fon6PFQNn6PFQIn6PFQjoiZX","tlshash":"c963d7e5534c60efb8678a2a9f7b9c6ca33f90a8b57141d26b5fcb3890879c4e307514","dom_hash":"domhashde5f1d0d4ccda3ef45e9d87e59ddc69a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"echo.airtimesat.io","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-26T12:30:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-22","alert":"Hunting_JS_WebAssembly","trigger":"echo.airtimesat.io/static/js/main.aaa746e0.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"echo.airtimesat.io","ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2024-06-17","domain_rank":0,"first_seen":"2026-03-22T12:30:46.146828Z","last_seen":"2026-03-22T12:30:46.146828Z","alert_count":7,"request_count":6,"received_data":9049686,"sent_data":2812,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"echo.airtimesat.io/static/js/main.aaa746e0.js","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bdc692bd2a9dbbb86f9f95c41b288fc","sha1":"d53db02d19f44fdb341cc596a96dc130c5b3191b","sha256":"2a7ebbb90d2bc3e1b416168a89421bd27c4087f4a3e9d37e02069cd88d6d4855","sha512":"20409eb4affa47781f6daf0f0d1432a8cbcc3890969f8e6fd15286eda1f01a6dad9f4bcf3c600b85723d8c150203c0ac1181f46ff91f58d6f758c68f4ae95469","ssdeep":"49152:sqTUYktPEZv17mTA2SalQp35vrdelLx4ogAqpUyK9ZNtcurgB86/oSRdwIV+xPpd:2tEp+xP+bgzOXO3cByEOomwJuZhn/B","tlshash":"32966de97251b025879351d6407f000bf33a6955b84ec85cf32dd8eb2cba989627bf39","size":8834045,"data":"","first_seen":"2026-03-22T12:30:50.154517Z","last_seen":"2026-03-22T12:50:02.008489Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-22","alert":"Hunting_JS_WebAssembly","trigger":"echo.airtimesat.io/static/js/main.aaa746e0.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"echo.airtimesat.io/static/js/main.aaa746e0.js","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://echo.airtimesat.io/","date":"2026-03-22T12:30:17.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET /static/js/main.aaa746e0.js HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://echo.airtimesat.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:18 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 8834045\r\nConnection: keep-alive\r\nLast-Modified: Tue, 24 Feb 2026 03:40:49 GMT\r\nETag: \"699d1dc1-86cbfd\"\r\nAccept-Ranges: bytes\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8834045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"f0ecad97f3bbbda4160bce2d65aa5ba9","sha1":"36fd4670ff4ea035f30b8723669b0b3afebdca6d","sha256":"f121598d509f9770cf0e0e400ac39d983f9c234a0d7a16b82c91409bb86a8b43","sha512":"ee43af75cb0316c169da3599fb23590ddd777a63e5b08431efbcf63e7bd66e64539ee6d49f1ec7649f2e652650f54fc07a90ad7d346c111f4fea5fea75745a39","ssdeep":"24576:sqTUYktfjPEZv17mTA2SaA1AQp35vrdelDPx4ogAqpUyK9ZNtcurglL86/oSRdwn:sqTUYktPEZv17mTA2SalQp35vrdelLx1","tlshash":"e1255da53252a86583d742c714760283f3395450b849d89cf72c68ff6dabc8a71bef39","first_seen":"2026-03-22T12:30:50.14542Z","last_seen":"2026-03-22T12:50:02.00398Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":937,"receive":1338,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-22","alert":"Hunting_JS_WebAssembly","trigger":"echo.airtimesat.io/static/js/main.aaa746e0.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"echo.airtimesat.io/static/media/asap-latin-400-normal.540bcdea97a138677191.woff2","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://echo.airtimesat.io/","date":"2026-03-22T12:30:18.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET /static/media/asap-latin-400-normal.540bcdea97a138677191.woff2 HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://echo.airtimesat.io/static/css/main.e6077046.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:19 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 15024\r\nConnection: keep-alive\r\nLast-Modified: Tue, 24 Feb 2026 03:40:49 GMT\r\nETag: \"699d1dc1-3ab0\"\r\nAccept-Ranges: bytes\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15024,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 15024, version 1.0","md5":"5b92cd4a2f55d8431b5e5e8dc64d3f57","sha1":"e2f9213ac45f1c5f9317760eafa0f9bc18551017","sha256":"ec7e640c3156c5cbc6825516bd9c7b8e4755818d57ba28655df4b84dcb24bc2c","sha512":"7de38f8f5fe61b5505e465fa616121e499c77d0586acc889c53c308d856a37efd9a0d31557fb63b296e7b38bc543d4f42b4dc56930eb0ff532c3502143e1c661","ssdeep":"384:G/V6mqUN76dTTZrJPGBGd24/8sEMkqmvlGyaLiNTgL1EP67:G/8mnNGZTZrJOAT/uRqK4F","tlshash":"0962d0a32572f87e7402b83cd407aa01b2a2773c6f41cb07a6f25550c769cc959768bd","first_seen":"2025-06-08T13:22:52.066605Z","last_seen":"2026-03-22T12:50:01.996877Z","times_seen":89,"resource_available":false,"data":null}},"time_used":1043,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1042,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"echo.airtimesat.io/logo192.png","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://echo.airtimesat.io/","date":"2026-03-22T12:30:20.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://echo.airtimesat.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:20 GMT\r\nContent-Type: image/png\r\nContent-Length: 5347\r\nConnection: keep-alive\r\nLast-Modified: Tue, 24 Feb 2026 03:39:38 GMT\r\nETag: \"699d1d7a-14e3\"\r\nAccept-Ranges: bytes\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5347,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"33dbdd0177549353eeeb785d02c294af","sha1":"7f4f2d68782a7fafceda84554ecab9b489877500","sha256":"c386396ec70db3608075b5fbfaac4ab1ccaa86ba05a68ab393ec551eb66c3e00","sha512":"e34572cf754ff7e1d0acb12d8275252230ad1dd9adc5858e807fef0fb61aea82cb1f9ca3ebab3eeb449460373140105f8d773e7bddbf6745f9e81cc1546621f4","ssdeep":"96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv","tlshash":"deb18e4e37e13c238137de00aa8ee5ddff52c6ff81226144e24933e9243839d9591916","first_seen":"2023-04-21T11:39:01Z","last_seen":"2026-06-13T17:29:22.291449Z","times_seen":10606,"resource_available":false,"data":null}},"time_used":706,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":706,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"echo.airtimesat.io/favicon.ico","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://echo.airtimesat.io/","date":"2026-03-22T12:30:20.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://echo.airtimesat.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:21 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 152126\r\nConnection: keep-alive\r\nLast-Modified: Thu, 04 Sep 2025 02:05:15 GMT\r\nETag: \"68b8f3db-2523e\"\r\nAccept-Ranges: bytes\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":152126,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -64x-64, 32 bits/pixel","md5":"a821fee8c79d267d98cf36e137ac369f","sha1":"a5652d256f861f6620432365147c4f29ee7600bd","sha256":"ebf51e54417fcb47475fe04172c4c57fad44725abed08093f05e7a0e72e621a5","sha512":"dafae7ef5f797df59f4aee19292407497bc076ffc0b99443e067a14c94fc20b01734e6caea6904e366530af4c447fb752f9c024b6041843e8eaa25c5384687ab","ssdeep":"48:hFcKtQ/j25eg6QKzN9f5SrgkGFI4GSzwGa1N3EEEEEEEEEEEEEEEEEEEEEEEEEE1:rc5rYxBcKHzmAj7WQIjS6I","tlshash":"e6e30276f1d49902e8043b747f0fd1f80a69ece02e377583721177faa9298d2d7162a6","first_seen":"2026-03-22T12:30:50.148644Z","last_seen":"2026-03-22T12:50:01.998163Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":948,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"echo.airtimesat.io/","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T12:30:16.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:17 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Tue, 24 Feb 2026 03:49:59 GMT\r\nETag: W/\"699d1fe7-25e\"\r\nContent-Encoding: gzip\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":606,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (605)","md5":"5c0974137983a1b474b136140cf66bbb","sha1":"00e93980a60fd2a5f1a123621f357eb47c378b7c","sha256":"7cd4bd6fb52bd0a200de4b373bfb81b5fd13a50e727d7424e5317ec348e22390","sha512":"fd667db9c6b627b0758b8d0d33ebae34d5dc5180119a39479903a1b1181dd797514b0db31de40550bea39909be3147ae9ad77cf969115d0168da58eb5e4fe57b","ssdeep":"","tlshash":"baf0ac43cc10c48d5330537baca3b02cc94ab50caaa1fc64b89614ba0de4bb38d62a51","first_seen":"2026-03-22T12:30:50.149488Z","last_seen":"2026-03-22T12:50:02.00138Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1242,"timings":{"blocked":263,"dns":46,"connect":100,"send":0,"wait":715,"receive":1,"ssl":115},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"echo.airtimesat.io/static/css/main.e6077046.css","fqdn":"echo.airtimesat.io","domain":"airtimesat.io","tld":"io"},"ip":{"addr":"67.205.128.173","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://echo.airtimesat.io/","date":"2026-03-22T12:30:17.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"echo.airtimesat.io","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Feb 2026 20:38:02 GMT","end":"Tue, 26 May 2026 20:38:01 GMT"},"fingerprint":{"sha1":"A6:99:11:D9:C2:24:62:73:30:86:EE:1E:29:55:0B:70:8F:2F:1B:6E","sha256":"A7:C8:A6:EE:AC:98:60:BF:F3:5D:CB:70:4F:B4:27:33:82:54:6E:AD:3B:07:10:A3:38:92:31:24:E5:D7:1D:33"}}},"request":{"raw":"GET /static/css/main.e6077046.css HTTP/1.1\r\nHost: echo.airtimesat.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://echo.airtimesat.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sun, 22 Mar 2026 12:30:18 GMT\r\nContent-Type: text/css\r\nContent-Length: 40869\r\nConnection: keep-alive\r\nLast-Modified: Tue, 24 Feb 2026 03:40:49 GMT\r\nETag: \"699d1dc1-9fa5\"\r\nAccept-Ranges: bytes\r\nX-Served-By: echo.airtimesat.io\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40869,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40824)","md5":"f0ba891fd1eee707c4e13ece2b308b01","sha1":"976cd3a7ac19526e8ee703a2c650ac3c1e322011","sha256":"4edc7d5de3f005cb470b54dca9085eadca83441c3de56af57172d243221202ad","sha512":"8d59d6270dbcb92388a480b372170be4301f5eafda28c5eec7ac1ab84edb222f201371d5a3a3af7c2e1de8012037bcd0da300c7ce7937ec6a30c6efc2eef5c0e","ssdeep":"768:zuiq68zsTZ545D743H6743Hh743HMUvEgFst:868K3L3a3To","tlshash":"04039493eb4950afe6478932cd3751d4b23fa996adbd42e4bc3ec638c267d849307124","first_seen":"2026-03-22T12:30:50.150946Z","last_seen":"2026-03-22T12:50:02.005911Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1421,"timings":{"blocked":229,"dns":2,"connect":106,"send":0,"wait":959,"receive":1,"ssl":121},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"echo.airtimesat.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}