{"report_id":"42fb89c8-908e-4b04-ae02-6e50c804d2d5","version":6,"status":"done","tags":[],"date":"2026-02-12T09:13:26Z","url":{"schema":"http","addr":"www.20iran.site/","fqdn":"www.20iran.site","domain":"20iran.site","tld":"site"},"ip":{"addr":"157.90.33.73","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"bertmackg.com/go/2486664","fqdn":"bertmackg.com","domain":"bertmackg.com","tld":"com"},"title":"...","dom":{"size":93977,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (63119)","md5":"e66c223b1819faf3219311e220162ef4","sha1":"ca199e17472af1aa218927df2ca957e04a83d258","sha256":"cfdd053f3f8cfc255dae9942de000f180c634aae00be595a784f35c2f77abe24","sha512":"4db09e3654f4ac8d56080cf2654430a3fcb06bcefd9af21375d6f2d5aa877a41b028f418e4ca2d69daa1f876fac34f00614ea1df5e1eae9bc52a4fd00cec3de0","ssdeep":"1536:VZJVW5uaKDNH5v6CBCk+5IUgvCSR+/8ugo2f4AN05Tv3Bu7om:VZJV7v6CBNmIUupMQ4ANez3Bu7om","tlshash":"0d93c550f3d4684122978fbbfb1bfdd0e91a5c6978444c8bc4447fb86eaa226e6d0d31","dom_hash":"domhash7152b630b25245d2826d5f7b8ad26ef7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.20iran.site/","fqdn":"www.20iran.site","domain":"20iran.site","tld":"site"},"ip":{"addr":"157.90.33.73","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-19T09:13:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-12","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"bertmackg.com/go/2486664","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"bertmackg.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-02-20","domain_rank":0,"first_seen":"2026-02-06T11:34:42.345914Z","last_seen":"2026-02-06T11:34:42.345914Z","alert_count":13,"request_count":4,"received_data":93453,"sent_data":2125,"comment":"","tags":null,"fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}]},{"fqdn":"www.20iran.site","ip":{"addr":"157.90.33.74","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-02-12T09:13:26.757311Z","last_seen":"2026-02-12T09:13:26.757311Z","alert_count":0,"request_count":1,"received_data":1785,"sent_data":484,"comment":"","tags":null,"fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.20iran.site/","fqdn":"www.20iran.site","domain":"20iran.site","tld":"site"},"ip":{"addr":"157.90.33.74","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-12T09:13:03.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"20iran.site","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 15:19:19 GMT","end":"Thu, 07 May 2026 15:19:18 GMT"},"fingerprint":{"sha1":"21:BE:89:18:C9:38:9D:BC:07:F8:0F:B1:C2:B3:11:7F:04:FF:9A:11","sha256":"85:F2:9D:FD:45:95:62:0B:93:B1:C3:0B:ED:65:70:65:F4:D7:3D:DB:B0:4B:0C:13:2C:DD:6F:C5:32:DB:82:A1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.20iran.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Angie\r\ndate: Thu, 12 Feb 2026 09:13:04 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-security-policy: script-src 'nonce-LiHeN+I/eteJg7fKx5xSUw=='; style-src 'unsafe-inline'\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":1535,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1205)","md5":"9d58392288f78f368fc8050f40589340","sha1":"3c7d1733bdcd1c07a46bd7cb779c4abbc3039e6a","sha256":"1c1710a05ddb48a631a102e7fad2850d6bc21698848ffa14b0b25b3ec9606b37","sha512":"1285bbae879f3fcc2e9b1a8347f08eba5abb788caf92a584b3d9e64ff23edab620834bbb17f42db6a2360fd65fbe1af4f2efd9812bba2792468b653e3bdee3a5","ssdeep":"","tlshash":"ea31f0d431c2d00f37ed9727a62336cee1a62b9d4841ec0b4a08f05ae1d224ff5e5674","first_seen":"2026-02-12T09:13:29.304923Z","last_seen":"2026-02-12T09:13:29.304923Z","times_seen":1,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":130,"dns":52,"connect":24,"send":0,"wait":24,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bertmackg.com/go/2486664","fqdn":"bertmackg.com","domain":"bertmackg.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-12T09:13:04.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bertmackg.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Feb 2026 12:14:26 GMT","end":"Sun, 03 May 2026 12:14:25 GMT"},"fingerprint":{"sha1":"0C:79:E3:61:F4:98:4B:CC:D8:F9:CF:9D:6A:21:3C:D3:27:B8:1A:2B","sha256":"55:EF:B9:95:AE:71:C1:EA:48:18:3E:3F:38:56:A0:C7:02:12:3D:14:FE:C9:35:F4:DC:5E:4D:31:05:51:9A:7F"}}},"request":{"raw":"GET /go/2486664 HTTP/1.1\r\nHost: bertmackg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.20iran.site/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":83,"dns":7,"connect":24,"send":0,"wait":0,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bertmackg.com/go/2486664","fqdn":"bertmackg.com","domain":"bertmackg.com","tld":"com"},"ip":{"addr":"178.63.248.49","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-12T09:13:04.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bertmackg.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Feb 2026 12:14:26 GMT","end":"Sun, 03 May 2026 12:14:25 GMT"},"fingerprint":{"sha1":"0C:79:E3:61:F4:98:4B:CC:D8:F9:CF:9D:6A:21:3C:D3:27:B8:1A:2B","sha256":"55:EF:B9:95:AE:71:C1:EA:48:18:3E:3F:38:56:A0:C7:02:12:3D:14:FE:C9:35:F4:DC:5E:4D:31:05:51:9A:7F"}}},"request":{"raw":"GET /go/2486664 HTTP/1.1\r\nHost: bertmackg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.20iran.site/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Angie\r\ndate: Thu, 12 Feb 2026 09:13:04 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\nlink: \u003c//\u003e; rel=\"dns-prefetch preconnect\"\r\nset-cookie: rauid=3wR7X2_bRcaOW_yl1eSH8Q; expires=Fri, 12 Feb 2027 09:13:04 GMT; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":92419,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64580)","md5":"90fedc9df9437f1c964ca60fabf0839a","sha1":"e9766e093405589e360e3d5cca546da7888f75c3","sha256":"abe19e4fba566cf576f8efd69086394e70ac7c296d777ba2b2e56aa51d54b4e5","sha512":"b4ec2d96b651fd0268710ce949513075774f195e8f7655a21faafb733af4c15b9b444339641490221d6d1ecd22786c684d974d2bc2f4937c06b1627c42a75dfe","ssdeep":"1536:i8JVW5uaKDNH5v6CBCk+5IUgvCSR+/8ugo2f4AN05Tv3Bu7oZ:i8JV7v6CBNmIUupMQ4ANez3Bu7oZ","tlshash":"8993b450f3d4284122979fbbfb1bfdd0e91a5c6978444c8bc4447fb86eaa226e6d0d31","first_seen":"2025-07-02T09:58:55.905119Z","last_seen":"2026-04-04T05:16:36.851499Z","times_seen":781,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-12","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"bertmackg.com/go/2486664","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bertmackg.com/go/2486664?\u0026fid=2582231179","fqdn":"bertmackg.com","domain":"bertmackg.com","tld":"com"},"ip":{"addr":"178.63.248.49","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-12T09:13:04.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bertmackg.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Feb 2026 12:14:26 GMT","end":"Sun, 03 May 2026 12:14:25 GMT"},"fingerprint":{"sha1":"0C:79:E3:61:F4:98:4B:CC:D8:F9:CF:9D:6A:21:3C:D3:27:B8:1A:2B","sha256":"55:EF:B9:95:AE:71:C1:EA:48:18:3E:3F:38:56:A0:C7:02:12:3D:14:FE:C9:35:F4:DC:5E:4D:31:05:51:9A:7F"}}},"request":{"raw":"POST /go/2486664?\u0026fid=2582231179 HTTP/1.1\r\nHost: bertmackg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1419\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: rauid=3wR7X2_bRcaOW_yl1eSH8Q\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1419,"data":"q=rlW1LFV6Vx1irzyfoTRiAF4jVPuKnJ5xo3qmVR5HVQRjYwN7VSqcowL0BlO4AwD7VUW2BwRmAP4jXFOUMJAeol8lZQRjZQRjZFOTnKWyMz94YmRmAP4jVvjvoTShMlV6VzIhYIIGVvjvpTkuqTMipz0vBvWKnJ4mZvVfVzEioJScovV6VzWypaEgLJAeMl5wo20vYPW0rvV6VyIHDlVfVzymK3EiqJAbVwczLJkmMFjvoJS4K3EiqJAbK3OinJ50plV6ZPjvnKAsq2DvBzMuoUAyYPWcp19hnaZvBzMuoUAyYPWcp19jnaZvBzMuoUAyYPWcp19joUqlM2u0VwczLJkmMFjvnKAsnJMlVwczLJkmMFjvp19mpT9iMzIxVwczLJkmMFjvMI9fMJ4vBwZ3YPWwnUWioJIspUWipPV6MzSfp2HfVzymK2Abpz9gMFV6MzSfp2HfVzymK2McpzIzo3tvBaElqJHfVzymK3AuMzSlnFV6MzSfp2HfVaqlo25aK2Abpz9gMFV6MzSfp2HfVzyzpy9wnUWioJHvBzMuoUAyYPWjoUIanJ5mVwb1YPW3MJWaoPV6Vzkfqz1jnKOyVvjvnUqsL29hVwb0BPjvp2AlMJIhK3qcMUEbVwbkZwtjYPWmL3WyMJ5snTIcM2u0VwbkZQV0YPWuqzScoS9mL3WyMJ5sq2yxqTtvBwRlBQNfVzS2LJyfK3AwpzIyoy9bMJyanUDvBwRjZwDfVaqcozEiq19iqKEypy93nJE0nPV6ZGV4ZPjvq2yhMT93K291qTIlK2uynJqbqPV6ZGNlAPjvq2yhMT93K2yhozIlK3qcMUEbVwbkZwtjYPW3nJ5xo3qsnJ5hMKWsnTIcM2u0VwbkZQV0YPWjMKWgK2SwL2IfMKWioJI0MKVvBv0kYPWjMKWgK2WfqJI0o290nPV6YGRfVaOypz1sL2SgMKWuVwbgZFjvpTIloI9gnJAlo3Obo25yVwbgZFjvpTIloI9ho3EcMzywLKEco25mVwbjYPWjMKWgK25zLlV6YGRfVaOypz1sM3ylo3Awo3OyVwbgZFjvpTIloI9aMJ9fo2AuqTyiovV6ZPjvpTIloI9woTyjLz9upzDvBv0kYPWjMKWgK3O1p2tvBwNfVzMsLJ5xpz9cMPV6qUW1MFjvMy9fnJ51rPV6qUW1MFjvMy93nJ5xo3qmVwczLJkmMFjvMy9yqPV6AQDfVz1yoFV6YGRfVzWsoUMfVwbgZFjvLy9xL2u0VwbgZFjvLy9wnUA0VwczLJkmMFjvpT9mK3tvBv0kYPWjo3AsrFV6YGRfVaOip196VwbgZFjvoJ0vBwNfVzAfVwbjYPW0pUZvBwNfVaAwpzjvBwNfVzI0VwbkAmA9\u0026rnd=2e38449177468bc088d50b23124c9201"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: Angie\r\ndate: Thu, 12 Feb 2026 09:13:04 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64\r\nset-cookie: rauid=3wR7X2_bRcaOW_yl1eSH8Q; expires=Fri, 12 Feb 2027 09:13:04 GMT; path=/; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bertmackg.com/favicon.ico","fqdn":"bertmackg.com","domain":"bertmackg.com","tld":"com"},"ip":{"addr":"178.63.248.49","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bertmackg.com/go/2486664","date":"2026-02-12T09:13:04.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bertmackg.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Feb 2026 12:14:26 GMT","end":"Sun, 03 May 2026 12:14:25 GMT"},"fingerprint":{"sha1":"0C:79:E3:61:F4:98:4B:CC:D8:F9:CF:9D:6A:21:3C:D3:27:B8:1A:2B","sha256":"55:EF:B9:95:AE:71:C1:EA:48:18:3E:3F:38:56:A0:C7:02:12:3D:14:FE:C9:35:F4:DC:5E:4D:31:05:51:9A:7F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bertmackg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: rauid=3wR7X2_bRcaOW_yl1eSH8Q\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: Angie\r\ndate: Thu, 12 Feb 2026 09:13:04 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-12","alert":"Sinkholed","trigger":"bertmackg.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}