{"report_id":"5b5e0420-0989-4bcf-8f1e-1731f9429bfd","version":6,"status":"done","tags":[],"date":"2025-11-26T04:52:16Z","url":{"schema":"http","addr":"ngunyiyannick.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/images/prettyPhoto/html.html","fqdn":"ngunyiyannick.com","domain":"ngunyiyannick.com","tld":"com"},"ip":{"addr":"198.251.88.188","port":0,"asn":53667,"as":"PONYNET","country":"Luxembourg","country_code":"LU"},"final":{"url":{"schema":"https","addr":"saledelivery.zone/?cp=7lvqyjk9","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"title":"Security Check","dom":{"size":5402,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2078)","md5":"9a1b66927661e6debfb0f591d6c7aea2","sha1":"cac74fcf5cc270dd0e31f5ce6dff5c1537de7e54","sha256":"a8495cd299940d0954158ac540a04778383d88be6ffdead3b5af8e5962cd8099","sha512":"43d5318f7f1328f52e7279535b5b8ed24bc567f9fa4e948dbcbb64437fc60d4d5bec60af5e8a7595bdb1d989ccf1a6f711f08882af4ba716834e9ab5dce47fa9","ssdeep":"96:YNu0pweHOcq9tyAWAACBPlQXn1OwiBH3voLPL:YLs9ti1OwiBHwv","tlshash":"90b17520465e6c170107218474768b5db36bc223eb13893dbaff2195d7cdeec856b6e2","dom_hash":"domhashce78ba36a7b82dd8035bd93eaeefd311","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ngunyiyannick.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/images/prettyPhoto/html.html","fqdn":"ngunyiyannick.com","domain":"ngunyiyannick.com","tld":"com"},"ip":{"addr":"198.251.88.188","port":0,"asn":53667,"as":"PONYNET","country":"Luxembourg","country_code":"LU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-31T04:52:16Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"saledelivery.zone","ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2022-03-07","domain_rank":0,"first_seen":"2022-03-17T08:11:03Z","last_seen":"2025-11-23T18:50:04.963485Z","alert_count":33,"request_count":11,"received_data":222415,"sent_data":6258,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"ngunyiyannick.com","ip":{"addr":"198.251.88.188","port":443,"asn":53667,"as":"PONYNET","country":"Luxembourg","country_code":"LU"},"domain_registered":"2022-06-02","domain_rank":0,"first_seen":"2025-11-26T04:52:16.918028Z","last_seen":"2025-11-26T04:52:16.918028Z","alert_count":0,"request_count":1,"received_data":2016,"sent_data":584,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"saledelivery.zone/?cp=7lvqyjk9","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"cbc74b15a730015452d646bdd6846633","sha1":"c0a660f3c41947d811dad368e61291838a5c82da","sha256":"b60627970b74ac466aba716ec668266b092aba4df563093846f6dd7a3f152d05","sha512":"b1fa5efa0b475a34719223f57c18b29f2b2e227558208ff964a71575d89cb449a6b56959227c87d0daa705d46fbd91dad0ed42486e74c4cc2d32bafecd8ef45b","ssdeep":"","tlshash":"ade0abc0e7cf6c630d6d101c0b2f99cc905cf273dd684876dc0a2312936041acf11ba4","size":419,"data":"","first_seen":"2025-04-24T14:33:05.532202Z","last_seen":"2026-04-03T02:50:13.218931Z","times_seen":682,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/js/omgrd.min.js?v=1763972107","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"f8642c37023dc6b980cadeca382613d9","sha1":"ece8cd68d208d5cc078ae06ce390652d2621ff84","sha256":"f5b3e0b1781f3fbbec437303884a58af2cefd4c6a66eaf0eb66f61a57be1d7be","sha512":"7a288db4ba123a3b1ceaafb4e8fb3915231d211c48ab1963fe7ffb9f4d53f58148c069008cb57c2c2cfc204f991dfdd179f685bb606ebd75152e5a4122a5acaf","ssdeep":"192:8ly1HHIQn9xhhz5r1rzp4o1adRFwMcSwIjOtdm1P1whiEwaIDlvNOTu:8ly1nIOzJ1rzuo1aztw43gTu","tlshash":"d362881c6ed029ba57620a2a2ee658ece60a0c4d7a450059f4137cffded4267bde3133","size":14530,"data":"","first_seen":"2023-06-17T22:38:20Z","last_seen":"2026-04-03T02:50:13.215255Z","times_seen":873,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/js/check.min.js?v=1763972107","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"dbdb97c2f91c01502910b22e27fc0b24","sha1":"5f51141d704b71675da200e9593c9b004700cee3","sha256":"41a7a2af77c7c8a201bcf46c4a09f4b0eb69add9c988c7cb34e9c3ad9aec0a2d","sha512":"d04d4e495f6c915d28ec218a77a47cc52f41d36c2ae675f5b3722d33a59f7b4c12cc2a63493eb10e27b364e145bb52e1db16384d6f923055837b8cfa1326f886","ssdeep":"192:nq0gFASWUZlkYZKim26fYOClK3ZKjz1sntc2Q6OrF+SMGiLbb:nDgFVlnk26gOOzA22Q6OR+g+bb","tlshash":"15623501f9e16817c39f6f52b327e7e2e81938ce79105c8fb651f8a0edca9316982471","size":15085,"data":"","first_seen":"2023-09-16T06:20:58Z","last_seen":"2026-04-03T02:50:13.212562Z","times_seen":873,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/themes/common/js/jquery-3.3.1.min.js?v=1763972142","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-05T11:53:39.102463Z","times_seen":118363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngunyiyannick.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/images/prettyPhoto/html.html","fqdn":"ngunyiyannick.com","domain":"ngunyiyannick.com","tld":"com"},"ip":{"addr":"198.251.88.188","port":443,"asn":53667,"as":"PONYNET","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":true,"md5":"7fcf9549b18024b99e8c05d644425108","sha1":"ad3540128b416559357aad22167f0ee37db126d0","sha256":"9cb9889a7b36f9992a588bca515f4a3feb43bbb7139089c5301e536f1fd37699","sha512":"b3b0898ff9eb18fbab56c9137d8fb2bca68032f20789748c2190303a987d96e3d65e870375299fc5639ac54de81d42fc18f9e27255f5ef577a9b8c794637d719","ssdeep":"","tlshash":"85311f782dc17260233522770e1fa447e72feb902538c5055311f6f43d14a62b96fba6","size":1569,"data":"","first_seen":"2025-11-26T04:52:19.916566Z","last_seen":"2025-11-26T04:52:19.916566Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"saledelivery.zone/themes/common/js/jquery-3.3.1.min.js?v=1763972142","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /themes/common/js/jquery-3.3.1.min.js?v=1763972142 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:42 GMT\r\nETag: W/\"6924142e-1538f\"\r\nExpires: Wed, 25 Nov 2026 20:19:45 GMT\r\nCache-Control: max-age=31536000, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-05T11:53:39.102463Z","times_seen":118363,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":96,"dns":1,"connect":34,"send":0,"wait":68,"receive":2,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/js/check.min.js?v=1763972107","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /js/check.min.js?v=1763972107 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:07 GMT\r\nETag: W/\"6924140b-3aed\"\r\nExpires: Wed, 25 Nov 2026 20:29:56 GMT\r\nCache-Control: max-age=31536000, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15085,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15085), with no line terminators","md5":"dbdb97c2f91c01502910b22e27fc0b24","sha1":"5f51141d704b71675da200e9593c9b004700cee3","sha256":"41a7a2af77c7c8a201bcf46c4a09f4b0eb69add9c988c7cb34e9c3ad9aec0a2d","sha512":"d04d4e495f6c915d28ec218a77a47cc52f41d36c2ae675f5b3722d33a59f7b4c12cc2a63493eb10e27b364e145bb52e1db16384d6f923055837b8cfa1326f886","ssdeep":"192:nq0gFASWUZlkYZKim26fYOClK3ZKjz1sntc2Q6OrF+SMGiLbb:nDgFVlnk26gOOzA22Q6OR+g+bb","tlshash":"15623501f9e16817c39f6f52b327e7e2e81938ce79105c8fb651f8a0edca9316982471","first_seen":"2023-09-16T06:20:58Z","last_seen":"2026-04-03T02:50:13.212562Z","times_seen":873,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":83,"dns":1,"connect":35,"send":0,"wait":34,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/js/omgrd.min.js?v=1763972107","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /js/omgrd.min.js?v=1763972107 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:07 GMT\r\nETag: W/\"6924140b-38c2\"\r\nExpires: Wed, 25 Nov 2026 20:22:06 GMT\r\nCache-Control: max-age=31536000, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14530,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14528), with no line terminators","md5":"f8642c37023dc6b980cadeca382613d9","sha1":"ece8cd68d208d5cc078ae06ce390652d2621ff84","sha256":"f5b3e0b1781f3fbbec437303884a58af2cefd4c6a66eaf0eb66f61a57be1d7be","sha512":"7a288db4ba123a3b1ceaafb4e8fb3915231d211c48ab1963fe7ffb9f4d53f58148c069008cb57c2c2cfc204f991dfdd179f685bb606ebd75152e5a4122a5acaf","ssdeep":"192:8ly1HHIQn9xhhz5r1rzp4o1adRFwMcSwIjOtdm1P1whiEwaIDlvNOTu:8ly1nIOzJ1rzuo1aztw43gTu","tlshash":"d362881c6ed029ba57620a2a2ee658ece60a0c4d7a450059f4137cffded4267bde3133","first_seen":"2023-06-17T22:38:20Z","last_seen":"2026-04-03T02:50:13.215255Z","times_seen":873,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":82,"dns":1,"connect":35,"send":0,"wait":33,"receive":1,"ssl":69},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/img/icon-loading-white.png","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /img/icon-loading-white.png HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/themes/common/css/checking.min.css?v=1763972142\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: image/png\r\nContent-Length: 2298\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:14:25 GMT\r\nETag: \"692413e1-8fa\"\r\nExpires: Thu, 27 Nov 2025 03:31:03 GMT\r\nCache-Control: max-age=86400, public, public\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2298,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, interlaced","md5":"b472e76889226a02dfc44e43fe2bbb02","sha1":"fe89e773206a3f904c28363c405c0dd97eb3a530","sha256":"91287e5ed0f61955da9df08e382552661fdaeb4962a6f1de229795f4ea36ade0","sha512":"35db131da425f877c7c918adc2528c509de53da103ad3118eba1fc65e4f7842835487b1aad8de80fc62ee004a60722f8362b1f34df0036cef676e8424fd98465","ssdeep":"","tlshash":"15414bce7fac3e7eb4c30eb82f215b118489702f73e44542751e876bd71462060f825a","first_seen":"2023-05-02T01:43:44Z","last_seen":"2026-04-03T02:50:13.215778Z","times_seen":873,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/img/icon-check.svg","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:57.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /img/icon-check.svg HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/themes/common/css/checking.min.css?v=1763972142\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:57 GMT\r\nContent-Type: image/svg+xml\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:14:25 GMT\r\nETag: W/\"692413e1-38b\"\r\nExpires: Thu, 27 Nov 2025 02:29:37 GMT\r\nCache-Control: max-age=86400, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":907,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3f03a8bf472dfa36e6521da93da0b512","sha1":"68649ff75b674752184b1a711ac00f02164ea3f7","sha256":"a46b9e16fdb4ec63902f7de4814add0b738e2896691f084766f900f310f013fa","sha512":"cf87990e78e1d9d0c019d410011c9e71db88f058ccfaf81f8defef70ba623fc5c0e77313861ddf8774302f90a09a423fa392442be79781fd27d3d56141db1b94","ssdeep":"","tlshash":"731112d423769861e205ca29f7f9b50c4d3830c75ad50115758d1815bb382de9fbf348","first_seen":"2023-05-21T15:40:04Z","last_seen":"2026-04-03T02:50:13.217185Z","times_seen":860,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ngunyiyannick.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/images/prettyPhoto/html.html","fqdn":"ngunyiyannick.com","domain":"ngunyiyannick.com","tld":"com"},"ip":{"addr":"198.251.88.188","port":443,"asn":53667,"as":"PONYNET","country":"Luxembourg","country_code":"LU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T04:51:54.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ntioteh.com.ngunyiyannick.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 22 Oct 2025 12:34:26 GMT","end":"Tue, 20 Jan 2026 12:34:25 GMT"},"fingerprint":{"sha1":"15:01:20:75:E5:7D:D1:EA:9F:D3:75:1C:F6:A7:FE:1B:9B:8E:3A:4F","sha256":"AF:54:07:FF:3E:49:CA:BB:42:19:F9:82:8E:AA:26:AC:D8:F8:F5:BF:FC:06:F5:50:BA:7E:F0:5F:A9:BB:A4:BA"}}},"request":{"raw":"GET /wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/images/prettyPhoto/html.html HTTP/1.1\r\nHost: ngunyiyannick.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Thu, 21 Aug 2025 00:34:43 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 885\r\ndate: Wed, 26 Nov 2025 04:51:55 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1586,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (1586), with no line terminators","md5":"3302b57036518aaa6b960b0c6135ffed","sha1":"0ccc9f7e199024c6f172fb7f6966c7726991c600","sha256":"0876982c61276064a3280e3b7d0b94f888d9e97b26b9103a2400fc899618cba8","sha512":"b36a4beb2fe99cbed51c7284579dfd9f956ddd18e422c12e5c99507c5c1a62bf03504c364a3d5cd011aeb37d9a33722b9ee09f52baff2738debc07bd848b13eb","ssdeep":"","tlshash":"9c311f782dc17260277522770e2fa44be72feb902538c5055311f6f83d14aa2b96fba6","first_seen":"2025-11-26T04:52:19.906051Z","last_seen":"2025-11-26T04:52:19.906051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":666,"timings":{"blocked":299,"dns":157,"connect":67,"send":0,"wait":67,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/themes/common/fonts/roboto-regular.woff2","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /themes/common/fonts/roboto-regular.woff2 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/themes/common/css/fonts.min.css?v=1763972142\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 64692\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:42 GMT\r\nETag: \"6924142e-fcb4\"\r\nExpires: Wed, 26 Nov 2025 23:32:42 GMT\r\nCache-Control: max-age=86400, public, public\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64692,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 64692, version 1.0","md5":"8fa8a82f0969cd7d7027c1171ca08061","sha1":"bf4da7aa5737d5567f826fb83e000db8d171ab16","sha256":"4b9f4b6894c43b1ad68c54790e1b7d0f3aa0947b3fff960452ea6d8e172b4683","sha512":"077328ea0a91f1624215aadbcf06dbf8dbabc16589c0cbad311a9356012f87853a75ac079c7a0a10f9e0a291fefeed7b64d14624df2a570a9f9018e9283c6987","ssdeep":"1536:XVT4hvNacjznVQheM9WToUGuwCZWmjct2d5ipE:h4hbjzWeuWTUCZZQs","tlshash":"0e53f17893971a3eddbce52b6c8419294ee6f9f6c2e18d914c0dd4289cc8233b75d1b8","first_seen":"2023-04-18T19:35:59Z","last_seen":"2026-04-04T06:46:26.360011Z","times_seen":971,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":68,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/user-verification/","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"POST /user-verification/ HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 10\r\nOrigin: https://saledelivery.zone\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":10,"data":"type=check"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"624f8e41fd7a95854660bfe31cb0ac3e","sha1":"45cf60ee80d3cdf3bbb4314b17d89841cd173b66","sha256":"ba0b925b2ea4c2f40cb949c350915a5b1434ef7c9380701838c9850ea4879875","sha512":"22a9095a265fdd6a9ad11a031f6bb75ee6277754f3c4c8d87e9c1f308553ef3dcf7a4ba6a1f53b81e3d3f0bd5c2e74c719dbb2fa00bb4de6c30c9713aa29391e","ssdeep":"","tlshash":"f66000c03c000000cc00c0c3300000000c003f00000000030cc03003c0c003030c0c30","first_seen":"2023-09-16T06:20:58Z","last_seen":"2026-04-03T02:50:13.216286Z","times_seen":861,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/themes/506/assets/img/favicon.ico","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /themes/506/assets/img/favicon.ico HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 21822\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:42 GMT\r\nETag: \"6924142e-553e\"\r\nExpires: Thu, 27 Nov 2025 01:59:22 GMT\r\nCache-Control: max-age=86400, public, public\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21822,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"d48da7d7caa19c8546b4e0ae854b9a0c","sha1":"d780395316a595d2692d478d708aeab2ede95322","sha256":"b964ba4aacbd02615978663ee33b6d313d4af0c7d5253e97cc3104eea14549f2","sha512":"16e2caaf7df435b6135c700c97a88c9bcb65a7ba78653e254f29ee81ffe6030f286318e17d9747d22ea8fcfd74f8e1fc4e5e5956b1e3931d571780a8fe5a150b","ssdeep":"192:KJUUoJDEXLUSiW5vPwEpyFybfEF3H31E2XrBT9C5IIIbLUSiW5vPh:KJ/oCXYSidOyFy4E2Xrh9C5IIIbYSio","tlshash":"e3a220097967e42ac4c4c734c171f27e71e0fdc63926939638c07edb3ea86459ad52e8","first_seen":"2023-05-02T01:43:44Z","last_seen":"2026-04-03T02:50:13.213698Z","times_seen":830,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/?cp=7lvqyjk9","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T04:51:54.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /?cp=7lvqyjk9 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ngunyiyannick.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nSet-Cookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld; expires=Sat, 06-Dec-2025 04:51:55 GMT; Max-Age=864000; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3560,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9e804810db95bf8794975ee05f5de195","sha1":"e997f8796673a01727a69bdd1629a0489065f52b","sha256":"44aa92616bfdccdfafc697e892e909aedaa6ec8718dddf7212ab462269e66b1d","sha512":"0bc9c47d6fbb376c2c55c480794bf427d030ca89f531234acb3bc953ac8943320c8e16a15252dc66ff17be26faa4a009366d3685a4482f59a9cfa85fe83eca07","ssdeep":"","tlshash":"7e711011aa9eac33120311d651b9575de39fad32e703c576b6ff8190d390f98c91b28a","first_seen":"2025-11-25T19:11:18.443113Z","last_seen":"2025-11-28T11:31:53.739238Z","times_seen":5,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":159,"dns":54,"connect":34,"send":0,"wait":175,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/themes/common/css/checking.min.css?v=1763972142","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /themes/common/css/checking.min.css?v=1763972142 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:42 GMT\r\nETag: W/\"6924142e-1b8e\"\r\nExpires: Wed, 25 Nov 2026 20:18:47 GMT\r\nCache-Control: max-age=31536000, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7054), with no line terminators","md5":"6a06f768867f614fcf089b09e42229a5","sha1":"024427deeae319540dd967a5c129385722295557","sha256":"1bdfa74184cd54a76df6c1b09a6ef448f751cd7b3981091a7ccbe048bdd6b1c5","sha512":"476e39c0f93d21f971c435d09c66f7e33e7145111a319fb718549f5f46e796ccbb8dc98ee978bd758e8a6c11281a23c012e347cb66c044b39abaf84fe32dc583","ssdeep":"96:QcnlJ59DjGC1NkVq++BntR2Hk7pXOcDQucmnVfQ:Nlf9Dj91NkVq++BntckJxDQucC6","tlshash":"0be1311719513b3f6017ada146cc835676b9c563ab422fff29e1a470cb8b2a70137e4e","first_seen":"2023-06-17T22:38:20Z","last_seen":"2026-04-03T02:50:13.210886Z","times_seen":873,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saledelivery.zone/themes/common/css/fonts.min.css?v=1763972142","fqdn":"saledelivery.zone","domain":"saledelivery.zone","tld":"zone"},"ip":{"addr":"51.254.37.68","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://saledelivery.zone/?cp=7lvqyjk9","date":"2025-11-26T04:51:55.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saledelivery.zone","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:14:24 GMT","end":"Wed, 04 Feb 2026 21:14:23 GMT"},"fingerprint":{"sha1":"62:5E:95:80:47:61:51:B0:D4:92:25:B3:A8:15:91:FB:1E:B3:5A:02","sha256":"F4:48:19:44:4D:A2:E2:92:17:57:09:A9:D5:C9:59:31:B9:47:FB:67:84:0E:B4:CA:08:7E:CB:83:7C:90:FC:26"}}},"request":{"raw":"GET /themes/common/css/fonts.min.css?v=1763972142 HTTP/1.1\r\nHost: saledelivery.zone\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saledelivery.zone/?cp=7lvqyjk9\r\nCookie: CGISID=sje4pkr7t319ek26tt2fakp2qf76pkm4ojkt9evtmequjln20900g4sb6unuld\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 26 Nov 2025 04:51:55 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 24 Nov 2025 08:15:42 GMT\r\nETag: W/\"6924142e-1d8\"\r\nExpires: Wed, 25 Nov 2026 20:19:45 GMT\r\nCache-Control: max-age=31536000, public, public\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Security-Policy: img-src https: data:; upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":472,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (472), with no line terminators","md5":"c75229c404d812bed7e45178cb5de880","sha1":"60d577f786a85ae2da0ce10fb5d2ad44f891d350","sha256":"03b7968aebb847843841403a6c90ca504fd44d6aa876724710f632e94e91eb03","sha512":"f7764a2212354be7ef6108a61de7da0f3f39b1f629e5e4962daa031abfb79e9bb8ffefe4d907f75dc82c4fa66c72cb13362a413b24929b134d536414c056d37b","ssdeep":"","tlshash":"65f0fe72cbf9258385ab0506e0f1bb11bf1e6a3d3410f843c20c56766af3d810594be2","first_seen":"2023-06-17T22:38:20Z","last_seen":"2026-04-03T02:50:13.211492Z","times_seen":863,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"saledelivery.zone","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}