{"report_id":"8311ee72-6d4e-4ff4-a3cb-15cece35bc15","version":0,"status":"done","tags":[],"date":"2026-07-02T13:36:23Z","url":{"schema":"http","addr":"ss136.qpon","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ss136.qpon/index/user/login.html","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"title":"Login","dom":{"size":19178,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1317)","md5":"08a976f625f62b9fc3a57cbe51e2bf05","sha1":"ed2cbb3c22eb0744f46723ce3bedad25fdc115bf","sha256":"c668396bb19db5e9ae0a43f7c535a9e7431d945311eccd1707b87931020baa87","sha512":"dd9647c874dc31c85c13a1c54da72f2595eb2c2fe1e183c9a6cd8760196079d46261f158ad26127249955510d56c9523f1297fad2fbed4693cb934da5523f3bb","ssdeep":"192:NaKfJhTMUypS1hKBP4UHYh9rnrEq19IBHsb8ahY6veclKx4hrJyokQx2eKYIKgKR:Zqtw9Z9/roFmqhpEPI+","tlshash":"7d82869a6ae320457913a4f86bfb574d33398107d507cc5d7f9d23888f893d889e2789","dom_hash":"domhashd550aff9bc6ae1fdcfcc6227a8f492fe","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ss136.qpon","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T13:36:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ss136.qpon","ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"domain_registered":"2026-06-26","domain_rank":0,"first_seen":"2026-07-02T13:36:23.662419Z","last_seen":"2026-07-02T13:36:23.662419Z","alert_count":20,"request_count":5,"received_data":307913,"sent_data":2774,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ss136.qpon/upload/116be831e9d0919e/2333.png","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ss136.qpon/index/user/login.html","date":"2026-07-02T13:36:00.325Z","timestamp":1782999360325,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ss136.site","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 14:12:11 GMT","end":"Thu, 24 Sep 2026 14:12:10 GMT"},"fingerprint":{"sha1":"E0:52:19:14:86:B7:EE:E4:0F:94:0C:8A:68:5F:63:1B:BD:EC:72:3C","sha256":"95:9C:45:60:93:D9:30:3A:F7:83:D0:1D:CF:B3:A9:38:A4:89:D0:5C:7D:D6:1F:24:18:12:DF:6D:D5:4D:F5:58"}}},"request":{"raw":"GET /upload/116be831e9d0919e/2333.png HTTP/1.1\r\nHost: ss136.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ss136.qpon/index/user/login.html\r\nCookie: s9c3f9329=dnhmpcm3pp3q80vld782jb5fpr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:35:55 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 09 Feb 2026 14:08:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6989ea67-1ae56\"\r\nexpires: Sat, 01 Aug 2026 13:35:55 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":110166,"size_decoded":107900,"mime_type":"image/png","magic":"PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced","md5":"d40559776491062a5232d5b7027d13ab","sha1":"d597e5614d7e264d37784589cf09457e6493022f","sha256":"958bdf5d256c95844a0dc23912aa93edb1647f5ed1c122952ceead11d29e5c79","sha512":"b33e7f1bcb1372ad9e8e2593546b8956b610201b879912f492afa638b838d4ef72b4998dd9fffd99d0068e3066ba8d2f067194b0bc9dc1f4e41f9027937ff808","ssdeep":"1536:WV7EcWgE2N+jF33dlHK1bZpXU0/dl2y8qNgKk5hIdI9Ebqy5dB2RyI1:WV7EcX+5vK1bZpXX/dlYqNASd+8dBaH","tlshash":"96b312b79185bc77cb98f83078d2439ac66358657072161aef00d2f2b89b0749bfc6c6","first_seen":"2026-04-12T17:27:25.82072Z","last_seen":"2026-07-02T23:06:45.763241Z","times_seen":10,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":332,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ss136.qpon/","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T13:35:58.669Z","timestamp":1782999358669,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ss136.site","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 14:12:11 GMT","end":"Thu, 24 Sep 2026 14:12:10 GMT"},"fingerprint":{"sha1":"E0:52:19:14:86:B7:EE:E4:0F:94:0C:8A:68:5F:63:1B:BD:EC:72:3C","sha256":"95:9C:45:60:93:D9:30:3A:F7:83:D0:1D:CF:B3:A9:38:A4:89:D0:5C:7D:D6:1F:24:18:12:DF:6D:D5:4D:F5:58"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ss136.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:35:54 GMT\r\ncontent-type: text/html; charset=utf-8\r\nset-cookie: s9c3f9329=dnhmpcm3pp3q80vld782jb5fpr; path=/; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-cache,must-revalidate\r\nlocation: /index/user/login.html\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-03T07:08:24.949251Z","times_seen":16935333,"resource_available":true,"data":null}},"time_used":979,"timings":{"blocked":-1,"dns":374,"connect":144,"send":0,"wait":171,"receive":0,"ssl":290},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ss136.qpon/index/user/login.html","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T13:35:59.658Z","timestamp":1782999359658,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ss136.site","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 14:12:11 GMT","end":"Thu, 24 Sep 2026 14:12:10 GMT"},"fingerprint":{"sha1":"E0:52:19:14:86:B7:EE:E4:0F:94:0C:8A:68:5F:63:1B:BD:EC:72:3C","sha256":"95:9C:45:60:93:D9:30:3A:F7:83:D0:1D:CF:B3:A9:38:A4:89:D0:5C:7D:D6:1F:24:18:12:DF:6D:D5:4D:F5:58"}}},"request":{"raw":"GET /index/user/login.html HTTP/1.1\r\nHost: ss136.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: s9c3f9329=dnhmpcm3pp3q80vld782jb5fpr\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:35:54 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19207,"size_decoded":4836,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1317)","md5":"b8ef9b4d1cf757ab3ed3dc7d56eb595f","sha1":"7e047e9935545f8f65308ac2ecd91ed994f8719f","sha256":"b8f1c38c593521534434280db26a432886a9d2f2f71bf071e9ebfa8a7a115e5d","sha512":"eab2cb3e4d5edd60b29e395dda4834d704981847f8662f8e2f5c1beec38699ff4c6f4ce28f9f8e41466c7f9048a793bf3ba727c31b938f5ae66815465c6f2d4d","ssdeep":"192:5aKfJhTMUypkhKBP4UHYh9rnrEq19IBHsb8ahY6veclKx4hrJyokQx2eKYIKgKPp:Nq5w9Z9/roFmqhpEPIO","tlshash":"e382759a6ae320457913a4f86bfb574d33398107d507cc5d7f9d23888f893d88ae2789","first_seen":"2026-07-02T13:36:27.55537Z","last_seen":"2026-07-02T13:36:27.55537Z","times_seen":1,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ss136.qpon/upload/116be831e9d0919e/2333.png","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ss136.qpon/index/user/login.html","date":"2026-07-02T13:36:00.085Z","timestamp":1782999360085,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ss136.site","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 14:12:11 GMT","end":"Thu, 24 Sep 2026 14:12:10 GMT"},"fingerprint":{"sha1":"E0:52:19:14:86:B7:EE:E4:0F:94:0C:8A:68:5F:63:1B:BD:EC:72:3C","sha256":"95:9C:45:60:93:D9:30:3A:F7:83:D0:1D:CF:B3:A9:38:A4:89:D0:5C:7D:D6:1F:24:18:12:DF:6D:D5:4D:F5:58"}}},"request":{"raw":"GET /upload/116be831e9d0919e/2333.png HTTP/1.1\r\nHost: ss136.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ss136.qpon/index/user/login.html\r\nCookie: s9c3f9329=dnhmpcm3pp3q80vld782jb5fpr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:35:55 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 09 Feb 2026 14:08:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6989ea67-1ae56\"\r\nexpires: Sat, 01 Aug 2026 13:35:55 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":110166,"size_decoded":107900,"mime_type":"image/png","magic":"PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced","md5":"d40559776491062a5232d5b7027d13ab","sha1":"d597e5614d7e264d37784589cf09457e6493022f","sha256":"958bdf5d256c95844a0dc23912aa93edb1647f5ed1c122952ceead11d29e5c79","sha512":"b33e7f1bcb1372ad9e8e2593546b8956b610201b879912f492afa638b838d4ef72b4998dd9fffd99d0068e3066ba8d2f067194b0bc9dc1f4e41f9027937ff808","ssdeep":"1536:WV7EcWgE2N+jF33dlHK1bZpXU0/dl2y8qNgKk5hIdI9Ebqy5dB2RyI1:WV7EcX+5vK1bZpXX/dlYqNASd+8dBaH","tlshash":"96b312b79185bc77cb98f83078d2439ac66358657072161aef00d2f2b89b0749bfc6c6","first_seen":"2026-04-12T17:27:25.82072Z","last_seen":"2026-07-02T23:06:45.763241Z","times_seen":10,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ss136.qpon/static/image/logbgs.jpg","fqdn":"ss136.qpon","domain":"ss136.qpon","tld":"qpon"},"ip":{"addr":"128.241.229.230","port":443,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ss136.qpon/index/user/login.html","date":"2026-07-02T13:36:00.087Z","timestamp":1782999360087,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ss136.site","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 14:12:11 GMT","end":"Thu, 24 Sep 2026 14:12:10 GMT"},"fingerprint":{"sha1":"E0:52:19:14:86:B7:EE:E4:0F:94:0C:8A:68:5F:63:1B:BD:EC:72:3C","sha256":"95:9C:45:60:93:D9:30:3A:F7:83:D0:1D:CF:B3:A9:38:A4:89:D0:5C:7D:D6:1F:24:18:12:DF:6D:D5:4D:F5:58"}}},"request":{"raw":"GET /static/image/logbgs.jpg HTTP/1.1\r\nHost: ss136.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ss136.qpon/index/user/login.html\r\nCookie: s9c3f9329=dnhmpcm3pp3q80vld782jb5fpr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 02 Jul 2026 13:35:55 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 09 Feb 2026 12:34:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6989d444-100fb\"\r\nexpires: Sat, 01 Aug 2026 13:35:55 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65787,"size_decoded":50339,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1920, components 3","md5":"2a746163c23df63861429ba0963bf80d","sha1":"11f1a63587e85b1d94b3270b91a937e6164ba10d","sha256":"574e6c2c61d2d2f209a3f3c88dca302603c565138105a7134e30b3a3bf4b55e9","sha512":"5bf8b90f99112008234671d41d5a7222e221609881bccfdc4203462e1a20d4bbc78bee8e34bbd5a41bcedc95dd5df5433a641f75f0c1135da9eff438dbfa1410","ssdeep":"1536:AO2sQvTYq4b9i/LM320nGRac44zQUwls+MmA5oFEayz:piTY1b9//GRayz6ZMH5tz","tlshash":"2a53e7179c599b43953987f8be034eac6b163b1ca98639ef15234fcb3c302655d9d02e","first_seen":"2026-04-12T17:27:25.821739Z","last_seen":"2026-07-02T23:06:45.764567Z","times_seen":10,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":570,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-07-02","alert":"Phishing Block","trigger":"ss136.qpon","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"ss136.qpon","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}
