{"report_id":"8448586d-16c2-4de0-b0c3-64d988bb3371","version":6,"status":"done","tags":[],"date":"2026-03-01T01:40:53Z","url":{"schema":"http","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.239.7","port":0,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"final":{"url":{"schema":"https","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"title":"Site unavailable","dom":{"size":4305,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"3698187286d79e697c574ae1bcde93fc","sha1":"7cbbf2d1361c54dc4eea86b68c180ed8f8be6af4","sha256":"6ecc149980cf2f56ec25ec27c44b73493fb214723b17b23e619b7e7e68bb0cdf","sha512":"e63afff8568a49053a26db4e0c6e995439dacc2a7fe7227434679904bb2590733d31b2a222c40be2eba3f997dcb4526814206cfa6cc6839432e5b6810b5164da","ssdeep":"48:XpTM2t6WQQxn+qPFU3sSGM1e1B1Ty9gfGiqk5y2wU+Z/wMS5FkpZlpGnph:FLdPFwsSMySTqy8Z/tAFkpfS","tlshash":"3c91126b86f36442651be46067aa37446f64c00bc54fdc283edd7294cf8a495d9e378c","dom_hash":"domhash83e5108a8be4c5beb0c9c6071d6d666e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.239.7","port":0,"asn":54113,"as":"FASTLY","country":"Norway","country_code":"NO"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-05T01:40:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"homepageaccess.ghost.io","ip":{"addr":"151.101.67.7","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2011-10-02","domain_rank":0,"first_seen":"2026-02-15T04:45:59.496759Z","last_seen":"2026-02-15T04:45:59.496759Z","alert_count":10,"request_count":5,"received_data":25335,"sent_data":2307,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.67.7","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T01:40:30.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghost.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 16:08:31 GMT","end":"Thu, 21 May 2026 16:08:30 GMT"},"fingerprint":{"sha1":"4C:45:A4:15:CA:85:9D:99:BC:4D:A7:B6:3C:E7:8F:5E:21:5D:F4:2C","sha256":"01:5F:E1:24:63:34:94:E0:F1:2C:A5:59:18:44:31:EE:B4:5D:22:55:CE:55:52:10:B9:82:8D:08:0F:A2:D6:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: homepageaccess.ghost.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 402 Payment Required\r\nserver: openresty\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish, 1.1 varnish\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0\r\ndate: Sun, 01 Mar 2026 01:40:31 GMT\r\nx-served-by: cache-ams2100105-AMS, cache-ams21036-AMS, cache-hel1410030-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1772329231.989389,VS0,VE52\r\nvary: Cookie\r\nx-request-id: e9803909-ad4f-4cfb-a035-35489f5989fa\r\nghost-fastly: true;production\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8b79cc67078234da510477d81af8a35a","sha1":"06e3190d5417bd973429b5b2e3fa8a799c9eaf4d","sha256":"dacb90db2c037cce86306a0cf2015daa207c0ca7de23ed958ebb4562f4c3886a","sha512":"3201e196a961e27b3b9ffaf4ea634c4f30c61b195a4c7cd7ae74330a09d72c7abe99e4087df2ebe1c313755c7f7465f19638c9206cb9825dc6f1222d3edba443","ssdeep":"48:0IpoM2t6WQQxn+qPFU3sSGM1e1B1Ty9gfGiqk5y2wU+Z/oKzS5FkpZlvAnpF:8LdPFwsSMySTqy8Z/RAFkpf+","tlshash":"9e910f6b86f36542650bd47067aa37446b68c00bc54fcc283edd72a4cf8a894d9e37cc","first_seen":"2025-11-15T03:37:53.366201Z","last_seen":"2026-04-04T10:49:39.675486Z","times_seen":1386,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"homepageaccess.ghost.io/ghost-logo-light.png","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.67.7","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://homepageaccess.ghost.io/","date":"2026-03-01T01:40:31.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghost.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 16:08:31 GMT","end":"Thu, 21 May 2026 16:08:30 GMT"},"fingerprint":{"sha1":"4C:45:A4:15:CA:85:9D:99:BC:4D:A7:B6:3C:E7:8F:5E:21:5D:F4:2C","sha256":"01:5F:E1:24:63:34:94:E0:F1:2C:A5:59:18:44:31:EE:B4:5D:22:55:CE:55:52:10:B9:82:8D:08:0F:A2:D6:49"}}},"request":{"raw":"GET /ghost-logo-light.png HTTP/1.1\r\nHost: homepageaccess.ghost.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://homepageaccess.ghost.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 402 Payment Required\r\nserver: openresty\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish, 1.1 varnish\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0\r\ndate: Sun, 01 Mar 2026 01:40:31 GMT\r\nx-served-by: cache-ams2100130-AMS, cache-ams2100114-AMS, cache-hel1410030-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1772329231.161765,VS0,VE55\r\nvary: Cookie\r\nx-request-id: 1095154a-9b38-49f5-9a93-800335cdd4fa\r\nghost-fastly: true;production\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8b79cc67078234da510477d81af8a35a","sha1":"06e3190d5417bd973429b5b2e3fa8a799c9eaf4d","sha256":"dacb90db2c037cce86306a0cf2015daa207c0ca7de23ed958ebb4562f4c3886a","sha512":"3201e196a961e27b3b9ffaf4ea634c4f30c61b195a4c7cd7ae74330a09d72c7abe99e4087df2ebe1c313755c7f7465f19638c9206cb9825dc6f1222d3edba443","ssdeep":"48:0IpoM2t6WQQxn+qPFU3sSGM1e1B1Ty9gfGiqk5y2wU+Z/oKzS5FkpZlvAnpF:8LdPFwsSMySTqy8Z/RAFkpf+","tlshash":"9e910f6b86f36542650bd47067aa37446b68c00bc54fcc283edd72a4cf8a894d9e37cc","first_seen":"2025-11-15T03:37:53.366201Z","last_seen":"2026-04-04T10:49:39.675486Z","times_seen":1386,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"homepageaccess.ghost.io/favicon.ico","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.67.7","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://homepageaccess.ghost.io/","date":"2026-03-01T01:40:31.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghost.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 16:08:31 GMT","end":"Thu, 21 May 2026 16:08:30 GMT"},"fingerprint":{"sha1":"4C:45:A4:15:CA:85:9D:99:BC:4D:A7:B6:3C:E7:8F:5E:21:5D:F4:2C","sha256":"01:5F:E1:24:63:34:94:E0:F1:2C:A5:59:18:44:31:EE:B4:5D:22:55:CE:55:52:10:B9:82:8D:08:0F:A2:D6:49"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: homepageaccess.ghost.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://homepageaccess.ghost.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 402 Payment Required\r\nserver: openresty\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish, 1.1 varnish\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0\r\ndate: Sun, 01 Mar 2026 01:40:31 GMT\r\nx-served-by: cache-ams2100094-AMS, cache-ams2100094-AMS, cache-hel1410030-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1772329231.246429,VS0,VE53\r\nvary: Cookie\r\nx-request-id: 23720e66-e9a9-4111-a601-5da16d17a9a0\r\nghost-fastly: true;production\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8b79cc67078234da510477d81af8a35a","sha1":"06e3190d5417bd973429b5b2e3fa8a799c9eaf4d","sha256":"dacb90db2c037cce86306a0cf2015daa207c0ca7de23ed958ebb4562f4c3886a","sha512":"3201e196a961e27b3b9ffaf4ea634c4f30c61b195a4c7cd7ae74330a09d72c7abe99e4087df2ebe1c313755c7f7465f19638c9206cb9825dc6f1222d3edba443","ssdeep":"48:0IpoM2t6WQQxn+qPFU3sSGM1e1B1Ty9gfGiqk5y2wU+Z/oKzS5FkpZlvAnpF:8LdPFwsSMySTqy8Z/RAFkpf+","tlshash":"9e910f6b86f36542650bd47067aa37446b68c00bc54fcc283edd72a4cf8a894d9e37cc","first_seen":"2025-11-15T03:37:53.366201Z","last_seen":"2026-04-04T10:49:39.675486Z","times_seen":1386,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.67.7","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T01:40:30.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghost.io","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 16:08:31 GMT","end":"Thu, 21 May 2026 16:08:30 GMT"},"fingerprint":{"sha1":"4C:45:A4:15:CA:85:9D:99:BC:4D:A7:B6:3C:E7:8F:5E:21:5D:F4:2C","sha256":"01:5F:E1:24:63:34:94:E0:F1:2C:A5:59:18:44:31:EE:B4:5D:22:55:CE:55:52:10:B9:82:8D:08:0F:A2:D6:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: homepageaccess.ghost.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 402 Payment Required\r\nserver: openresty\r\naccept-ranges: bytes\r\nvia: 1.1 varnish, 1.1 varnish, 1.1 varnish\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0\r\ndate: Sun, 01 Mar 2026 01:40:30 GMT\r\nx-served-by: cache-ams2100117-AMS, cache-ams21036-AMS, cache-hel1410030-HEL\r\nx-cache: MISS, MISS, MISS\r\nx-cache-hits: 0, 0, 0\r\nx-timer: S1772329231.805664,VS0,VE54\r\nvary: Cookie\r\nx-request-id: 4f2b018c-4cb4-47dd-9b3b-53e8c783c0b1\r\nghost-fastly: true;production\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"402","status_text":"Payment Required","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"8b79cc67078234da510477d81af8a35a","sha1":"06e3190d5417bd973429b5b2e3fa8a799c9eaf4d","sha256":"dacb90db2c037cce86306a0cf2015daa207c0ca7de23ed958ebb4562f4c3886a","sha512":"3201e196a961e27b3b9ffaf4ea634c4f30c61b195a4c7cd7ae74330a09d72c7abe99e4087df2ebe1c313755c7f7465f19638c9206cb9825dc6f1222d3edba443","ssdeep":"48:0IpoM2t6WQQxn+qPFU3sSGM1e1B1Ty9gfGiqk5y2wU+Z/oKzS5FkpZlvAnpF:8LdPFwsSMySTqy8Z/RAFkpf+","tlshash":"9e910f6b86f36542650bd47067aa37446b68c00bc54fcc283edd72a4cf8a894d9e37cc","first_seen":"2025-11-15T03:37:53.366201Z","last_seen":"2026-04-04T10:49:39.675486Z","times_seen":1386,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":86,"dns":26,"connect":27,"send":0,"wait":81,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"homepageaccess.ghost.io/","fqdn":"homepageaccess.ghost.io","domain":"ghost.io","tld":"io"},"ip":{"addr":"151.101.67.7","port":80,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T01:40:30.934Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: homepageaccess.ghost.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nConnection: close\r\nContent-Length: 0\r\nServer: Varnish\r\nRetry-After: 0\r\nLocation: https://homepageaccess.ghost.io/\r\nAccept-Ranges: bytes\r\nDate: Sun, 01 Mar 2026 01:40:30 GMT\r\nVia: 1.1 varnish\r\nX-Served-By: cache-hel1410033-HEL\r\nX-Cache: HIT\r\nX-Cache-Hits: 0\r\nX-Timer: S1772329231.959058,VS0,VE0\r\nx-request-id: b4326b2b-56a2-4a66-a458-6fb2fdb047a1\r\nGhost-Fastly: true;production\r\nAlt-Svc: clear\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":4507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":14,"dns":1,"connect":14,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"homepageaccess.ghost.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}