{"report_id":"af7e00af-08eb-4587-88dd-3e486afb9a2b","version":6,"status":"done","tags":[],"date":"2026-03-26T19:26:46Z","url":{"schema":"http","addr":"pub4116.zbuef.online/","fqdn":"pub4116.zbuef.online","domain":"zbuef.online","tld":"online"},"ip":{"addr":"104.21.55.201","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"security.atonads.me/","fqdn":"security.atonads.me","domain":"atonads.me","tld":"me"},"title":"فحص الأمان - ATON ADS","dom":{"size":18923,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9045)","md5":"9a80a8dd3716197f037e11a048015f61","sha1":"de7ffe9e84549dfa6f35dd6fb20bc9c78352a419","sha256":"a19eff11c1c778b8af76d125918e13ccd7a0a8c8d6500ac769fda6ada0f5ebae","sha512":"9adaf0760ff19c4fb39940f604cc072c97e3d10ef3d74a586f5a52f0b4f15a90e5664ed1340f5e2aacf8afcd8bb213b73e98f55885b803fc7f63bd3abe1c6915","ssdeep":"384:CIwFOFRF0FbqFlFlC9ELrYJRdN2n/ND4eWAUDPs+sz840DPaZu5jIc4MpL7RMNx+:nwFOFRF0F2FlFlC9ELrYJRX2nFD4eWA6","tlshash":"658236e3480324a6981b51f353750f5fa4f59b87e64b8d3a377c2358afc5c608b435aa","dom_hash":"domhashdf9fde2321ca91ad3d0bbda1a92d37ee","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"pub4116.zbuef.online/","fqdn":"pub4116.zbuef.online","domain":"zbuef.online","tld":"online"},"ip":{"addr":"104.21.55.201","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-30T19:26:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"s.nogoum15may.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"security.atonads.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"pub4116.zbuef.online","ip":{"addr":"172.67.172.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":935,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s.nogoum15may.com","ip":{"addr":"172.67.152.126","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-20","domain_rank":0,"first_seen":"2025-08-24T07:31:59.05943Z","last_seen":"2026-03-20T16:52:00.245226Z","alert_count":1,"request_count":1,"received_data":10878,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"security.atonads.me","ip":{"addr":"104.21.43.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-29","domain_rank":0,"first_seen":"2025-08-24T07:31:59.06044Z","last_seen":"2026-03-20T16:51:59.994981Z","alert_count":2,"request_count":2,"received_data":12984,"sent_data":985,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"security.atonads.me/","fqdn":"security.atonads.me","domain":"atonads.me","tld":"me"},"ip":{"addr":"104.21.43.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"90256dc0fbf2306b0bf773ed254bb260","sha1":"6f729bc2616614f80e3209435407222e2af157bf","sha256":"6b8c2549829baa863aa477fa3bd7538f6bfba99ce9b209c5e8a830f633343434","sha512":"5bd67034259a7d948018e492c0990c9770a0f163bfb2d2f981b537ac6fbad6b52ea0c8042920b61adc436b7bdf9bdcfeb652e67f0c24036d2fa9d13e3a91ed45","ssdeep":"","tlshash":"50112b39bbba1434477761bbe7eea3806876414b3402d85b392d4688dfa0d4396a1a74","size":1106,"data":"","first_seen":"2025-11-19T08:48:55.603231Z","last_seen":"2026-03-28T17:22:39.648657Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"pub4116.zbuef.online/","fqdn":"pub4116.zbuef.online","domain":"zbuef.online","tld":"online"},"ip":{"addr":"172.67.172.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T19:26:23.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbuef.online","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:43:05 GMT","end":"Sat, 06 Jun 2026 17:43:04 GMT"},"fingerprint":{"sha1":"9E:D7:7E:CC:DF:4C:06:45:0C:AE:17:B6:4C:67:95:FE:AC:0A:F8:7F","sha256":"15:47:AA:6A:3C:52:36:99:B8:16:C0:22:54:B3:ED:3C:1D:0A:F9:3E:BE:8F:1F:ED:C8:0C:D5:AD:D7:05:B5:86"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pub4116.zbuef.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Mar 2026 19:26:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-xss-protection: 1, 1; mode=block\r\nx-frame-options: sameorigin\r\nx-content-type-options: nosniff, nosniff\r\nstrict-transport-security: max-age=15552000; preload\r\nx-powered-by: Project SECURITY\r\nx-nginx-upstream-cache-status: EXPIRED\r\nx-server-powered-by: Engintron\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SRw8g11jn%2FESEn2lLoQNeE9AFtZjMkjHW0GBsMu4e%2BJA2Zh2aC5mcwd4tMbCaTf6CzTfKAdKpnJY3LFfQlTW4vXyhQhnoQRttRGKeOpGWLN9MXjpQRzBsL%2BlizrTjQ1X8AZ9a4hfKg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e288bf58a2fb4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ba46cd98d94135cd46224439e7905a97","sha1":"4a0f59d9eb03084bfc6a87876587f08aab6ee27a","sha256":"17802ba73ad2f6972b83e140125d7395f95c21e3d9ba59ce4932969eb58a2ec6","sha512":"bab8711d8d12247e51ea57f4f615765d7d70510b30c4555031b5c32d1886378b26178880c061d521df6b59ee36d37750a4c5991a87c35eaf9eb75e992ad832ae","ssdeep":"","tlshash":"30a022a30b00000b0b33a2b0a02bb03b820328088c0ca0b0c8a000cc08f0f2cc383332","first_seen":"2025-12-19T22:23:48.777623Z","last_seen":"2026-03-26T19:26:50.449366Z","times_seen":15,"resource_available":true,"data":null}},"time_used":541,"timings":{"blocked":50,"dns":33,"connect":1,"send":0,"wait":440,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.nogoum15may.com/","fqdn":"s.nogoum15may.com","domain":"nogoum15may.com","tld":"com"},"ip":{"addr":"172.67.152.126","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T19:26:24.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nogoum15may.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 02:34:59 GMT","end":"Wed, 29 Apr 2026 03:33:31 GMT"},"fingerprint":{"sha1":"03:34:0B:C8:E5:A6:4F:DF:E8:66:AA:BC:59:EB:7F:6D:2B:56:F6:DE","sha256":"22:F8:5A:72:1E:4C:60:92:47:BD:DE:29:58:F9:F9:17:B5:7C:EC:D1:2A:49:66:7A:DB:4F:D0:72:E8:D5:E0:10"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: s.nogoum15may.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Thu, 26 Mar 2026 19:26:24 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nlocation: https://security.atonads.me/\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FetGjl3vbRnRYUaDGdwFfa0xUcsKcxa%2Bq3bQT%2F618oUwZ4b3EF0RC2BF5RlHdUR%2FtU3D1Rl6%2FPlEpmA163McbuvyV5AUFcN9KE4KUm7vHGuZTgmpGusaB405y1%2BbOjsCPjSCFg%3D%3D\"}]}\r\ncf-ray: 9e288bf94c493181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10265,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":27,"dns":13,"connect":1,"send":0,"wait":181,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"s.nogoum15may.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"security.atonads.me/","fqdn":"security.atonads.me","domain":"atonads.me","tld":"me"},"ip":{"addr":"104.21.43.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T19:26:24.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"atonads.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 16:34:34 GMT","end":"Sun, 26 Apr 2026 17:32:55 GMT"},"fingerprint":{"sha1":"6A:86:1D:28:D9:AB:E4:74:CD:C1:ED:78:E6:4D:6C:40:CA:1E:C6:A5","sha256":"17:BF:D5:B6:DD:48:79:24:60:A6:3A:04:31:E1:A0:BC:A7:65:5E:D2:25:64:E3:26:CF:AD:A6:66:D1:F8:33:4F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: security.atonads.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Mar 2026 19:26:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=8528a3f707f990236717a94990b2cc34; path=/\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncf-cache-status: DYNAMIC\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=APodmRqOSo6liCwf1kEXnjvxneB5mSYTOiZfjPLn37RrCRAl8F%2FKX3dEYeHxVbQCtBHeD9n6wlvx%2BLAM3YT8yth1IIKRwrxG02lWbj%2FFUsAo1e%2F6EWgWU0Mf5%2FMlgmLrdMMBExJa\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-security-policy: default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:;\r\npermissions-policy: camera=(), microphone=(), geolocation=(), usb=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: br\r\ncf-ray: 9e288bfaba570b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10265,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"2a7ac65b64a6270f06d32bdcd5434df0","sha1":"3787245cbe6aba71a82693cc91ec87632ae4efed","sha256":"55ff2f70be5600402a4659d441f22a81c833733e7ca00cc0596f66144cac2e5d","sha512":"60b2ea7da5c2c7e9edc8d22b526d1a918ec0ac0eab06070204ef7a3ea8cd0c9cbc02f37e0302eaff0d34c066808e1b0034848e34953b307b2435422c6609ad37","ssdeep":"96:GGIH1FJDbwcUkgqgLLrfbfgrkpQq1t8Pt5OTbPiKxkGaFBsCsDV:GGIBD8hJHrdOqH4YTzEXtsZ","tlshash":"4c224126e68000116533a2b6ebf39796fb664503d703426d3aec2381cf75899c593fdc","first_seen":"2026-03-26T19:26:50.450465Z","last_seen":"2026-03-26T19:26:50.450465Z","times_seen":1,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":40,"dns":24,"connect":1,"send":0,"wait":254,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"security.atonads.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"security.atonads.me/favicon.ico","fqdn":"security.atonads.me","domain":"atonads.me","tld":"me"},"ip":{"addr":"104.21.43.224","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://security.atonads.me/","date":"2026-03-26T19:26:24.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"atonads.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 16:34:34 GMT","end":"Sun, 26 Apr 2026 17:32:55 GMT"},"fingerprint":{"sha1":"6A:86:1D:28:D9:AB:E4:74:CD:C1:ED:78:E6:4D:6C:40:CA:1E:C6:A5","sha256":"17:BF:D5:B6:DD:48:79:24:60:A6:3A:04:31:E1:A0:BC:A7:65:5E:D2:25:64:E3:26:CF:AD:A6:66:D1:F8:33:4F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: security.atonads.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://security.atonads.me/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=8528a3f707f990236717a94990b2cc34\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Thu, 26 Mar 2026 19:26:25 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oucZJjzBFzTaRMMllezMgMKHQfKYdwOKNnkPZTThPaPfOrrq1APHVdTyzXisDnuwFz7zkeffgZKdMGxH4OQWFoM6MWoXY36U%2FfdQHqsKCL0M0iGNH5KjDjBVdvXdt3ID7%2F62alvq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-security-policy: default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:;\r\npermissions-policy: camera=(), microphone=(), geolocation=(), usb=()\r\ncf-ray: 9e288bfd5bba0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-04-05T05:53:18.816258Z","times_seen":26504,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"security.atonads.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}