{"report_id":"afb9be56-fe07-42c4-a94f-2ed661fcc0d6","version":6,"status":"done","tags":[],"date":"2026-04-26T13:15:38Z","url":{"schema":"http","addr":"chatbot-auth.live","fqdn":"chatbot-auth.live","domain":"chatbot-auth.live","tld":"live"},"ip":{"addr":"185.236.79.9","port":0,"asn":42159,"as":"Zemlyaniy Dmitro Leonidovich","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"chatbot-auth.live/","fqdn":"chatbot-auth.live","domain":"chatbot-auth.live","tld":"live"},"title":"Document","dom":{"size":214,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"cf5e1d2692162a426c77a1c59d1328f5","sha1":"55c0b0b1f9928d31b6d1739e1bcee0ba9a0701df","sha256":"264fd94cc05051e206e4aff206fbecdf5b4badc211272e325a0d5625753f18db","sha512":"0abba24c7170604acbd04e48f042c66a307856853996faaaf0c1cb714ce978b3f7b6bbc6a9959e695642571fb68eb5c53a54a072e7b128e02569b2cbc41cd0b2","ssdeep":"","tlshash":"bdd02283c042040dc2b1d7201cd2f2581ec5e894a3a9bc40bece61ce1cceb23c4e349d","dom_hash":"domhash6f7ceb9a73c56b4a3dc1670f0f1e6192","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"chatbot-auth.live","fqdn":"chatbot-auth.live","domain":"chatbot-auth.live","tld":"live"},"ip":{"addr":"185.236.79.9","port":0,"asn":42159,"as":"Zemlyaniy Dmitro Leonidovich","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-31T13:15:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"chatbot-auth.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"chatbot-auth.live","ip":{"addr":"185.236.79.9","port":443,"asn":42159,"as":"Zemlyaniy Dmitro Leonidovich","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-26T13:15:38.104198Z","last_seen":"2026-04-26T13:15:38.104198Z","alert_count":2,"request_count":2,"received_data":1802,"sent_data":927,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"chatbot-auth.live/","fqdn":"chatbot-auth.live","domain":"chatbot-auth.live","tld":"live"},"ip":{"addr":"185.236.79.9","port":443,"asn":42159,"as":"Zemlyaniy Dmitro Leonidovich","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-26T13:15:16.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chatbot-auth.live","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:14:00 GMT","end":"Thu, 23 Jul 2026 13:13:59 GMT"},"fingerprint":{"sha1":"03:3A:5F:4B:03:C2:C8:70:01:B2:61:73:C7:54:D4:0E:1B:CA:5E:CD","sha256":"81:6E:4B:FF:C2:F5:13:39:3C:61:CC:97:6F:34:34:12:A3:01:F8:EC:BE:C9:3C:19:5B:E5:BD:9A:31:D1:35:D7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: chatbot-auth.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 26 Apr 2026 13:15:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 192\r\nlast-modified: Fri, 24 Apr 2026 14:13:43 GMT\r\netag: \"f5-650355f5e304e-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":245,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9b35398427b630223ccbdf5e2c0886b3","sha1":"7590a612a4c65f7e83ac1c1e5d3f842abea84015","sha256":"d9d58b9bda200ebd42a361980bb72b13eacc7b704b9ae4c1ac1b2240a8df945d","sha512":"bb07a43596a3687ceb22cfb10a98fc19c6e680530fa37b73e3dc4d5a3ab3d2d39785af1a23209c76d8d82de42720e0cfe63d83054d71c7a9e94187a8ef734176","ssdeep":"","tlshash":"3ed0a7a651c24c0a42b0a7307cd1f2a426c3f99073953f1079c8754b3dc6b16c9d328d","first_seen":"2026-04-26T13:15:43.462648Z","last_seen":"2026-04-26T13:25:02.698716Z","times_seen":2,"resource_available":true,"data":null}},"time_used":324,"timings":{"blocked":143,"dns":58,"connect":32,"send":0,"wait":38,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"chatbot-auth.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"chatbot-auth.live/favicon.ico","fqdn":"chatbot-auth.live","domain":"chatbot-auth.live","tld":"live"},"ip":{"addr":"185.236.79.9","port":443,"asn":42159,"as":"Zemlyaniy Dmitro Leonidovich","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://chatbot-auth.live/","date":"2026-04-26T13:15:17.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chatbot-auth.live","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 13:14:00 GMT","end":"Thu, 23 Jul 2026 13:13:59 GMT"},"fingerprint":{"sha1":"03:3A:5F:4B:03:C2:C8:70:01:B2:61:73:C7:54:D4:0E:1B:CA:5E:CD","sha256":"81:6E:4B:FF:C2:F5:13:39:3C:61:CC:97:6F:34:34:12:A3:01:F8:EC:BE:C9:3C:19:5B:E5:BD:9A:31:D1:35:D7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: chatbot-auth.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chatbot-auth.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 26 Apr 2026 13:15:17 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 959\r\nlast-modified: Fri, 24 Apr 2026 14:13:45 GMT\r\netag: \"69eb7a99-3bf\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":959,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"fb606fe0a27a1c62bdfc48561d908f39","sha1":"3306fba7846b0fedbd75ee0c602b3d5b8f9703d5","sha256":"462c72824442b77689e0650dfe56a218cbea68b48669d68f3f7b3247af187d09","sha512":"024d3392123a201f614431e55e5e24c37a514dba30d2e865339df25eda92002a3bc8d10c8dad66f0649f29acfb462fa21142cde232cd4e1956b8ccaafc114538","ssdeep":"","tlshash":"5e11c8fa86f46c3ad01ab6702a84061cc07b52d955c6353db4f2b0318a3d7b975ce049","first_seen":"2023-04-19T12:19:19Z","last_seen":"2026-04-26T13:25:02.70126Z","times_seen":1745,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-26","alert":"Sinkholed","trigger":"chatbot-auth.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}