{"report_id":"f0a730e5-34b3-4142-b40e-05477b1579a9","version":6,"status":"done","tags":[],"date":"2025-10-26T20:54:30Z","url":{"schema":"http","addr":"www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"title":"SimplyFling","dom":{"size":10600,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (506)","md5":"98fb21046822b90b963ef7b202e5de1a","sha1":"6adf0439569a4c52455a8400617af412b1856eda","sha256":"beb55fbf125a0fb379ce7bc4435683976550c231ea10709aff5bd90271be83e2","sha512":"55064bfd4d5fafbc157a03189d5c959a8771bd377c988acea01cecb0d7e80a0e413e6ab9f6d2cc4331269f4449e68c1178d37ba36eec1f5c4e9a5b2b4e286baa","ssdeep":"192:5ZsBfmobiQTa/qNbaarg4vdUoej9Bs7arg4vdUPDb8DH/F2Qu:5ZsBf7biQm/qDdQvdlu","tlshash":"2d22f87c9c9591b749a392ed25beafcc39f9d10b5601dc05b0ac92990f80fca4827ed6","dom_hash":"domhash5473b8c5719324571f094cdc67dfd56e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWwgZGF0YS1sYW5nPSJlbiIgZGF0YS1jb3VudHJ5PSJOTyIgZGF0YS1jaXR5PSJPc2xvIiBkYXRhLXRva2VuPSIxNzYxNTEyOTUwLmQzNWY1YjY1NmY0NTFmN2U2M2EyMmExYWZjNTNiNDA5ZDBiZjg3ZGJkNjg0NjE2MjAxNjA3ZjM2YjIxNWYzMzQiIGRhdGEtYWItY2FudmFzPSIxIiBkYXRhLWFiLXBvdz0iMDAwMDAwIiBkYXRhLWdlb2ltZz0ibGlnaHQiIGxhbmc9ImVuIj48aGVhZD48c2NyaXB0PmRvY3VtZW50LmRvY3VtZW50RWxlbWVudC5kYXRhc2V0Lmxhbmc9ImVuIjtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZGF0YXNldC5jb3VudHJ5PSJOTyI7ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmRhdGFzZXQuY2l0eT0iT3NsbyI7PC9zY3JpcHQ+PHNjcmlwdD5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZGF0YXNldC50b2tlbj0iMTc2MTUxMjk1MC5kMzVmNWI2NTZmNDUxZjdlNjNhMjJhMWFmYzUzYjQwOWQwYmY4N2RiZDY4NDYxNjIwMTYwN2YzNmIyMTVmMzM0Ijs8L3NjcmlwdD4KCgoKICA8c3R5bGU+LmNpdHktbmFtZXtmb250LXdlaWdodDo3MDA7bGV0dGVyLXNwYWNpbmc6LjNweDtjb2xvcjojZTkxZTYzfQouaGVyby1ncmlke2Rpc3BsYXk6Z3JpZDtncmlkLXRlbXBsYXRlLWNvbHVtbnM6MWZyIDFmcjtnYXA6MTRweDt9Ci5oZXJvLWdyaWQgLnRpbGV7cG9zaXRpb246cmVsYXRpdmU7Ym9yZGVyLXJhZGl1czoyMHB4O292ZXJmbG93OmhpZGRlbjt9Ci5oZXJvLWdyaWQgLnRpbGUgaW1ne3dpZHRoOjEwMCU7aGVpZ2h0OmF1dG87ZGlzcGxheTpibG9jazthc3BlY3QtcmF0aW86MS8xO29iamVjdC1maXQ6Y292ZXI7fQo8L3N0eWxlPgoKICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICA8bWV0YSBuYW1lPSJyZWZlcnJlciIgY29udGVudD0ibm8tcmVmZXJyZXIiPgogIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtU2VjdXJpdHktUG9saWN5IiBjb250ZW50PSJmcmFtZS1hbmNlc3RvcnMgJ25vbmUnIj4KICA8bGluayByZWw9ImRucy1wcmVmZXRjaCIgaHJlZj0iLy9leGFtcGxlLmNvbSI+CiAgPGxpbmsgcmVsPSJwcmVjb25uZWN0IiBocmVmPSJodHRwczovL2V4YW1wbGUuY29tIiBjcm9zc29yaWdpbj0iIj4KCiAgPG1ldGEgY2hhcnNldD0iVVRGLTgiPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KCiAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJhc3NldHMvY3NzL3Jlc2V0LmNzcyI+CiAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJhc3NldHMvY3NzL3N0eWxlLmNzcyI+CiAgPHRpdGxlPlNpbXBseUZsaW5nPC90aXRsZT4KPHNjcmlwdD5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZGF0YXNldC5hYkNhbnZhcz0iMSI7ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmRhdGFzZXQuYWJQb3c9IjAwMDAwMCI7PC9zY3JpcHQ+CjwvaGVhZD4KICAgIDxib2R5PgogICAgICA8ZGl2IGNsYXNzPSJsYXlvdXQiPgogICAgICAgIDxtYWluIGNsYXNzPSJtYWluIj4KICAgICAgICAgIDxkaXYgY2xhc3M9InRvcC1iYXIiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwYWdpbmF0aW9uIj48c3BhbiBjbGFzcz0iY2l0eS1uYW1lIj5Pc2xvPC9zcGFuPjwvZGl2PgogICAgICAgICAgICAKICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPGRpdiBjbGFzcz0ic3RlcHMiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJzdGVwIiBzdHlsZT0iZGlzcGxheTogYmxvY2s7Ij4KICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJjaXR5LWJhbm5lciI+PHNwYW4gY2xhc3M9ImNpdHktcGluIj48aW1nIHNyYz0iL2ZsYWdzLnBocD9jYz1OTyIgYWx0PSJOTyIgc3R5bGU9IndpZHRoOjEuMjVlbTtoZWlnaHQ6MS4yNWVtO3ZlcnRpY2FsLWFsaWduOi0wLjE4ZW07Ij48L3NwYW4+IDxzcGFuIGNsYXNzPSJjaXR5LXRleHQiPk9zbG88L3NwYW4+PC9kaXY+PGRpdiBjbGFzcz0icGljdHVyZSI+CiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJoZXJvLWdyaWQiPjxkaXYgY2xhc3M9InRpbGUiPjxpbWcgc3JjPSJodHRwczovL2Fkcy1uYXR1cmUuc2l0ZS9hc3NldHMvaW1hZ2VzL2xpZ2h0MS5qcGciIGFsdD0iIj48L2Rpdj48ZGl2IGNsYXNzPSJ0aWxlIj48aW1nIHNyYz0iaHR0cHM6Ly9hZHMtbmF0dXJlLnNpdGUvYXNzZXRzL2ltYWdlcy9saWdodDIuanBnIiBhbHQ9IiI+PC9kaXY+PGRpdiBjbGFzcz0idGlsZSI+PGltZyBzcmM9Imh0dHBzOi8vYWRzLW5hdHVyZS5zaXRlL2Fzc2V0cy9pbWFnZXMvbGlnaHQzLmpwZyIgYWx0PSIiPjwvZGl2PjxkaXYgY2xhc3M9InRpbGUiPjxpbWcgc3JjPSJodHRwczovL2Fkcy1uYXR1cmUuc2l0ZS9hc3NldHMvaW1hZ2VzL2xpZ2h0NC5qcGciIGFsdD0iIj48L2Rpdj48L2Rpdj4KICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICA8aDIgY2xhc3M9InRpdGxlIHRleHQxIj5XYXJuaW5nITwvaDI+CiAgICAgICAgICAgICAgPHA+CiAgICAgICAgICAgICAgICA8c3BhbiBjbGFzcz0idGV4dDIiPllvdSB3aWxsIHNlZSBudWRlIHBob3Rvcy48L3NwYW4+CiAgICAgICAgICAgICAgICA8YnI+CiAgICAgICAgICAgICAgICA8c3BhbiBjbGFzcz0idGV4dDMiPlBsZWFzZSBiZSBkaXNjcmVldC48L3NwYW4+CiAgICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImJ1dHRvbnMiPgogICAgICAgICAgICAgICAgPGEgY2xhc3M9ImJ0biBqcy1uZXh0IHRleHQ0IiBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCkiPkNvbnRpbnVlPC9hPgogICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ic3RlcCBzdGVwLWZpbiI+CiAgICAgICAgICAgICAgPGgyIGNsYXNzPSJ0aXRsZSB0ZXh0NSI+WW91IG11c3QgZm9sbG93IHRoZSBydWxlcyBnaXZlbiBiZWxvdzwvaDI+CiAgICAgICAgICAgICAgPHVsPgogICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJ0ZXh0NiI+SWYgeW91IHNlZSBzb21lb25lIHlvdSBrbm93LiBETyBOT1QgcHVibGljaXplIGl0LjwvbGk+CiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9InRleHQ3Ij5XaGVuIGhhdmluZyBzZXggd2l0aCBvbmUgb2Ygb3VyIG1lbWJlcnMuIEl0IGlzIHlvdXIgcmVzcG9uc2liaWxpdHkgdG8gcHJvdGVjdCB5b3Vyc2VsZiBhZ2FpbnN0IFNURHMuPC9saT4KICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0idGV4dDgiPlJlc3BlY3Qgc2V4dWFsIGRlc2lyZXMgb2Ygb3RoZXIgbWVtYmVycy4gT3VyIG1lbWJlcnMgYXJlIG5vcm1hbCBtZW4gYW5kIHdvbWVuLCBub3QgcG9ybnN0YXJzIG9yIHByb3N0aXR1dGVzLjwvbGk+CiAgICAgICAgICAgICAgPC91bD4KICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJidXR0b25zIj4KICAgICAgICAgICAgICAgIDxhIGNsYXNzPSJidG4gdGV4dDkgYnRuLWZpbiIgaHJlZj0iaHR0cHM6Ly9hYnIuYXV0by1hZHMzLnNpdGUvY2xpY2siPkkgYWdyZWU8L2E+CiAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9tYWluPgogICAgICA8L2Rpdj4gICAgICAKCiAgICAgICAgPHNjcmlwdCBzcmM9ImFzc2V0cy9qcy9qcXVlcnkubWluLmpzIj48L3NjcmlwdD4KICAgICAgICA8c2NyaXB0IHNyYz0iYXNzZXRzL2pzL3NjcmlwdHMuanMiPjwvc2NyaXB0PgogICAgICAgIDxzY3JpcHQgc3JjPSJhc3NldHMvanMvdHJhbnNsYXRlcy5qcyI+PC9zY3JpcHQ+CgogICAgCjxzY3JpcHQ+CihmdW5jdGlvbigpewogIHZhciBwYXJhbXM9bmV3IFVSTFNlYXJjaFBhcmFtcyhsb2NhdGlvbi5zZWFyY2gpOwogIGlmKHBhcmFtcy5nZXQoJ3FhJyk9PT0nMScpewogICAgdmFyIGQ9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZGl2Jyk7IGQuc3R5bGUuY3NzVGV4dD0ncG9zaXRpb246Zml4ZWQ7dG9wOjhweDtsZWZ0OjhweDtiYWNrZ3JvdW5kOiMwMDA7Y29sb3I6I2ZmZjtwYWRkaW5nOjZweCAxMHB4O2ZvbnQ6MTJweC8xLjIgbW9ub3NwYWNlO3otaW5kZXg6OTk5OTtvcGFjaXR5Oi44NTtib3JkZXItcmFkaXVzOjZweCc7CiAgICBkLmlkPSdxYS1iYW5uZXInOyBkLnRleHRDb250ZW50PSdRQSBNT0RFJzsKICAgIGRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLGZ1bmN0aW9uKCl7CiAgICAgIHZhciBkcz1kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZGF0YXNldHx8e307CiAgICAgIGQudGV4dENvbnRlbnQ9J1FBOiBsYW5nPScrKGRzLmxhbmd8fCcnKSsnIGNvdW50cnk9JysoZHMuY291bnRyeXx8JycpKycgY2l0eT0nKyhkcy5jaXR5fHwnJykrJyBpbWc9JysoZHMuZ2VvaW1nfHwnJykrJyB0b2tlbj0nKyhkcy50b2tlbnx8JycpO30pOwogICAgZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChkKTsKICB9CiAgdmFyIHQwPURhdGUubm93KCk7CiAgd2luZG93LmFkZEV2ZW50TGlzdGVuZXIoJ2JlZm9yZXVubG9hZCcsIGZ1bmN0aW9uKCl7dHJ5e3ZhciBzdGF5PU1hdGgucm91bmQoKERhdGUubm93KCktdDApLzEwMDApOwogICAgbmF2aWdhdG9yLnNlbmRCZWFjb24gJiYgbmF2aWdhdG9yLnNlbmRCZWFjb24oJy9sb2cucGhwJywgbmV3IEJsb2IoW0pTT04uc3RyaW5naWZ5KHtldmVudDonbGVhdmUnLHN0YXk6c3RheSxxczpsb2NhdGlvbi5zZWFyY2gsdHM6RGF0ZS5ub3coKX0pXSx7dHlwZTonYXBwbGljYXRpb24vanNvbid9KSk7CiAgfWNhdGNoKGUpe30gfSk7CiAgZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignY2xpY2snLCBmdW5jdGlvbihlKXt2YXIgZWw9ZS50YXJnZXQ7d2hpbGUoZWwmJmVsIT09ZG9jdW1lbnQpe2lmKGVsLnRhZ05hbWU9PT0nQSd8fChlbC5jbGFzc0xpc3QmJmVsLmNsYXNzTGlzdC5jb250YWlucygnYnRuJykpKXt0cnl7bmF2aWdhdG9yLnNlbmRCZWFjb24mJm5hdmlnYXRvci5zZW5kQmVhY29uKCcvbG9nLnBocCcsbmV3IEJsb2IoW0pTT04uc3RyaW5naWZ5KHtldmVudDonY2xpY2snLGhyZWY6KGVsLmhyZWZ8fCcnKSxxczpsb2NhdGlvbi5zZWFyY2gsdHM6RGF0ZS5ub3coKX0pXSx7dHlwZTonYXBwbGljYXRpb24vanNvbid9KSk7fWNhdGNoKGUpe307YnJlYWs7fSBlbD1lbC5wYXJlbnROb2RlO319LHRydWUpOwp9KSgpOwo8L3NjcmlwdD4KCgo8c2NyaXB0Pgpkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCdET01Db250ZW50TG9hZGVkJywgZnVuY3Rpb24oKXsKICB0cnl7CiAgICB2YXIgZHM9ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmRhdGFzZXR8fHt9OwogICAgCiAgICAgICAgaWYoIXRyaWVkUGljKXsgdHJpZWRQaWM9dHJ1ZTsgaGVyby5zcmM9J2Fzc2V0cy9pbWFnZXMvcGljLmpwZyc7IHJldHVybjsgfQogICAgICB9LCB7b25jZTpmYWxzZX0pOwogICAgICBoZXJvLnNyYz0nYXNzZXRzL2ltYWdlcy8nK2Nob3NlbjsKICAgIH0KICB9Y2F0Y2goZSl7fQp9KTsKCiAgPHNjcmlwdD4KICAgIC8vID09PSBHRU8gaW1hZ2UgbG9naWMgaW5qZWN0ZWQgPT09CiAgICAoZnVuY3Rpb24oKXsgCiAgICAgIHRyeXsKICAgICAgICB2YXIgY291bnRyeSA9IChkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZGF0YXNldC5jb3VudHJ5fHwiIikudG9VcHBlckNhc2UoKTsKICAgICAgICAvLyBMaXN0cyBmcm9tIHVzZXIgaW5zdHJ1Y3Rpb24KICAgICAgICB2YXIgTElHSFQgPSBuZXcgU2V0KCJVUywgQ0EsIEFVLCBOWiwgR0IsIElFLCBJUywgTk8sIFNFLCBGSSwgREssIEVFLCBMViwgTFQsIFBMLCBERSwgQVQsIENILCBOTCwgQkUsIExVLCBDWiwgU0ssIEhVLCBVQSwgQlksIFJPLCBCRywgSFIsIFNJLCBCQSwgTUUsIE1LLCBBTCwgR1IsIEVTLCBQVCwgSVQsIEZSLCBNQywgQUQsIFNNLCBMSSwgSlAsIEtSLCBDTiwgVFcsIEhLLCBNTywgU0csIE1OLCBSUywgTUQsIEZPLCBHRywgSkUsIElNLCBHSSwgQVgsIFBNLCBORiwgU0osIFZBLCBJTywgRkssIEJMLCBBUiwgVVksIENMLCBLWiwgS0csIEFNLCBHRSwgQlQiLnNwbGl0KC9ccyosXHMqLykuZmlsdGVyKEJvb2xlYW4pKTsKICAgICAgICB2YXIgU1dBUlRIWSA9IG5ldyBTZXQoIkNZLCBUUiwgQVosIElMLCBQUywgTEIsIEpPLCBTWSwgSVEsIElSLCBTQSwgQUUsIFFBLCBLVywgQkgsIE9NLCBZRSwgTUEsIERaLCBUTiwgTFksIEVHLCBNUiwgU0QsIElOLCBQSywgQkQsIExLLCBOUCwgQUYsIFRILCBWTiwgUEgsIE1ZLCBJRCwgS0gsIExBLCBNTSwgVEwsIEJOLCBNWCwgQlosIEdULCBTViwgSE4sIE5JLCBDUiwgUEEsIENPLCBFQywgUEUsIEJPLCBQWSwgQlIsIFZFLCBETywgUFIsIENVLCBHWSwgU1IsIFRULCBLWSwgQVcsIFVaLCBUSiwgVE0sIE1VLCBTQywgQ1YsIE1HLCBSRSwgU0gsIFdTLCBUTywgUEYsIFdGLCBOQywgQ0ssIEtJLCBOUiwgVFYsIE1ILCBGTSwgUFcsIE1QLCBHVSwgTlUsIFRLIi5zcGxpdCgvXHMqLFxzKi8pLmZpbHRlcihCb29sZWFuKSk7CiAgICAgICAgdmFyIERBUksgPSBuZXcgU2V0KCJORywgS0UsIEdILCBUWiwgVUcsIENJLCBDRCwgQ0csIENNLCBHQSwgR1EsIEJKLCBURywgTFIsIFNMLCBHTiwgR1csIEdNLCBTTiwgQkYsIE5FLCBNTCwgU1MsIEVULCBTTywgREosIEVSLCBBTywgWk0sIFpXLCBaQSwgQlcsIE5BLCBNWiwgTVcsIExTLCBTWiwgQkksIFJXLCBTVCwgSFQsIEpNLCBCQiwgQlMsIEdELCBBRywgVkMsIERNLCBLTiwgVkcsIFZJLCBUQywgQUksIE1TLCBDVywgQlEsIEdQLCBNUSwgR0YsIE1GLCBWVSwgU0IsIFBHLCBGSiwgS00sIFlULCBDRiIuc3BsaXQoL1xzKixccyovKS5maWx0ZXIoQm9vbGVhbikpOwogICAgICAgIC8vIERldGVybWluZSBwcmVmaXguIERlZmF1bHQgZm9yIFJVIG9yIHVua25vd24vbm90IGluIGxpc3RzOiAnZGVmYXVsdCcKICAgICAgICB2YXIgcHJlZml4ID0gJ2RlZmF1bHQnOwogICAgICAgIGlmKGNvdW50cnkgJiYgY291bnRyeSAhPT0gJ1JVJyl7IAogICAgICAgICAgaWYoTElHSFQuaGFzKGNvdW50cnkpKSBwcmVmaXg9J2xpZ2h0JzsKICAgICAgICAgIGVsc2UgaWYoU1dBUlRIWS5oYXMoY291bnRyeSkpIHByZWZpeD0nc3dhcnRoeSc7CiAgICAgICAgICBlbHNlIGlmKERBUksuaGFzKGNvdW50cnkpKSBwcmVmaXg9J2RhcmsnOwogICAgICAgICAgZWxzZSBwcmVmaXg9J2RlZmF1bHQnOyAvLyBub3QgaW4gbGlzdHMgLT4gZGVmYXVsdAogICAgICAgIH0KICAgICAgICAvLyBTd2FwIGltYWdlcyBpbiB0aGUgMngyIGdyaWQKICAgICAgICBkb2N1bWVudC5xdWVyeVNlbGVjdG9yQWxsKCcuaGVyby1ncmlkIC50aWxlIGltZycpLmZvckVhY2goZnVuY3Rpb24oaW1nLCBpKXsKICAgICAgICAgIHZhciBpZHggPSAoaSU0KSsxOwogICAgICAgICAgdmFyIG5hbWUgPSBwcmVmaXggKyBpZHggKyAnLmpwZyc7CiAgICAgICAgICBpZighL1wvKGRlZmF1bHR8bGlnaHR8c3dhcnRoeXxkYXJrKVsxLTRdXC5qcGckLy50ZXN0KGltZy5zcmMpKXsgCiAgICAgICAgICAgIC8vIGlmIGltYWdlIHVzZXMgYWJzb2x1dGUvcmVsYXRpdmUgcGF0aCB3aXRob3V0IHRoZXNlIG5hbWVzLCByZXBsYWNlIHRoZSBmaWxlbmFtZQogICAgICAgICAgICB2YXIgcGFydHMgPSBpbWcuc3JjLnNwbGl0KCcvJyk7CiAgICAgICAgICAgIHBhcnRzW3BhcnRzLmxlbmd0aC0xXSA9IG5hbWU7CiAgICAgICAgICAgIGltZy5zcmMgPSBwYXJ0cy5qb2luKCcvJyk7CiAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICBpbWcuc3JjID0gaW1nLnNyYy5yZXBsYWNlKC8oZGVmYXVsdHxsaWdodHxzd2FydGh5fGRhcmspWzEtNF1cLmpwZyQvLCBuYW1lKTsKICAgICAgICAgIH0KICAgICAgICB9KTsKICAgICAgICAvLyBFeHBvc2UgY2hvc2VuIHByZWZpeCBmb3IgUUEgYmFubmVyCiAgICAgICAgZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LmRhdGFzZXQuZ2VvaW1nID0gcHJlZml4OwogICAgICB9Y2F0Y2goZSl7fQogICAgfSkoKTsKICA8L3NjcmlwdD4KCgoKICAKICA8c2NyaXB0PgogICAgLy8gPT09IEdFTyBpbWFnZSBsb2dpYyAoYXV0bzsgdXNlcyAnLmpwZycpID09PQogICAgZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignRE9NQ29udGVudExvYWRlZCcsIGZ1bmN0aW9uKCkgewogICAgICB0cnkgewogICAgICAgIHZhciBkcyA9IGRvY3VtZW50LmRvY3VtZW50RWxlbWVudC5kYXRhc2V0IHx8IHt9OwogICAgICAgIHZhciBjb3VudHJ5ID0gKGRzLmNvdW50cnkgfHwgJycpLnRvVXBwZXJDYXNlKCk7CiAgICAgICAgdmFyIExJR0hUID0gbmV3IFNldCgiVVMsIENBLCBBVSwgTlosIEdCLCBJRSwgSVMsIE5PLCBTRSwgRkksIERLLCBFRSwgTFYsIExULCBQTCwgREUsIEFULCBDSCwgTkwsIEJFLCBMVSwgQ1osIFNLLCBIVSwgVUEsIEJZLCBSTywgQkcsIEhSLCBTSSwgQkEsIE1FLCBNSywgQUwsIEdSLCBFUywgUFQsIElULCBGUiwgTUMsIEFELCBTTSwgTEksIEpQLCBLUiwgQ04sIFRXLCBISywgTU8sIFNHLCBNTiwgUlMsIE1ELCBGTywgR0csIEpFLCBJTSwgR0ksIEFYLCBQTSwgTkYsIFNKLCBWQSwgSU8sIEZLLCBCTCwgQVIsIFVZLCBDTCwgS1osIEtHLCBBTSwgR0UsIEJUIi5zcGxpdCgvXHMqLFxzKi8pLmZpbHRlcihCb29sZWFuKSk7CiAgICAgICAgdmFyIFNXQVJUSFkgPSBuZXcgU2V0KCJDWSwgVFIsIEFaLCBJTCwgUFMsIExCLCBKTywgU1ksIElRLCBJUiwgU0EsIEFFLCBRQSwgS1csIEJILCBPTSwgWUUsIE1BLCBEWiwgVE4sIExZLCBFRywgTVIsIFNELCBJTiwgUEssIEJELCBMSywgTlAsIEFGLCBUSCwgVk4sIFBILCBNWSwgSUQsIEtILCBMQSwgTU0sIFRMLCBCTiwgTVgsIEJaLCBHVCwgU1YsIEhOLCBOSSwgQ1IsIFBBLCBDTywgRUMsIFBFLCBCTywgUFksIEJSLCBWRSwgRE8sIFBSLCBDVSwgR1ksIFNSLCBUVCwgS1ksIEFXLCBVWiwgVEosIFRNLCBNVSwgU0MsIENWLCBNRywgUkUsIFNILCBXUywgVE8sIFBGLCBXRiwgTkMsIENLLCBLSSwgTlIsIFRWLCBNSCwgRk0sIFBXLCBNUCwgR1UsIE5VLCBUSyIuc3BsaXQoL1xzKixccyovKS5maWx0ZXIoQm9vbGVhbikpOwogICAgICAgIHZhciBEQVJLID0gbmV3IFNldCgiTkcsIEtFLCBHSCwgVFosIFVHLCBDSSwgQ0QsIENHLCBDTSwgR0EsIEdRLCBCSiwgVEcsIExSLCBTTCwgR04sIEdXLCBHTSwgU04sIEJGLCBORSwgTUwsIFNTLCBFVCwgU08sIERKLCBFUiwgQU8sIFpNLCBaVywgWkEsIEJXLCBOQSwgTVosIE1XLCBMUywgU1osIEJJLCBSVywgU1QsIEhULCBKTSwgQkIsIEJTLCBHRCwgQUcsIFZDLCBETSwgS04sIFZHLCBWSSwgVEMsIEFJLCBNUywgQ1csIEJRLCBHUCwgTVEsIEdGLCBNRiwgVlUsIFNCLCBQRywgRkosIEtNLCBZVCwgQ0YiLnNwbGl0KC9ccyosXHMqLykuZmlsdGVyKEJvb2xlYW4pKTsKICAgICAgICB2YXIgcHJlZml4ID0gJ2RlZmF1bHQnOwogICAgICAgIGlmIChjb3VudHJ5ICYmIGNvdW50cnkgIT09ICdSVScpIHsKICAgICAgICAgIGlmIChMSUdIVC5oYXMoY291bnRyeSkpIHByZWZpeCA9ICdsaWdodCc7CiAgICAgICAgICBlbHNlIGlmIChTV0FSVEhZLmhhcyhjb3VudHJ5KSkgcHJlZml4ID0gJ3N3YXJ0aHknOwogICAgICAgICAgZWxzZSBpZiAoREFSSy5oYXMoY291bnRyeSkpIHByZWZpeCA9ICdkYXJrJzsKICAgICAgICAgIGVsc2UgcHJlZml4ID0gJ2RlZmF1bHQnOwogICAgICAgIH0KICAgICAgICBkb2N1bWVudC5xdWVyeVNlbGVjdG9yQWxsKCcuaGVyby1ncmlkIC50aWxlIGltZycpLmZvckVhY2goZnVuY3Rpb24oaW1nLCBpKSB7CiAgICAgICAgICB2YXIgaWR4ID0gKGkgJSA0KSArIDE7CiAgICAgICAgICB2YXIgbmV3TmFtZSA9IHByZWZpeCArIGlkeCArICcuanBnJzsKICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgIHZhciB1cmwgPSBuZXcgVVJMKGltZy5zcmMsIGxvY2F0aW9uLmhyZWYpOwogICAgICAgICAgICB2YXIgcGFydHMgPSB1cmwucGF0aG5hbWUuc3BsaXQoJy8nKTsKICAgICAgICAgICAgcGFydHNbcGFydHMubGVuZ3RoLTFdID0gbmV3TmFtZTsKICAgICAgICAgICAgdXJsLnBhdGhuYW1lID0gcGFydHMuam9pbignLycpOwogICAgICAgICAgICBpbWcuc3JjID0gdXJsLnRvU3RyaW5nKCk7CiAgICAgICAgICB9IGNhdGNoIChlKSB7CiAgICAgICAgICAgIHZhciBiYXNlID0gaW1nLmdldEF0dHJpYnV0ZSgnc3JjJykgfHwgKCdhc3NldHMvaW1hZ2VzL2RlZmF1bHQnICsgaWR4ICsgJy5qcGcnKTsKICAgICAgICAgICAgaW1nLnNyYyA9IGJhc2UucmVwbGFjZSgvKGRlZmF1bHR8bGlnaHR8c3dhcnRoeXxkYXJrKVsxLTRdXC5cdyskL2ksIG5ld05hbWUpOwogICAgICAgICAgfQogICAgICAgIH0pOwogICAgICAgIGRvY3VtZW50LmRvY3VtZW50RWxlbWVudC5kYXRhc2V0Lmdlb2ltZyA9IHByZWZpeDsKICAgICAgfSBjYXRjaChlKSB7IH0KICAgIH0pOwogIDwvc2NyaXB0PgoKICA8c2NyaXB0IHNyYz0iL2Fzc2V0cy9qcy9hYi1ndWFyZC5qcyI+PC9zY3JpcHQ+CiAgPHNjcmlwdD5hYkd1YXJkSW5pdCgiLmN0YSBhLCAuY3RhIGJ1dHRvbiwgLmN0YS1jb250aW51ZSIpOzwvc2NyaXB0PjxhIGNsYXNzPSJjdGEtYmFpdCIgaHJlZj0iL2JvdF9sYW5kaW5nMi5odG1sIiByZWw9Im5vZm9sbG93IG5vcmVmZXJyZXIiIGFyaWEtaGlkZGVuPSJ0cnVlIiBzdHlsZT0icG9zaXRpb246IGFic29sdXRlOyB3aWR0aDogMXB4OyBoZWlnaHQ6IDFweDsgb3ZlcmZsb3c6IGhpZGRlbjsgbGVmdDogLTk5OTlweDsiPjwvYT4KCgo8L2JvZHk+PC9odG1sPg=="}},"submit":{"url":{"schema":"http","addr":"www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T20:54:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"abr.auto-ads3.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"abr.auto-ads3.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"abr.auto-ads3.site","ip":{"addr":"52.17.88.125","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2025-10-24","domain_rank":0,"first_seen":"2025-10-26T20:54:31.295666Z","last_seen":"2025-10-26T20:54:31.295666Z","alert_count":2,"request_count":1,"received_data":705,"sent_data":849,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-10-19T22:41:49.621416Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":471,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-10-19T22:12:30.612025Z","alert_count":0,"request_count":1,"received_data":73799,"sent_data":538,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-19T22:12:35.4735Z","alert_count":0,"request_count":1,"received_data":3122,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.effectivegatecpm.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-10-08T14:50:50.686078Z","last_seen":"2025-10-22T23:35:40.082943Z","alert_count":6,"request_count":3,"received_data":8414,"sent_data":3809,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ads-nature.site","ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"domain_registered":"2025-10-21","domain_rank":0,"first_seen":"2025-10-26T20:54:31.291363Z","last_seen":"2025-10-26T20:54:31.291363Z","alert_count":18,"request_count":18,"received_data":598764,"sent_data":8667,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.3.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3035ebe0a57b8beeeee5afb4325dea0b","sha1":"a029b2ae07592d2421a62a544788be2e5a9c0bdb","sha256":"80301de5123eeb5c3611e304ed6b0e9c5da56a6dcd3106c089dd7b71180f1541","sha512":"804ca3b5217d047061c4537f4138fd1fd6e36140bbcae8f28198d607b46480a04974cfd41b9fb90b10d62ccabb578738071ef73e7325a3ab58dc5dae51bbd9c7","ssdeep":"96:b2YfIuzVcmCmPIHIboIgpwv/38MnVeSa+A8gdPSzvnZPAP4d:b2YfTzSjkc6ozwvftn3a383vWP4d","tlshash":"f69193913534b835007e1517d16fb31a36338f27ba067060911d6ab82c39e8bb626fef","size":4480,"data":"","first_seen":"2025-10-26T20:54:36.305318Z","last_seen":"2025-10-26T20:54:36.305318Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"fc8542ca1cf0dc316c2fa82c08cd1820","sha1":"f3c0df0e83d96698616efe69658c19fbc6b14f2a","sha256":"28900446dc4cc08357d316551119d97edbf01a237301313d4aa3e6ccbbf2c605","sha512":"b173f15837c2370e6d513b6338cbe9a290af61da8fdb9a628a9cd486b91d1888fe0a3937e1afda185b2c546d32bad2b391170e0a54118e35d4cca35212605123","ssdeep":"","tlshash":"91c002f4b240d531489c021c34bdc7c87cf076517483b15d914d0dbc1638ec66497f8a","size":134,"data":"","first_seen":"2025-09-26T18:30:50.96573Z","last_seen":"2026-01-03T12:23:29.605074Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"1496beb460bd7f016c0ecc7c6e7f316e","sha1":"4802b57f2613c8afdea2fb8343f058615e659def","sha256":"c4d016892a986aff7fb88f4a54a9cf5c52ffeeb323fda56efe972e9e689d2570","sha512":"438e464f178ea04d2020639fc7608dad42cd556fc89b3a9b04b6da5340cadf1680ae385286fd2f60da1b6584e19b0a3b99b5e1d1ee969c8002a26ef923753dc2","ssdeep":"","tlshash":"79b092a1aa41a1350cde862ca93e4b98b4303554a6cbe46c942e04890baae856a86440","size":117,"data":"","first_seen":"2025-10-26T20:54:36.310044Z","last_seen":"2025-10-26T20:54:36.310044Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"6a1dbdc9ea0bf6271ffbd398de9df2fc","sha1":"6cc0df6a864e00d7023cbcb029b56deba0acbf6f","sha256":"fb586011697754e4045f76d493ebc698d144dca199cfdac14c3b8be58987f112","sha512":"6376eb27f3f46184dd7480c0c93226bbe6c4d95ebb965d54f1566e9e9d22734c88d3cfc0ea6fd7a923cfce99987c22d03bc19b8f6a93c4cdaba02e986898c0cc","ssdeep":"","tlshash":"cfb002f0619481388588040831ada2847d75721021c26545544c05a50628dd11485955","size":94,"data":"","first_seen":"2025-10-14T16:36:12.399201Z","last_seen":"2025-12-11T21:42:40.447149Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/translates.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1097ed084d28f8759d495a5efe3c073c","sha1":"9ac4b753e2defe2247b42cc1f5d0d33a5aec824f","sha256":"38d59a11db37357921e42148662a540a39f2618f4cc3458bbfc782601ae14ec1","sha512":"47c5e1057b57722cebdd721609c0223042f192637cf9b49836a0b89c37501622c8e09d3ec0a28aaae0aeda4663a7b4ea80024436bca89af351715f483f3b00ac","ssdeep":"384:PiQdrExkJZG0VKwkcBMG87xe8Gn/d6REd+vyGMAeqGYFHC2e0j3m8Q8UdaB7j3ul:HEeZGikjnGl6cJGYqGOhe/J2fuwJejB","tlshash":"c9e2384570a923a4c470e317b1443422a65a8b2f7f5afed87b0991143f9da3f49fa1ce","size":32162,"data":"","first_seen":"2025-10-14T16:36:12.379895Z","last_seen":"2026-03-28T20:55:35.529884Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"d6c38b2000bcf53d4cdfc73b638d9c55","sha1":"297e8b82eda706bf892910afed2a3833f6fa5b4e","sha256":"538c9aeab325b136284d4d29f550a6f7a53fbdbd6e4e0f38c186d91ec495d69c","sha512":"2be29e77778d284b760ce437b7472e181d70da8a79d1329faa25e8ad83ae8175fe93d5ee6de7d630e2a4ec80410cf87ca6ca6a3a32cba1541e8da26e69d70267","ssdeep":"","tlshash":"6a21069a5f5500f552f7b42f166aef41313340635d81a890e7f9aa944d54fcd026f988","size":1352,"data":"","first_seen":"2025-09-26T18:30:50.969906Z","last_seen":"2025-11-05T12:01:20.719131Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/jquery.min.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff60aea44632d5a86b71e57863818da8","sha1":"3d6f6d96d9efc32830fd7412df0b6036ea8010f2","sha256":"b68485ecc11c395a9906957800dbcd72217edd5481113a57b4a9ee7233e1c036","sha512":"313ce9c74b095f964307072c167af6e38368d871c0bbcf8c3077764a78bf8256c78a0557a0333e95841b51b7397ecd8a2e4a7411b7b49bae5b281b98e6ac2f61","ssdeep":"1536:1NE13755B+Jo6iXRDtp63gHe4wTgjYvh4K3mgppUDY/47OiVXZUDDYP5Hna98Hrw:GbTO93mipBSIDO5Hna98Hrw","tlshash":"ced3b6c9b9d274929673b8ac8aab9009fc77445b74088f50b85cd5e03fb095950bbfec","size":130218,"data":"","first_seen":"2025-09-26T18:30:50.958304Z","last_seen":"2026-03-28T20:55:35.501033Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"10363b9c4d35c2c855a7f239873c2616","sha1":"23dacc6823040749f5fc7fc2296f2384bb629064","sha256":"d6b2b505f0a95503cc1df72389d847e5e885d53479551257309b9f84ae4e07c1","sha512":"4fcbf43921ba303e40c02f006ecc4debb8257d87b9bfad6d36757d1b4fe69b790075e7fc45657e7dca7e6663add9cdc0c746fb4f0dae6c96bec3e8c8e2ed3cb3","ssdeep":"","tlshash":"7f51866c651ea2fa9d6193ad27ee1ed434bc811b1100ec07b41ca24d0f10fdb8054fe7","size":2740,"data":"","first_seen":"2025-10-14T16:36:12.406244Z","last_seen":"2025-11-05T12:01:20.720605Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/scripts.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6c619e777f5ad0ddaa0ef632482a603","sha1":"544713203dbe87eade4827b48b1f218c0e543487","sha256":"e6b78c91a877bcb5165279837ee185dcfe61eb40586ef5aa3cc4466ea25de26c","sha512":"61b1426fa0c8b8d69d553453cd665eb8600e61b9074e2433e8985fe20c07b7857aa1ea00a1c4f5167ad47209d43f3ba95a8df92bc6f5b89407dcee6db320e410","ssdeep":"","tlshash":"c3d0a7487218a9b100bf72be8336c5c45c3e26e6c1856710f4de4a860f6005c3a73d9f","size":259,"data":"","first_seen":"2025-09-26T18:30:50.947344Z","last_seen":"2026-03-28T20:55:35.576975Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/ab-guard.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4726e6784e9a6a7678c7f54a88d6844","sha1":"9697bcc5ad069a48f47d72568e85ba679f91c41c","sha256":"fb6e58e4b1831205956b7fbd1118124c107ac7194fdc09648ba0329920d13e98","sha512":"c6224673dd997d6274e00c380b493f361e439ed6ab701f2b883685bc88b92bd1d0436320bb9229eb69db63d111b17f22492970aff7cb1a4f52199ddfeefcf18a","ssdeep":"48:JVF1QCD6+dxqhOwVpbhcqaaK5pYj7ZRnb2SisC0Xcz8XzO45q7epgTiFd5+qkgrM:LF5AOwHu7aK52Hn9C0xsCpgeyjfg8HR","tlshash":"12a19675a220707b80fb059b3497a349383356483497bcd4debc4e414c1de6696bfdad","size":5039,"data":"","first_seen":"2025-09-26T18:30:50.963221Z","last_seen":"2025-11-05T12:01:20.692183Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"67c5b9a99f13045e5ccf852093dfa466","sha1":"c92db25a345ec9024a99329a41bd67831591118f","sha256":"703d49c4ca840cc4a3eee9c9125ff1825a75ea290d4cf438d6fa9f7d88c56ab1","sha512":"c50d93749fea64a3483144b6343975abad9698d1f3829d0923ed93b39b87d82c6e68d15d55bc6f8a70c10e0406f1a3985bdf08eb06fc46697021b71ce6df6eb4","ssdeep":"","tlshash":"9f41626c551b62faae62a3bd669e1ee428bd40471600dc07f42ca2890f40feb9114fd7","size":2367,"data":"","first_seen":"2025-10-14T16:36:12.409448Z","last_seen":"2025-12-11T21:42:40.448309Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.effectivegatecpm.com/api/users?token=L3c2NWttMWY2P2tleT1iZDIzZjI5YzljMjFmNDY0ZGRlNGRhZWRhNjVjZmNiMiZwc3Q9MTc2MTUxMjEwNyZybXRjPXQmc2h1PTkwYThkM2I1MWE5NGExYWE1ZTM0MmJmODVmNDk4Mzk1OTkyODRhMGQwOGU1Mjc5YjMwYmM4YjZmOGU5MTUxMzQ1NmM0MGIyN2QwZDFhY2UyOWU3NTUxNjU3NWIyOTM5ZGE5YjllOTJiMTRhYzI2MDcxZDNmNDYyYzUwMmU5MzQ2OGQwMDcwNDJmZTVlZTY4MTQwZjI4M2Q0NGRlNmYwZWEwNDQ3YzY1NDY1NmY0ZDkxNmI5NyZwaWk9JmluPSZ1dWlkPQ","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:54:07.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /api/users?token=L3c2NWttMWY2P2tleT1iZDIzZjI5YzljMjFmNDY0ZGRlNGRhZWRhNjVjZmNiMiZwc3Q9MTc2MTUxMjEwNyZybXRjPXQmc2h1PTkwYThkM2I1MWE5NGExYWE1ZTM0MmJmODVmNDk4Mzk1OTkyODRhMGQwOGU1Mjc5YjMwYmM4YjZmOGU5MTUxMzQ1NmM0MGIyN2QwZDFhY2UyOWU3NTUxNjU3NWIyOTM5ZGE5YjllOTJiMTRhYzI2MDcxZDNmNDYyYzUwMmU5MzQ2OGQwMDcwNDJmZTVlZTY4MTQwZjI4M2Q0NGRlNmYwZWEwNDQ3YzY1NDY1NmY0ZDkxNmI5NyZwaWk9JmluPSZ1dWlkPQ HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/api/users?token=L3c2NWttMWY2P2tleT0yMDFmYzIzYzdlY2EwOWQ1Y2FkOWNiYjQ2N2E2YTk0MiZzdWJtZXRyaWM9Mjc2NDY0MTk\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzY0NjQxOSwiayI6ImJkMjNmMjljOWMyMWY0NjRkZGU0ZGFlZGE2NWNmY2IyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDEzNDI1LCJwaWQiOjI3NDA5MTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6Inc2NWttMWY2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.NMsIFDhLnm5rVGYH08aJ8_dSSZ1OfyL9ne5sWKjCBXQ; cjs=t\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.21.6\r\nDate: Sun, 26 Oct 2025 20:54:08 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nlocation: https://abr.auto-ads3.site/c/a56f3ff8a19cc417?SUB_ID_SHORT=5b54c0c5d1300283e7bc63d295590704\u0026COST_CPC=0.002650\u0026PLACEMENT_ID=27646419\u0026CAMPAIGN_ID=1328349\u0026PUBLISHER_ID=2740910\u0026COUNTRY_CODE=NO\u0026USER_CITY=Oslo\u0026REMOTE_LANGUAGE_CODE=en\u0026BANNER_ID=3554351\u0026USER_OS=Windows\u0026USER_OS_VER=10.0\u0026USER_CARRIER=Blix%20Solutions\u0026DEVICE_BRAND=Unknown\u0026ZONE_ID=5013425\r\nset-cookie: pdhtkv=true; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\nuncs=1; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\npdhtkv28=true; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\nuncs28=1; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\nu_pl27646419=1; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\niprc_c+641e894620205235153ccf426c39edfa=1328349; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\niprc_c:1328349=1; expires=Mon, 27 Oct 2025 20:54:08 GMT; path=/\r\nx-envoy-upstream-service-time: 209\r\nHost: www.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3c76810a8ca58711ac9fd983c6caa20a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":465,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":880,"timings":{"blocked":288,"dns":1,"connect":93,"send":0,"wait":304,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/flags.php?cc=NO","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /flags.php?cc=NO HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/svg+xml; charset=utf-8\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/8.3.20\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.3.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223,"size_decoded":0,"mime_type":"image/svg+xml; charset=utf-8","magic":"SVG Scalable Vector Graphics image","md5":"30bb159df63e9ec9d178a90e86f9eceb","sha1":"54c8514fe6c33406c5b248bc060365e915706803","sha256":"0d4b9a52f0a6bd264258baac791b39910a895bb6ca06f63477fa823a262febdc","sha512":"ea6eb5e0862819482453aa05147dc5acbea9e0573c0efdc53adc77a4e1017815999922a90d24bb2302effc2ad2f0490e287507ac75b499126cffc48012a97c2a","ssdeep":"","tlshash":"10d0c7598759a83c57138374ef68306800b7206922492194ac451130611a65b79b76ea","first_seen":"2023-11-28T22:38:32Z","last_seen":"2026-04-05T19:29:09.678621Z","times_seen":562,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/shadow.png","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/shadow.png HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ads-nature.site/assets/css/style.css\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/png\r\ncontent-length: 1817\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-719\"\r\nexpires: Tue, 25 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1817,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 272 x 70, 8-bit colormap, non-interlaced","md5":"7154f593404df01c3ab354c91b964d3e","sha1":"c2e505051ec9b5034f073588e3af463049955a5a","sha256":"76dcfc94f104db8e33d7f641dc4f06c074245627b0f9d4929e4095f5eb5aaaa0","sha512":"397e22809fcc8601c8c3933394b6316ed10e90e94e9aac7b379fdc5e7209eaa82993a7df9bd5afcd7e6fd5d3e77ed3ec23c23f1d93736f66d2812db0a77c7f67","ssdeep":"","tlshash":"05310b8e93c70c9da3f55059100138738c6d66105e6ccc2d4faf49e7e9b0d7875809ae","first_seen":"2024-09-19T19:40:00.65734Z","last_seen":"2026-03-28T20:55:35.495537Z","times_seen":189,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/default2.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/default2.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 52265\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-cc29\"\r\nexpires: Tue, 25 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52265,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"e3ac4b493a9e1b75bd21cb218f7046d5","sha1":"2bb53200837fbad8dd0ff35bdc26347be485ad12","sha256":"8b5dd8252a935cee4ff556d320348126427f0a5d38ed3d8c381367714645c822","sha512":"e70f6de049a5b5a5ab50943a1286fc2827e42692a46d51d5e0a73b2a30c625d05593b20c05793a560e481e2688301f5cdd986e38117cd246ba7d88ff77d1880b","ssdeep":"768:CoxkSnRP/lMHApvv6kvaMfxjO0ejoGP3PnVFE5iUrMj54BzmQa6766upkoflJvuu:RxNvYuaMglj1ny6szmqIpkoNFcKEg","tlshash":"6c33f1a0b7a3a629f913c6322135af315dec773e4468553a101fcfafc95618b3874c66","first_seen":"2025-10-14T16:36:12.372916Z","last_seen":"2026-03-28T20:55:35.528172Z","times_seen":78,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/light3.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/light3.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 36581\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-8ee5\"\r\nexpires: Tue, 25 Nov 2025 20:54:11 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36581,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 278x278, components 3","md5":"2f6882ac497c5f9943498a009758dfe1","sha1":"c75702d3b0cd884a5cea28809ee9ea50e2f05fbe","sha256":"3c8d40333046cb1d3d0c1837787463cf28b70f294a7ca848737eef386fb18a47","sha512":"354199d61ccb021caf03c9fbb4a279d32e33179fa5fa3429a7f7c9d7cf8ded148506db2ac8cefa4742b62fcdae99de277f2c997c63605252fb71fe3e41da98f7","ssdeep":"768:CJTjpH7vxloV1dc3oDxZcgafopDxSYUQWu8qW2wjdrvzvFEuyArO:ijpH7voV1dc3ocGSYUQyqWjBv+aO","tlshash":"40f2f1b79f1ebe5bf42b35f27272214be47218fa6b141152b2391875c4a0c9eb778312","first_seen":"2025-10-14T16:36:12.343876Z","last_seen":"2025-12-11T21:42:40.433863Z","times_seen":38,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/favicon.ico","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:11 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 275\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"0d99fd79cc25074f1d4712f91532a45b","sha1":"de1bfa938b637784959ec7f95c8e1d0b912c91a9","sha256":"1dfc9f463a28df790760a95451e32a61d142c9b0be318fc7935222ca3c114c23","sha512":"36f05fe9341b2ced1a0fe6fe8d859236eb7e5e4f5a9c7d3f1da1a979dc9fdd9ae984a68282715b77d7527b64d376a57906668b92bca71a69aa110da672e80447","ssdeep":"","tlshash":"8bd02bae5053238b481215a03ac215d2274812fbb43a42e82d85e447535857dcc965dc","first_seen":"2025-10-26T20:54:36.283313Z","last_seen":"2025-11-05T12:01:20.67649Z","times_seen":5,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:54:07.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2 HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 26 Oct 2025 20:54:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 2228\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nvary: Accept-Encoding\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzY0NjQxOSwiayI6ImJkMjNmMjljOWMyMWY0NjRkZGU0ZGFlZGE2NWNmY2IyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDEzNDI1LCJwaWQiOjI3NDA5MTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6Inc2NWttMWY2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.NMsIFDhLnm5rVGYH08aJ8_dSSZ1OfyL9ne5sWKjCBXQ; expires=Sun, 26 Oct 2025 20:55:07 GMT; path=/\r\nx-envoy-upstream-service-time: 3\r\nHost: www.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a277a08f2cd2e0856f6ccd5ea03e421a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4626,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (4625)","md5":"4e45333a49149303b2399474db452ed0","sha1":"fc549cffb83ad86362036504a8d774b16e517758","sha256":"8696ed29d6c170279fa642136575673951675f843934ca8a88f331729ebc48ea","sha512":"125dc3178a9a45ee478c4218c5a3b8a6bcc19643c4c3cef2ccea52f8429464db09480f3ae903b56cf69fbd5318025a55a123284725976bf922de15376bfda5f3","ssdeep":"96:z922YfIuzVcmCmPIHIboIgpwv/38MnVeSa+A8gdPSzvnZPAP4m:Q2YfTzSjkc6ozwvftn3a383vWP4m","tlshash":"f29194913434b834007e1917d1afb31936338f27ba067460915d6ab82c3de8ba626fdf","first_seen":"2025-10-26T20:54:36.286207Z","last_seen":"2025-10-26T20:54:36.286207Z","times_seen":1,"resource_available":false,"data":null}},"time_used":705,"timings":{"blocked":302,"dns":18,"connect":93,"send":0,"wait":99,"receive":1,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/default4.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/default4.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 62454\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-f3f6\"\r\nexpires: Tue, 25 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":62454,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"59546193cec0a6760e7d8ca59a25f5bb","sha1":"2f0cf6c662648f7b740327e6246a1855fb2b6af9","sha256":"e60c3a07cda03c8f472dda6b648d1016e1812f885fb111240198cc552078c1dc","sha512":"eab372f78eeff0e29414675441150d9605fc72bf6175b5a1b545d51859fae5c73974e36fbe6433e3c9af962529ecec8029229eab817d642cc9fb6024267fd4e4","ssdeep":"1536:GFotu/ugr5Gu9rRKiOOv85oNXxAnDGi6yJlAV1nVeH:GFotrI39rIbORNB+DGi6eAV+H","tlshash":"6d530237b4039123d63b69b96d1773888b436e7043995dac8b8d99d6f5cb42fe42a600","first_seen":"2025-10-14T16:36:12.347086Z","last_seen":"2026-03-28T20:55:35.541417Z","times_seen":78,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/light4.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/light4.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51265\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-c841\"\r\nexpires: Tue, 25 Nov 2025 20:54:11 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51265,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"768e563d81e39e70285d59f999638363","sha1":"1bcecda191488555890a2a4e914af34ea2579d91","sha256":"3b1487e46ed21fdae9bdfc8f5c6a369219b1a350ec9cb153b69e0d09c353ad11","sha512":"517f68c52fb1c1bb8fea7f0d4bb81aa3c1cdb87494496451e85da4cd7b779a35518863631dd92f70d365b0474f6abbd7301fce85e708e9865478e5d0d1925e35","ssdeep":"1536:SvtTjPn9INXSP9ThcmuIBTvSTG/7qaWJATa7oW:6TjPPVTZHBTqTO7Pta7oW","tlshash":"8133013c03154b99f13d2f34ab529e587616e5cb2b1b2e483dcb2704cdbedce8a15622","first_seen":"2025-10-14T16:36:12.356536Z","last_seen":"2026-03-28T20:55:35.506598Z","times_seen":78,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"abr.auto-ads3.site/c/a56f3ff8a19cc417?SUB_ID_SHORT=5b54c0c5d1300283e7bc63d295590704\u0026COST_CPC=0.002650\u0026PLACEMENT_ID=27646419\u0026CAMPAIGN_ID=1328349\u0026PUBLISHER_ID=2740910\u0026COUNTRY_CODE=NO\u0026USER_CITY=Oslo\u0026REMOTE_LANGUAGE_CODE=en\u0026BANNER_ID=3554351\u0026USER_OS=Windows\u0026USER_OS_VER=10.0\u0026USER_CARRIER=Blix%20Solutions\u0026DEVICE_BRAND=Unknown\u0026ZONE_ID=5013425","fqdn":"abr.auto-ads3.site","domain":"auto-ads3.site","tld":"site"},"ip":{"addr":"52.17.88.125","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:54:08.301Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /c/a56f3ff8a19cc417?SUB_ID_SHORT=5b54c0c5d1300283e7bc63d295590704\u0026COST_CPC=0.002650\u0026PLACEMENT_ID=27646419\u0026CAMPAIGN_ID=1328349\u0026PUBLISHER_ID=2740910\u0026COUNTRY_CODE=NO\u0026USER_CITY=Oslo\u0026REMOTE_LANGUAGE_CODE=en\u0026BANNER_ID=3554351\u0026USER_OS=Windows\u0026USER_OS_VER=10.0\u0026USER_CARRIER=Blix%20Solutions\u0026DEVICE_BRAND=Unknown\u0026ZONE_ID=5013425 HTTP/1.1\r\nHost: abr.auto-ads3.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.effectivegatecpm.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sun, 26 Oct 2025 20:54:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 165\r\nlocation: https://ads-nature.site?aref=https%3A%2F%2Fabr.auto-ads3.site%2Fsite%2Fredirectpage%3Fsid%3D296937%26hv%3Duundt68fe8a700007c227%26hid%3D831241\r\nset-cookie: unique_id=68fe8a7100091bf0; Path=/; Expires=Thu, 25 Dec 2025 20:54:09 GMT; Secure; SameSite=None\nunique_id2=68fe8a7100092017; Path=/; Expires=Sat, 24 Jan 2026 20:54:09 GMT; Secure; SameSite=None\nimpression=; Path=/; Expires=Sun, 26 Oct 2025 20:54:09 GMT; Secure; SameSite=None\nvid_self_hosted=uundt68fe8a700007c227; Path=/; Expires=Thu, 25 Dec 2025 20:54:09 GMT; Secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"abr.auto-ads3.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"abr.auto-ads3.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","date":"2025-10-26T20:54:07.656Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.effectivegatecpm.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/favicon.ico","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.effectivegatecpm.com/w65km1f6?key=bd23f29c9c21f464dde4daeda65cfcb2","date":"2025-10-26T20:54:07.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/api/users?token=L3c2NWttMWY2P2tleT0yMDFmYzIzYzdlY2EwOWQ1Y2FkOWNiYjQ2N2E2YTk0MiZzdWJtZXRyaWM9Mjc2NDY0MTk\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzY0NjQxOSwiayI6ImJkMjNmMjljOWMyMWY0NjRkZGU0ZGFlZGE2NWNmY2IyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MDEzNDI1LCJwaWQiOjI3NDA5MTAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MzEsImFpZCI6MjgsInB0Ijo0LCJwayI6Inc2NWttMWY2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.NMsIFDhLnm5rVGYH08aJ8_dSSZ1OfyL9ne5sWKjCBXQ; cjs=t\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/default3.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/default3.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 50382\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-c4ce\"\r\nexpires: Tue, 25 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50382,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"11fb57b0175109f883c8b26af168476c","sha1":"1fd40f27fdf04daac785b85f95164a1ccbcfd687","sha256":"3a641bd1f8d6ca8a855068130e3117a531c2612b6729adef0018a974ef11ca91","sha512":"064430fb05581bc582b42a751e6145015b2c38d4bd86d448c727143beb8c7362770074a457e5d5f726324084f85eb2d4e3bb19d19603543787dba21b52aa1a58","ssdeep":"1536:0ihXl8Lq8+g45iQKsH3lBTj6j+wRgCFnEf5JS:JXWgg897H3l56jjRgCFnEf5JS","tlshash":"2533f16f3e71d0b4f3de7d75e93a5212319ee7b40a851ecb4139a932d6f2ad8640c284","first_seen":"2025-10-14T16:36:12.323364Z","last_seen":"2026-03-28T20:55:35.498725Z","times_seen":78,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/translates.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/js/translates.js HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee11-7ec4\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32452,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1097ed084d28f8759d495a5efe3c073c","sha1":"9ac4b753e2defe2247b42cc1f5d0d33a5aec824f","sha256":"38d59a11db37357921e42148662a540a39f2618f4cc3458bbfc782601ae14ec1","sha512":"47c5e1057b57722cebdd721609c0223042f192637cf9b49836a0b89c37501622c8e09d3ec0a28aaae0aeda4663a7b4ea80024436bca89af351715f483f3b00ac","ssdeep":"384:PiQdrExkJZG0VKwkcBMG87xe8Gn/d6REd+vyGMAeqGYFHC2e0j3m8Q8UdaB7j3ul:HEeZGikjnGl6cJGYqGOhe/J2fuwJejB","tlshash":"c9e2384570a923a4c470e317b1443422a65a8b2f7f5afed87b0991143f9da3f49fa1ce","first_seen":"2025-10-14T16:36:12.379895Z","last_seen":"2026-03-28T20:55:35.529884Z","times_seen":78,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:34:07 GMT","end":"Wed, 24 Dec 2025 14:34:06 GMT"},"fingerprint":{"sha1":"CE:D7:82:8C:04:B0:E5:F9:3B:52:AC:E2:75:72:A1:31:F8:D2:42:D4","sha256":"B8:54:E9:B3:89:59:D3:D4:18:71:52:99:FF:BB:D7:4C:BF:09:4A:EE:50:59:19:40:A0:6E:17:ED:80:73:3B:22"}}},"request":{"raw":"GET /s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ads-nature.site\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 72964\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Oct 2025 17:50:50 GMT\r\nexpires: Thu, 22 Oct 2026 17:50:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 356601\r\nlast-modified: Tue, 09 Sep 2025 18:33:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":72964,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 72964, version 1.0","md5":"91247c94dcda6ff52b445d71d6bbfb81","sha1":"ad2f62363ed047b430b91f32afa31df51fcd7c5e","sha256":"6a3c3e024b31eeacbf1f19c3c7be78612d91c623186f64035a50038241dad4f9","sha512":"a12dcac84e9f9ae02df3aabe29d76994281cd1005edca471194605cfcd6a0456eec872fd28c63c72ae124804d0b47d8377048caae49c40b0a18b5d6be4d6213f","ssdeep":"768:zbw+rLBkMxbCkupj4Y69/Yr71+j9pWiKahMM6+AWEqXB0oGuNGku+QCcIKE205C7:zbw+iwuS/iZWeaO1zP1/9Esvf8fXnm1","tlshash":"8f6302244e3c50c2a54d33aa286940f6f6e79c75b2b79ba4a69c589cd410f329cdfdc4","first_seen":"2025-05-29T18:51:13.223047Z","last_seen":"2026-04-06T10:02:19.531665Z","times_seen":18721,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":120,"dns":1,"connect":28,"send":0,"wait":29,"receive":50,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T20:54:10.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ads-nature.site/challenge.html\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/8.3.20\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:8.3.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10683,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (417)","md5":"8ae97fa21e61bee688c70de23d7947c4","sha1":"aa8eab3368c4a76ad241cf7e2c2a4889eded2381","sha256":"e4b3dc9b92323d3b95250319a14c9d032b2d0bd2b5c3d35f8253f18f7c2f2c49","sha512":"a56163608410998c4372370441b92d758a5511c184bf4c7ffe9811203b70ed63aa3d4046d5398ef4b10da1c811ea45a1a3e0c640c9f6a80150a894142022a877","ssdeep":"192:mZsWfmoxiQVa/qNbaarg4vdUoej9BsDarg4vdUPDb8DH/F2xM:mZsWf7xiQw/qDdQVd6M","tlshash":"0a22f77c5c95a1b749a391ad25beafc93cf9810b5501ec05b0ec96990f80fca8817eda","first_seen":"2025-10-26T20:54:36.294411Z","last_seen":"2025-10-26T20:54:36.294411Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/css/reset.css","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/css/reset.css HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 24 Oct 2025 03:10:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee0f-59b\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1435,"size_decoded":0,"mime_type":"text/css","magic":"CSV ASCII text","md5":"a0c10bcab0437bc0539cab97e8a00ec9","sha1":"381804c0ec398ebe7895391f65020d879214fd59","sha256":"88086dc5f0408e298d7fe3bf2e9cdac979c23be99d180810e23c384f24e0876d","sha512":"818a7ea45e2b6497a7523d52832e13c446fc8016d13cdfd7ed66394a28aa53cb8f827b885b92a955a461e57ebd37c777edf758285719ece957298ee99fedec0c","ssdeep":"","tlshash":"ee2162b41b70988d8131c8e9b65a6b18b36481375e49bcf88efa9c2dc748110b4d3a9e","first_seen":"2025-09-26T18:30:50.952433Z","last_seen":"2026-03-28T20:55:35.530687Z","times_seen":81,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/css/style.css","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/css/style.css HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 24 Oct 2025 03:10:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee0f-1962\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6498,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7a147d9be54aa2c07cb7c4539d02f2f2","sha1":"c1c3c8df4d427279ee39f796033dbde436beda75","sha256":"748a980a69c4cd2abee023065e5967bdc1ad8b72b52c7665496dfe61cbf92740","sha512":"8b9c8a0c6840f1ffabeef8113f70c734814cced03996c4c134a4b2fa27a2bee89d5d9e0fa6fd06df272979766c8bee1abe19e851a0c84abb83309c026f7923dd","ssdeep":"192:f3gZAoY0BEqSPHrzWMsAXX4DxfvDu6T7afYMQx:f9oR2qSPHrYkIZvDkc","tlshash":"77d162e26b78220cb517d1b839526f2e33788002920fed3c6fe5306c8fc95d985a3799","first_seen":"2025-10-14T16:36:12.32957Z","last_seen":"2025-12-11T21:42:40.436849Z","times_seen":38,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/default1.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/default1.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 43411\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-a993\"\r\nexpires: Tue, 25 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43411,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"3934a01c59ee3539e7573ebdc5ec19e3","sha1":"706fd45befbd58cf2674e733eb525f206c054b2f","sha256":"a1d72f4e7bff2b80a7d6dcbcb4db6a708ee259e551f2a9ca067ea165dd937f3f","sha512":"7619d56ae0c7f1748a8f83c8fe053cc098d614b243f8d6c3db543fd51491f1ef3d01df39d064051e0f9b5494d653bfb49bfeabe8ea0f9324301b6485afbec60f","ssdeep":"768:CN/D3f9oMsgDz9D4ULj4isCYSooM2MnvvFheK2yR/a76C4RYcSqBkEm6p:0rf9nx14/gYFtvB2F7p43Bk9q","tlshash":"df13f197f22a5ba3ed1532397822034d13fa3a1470ea9e7865db0a41dc007ff5dd5998","first_seen":"2025-10-14T16:36:12.362583Z","last_seen":"2026-03-28T20:55:35.494263Z","times_seen":78,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/jquery.min.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/js/jquery.min.js HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee11-1fcaa\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":130218,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (697), with CRLF line terminators","md5":"ff60aea44632d5a86b71e57863818da8","sha1":"3d6f6d96d9efc32830fd7412df0b6036ea8010f2","sha256":"b68485ecc11c395a9906957800dbcd72217edd5481113a57b4a9ee7233e1c036","sha512":"313ce9c74b095f964307072c167af6e38368d871c0bbcf8c3077764a78bf8256c78a0557a0333e95841b51b7397ecd8a2e4a7411b7b49bae5b281b98e6ac2f61","ssdeep":"1536:1NE13755B+Jo6iXRDtp63gHe4wTgjYvh4K3mgppUDY/47OiVXZUDDYP5Hna98Hrw:GbTO93mipBSIDO5Hna98Hrw","tlshash":"ced3b6c9b9d274929673b8ac8aab9009fc77445b74088f50b85cd5e03fb095950bbfec","first_seen":"2025-09-26T18:30:50.958304Z","last_seen":"2026-03-28T20:55:35.501033Z","times_seen":81,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/scripts.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/js/scripts.js HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee11-103\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":259,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"a6c619e777f5ad0ddaa0ef632482a603","sha1":"544713203dbe87eade4827b48b1f218c0e543487","sha256":"e6b78c91a877bcb5165279837ee185dcfe61eb40586ef5aa3cc4466ea25de26c","sha512":"61b1426fa0c8b8d69d553453cd665eb8600e61b9074e2433e8985fe20c07b7857aa1ea00a1c4f5167ad47209d43f3ba95a8df92bc6f5b89407dcee6db320e410","ssdeep":"","tlshash":"c3d0a7487218a9b100bf72be8336c5c45c3e26e6c1856710f4de4a860f6005c3a73d9f","first_seen":"2025-09-26T18:30:50.947344Z","last_seen":"2026-03-28T20:55:35.576975Z","times_seen":80,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/js/ab-guard.js","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/js/ab-guard.js HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68faee11-13af\"\r\nexpires: Sun, 02 Nov 2025 20:54:10 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5039,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (933)","md5":"e4726e6784e9a6a7678c7f54a88d6844","sha1":"9697bcc5ad069a48f47d72568e85ba679f91c41c","sha256":"fb6e58e4b1831205956b7fbd1118124c107ac7194fdc09648ba0329920d13e98","sha512":"c6224673dd997d6274e00c380b493f361e439ed6ab701f2b883685bc88b92bd1d0436320bb9229eb69db63d111b17f22492970aff7cb1a4f52199ddfeefcf18a","ssdeep":"48:JVF1QCD6+dxqhOwVpbhcqaaK5pYj7ZRnb2SisC0Xcz8XzO45q7epgTiFd5+qkgrM:LF5AOwHu7aK52Hn9C0xsCpgeyjfg8HR","tlshash":"12a19675a220707b80fb059b3497a349383356483497bcd4debc4e414c1de6696bfdad","first_seen":"2025-09-26T18:30:50.963221Z","last_seen":"2025-11-05T12:01:20.692183Z","times_seen":26,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/light1.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/light1.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 49170\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-c012\"\r\nexpires: Tue, 25 Nov 2025 20:54:11 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49170,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3","md5":"04a57f3179c71804ca31e20ba2202510","sha1":"f31eaa66a9c5630d916dc705868a8aefbb9944f2","sha256":"946c24c6f6670ec4d8c1f2c6e987e39081a08cf83794116f28303f12f3297e2c","sha512":"4c8ddf82e4ab9ae953e0405373991f15a081eeb89aa42bc9a42fcda11a7d385c9b48a1c8002644d1ff336b2319149ebc09cdacdd0117d20737a98e96a9b81803","ssdeep":"1536:IB9qgxekFn2Cy+z1+DSFUmozFQlGKf57FLh8:ICgAWn2TIMSaNxQlGy5pLG","tlshash":"1a230113c326d134c63727b56131ce04e6a9af23a8aa6d479d94d3dbe431cb464b82ca","first_seen":"2025-10-14T16:36:12.383041Z","last_seen":"2026-03-28T20:55:35.542773Z","times_seen":78,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ads-nature.site/assets/images/light2.jpg","fqdn":"ads-nature.site","domain":"ads-nature.site","tld":"site"},"ip":{"addr":"45.130.41.147","port":443,"asn":198610,"as":"Beget LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:11.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ads-nature.site","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 11:46:42 GMT","end":"Mon, 19 Jan 2026 11:46:41 GMT"},"fingerprint":{"sha1":"A3:3B:69:0C:0A:BF:CC:D8:3C:5B:14:2E:7D:28:A4:CC:B1:5D:61:28","sha256":"E9:90:8F:8C:DC:1D:74:FF:27:2E:69:C8:79:18:C9:C5:E7:E6:6E:68:65:80:5F:BE:B1:16:57:33:13:E6:97:1C"}}},"request":{"raw":"GET /assets/images/light2.jpg HTTP/1.1\r\nHost: ads-nature.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=2ff57d03ec53c12d3910ca0596a5a105; js_proof=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx-reuseport/1.21.1\r\ndate: Sun, 26 Oct 2025 20:54:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 58718\r\nlast-modified: Fri, 24 Oct 2025 03:10:09 GMT\r\netag: \"68faee11-e55e\"\r\nexpires: Tue, 25 Nov 2025 20:54:11 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58718,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced","md5":"b4ec05e5832fa5fe53ef0eeb7165a848","sha1":"e3f2260c019434ebf75f950ac67d0222b17052ad","sha256":"d8f22b342c0f801874e22a0ef17c0dde0e7c2960cfbb4762e8907624ab211ee6","sha512":"8e0340d05cb3163a90c73afec1ca7d9f59d0054cc8bcb7581c6da0abbc3e490682a25842ecf6f2621a89a6409c805b334dfa7cad264e873f65c8ca4150251293","ssdeep":"1536:Hdb+7/x9bvbPvjJPcknufA3t/pJ7vZNL8rHe/i5CeQYVtou:Hg7/tPcknuf6tRjNAHceQq","tlshash":"f043026226555b3d4949c829720976d0218ab79436d2c1e21e32fe8df73b03fd17e3ba","first_seen":"2025-10-14T16:36:12.353426Z","last_seen":"2026-03-28T20:55:35.573746Z","times_seen":78,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-26","alert":"Sinkholed","trigger":"ads-nature.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:opsz,wght@14..32,100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ads-nature.site/","date":"2025-10-26T20:54:10.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:34:12 GMT","end":"Wed, 24 Dec 2025 14:34:11 GMT"},"fingerprint":{"sha1":"A8:1F:72:36:24:F2:F6:E0:7B:67:5F:39:3B:77:D6:8D:FC:AA:91:DF","sha256":"C0:8F:C7:95:96:3C:18:D4:60:5F:92:EC:FE:5D:AB:58:62:6D:05:D5:A1:3F:B1:EC:B0:88:5F:E3:9E:21:52:BF"}}},"request":{"raw":"GET /css2?family=Inter:opsz,wght@14..32,100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ads-nature.site/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 26 Oct 2025 20:54:10 GMT\r\ndate: Sun, 26 Oct 2025 20:54:10 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2436,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"c9029b9be7fdbe03f05037ced4f6e0a9","sha1":"7db0cbaefa01daa5d610eb32b72d6465ca756b26","sha256":"cd4aee9022eea9f99866bb02f849a83354973786f0a4db6457ab1f4c3d38f8e6","sha512":"80cc884b7c66a1f585854f617a10cf591a0c0bd8b0eb5e9696b655b7b74d12df2ec06ff9bcd6c73a02febadff3432e347d43b17ccaabd141a5d1ebbe93ba7bff","ssdeep":"","tlshash":"3141ac91006be504af431cda23df7e325d8e15466082d67eaffe1cc55cead22432878d","first_seen":"2025-09-12T02:44:04.635127Z","last_seen":"2026-04-06T08:48:01.425286Z","times_seen":1225,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":175,"dns":1,"connect":15,"send":0,"wait":34,"receive":0,"ssl":156},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}