{"report_id":"9f2e31c4-d5b6-4e03-b65c-7a3cdeda6c14","version":6,"status":"done","tags":[],"date":"2023-12-18T16:15:15Z","url":{"schema":"http","addr":"leaflat.com/mde/next.php","fqdn":"leaflat.com","domain":"leaflat.com","tld":"com"},"ip":{"addr":"89.46.108.15","port":0,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"final":{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"title":"Webmail - Login"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T07:28:03Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","ip":{"addr":"104.18.2.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2023-12-01 19:44:04","last_seen":"2023-12-04 06:18:08","alert_count":2,"request_count":2,"received_data":25682,"sent_data":1044,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21 19:28:02","last_seen":"2023-12-18 08:46:34","alert_count":0,"request_count":1,"received_data":30400,"sent_data":507,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.tsunamisports.org","ip":{"addr":"143.204.55.70","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":1006,"sent_data":920,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ik.imagekit.io","ip":{"addr":"52.85.242.23","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2016-01-17","domain_rank":30045,"first_seen":"2017-04-02 14:17:08","last_seen":"2023-12-17 15:00:40","alert_count":0,"request_count":1,"received_data":56005,"sent_data":510,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fac.corp.fortinet.com","ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"domain_registered":"2001-02-16","domain_rank":0,"first_seen":"2017-10-16 07:55:10","last_seen":"2023-12-18 04:49:14","alert_count":0,"request_count":1,"received_data":1388,"sent_data":524,"comment":"","tags":null,"fingerprints":null},{"fqdn":"firebasestorage.googleapis.com","ip":{"addr":"142.250.74.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":9937,"first_seen":"2017-01-30 03:42:50","last_seen":"2023-12-17 15:50:51","alert_count":0,"request_count":1,"received_data":1353,"sent_data":563,"comment":"","tags":null,"fingerprints":null},{"fqdn":"alphatrade-options.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-10-23","domain_rank":0,"first_seen":"2020-08-05 08:26:24","last_seen":"2023-12-18 06:01:55","alert_count":0,"request_count":1,"received_data":0,"sent_data":480,"comment":"","tags":null,"fingerprints":null},{"fqdn":"leaflat.com","ip":{"addr":"89.46.108.15","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":18829,"sent_data":492,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.leaflat.com","ip":{"addr":"89.46.108.15","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"domain_registered":"2017-06-05","domain_rank":0,"first_seen":"2023-11-08 01:56:33","last_seen":"2023-12-01 19:43:56","alert_count":1,"request_count":1,"received_data":273,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-18T16:14:49Z","timestamp":1702916089,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":43068,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2023-12-18T16:14:49.068050+0000\",\"flow_id\":1304731321120301,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.117\",\"src_port\":43068,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_15\"]}},\"http\":{\"hostname\":\"caresure.duckdns.org\",\"url\":\"/7edfd52220e2032e7281061c82401195/index.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":629,\"bytes_toclient\":116,\"start\":\"2023-12-18T16:10:20.603693+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.leaflat.com/mde/next.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.tsunamisports.org/mde/double.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.tsunamisports.org/mde/double.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}]},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T19:30:26.380819Z","times_seen":261062,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"0a18dbfb856e33fcea42e5a8db3458d0","sha1":"bf7f679ff888573c6855b41a5b19661badcebbfe","sha256":"3b5e8e9c897749a5b1360d449e0e0df9c2d01ea87cca28c9d93282e6570ced72","sha512":"da57682424adb84feab620359c3630bc4bef1010cc24628f6481159116754212192c0b60e120b7717a35012bf87da4183f3ae4eef3b7b9fcf1d87f9d4baf1714","ssdeep":"","tlshash":"04e04f4a9140246022f33826df123129b16344ef981be930350d93657f106af93739ca","size":348,"data":"","first_seen":"2023-03-07T01:12:06Z","last_seen":"2026-04-03T18:14:29.171886Z","times_seen":9279,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"8de43d95299adb386e3239d64f70b74d","sha1":"f8e16203a2044c02fa30440905fc3ee67accf978","sha256":"0f02b1d051b4dd6259e5dc0af3bbe08ed42194da8e0ec7baf16a231c482e6ee1","sha512":"1c505828b0498f8e8564f4e3673e7897531ceb46e92603b7d34e0218df525162ffac244d2d3ce4fab3b9d35e59392a7ed813cb83674ecbeca3eff67b6999f02a","ssdeep":"96:E4wOXkLSs2YxtO7D6DruRBmV+W8bMjN2ZbzFhRGJYx2I7PYqJryj+M8I9cPO:PdxYxtOjBnAjuhRGJY0I7PVJrC+M8I3","tlshash":"dbd14401ae80190703834e2bba176886f4478c4e3ede5988f1e47f54e595f37e49677b","size":6574,"data":"","first_seen":"2023-12-04T19:17:16Z","last_seen":"2024-08-20T16:47:33.500505Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"ec2ba18a3076b76b6add04aaa5fa7eda","sha1":"63b9c97f4181bcc20f0e4a6654260b91e889ebc6","sha256":"6a953c8be3244c0d910d6e538e0a9f13f4322e14cda76b95cfb2a1260c4ad252","sha512":"0e8628359aaf65c8e4f04e50714a3ac9821600f21dd8202c171280fb9ece71e0a9d2432231661f8f9f1f8f918dc7bfacd6b4ba4cbc1443392a5aab15b650c88b","ssdeep":"","tlshash":"2321a0592ea45dd023c26bd71e5620b9d726dc5af6904e0be00dfca23951915cd41e70","size":1251,"data":"","first_seen":"2023-03-07T01:12:06Z","last_seen":"2026-04-03T18:14:29.177274Z","times_seen":1402,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.leaflat.com/mde/next.php","fqdn":"www.leaflat.com","domain":"leaflat.com","tld":"com"},"ip":{"addr":"89.46.108.15","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-18T16:14:50.648Z","timestamp":1702916090648,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.leaflat.com","organization":""},"issuer":{"commonName":"Actalis Domain Validation Server CA G3","organization":"Actalis S.p.A."},"validity":{"start":"Thu, 28 Sep 2023 03:06:34 GMT","end":"Mon, 28 Oct 2024 03:06:33 GMT"},"fingerprint":{"sha1":"C8:F6:BA:FB:AC:09:CE:DA:FE:D0:DD:4B:24:86:D0:4C:99:41:E6:BB","sha256":"94:6B:EA:0E:7D:95:63:7C:BD:65:06:1E:55:F0:06:C6:19:AB:6D:18:40:0A:63:4F:CE:C3:D8:C5:F8:8E:57:F3"}}},"request":{"raw":"GET /mde/next.php HTTP/1.1\r\nHost: www.leaflat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: aruba-proxy\r\ndate: Mon, 18 Dec 2023 16:14:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: http://www.tsunamisports.org/mde/double.php\r\nx-servername: ipvsproxy136.ad.aruba.it\r\nx-aruba-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":1491,"timings":{"blocked":100,"dns":0,"connect":0,"send":0,"wait":1391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.leaflat.com/mde/next.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tsunamisports.org/mde/double.php","fqdn":"www.tsunamisports.org","domain":"tsunamisports.org","tld":"org"},"ip":{"addr":"143.204.55.70","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-18T16:14:52.244Z","timestamp":1702916092244,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsunamisports.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Feb 2023 00:00:00 GMT","end":"Sun, 24 Mar 2024 23:59:59 GMT"},"fingerprint":{"sha1":"15:AA:F5:C8:11:5F:9E:23:35:15:77:6B:BF:57:E1:5B:21:6A:04:D7","sha256":"FE:CA:F5:DB:A2:8A:DF:70:01:71:E0:12:7D:37:D6:5B:01:B0:13:52:87:B3:24:C6:E3:2B:52:00:B7:52:E6:54"}}},"request":{"raw":"GET /mde/double.php HTTP/1.1\r\nHost: www.tsunamisports.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: CloudFront\r\nDate: Mon, 18 Dec 2023 16:14:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 167\r\nConnection: keep-alive\r\nLocation: https://www.tsunamisports.org/mde/double.php\r\nX-Cache: Redirect from cloudfront\r\nVia: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)\r\nX-Amz-Cf-Pop: OSL50-C1\r\nX-Amz-Cf-Id: 0Qg8DzculkO7m57Rj-IrUv8Vkjmw7zoXqvAQ_lqHI7tATkS4kwrHzA==\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":167,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\n- HTML document text\n- HTML document, ASCII text, with CRLF line terminators","md5":"f5d40b7259645010f9a248858ad14178","sha1":"b3051d17a6ec8c9e166bf09a62b48261ab86957b","sha256":"7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d","sha512":"1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa","ssdeep":"","tlshash":"29c08cae6f022c88f8e73b38a1c36260e2ec80309299041112b00607f0cf0978ed23d2","first_seen":"2023-04-05T02:48:14Z","last_seen":"2025-08-07T12:04:07.743717Z","times_seen":5041,"resource_available":false,"data":null}},"time_used":830,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":776,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.tsunamisports.org/mde/double.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.tsunamisports.org/mde/double.php","fqdn":"www.tsunamisports.org","domain":"tsunamisports.org","tld":"org"},"ip":{"addr":"143.204.55.70","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-18T16:14:52.244Z","timestamp":1702916092244,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tsunamisports.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 24 Feb 2023 00:00:00 GMT","end":"Sun, 24 Mar 2024 23:59:59 GMT"},"fingerprint":{"sha1":"15:AA:F5:C8:11:5F:9E:23:35:15:77:6B:BF:57:E1:5B:21:6A:04:D7","sha256":"FE:CA:F5:DB:A2:8A:DF:70:01:71:E0:12:7D:37:D6:5B:01:B0:13:52:87:B3:24:C6:E3:2B:52:00:B7:52:E6:54"}}},"request":{"raw":"GET /mde/double.php HTTP/1.1\r\nHost: www.tsunamisports.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#\r\ndate: Mon, 18 Dec 2023 16:14:52 GMT\r\nserver: Apache\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: T9TZpInUp-xbT0Y7jfeYUEpUR3tgsAtLVzlt6e77TWJhZMdD6CpAeg==\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":830,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":776,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"www.tsunamisports.org/mde/double.php","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.2.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-18T16:14:53.436324715Z","timestamp":1702916093436,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /index2.html HTTP/1.1\r\nHost: pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 18 Dec 2023 16:14:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"34a50f67c3db9ec2a4d01696a3bb45f8\"\r\nLast-Modified: Wed, 22 Nov 2023 19:16:49 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8378b38c9c3cb50f-OSL\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":6438,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- exported SGML document text\n- assembler source, ASCII text, with very long lines (6568)","md5":"34a50f67c3db9ec2a4d01696a3bb45f8","sha1":"86a9cc74644603508cdd4f77bcf5571289ae7e82","sha256":"87bf1cd4faa6cffd305c5efd4c6ff9df135afae1ae12e80018fbf2c7e8088ec1","sha512":"e676be326570e9ef04b47f0424e2ce057379f967b077141466240b9e112dd6a62169015108a75deaf826df6562f4a5dab7f3be84f031b71f91c71eb1865fc03e","ssdeep":"384:h+RFYLaAyIFez79xYtO2ujGJYnL/rC+3IU2la8+TL14IHYzUChzcsM:h+RFcVyIFsEBujxrjIT9hlcP","tlshash":"0f82e7025de108021343896abf676545f563c807aa4bcd0cbaacaf54ef81f67d8637b9","first_seen":"2023-12-04T19:17:16Z","last_seen":"2024-08-20T16:47:33.496241Z","times_seen":6,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","date":"2023-12-18T16:14:53.769Z","timestamp":1702916093769,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 11 Jul 2023 00:00:00 GMT","end":"Sun, 14 Jul 2024 23:59:59 GMT"},"fingerprint":{"sha1":"D2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D","sha256":"B1:CA:3A:23:BA:70:1D:18:3F:EC:99:D7:BE:6D:B2:FD:66:5F:5C:A7:7D:7F:C1:FC:16:D1:FD:89:4B:CC:15:34"}}},"request":{"raw":"GET /jquery-2.2.4.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/\r\nOrigin: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-14e4a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Mon, 18 Dec 2023 16:14:53 GMT\r\nage: 8012293\r\nx-served-by: cache-lga21935-LGA, cache-hel1410028-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 5, 610322\r\nx-timer: S1702916094.617245,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 29811\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29811,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T19:30:26.380819Z","times_seen":261062,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":42,"dns":10,"connect":13,"send":0,"wait":13,"receive":8,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif","fqdn":"ik.imagekit.io","domain":"imagekit.io","tld":"io"},"ip":{"addr":"52.85.242.23","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","date":"2023-12-18T16:14:53.771Z","timestamp":1702916093771,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagekit.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 22 Feb 2023 00:00:00 GMT","end":"Fri, 22 Mar 2024 23:59:59 GMT"},"fingerprint":{"sha1":"62:93:E0:7F:B7:9F:A0:1F:1C:3C:D4:BB:48:74:B3:97:72:56:4E:48","sha256":"68:49:D6:C1:85:16:16:15:AF:3A:7C:C6:7C:9C:4B:68:8E:7C:91:B9:F7:B2:74:50:D8:82:66:95:6F:FE:7F:5F"}}},"request":{"raw":"GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1\r\nHost: ik.imagekit.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 55202\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: *\r\ntiming-allow-origin: *\r\nx-server: ImageKit.io\r\nx-request-id: 23d44343-1574-42ac-837a-5fcfa8305ebc\r\ncache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate\r\netag: \"d536d58ea2f4cfe5d5b734e7893fb09e\"\r\nlast-modified: Sat, 30 Sep 2023 20:37:26 GMT\r\ndate: Sun, 03 Dec 2023 21:51:58 GMT\r\nvia: 1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront), 1.1 fb13343f41a549822047f18ba839fd5a.cloudfront.net (CloudFront)\r\nvary: Accept\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: ARN1-C1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: NvPGzif82uyLOURb-5NlJCrcVrFMSVtzuKAMEe5NPR1ayDbd2kwiuQ==\r\nage: 1275775\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":55202,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200\n- data","md5":"d536d58ea2f4cfe5d5b734e7893fb09e","sha1":"77c5e9fcbb33eb9b6df808aa86f50e0542e5162f","sha256":"669c17cde38dd0ab9673de77a674c5b192e934399bbee3ebed65bd70b05bff5f","sha512":"69ce0df240c3a0ae4acff39de7b08aa9df3bd288179faaac501f59496934c4245b35d888d2424ed66a2c187e65380aa1ef9fa059ac89bb9057c468f3f5cbbbb0","ssdeep":"1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt","tlshash":"4c43af5ead4585f4c8e7def5a0df41d913851e24a0e81aa3483525ff1c162eee2cceb2","first_seen":"2023-10-13T13:16:05Z","last_seen":"2025-04-13T07:20:18.542177Z","times_seen":5895,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":74,"dns":50,"connect":9,"send":0,"wait":14,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/","fqdn":"fac.corp.fortinet.com","domain":"fortinet.com","tld":"com"},"ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","date":"2023-12-18T16:14:53.899Z","timestamp":1702916093899,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fac.corp.fortinet.com","organization":"Fortinet, Inc."},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 28 Feb 2023 00:00:00 GMT","end":"Tue, 27 Feb 2024 23:59:59 GMT"},"fingerprint":{"sha1":"4A:B3:F0:6D:9C:CE:91:84:53:8A:54:6B:E8:3D:79:B9:BA:91:D7:BF","sha256":"E7:3D:40:54:29:6B:5F:D3:62:DD:11:2F:7E:BB:0A:A9:27:05:24:9E:D7:2E:0A:46:A6:50:B5:3F:84:C4:80:7F"}}},"request":{"raw":"GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1\r\nHost: fac.corp.fortinet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 18 Dec 2023 16:14:54 GMT\r\nContent-Length: 1050\r\nX-Frame-Options: SAMEORIGIN\r\nVary: Accept-Encoding\r\nContent-Language: en\r\nCache-Control: public, max-age=31536000\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1050,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\n- data","md5":"e27fe5fe535635717b432c5324ffb11f","sha1":"605f5da6062b05844c7a979ebfcdd6244ebcd88e","sha256":"3a0ba58278b6c2cd541d34a718480c79bd75441e94499280553b192559815db4","sha512":"bd53a5e93eb4d021abce11a412a491095d56a3ec4cd1e22250c945a865b8c2f478daee84fba9f8316efeaf06b940523ceeb12af91335b2ee47cf1f1719caa4d1","ssdeep":"","tlshash":"1211b5d0c34aaefca42af17fe75ea026186a0091b37b625d7e58d514332b481a144697","first_seen":"2023-05-01T15:43:09Z","last_seen":"2024-08-21T09:42:24.975293Z","times_seen":5478,"resource_available":false,"data":null}},"time_used":962,"timings":{"blocked":406,"dns":3,"connect":144,"send":0,"wait":149,"receive":1,"ssl":257},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media\u0026token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3","fqdn":"firebasestorage.googleapis.com","domain":"firebasestorage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","date":"2023-12-18T16:14:54.054Z","timestamp":1702916094054,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 20 Nov 2023 08:08:50 GMT","end":"Mon, 12 Feb 2024 08:08:49 GMT"},"fingerprint":{"sha1":"10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC","sha256":"BC:5E:71:C1:5A:A5:DD:67:BF:ED:14:DB:1C:4E:F2:8E:5E:BE:D7:9A:F9:1F:7A:64:C7:3C:9B:ED:83:B2:8C:95"}}},"request":{"raw":"GET /v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media\u0026token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3 HTTP/1.1\r\nHost: firebasestorage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: ABPtcPp6p2JCA01Dxh92Za0TfIwh19_TTGbYxriL4kjBs9IFM-ylp1Hv_L2JZ56GrVCFplC67nALw0mmqQ\r\nexpires: Mon, 18 Dec 2023 16:14:54 GMT\r\ndate: Mon, 18 Dec 2023 16:14:54 GMT\r\ncache-control: private, max-age=0\r\nlast-modified: Mon, 01 Nov 2021 22:20:02 GMT\r\netag: \"3ca64f83fdcf25135d87e08af65e68c9\"\r\nx-goog-generation: 1635805202317844\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 492\r\nx-goog-meta-firebasestoragedownloadtokens: 805fb0ef-a2d9-4a7f-85e6-d68384e166e3\r\ncontent-type: image/png\r\ncontent-disposition: inline; filename*=utf-8''favicons.png\r\nx-goog-hash: crc32c=8ZCI3A==, md5=PKZPg/3PJRNdh+CK9l5oyQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 492\r\nserver: UploadServer\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":492,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\n- data","md5":"3ca64f83fdcf25135d87e08af65e68c9","sha1":"b82d0979d555bd137b33c15021129e06cbeea59a","sha256":"2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947","sha512":"7675a8c4e6146e62dda019340ef95e477aa3d14364b5a773114ea1110c38233f5d8d9b08f6c83bf7664b33695aac7254b25d727a15ea6a9ded2ec9d1ea07dc0e","ssdeep":"","tlshash":"d9f05453331d749ac78be5007052334e6c019194a0e9204b553998f6024f68d3e63adf","first_seen":"2023-04-15T07:55:15Z","last_seen":"2026-04-01T06:36:26.174423Z","times_seen":2645,"resource_available":false,"data":null}},"time_used":616,"timings":{"blocked":31,"dns":21,"connect":8,"send":0,"wait":532,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alphatrade-options.com/git/rand/favicon.png","fqdn":"alphatrade-options.com","domain":"alphatrade-options.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html#","date":"2023-12-18T16:14:54.056Z","timestamp":1702916094056,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /git/rand/favicon.png HTTP/1.1\r\nHost: alphatrade-options.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"leaflat.com/mde/next.php","fqdn":"leaflat.com","domain":"leaflat.com","tld":"com"},"ip":{"addr":"89.46.108.15","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-18T16:14:50.452Z","timestamp":1702916090452,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.leaflat.com","organization":""},"issuer":{"commonName":"Actalis Domain Validation Server CA G3","organization":"Actalis S.p.A."},"validity":{"start":"Thu, 28 Sep 2023 03:06:34 GMT","end":"Mon, 28 Oct 2024 03:06:33 GMT"},"fingerprint":{"sha1":"C8:F6:BA:FB:AC:09:CE:DA:FE:D0:DD:4B:24:86:D0:4C:99:41:E6:BB","sha256":"94:6B:EA:0E:7D:95:63:7C:BD:65:06:1E:55:F0:06:C6:19:AB:6D:18:40:0A:63:4F:CE:C3:D8:C5:F8:8E:57:F3"}}},"request":{"raw":"GET /mde/next.php HTTP/1.1\r\nHost: leaflat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: aruba-proxy\r\ndate: Mon, 18 Dec 2023 16:14:50 GMT\r\ncontent-type: text/html\r\nlocation: https://www.leaflat.com/mde/next.php\r\nx-servername: ipvsproxy136.ad.aruba.it\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":18606,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":107,"dns":0,"connect":42,"send":0,"wait":48,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","fqdn":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","domain":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.2.35","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-18T16:14:53.051Z","timestamp":1702916093051,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 Dec 2023 16:41:44 GMT","end":"Fri, 08 Mar 2024 16:41:43 GMT"},"fingerprint":{"sha1":"4F:76:7B:87:A0:AD:97:E8:F7:6F:90:89:C3:5D:51:AC:FD:EA:F4:F9","sha256":"41:EA:6B:04:C9:33:BD:19:FC:9A:F8:D6:AB:B1:69:B0:E2:B2:D0:5B:8B:74:CF:19:8C:F9:CF:3F:5B:33:C2:26"}}},"request":{"raw":"GET /index2.html HTTP/1.1\r\nHost: pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 18 Dec 2023 16:14:53 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"34a50f67c3db9ec2a4d01696a3bb45f8\"\r\nLast-Modified: Wed, 22 Nov 2023 19:16:49 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8378b38c9c3cb50f-OSL\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18606,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- HTML document text\n- exported SGML document text\n- assembler source, ASCII text, with very long lines (6568)","md5":"34a50f67c3db9ec2a4d01696a3bb45f8","sha1":"86a9cc74644603508cdd4f77bcf5571289ae7e82","sha256":"87bf1cd4faa6cffd305c5efd4c6ff9df135afae1ae12e80018fbf2c7e8088ec1","sha512":"e676be326570e9ef04b47f0424e2ce057379f967b077141466240b9e112dd6a62169015108a75deaf826df6562f4a5dab7f3be84f031b71f91c71eb1865fc03e","ssdeep":"384:h+RFYLaAyIFez79xYtO2ujGJYnL/rC+3IU2la8+TL14IHYzUChzcsM:h+RFcVyIFsEBujxrjIT9hlcP","tlshash":"0f82e7025de108021343896abf676545f563c807aa4bcd0cbaacaf54ef81f67d8637b9","first_seen":"2023-12-04T19:17:16Z","last_seen":"2024-08-20T16:47:33.496241Z","times_seen":6,"resource_available":false,"data":null}},"time_used":414,"timings":{"blocked":41,"dns":11,"connect":7,"send":0,"wait":331,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2023-12-17","alert":"Generic/Spear Phishing","trigger":"pub-26eda52f8f294f3f8a65556716c2c32d.r2.dev/index2.html","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":null}}]}