{"report_id":"01b36b32-10e0-405e-9137-9864ea94027a","version":0,"status":"done","tags":["swisscom","telecom","phishing"],"date":"2026-06-10T13:08:08Z","url":{"schema":"http","addr":"abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":0,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"title":"Swisscom Login","dom":{"size":12657,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9266a9b992a53af9f614ad6843d09fb6","sha1":"7e1249f60075be5b749fa539f5a31c6874b49011","sha256":"9ce242195d5fb14f63bde9f247aa86fd25dfacece960f6ac08f2658da2246b1a","sha512":"76fd356a434fb918c3009e3ed893f982ddae9bc029a99d4b7f3e28259083de4dcae1c3dfa83bb7b56bf6a5571123d8c387331e68f29b0782c3a22c35d4726a3a","ssdeep":"192:wacyMpBBfhaBfgbtBfVjmiKHB+gJX+sFwr4BaOqseDf6oG7LLqFn85nd/sL3Xb8w:wY3FFt7+ESc60/lU","tlshash":"a34283a965630801b517d5a86ff78706236cc403900fcd7c7bec638c8f5a6d9aa62bdd","dom_hash":"domhash2e62383a40669f5826218ddbe106919a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":0,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-15T13:08:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null}]},"summary":[{"fqdn":"abdel505-001-site1.ltempurl.com","ip":{"addr":"204.188.228.6","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"domain_registered":"2024-01-20","domain_rank":0,"first_seen":"2026-06-10T10:03:15.596523Z","last_seen":"2026-06-10T10:03:16.196003Z","alert_count":12,"request_count":3,"received_data":46237,"sent_data":1846,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:8.3.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-07T22:40:26.930816Z","alert_count":0,"request_count":1,"received_data":90192,"sent_data":540,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"295bf532d5ea6bb3b30e171134ca5cea","sha1":"92059b9bb4f6eb926d2f8e7a64345facec324928","sha256":"23b71bb76d376db92ac625886612d8d7cab8c4558edfeb514939a52e05b4af01","sha512":"882f8f76c4f932cfccb79aa4d799f5485abfc03c079a8f4e42b31386166bddccd12ea40306fd6a166fad02bb3a12648f5198315acd78cfc007700140cddb62eb","ssdeep":"","tlshash":"e331b1b531a61d3009f2eab567ee01457576d00324478d007a7dc75d2f6ae822e71fe7","size":1633,"data":"","first_seen":"2026-06-10T10:03:16.790401Z","last_seen":"2026-06-10T13:08:08.757393Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-10T13:07:43.987Z","timestamp":1781096863987,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abdel505-001-site1.ltempurl.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 19:36:57 GMT","end":"Sat, 15 Aug 2026 19:36:56 GMT"},"fingerprint":{"sha1":"E2:EE:A4:B6:29:B8:D8:64:1E:64:DB:27:33:FC:CF:14:1D:8C:8F:51","sha256":"1A:6C:E6:ED:19:D8:A5:3B:83:7E:48:D4:B9:A1:7D:C7:E8:4C:D4:01:E9:01:D7:14:D6:93:92:D0:C3:82:47:61"}}},"request":{"raw":"GET /swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b HTTP/1.1\r\nHost: abdel505-001-site1.ltempurl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: br\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nset-cookie: PHPSESSID=9va0g16t78drmm4aio4hg2mkqr; path=/\r\nx-powered-by: PHP/8.3.28, ASP.NET\r\ndate: Wed, 10 Jun 2026 13:07:44 GMT\r\ncontent-length: 3146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:8.3.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":13034,"size_decoded":3556,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"058aa1e5f52c6359749177129801232e","sha1":"c3f65203f493b6faf99112e884a78f3f4f65d8e4","sha256":"645be78d366fab2b31834d227213cfa088d024aa54af483641e65bac2fc9e554","sha512":"a7de102d912adc08b2c091fa0db2588726f6c5a490014ceb410bacfd51e6c0adb51981b4755566904b687acbe6a59135774de251895c74bae94183ec6fb0ac24","ssdeep":"192:CacyMpBBfhaBfgbtBfVjmiKHB+gJX+sFwr4BaOqseDf6oG7LLqFn85nd/sL3Xb87:CY3FFt7+zSc60/lU","tlshash":"ab4273a925630801b517d5a86ff78707236cd403900fcd7c7bec638c8f5a799aa62b9d","first_seen":"2025-10-20T06:18:06.35542Z","last_seen":"2026-06-10T13:08:08.754558Z","times_seen":57,"resource_available":true,"data":null}},"time_used":1264,"timings":{"blocked":-1,"dns":274,"connect":109,"send":0,"wait":112,"receive":0,"ssl":768},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","date":"2026-06-10T13:07:45.741Z","timestamp":1781096865741,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://abdel505-001-site1.ltempurl.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Wed, 10 Jun 2026 13:07:45 GMT\r\ncontent-type: text/css; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 415087\r\nexpires: Mon, 31 May 2027 13:07:45 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qGVEV7yQn51oyK7Ek3XM2pOKlyfpsILPuQM6oTAP1vWqY72GL%2BrH2Q%2BrbJdZ0hjQfYdvhe6jSjqfRWF64pzePgJiEj03ncTXGRTq556c0s5j28mqN8ouRWb6U6hz5GABdpXtnURt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a09899d2feb6568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89220,"size_decoded":16220,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65317)","md5":"dfb8fc36e102730fddf78b5494eb0035","sha1":"b513d9a39af2ee145f12c1ba03f9982960c47029","sha256":"8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e","sha512":"f6eb006b5d0844ed078689e9c80215a63af294fbe80f088f52229d5a4e6ddcfca8958d5c39de03484d066beae2e00b93ae83d1e5a42f5d4f710baa8e3e7cc57a","ssdeep":"1536:iUMVM6MVMkMVM9MVMNMVMispxd1zJJ29Nll3IV7UHsR+z:Dd1NY95IV7UMR+z","tlshash":"8a93a9e9e04c05d56732c44baf99b37ca5b6f73cd5810da9f02f580c19d26a822c6f7a","first_seen":"2023-04-06T16:57:15Z","last_seen":"2026-06-25T15:01:30.573278Z","times_seen":12019,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":3,"connect":15,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"abdel505-001-site1.ltempurl.com/swsscom/assets/images/fjhkhjkfwf.png","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","date":"2026-06-10T13:07:45.749Z","timestamp":1781096865749,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abdel505-001-site1.ltempurl.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 19:36:57 GMT","end":"Sat, 15 Aug 2026 19:36:56 GMT"},"fingerprint":{"sha1":"E2:EE:A4:B6:29:B8:D8:64:1E:64:DB:27:33:FC:CF:14:1D:8C:8F:51","sha256":"1A:6C:E6:ED:19:D8:A5:3B:83:7E:48:D4:B9:A1:7D:C7:E8:4C:D4:01:E9:01:D7:14:D6:93:92:D0:C3:82:47:61"}}},"request":{"raw":"GET /swsscom/assets/images/fjhkhjkfwf.png HTTP/1.1\r\nHost: abdel505-001-site1.ltempurl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b\r\nCookie: PHPSESSID=9va0g16t78drmm4aio4hg2mkqr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: max-age=31536000\r\ncontent-type: image/png\r\nlast-modified: Wed, 15 Oct 2025 16:09:38 GMT\r\naccept-ranges: bytes\r\netag: \"0cd121bee3ddc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Wed, 10 Jun 2026 13:07:44 GMT\r\ncontent-length: 31080\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":31080,"size_decoded":31378,"mime_type":"image/png","magic":"PNG image data, 658 x 169, 8-bit/color RGBA, non-interlaced","md5":"0374965d5ba5f16b9eaaa6c6162b2aba","sha1":"2965725ec42940885b9923c74f8600ccda8d08f4","sha256":"5834b0280b63f25fdc4eb09317696a1851ec4e3e7b17b12e8c54e16ecb136ace","sha512":"a32c87aa43fc8eb181ac0e0710da16cf63c35c32c76ccefdf0d613bd586cab5e58625815736d9dae7a7cb09b657b833cf16b54d5881aabb717fc09014d1f6c12","ssdeep":"768:MKFoa6zi+gvIfGut9UycTmkH6KTDeDdgWOUmxw21:THBv4GutrXrKiIU321","tlshash":"43d2d023dca44c26cf99b4b2d917a844f70684c79a00b43eb76f27725f7418b9093bd2","first_seen":"2023-05-04T14:43:14Z","last_seen":"2026-06-10T13:08:08.756067Z","times_seen":1072,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":218,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"abdel505-001-site1.ltempurl.com/favicon.ico","fqdn":"abdel505-001-site1.ltempurl.com","domain":"ltempurl.com","tld":"com"},"ip":{"addr":"204.188.228.6","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b","date":"2026-06-10T13:07:45.929Z","timestamp":1781096865929,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"abdel505-001-site1.ltempurl.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 19:36:57 GMT","end":"Sat, 15 Aug 2026 19:36:56 GMT"},"fingerprint":{"sha1":"E2:EE:A4:B6:29:B8:D8:64:1E:64:DB:27:33:FC:CF:14:1D:8C:8F:51","sha256":"1A:6C:E6:ED:19:D8:A5:3B:83:7E:48:D4:B9:A1:7D:C7:E8:4C:D4:01:E9:01:D7:14:D6:93:92:D0:C3:82:47:61"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: abdel505-001-site1.ltempurl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://abdel505-001-site1.ltempurl.com/swsscom/Login.php?57ff375152bfdd9ea1093e2ce512bd3b\r\nCookie: PHPSESSID=9va0g16t78drmm4aio4hg2mkqr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncontent-type: text/html\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Wed, 10 Jun 2026 13:07:45 GMT\r\ncontent-length: 1245\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":1245,"size_decoded":1415,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-06-25T15:10:37.393927Z","times_seen":61157,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-10","alert":"Sinkholed","trigger":"abdel505-001-site1.ltempurl.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Swisscom","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Swisscom phishing","tags":["swisscom","telecom","phishing"],"meta":null}]}}]}