{"report_id":"0de8c3ed-a40b-4c05-9391-07b6083d6461","version":6,"status":"done","tags":[],"date":"2026-03-14T12:46:50Z","url":{"schema":"http","addr":"santstest.live","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"santstest.live/","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"title":"Sants","dom":{"size":13785,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"26f5a32a31f0fed1ecf5d21c45b83cde","sha1":"3fe043472501bdd918413104a4ebc226c2335f4d","sha256":"cfbe9e30cb5e623db6568f9a25f892d1c52d182688f29cdbf6f0315d3b1930c6","sha512":"08021bc7e3d9912426b8ca00db2ede452cdf7cc7d0703094948d6e98d38c4457617c73eaa1e06210a93de62f532871a04fecb23fba90e56e8f017f2d70ec71a2","ssdeep":"192:BrLZJ8iqVyZFvBH1wqvgTyRH7uKOz3+h6YhM3yvnK3K3oNcbQAhq75821N/J8LRD:Br92VmFvXEGdVlVRR8F7BB89","tlshash":"6a5252577ab704266953a1b82fb39b463325d013c00acd2c7fec6648cf896d99d63b8d","dom_hash":"domhashfb48e89bf8eb4192c247963aa8371f54","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"santstest.live","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-18T12:46:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"santstest.live","ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-14T12:46:50.278999Z","last_seen":"2026-03-14T12:46:50.278999Z","alert_count":18,"request_count":6,"received_data":79020,"sent_data":3879,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"santstest.live/","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"efebf649d8fd4d3e3d38433aca01731c","sha1":"e93f8d9d9bc6dcdab3949ca0d5c9dbbf8422ccc5","sha256":"7e30c0fc39f46263b9e9a4e290d7f6fdb10a866963fdf78fe1ab2d56fa7003c4","sha512":"57508c38f630781f0f072b885334002a7c500055dda612300fb7f04beed69c4ec7a2b3edaa1635e15728a034280d1fe5ecfa18be1f3f2ff0e4098fe77507fb3b","ssdeep":"","tlshash":"f641d09b36b204350ab7b17e47bba3483b3300136849d50c7ebc56401f85e956ab6eda","size":1962,"data":"","first_seen":"2026-03-14T12:46:54.069815Z","last_seen":"2026-03-14T23:53:15.210678Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"santstest.live/","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-14T12:46:28.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache\r\ncontent-disposition: inline; filename=index.html\r\ncontent-length: 13807\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\netag: \"1773244497.0-13807-3972533543\"\r\nexpires: Sat, 14 Mar 2026 12:46:29 GMT\r\nlast-modified: Wed, 11 Mar 2026 15:54:57 GMT\r\nserver: Google Frontend\r\nset-cookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z; expires=Mon, 13-Apr-2026 12:46:29 GMT; path=/\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 413a5914523a54c9cac375b2857deff9;o=1\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":13807,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5a2b7f1766903fa9e9e652bf550abae5","sha1":"de79c805d43738590b2bfb3a5ae4b4d4424a1919","sha256":"96329e498cde5dce45445210a3d56d455a3b5b9488cc35e569819da9428fbb1b","sha512":"29f9fc02e4052a3911853ac1e694da6598bd076c62f017f642edaa775f10947bc895157e0afeba97370dc1c10de0d98bdeb081aa1909e8615fa48d87f06f3667","ssdeep":"192:vrLZJ8iqVyZFvBH1wqvgTyRH7uKOz3+h6YhM3yvnK3K3ANcbQAhq75821N/J8LRn:vr92VmFvXEGdVlVRZ8F7BB8B","tlshash":"c75252577ab700266953a1b82fb39b463325d013c00acd2c7fec6648cf896d99d6378d","first_seen":"2026-03-14T12:46:54.062499Z","last_seen":"2026-03-14T23:53:15.206391Z","times_seen":3,"resource_available":false,"data":null}},"time_used":390,"timings":{"blocked":96,"dns":19,"connect":26,"send":0,"wait":186,"receive":12,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santstest.live/santander-logo.jpg","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santstest.live/","date":"2026-03-14T12:46:29.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET /santander-logo.jpg HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://santstest.live/\r\nCookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: no-cache\r\ncontent-disposition: inline; filename=santander-logo.jpg\r\ncontent-length: 19527\r\ncontent-type: image/jpeg\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\netag: \"1773106398.0-19527-1690701881\"\r\nlast-modified: Tue, 10 Mar 2026 01:33:18 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 12e05270eb7001e35ab80d266316480b\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]}],"data":{"size":19527,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=94, software=Android UP1A.231005.007.A546BXXSBCYB7, orientation=[*0*], width=414], baseline, precision 8, 414x94, components 3","md5":"34c5dcc4e52ee785a48960f556b39155","sha1":"71adf7d1f9a7704a0d94e183634d3c92e591a558","sha256":"ae384d0afb7bece891fde0dbac82c25e561be460dec68ff0fff29a4d41dc5989","sha512":"b7206fe6a5647be89fb5164e18cc5523acbdc264f8c91d69982ab92181d916c4ab8662095cc7e85e470dd6b2637a320f36e8467cda1386ce0c4b8f718113ed78","ssdeep":"384:TwHT3aoKJ4FHo54skUgEK+Y6XJFUXX7n0xn5kaa0MkV:UHWoTFI5KbD7n0V5kGM+","tlshash":"1692cf0a27125538f0eeb3b3dc85173227436759c9ca847a210209bbc9fabda719e905","first_seen":"2026-03-14T12:46:54.063629Z","last_seen":"2026-03-14T23:53:15.19503Z","times_seen":3,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santstest.live/robber-banner.jpg","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santstest.live/","date":"2026-03-14T12:46:29.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET /robber-banner.jpg HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://santstest.live/\r\nCookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: no-cache\r\ncontent-disposition: inline; filename=robber-banner.jpg\r\ncontent-length: 10305\r\ncontent-type: image/jpeg\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\netag: \"1773106623.0-10305-1388318650\"\r\nlast-modified: Tue, 10 Mar 2026 01:37:03 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 7e46571b2afecb845ab80d2663164c1c\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":10305,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=145, software=Android UP1A.231005.007.A546BXXSBCYB7, orientation=[*0*], width=143], baseline, precision 8, 143x145, components 3","md5":"1947b0f55e764392c3ebca87e0e4bbbe","sha1":"ddec9970ff8217a9567beee0c8d0ce0126621321","sha256":"43d1d4ea0d01958cdc8af23f4e6940fd5244d2165748a082589e783007b3a825","sha512":"fb515557bbae5baf7b849e861cb7b11ff560f4c59a9aef3d1e03faf2fa58d048c9885309c51d6a7734adaea82eb2edbd44ef9bc62bdcb52afdbd9c622e683c99","ssdeep":"192:zwlHWRSQJe1G53ibM1miThm4owhqkMKJW21soaaNKpHUyPs8whVBb93:zweNe1G7miTh8kMi3uDaNLywfB9","tlshash":"04229e78d74da82af40d8e7e11c1b33ce7b8f959d1134b5fdb0a422ecc82663d56a404","first_seen":"2026-03-14T12:46:54.06522Z","last_seen":"2026-03-14T23:53:15.198397Z","times_seen":3,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santstest.live/fscs-badge.jpg","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santstest.live/","date":"2026-03-14T12:46:29.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET /fscs-badge.jpg HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://santstest.live/\r\nCookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: no-cache\r\ncontent-disposition: inline; filename=fscs-badge.jpg\r\ncontent-length: 20374\r\ncontent-type: image/jpeg\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\netag: \"1773106398.0-20374-592186986\"\r\nlast-modified: Tue, 10 Mar 2026 01:33:18 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 384576375a502c035ab80d266316443e\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20374,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=237, software=Android UP1A.231005.007.A546BXXSBCYB7, orientation=[*0*], width=242], baseline, precision 8, 242x237, components 3","md5":"acc86a50fdf52b76a0bb3c188d5be1c5","sha1":"435f71b45010af80bc0a9a08995a886db99e70a3","sha256":"5bb32fc55aedb1440b26a3d3a6b7f16ec63121e3669da1c5892e400fcd3b0b83","sha512":"91a6b800352dcbe9e8bff67b2205e8486c61a8bd8f3ee177e0e337ca55b73a24f91caefc536a7d8f082e3d8603f87da44e12f27786d83607396306116037f63c","ssdeep":"384:+wkfY5JGX7v3Cx5nFgwk58SFuZFYks99i5VY2f3OWuycn2Py0Erl:HkQPGLv3wFgVXFkYBm5znc2Py02l","tlshash":"8c92c07c2a235b40e11d39b2e996524a65a3bf865c07f3f325421f88c06cafdd80db4d","first_seen":"2026-03-14T12:46:54.066594Z","last_seen":"2026-03-14T23:53:15.202959Z","times_seen":3,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santstest.live/robber-badge.jpg","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santstest.live/","date":"2026-03-14T12:46:29.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET /robber-badge.jpg HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://santstest.live/\r\nCookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: no-cache\r\ncontent-disposition: inline; filename=robber-badge.jpg\r\ncontent-length: 11650\r\ncontent-type: image/jpeg\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\netag: \"1773106398.0-11650-1111297847\"\r\nlast-modified: Tue, 10 Mar 2026 01:33:18 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: e36923a11fa360eb5ab80d266316402d\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":11650,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=177, software=Android UP1A.231005.007.A546BXXSBCYB7, orientation=[*0*], width=174], baseline, precision 8, 174x177, components 3","md5":"204de935b2c6ee814553a5c5f67aa155","sha1":"e9fdc494a1f54cb96ab9fa6f1fee9d935add5710","sha256":"cb0565124d3c5b71c0648efe0cdceb25dbee82450675254c05d6f3f210b33bae","sha512":"9a8574cf02b87422aae954c6f35f638a8665cdf79dbac6451e0391ca87bab91afdbe4edc334a4805f938e0d182653e0ff152a74369bb0d0225a059a06bd42e1f","ssdeep":"192:cwkvasNS30tQaLNhpWd4KyYfRczZ8QUeFbqehnpq9l5Hl0h8DDqzK1n63:cwkvHAWQaLNzHKtRsZ8ByqH9l5Hl0hmY","tlshash":"cf32bf0c5753674cf40d74f820a07bb1a3122c92841bf77197daab71ec9b1aec4e0aad","first_seen":"2026-03-14T12:46:54.06799Z","last_seen":"2026-03-14T23:53:15.201615Z","times_seen":3,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"santstest.live/favicon.ico","fqdn":"santstest.live","domain":"santstest.live","tld":"live"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://santstest.live/","date":"2026-03-14T12:46:29.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"santstest.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 11 Mar 2026 14:49:10 GMT","end":"Tue, 09 Jun 2026 14:49:09 GMT"},"fingerprint":{"sha1":"14:5D:5F:15:DA:E3:29:0C:69:07:05:4E:6F:67:EF:3B:6B:A0:00:DA","sha256":"0B:10:C8:6C:C0:9E:F2:06:29:A9:79:BE:24:3E:90:07:9A:98:8F:AC:CB:77:AD:00:E4:66:AD:9C:98:8A:9D:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: santstest.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://santstest.live/\r\nCookie: GAESA=Cp4BMDBkYTZjZDJjNDRkMmUxZmU0MzRiZDI3NjgzM2UzMjU3YjkyY2RiNTI2YTA4ODU2ZTc4YzFiOWU0OTU1ODQwZDNiYWI5Y2RiMzdlYzU2OWFkNTdlNzlmMGM2NTQ1MGIxYzIzZjM2NTRmZjM4NWUyMGJiMjU5OTIxZDE1MTU3NTk0ZmNlN2M1ZTY1ZDM0NTYwODRjZmMxMzAyZmI1YzcQy4mJ484z\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-length: 207\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 14 Mar 2026 12:46:29 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: f78b013e7e7918955ab80d266316424d\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]}],"data":{"size":207,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"e46c4e5e1fbc64b1bae9ebd9bcef7fcf","sha1":"d767b3cb0ad66544c649e4165fc4b37e3c17e370","sha256":"e9639e3c4681ce85f852fbac48e2eeee5ba51296dbfec57c200d59b76237ab80","sha512":"d82048fdcff225197a7e9f0b7f22d470518420a4b10ea3327d604804d04d0d97efadafc84a0aaa23650146f59d94373438dc18bb822e26fd60283c384940ddb9","ssdeep":"","tlshash":"dad0224ed30a032b0a20071035c11beb998f1322757612398f42583e6185b2d81e23c8","first_seen":"2023-04-05T03:09:50Z","last_seen":"2026-06-07T19:35:37.151193Z","times_seen":16444,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"santstest.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"santstest.live","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}