{"report_id":"38d9fae7-609f-416f-9325-7f480746bd96","version":6,"status":"done","tags":[],"date":"2025-10-07T13:04:18Z","url":{"schema":"https","addr":"amar.pe/no.php","fqdn":"amar.pe","domain":"amar.pe","tld":"pe"},"ip":{"addr":"104.21.11.224","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"title":"Logg inn i bedriftsportalen"},"submit":{"url":{"schema":"https","addr":"amar.pe/no.php","fqdn":"amar.pe","domain":"amar.pe","tld":"pe"},"ip":{"addr":"104.21.11.224","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["soteria"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-11T13:04:18Z","useragent":"Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36","referer":"soteria","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"logg-inn.uspar72.com","ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"domain_registered":"2010-01-06","domain_rank":0,"first_seen":"2025-10-07T11:29:58.897343Z","last_seen":"2025-10-07T11:29:58.897343Z","alert_count":60,"request_count":10,"received_data":225114,"sent_data":5945,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"amar.pe","ip":{"addr":"172.67.150.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-07T13:04:19.13789Z","last_seen":"2025-10-07T13:04:19.13789Z","alert_count":0,"request_count":1,"received_data":751,"sent_data":561,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"designsystem.vipps.io","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2017-05-09","domain_rank":0,"first_seen":"2020-02-06T12:52:39Z","last_seen":"2025-10-03T16:54:32.065986Z","alert_count":0,"request_count":3,"received_data":140508,"sent_data":1853,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"0b05d37b74e02b7698fe4b15466df7b5","sha1":"1b8b1bce9bc5a550f055826de96b9353f09917e6","sha256":"51da58e7526b48f0d5e4d0f805898289868f59b46afc315cf6a8b878e2dc2349","sha512":"84cd4c62abc5f2f0d93c867a2c61fa889ac8f121ab260bd5014979eba4ba620720f3cbcf9d762a03fb28bd29c2264ae1f5d5a24fb1f14aa5d18c2a8406ffb5ef","ssdeep":"","tlshash":"01311e9679d311b41af7b0f12f9be6202ab645c70440da4abd6c0f817fc2e580772ee5","size":1682,"data":"","first_seen":"2025-10-07T13:04:25.552008Z","last_seen":"2025-10-07T17:52:52.32351Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/563d95b27c02de7b16dec2cf6bae5dfc444a11f1.svg","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/563d95b27c02de7b16dec2cf6bae5dfc444a11f1.svg HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"ed2-68ad1512-126085;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1250\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3794,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b2e225ddb9d21705bb611c384e9e28b1","sha1":"563d95b27c02de7b16dec2cf6bae5dfc444a11f1","sha256":"060a75441ed593150aef1717cd1581e53608d3b3263088ecac16184583f92aa0","sha512":"ca6b4e17724e555ebf652e7222bc5cf75dd372b2e283c92edb5add3065f2fbcb7a97891eb8b8726c91ff6e5d3f6640ac513581ebbd6c5dee438fd62b2a1023b3","ssdeep":"","tlshash":"877134d863c454e4eb07afbcce2919b5e40b28be7f80e685d097cfd2bb1101c9a54c86","first_seen":"2025-10-07T13:04:25.524066Z","last_seen":"2025-10-07T17:52:52.313145Z","times_seen":2,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/global.C1hZA8-8.css","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/global.C1hZA8-8.css HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"1924c-68ad1512-126096;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: text/css\r\ncontent-length: 4452\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":102988,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d7145a97ff3c19a302fb78decc67b949","sha1":"7d23148ccafbe0464ba727deea67598e020fa3ee","sha256":"83525748377b6285d223bb1151953ae75beeb0f2724540fdf7817206ec8d4d9a","sha512":"68af3ac93ad4cd43e4c2cc878d2a7132c0cff159578824bd93e47afe6e545febc8fd3a55ef1d34bd922c0eddfc5531a901c6ce73961e9d76df1019d48ca81e0e","ssdeep":"768:L/rO8rc8rhBZou0btAre/0g8ia8pEBroH0blAr6/D/hg8ihg8i98pEBroD8pEBre:J0btArK0blAri0blArr0blArv","tlshash":"c2a3f31af8e2e0f72f5763be531ee63975d4ac818d067f92b245904021c86fe531b72a","first_seen":"2025-10-03T16:54:34.432721Z","last_seen":"2025-12-21T01:06:57.452825Z","times_seen":18,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/index.CMPrE-mN.css","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/index.CMPrE-mN.css HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"d5b4-68ad1512-126070;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: text/css\r\ncontent-length: 7352\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":54708,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (54707)","md5":"10c0b51b662a9ddd7a2eaae1df9a4d98","sha1":"67e86b1f97024d06b31908b9a5cb09e2d5570d54","sha256":"0b32500d24a57416455fae4a2137f05eb1beb6118eea42d7df9ae4bca972f0bb","sha512":"af3dcf46109c5eba1c3c892b3c9e98f9d63603dc294e9264235251faec6ea7f95a887055ef75b0a6e1dced75ba1597384d66251ecaeb307313b4c3f52a6634a3","ssdeep":"768:yv9lLO+nzbCq5BoBqpTPLKPtlPoUPG2zSzhVz:yv9pzKVlQUOUAhVz","tlshash":"df3375f9f420b27f7e2bc63d235dd11d22286855de023fb6f542a16882c7be62923715","first_seen":"2025-10-03T16:54:34.435126Z","last_seen":"2025-12-21T01:06:57.450296Z","times_seen":18,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/login.CmCMMEb1.css","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/login.CmCMMEb1.css HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"331b-68ad1512-126074;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: text/css\r\ncontent-length: 2221\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13083,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13082)","md5":"79fb0132659c706c11566950eb6d65d7","sha1":"3674998fd4a193bcf5f1d48eae3e1951e4d3e3c9","sha256":"8fc352656006fc6b4710cbd287fe438028153252d8360c329c3b97aa436ce7ad","sha512":"545434a7c05495c2aee706e24ad8a8d4fcf415d643b28f43147a7004da4f7a2ca19618391845699b5af754c43e2a175a32ad6bdb1cdd08127856f74c49015171","ssdeep":"384:5ajjuxXxlcDfa5FFNULEQOZPGyv46oGTZY:JuKGJ","tlshash":"3542b566f751b23eba27152e125dd3ac53048c14dd036bf8be235134cac7be60b62b16","first_seen":"2025-10-03T16:54:34.438761Z","last_seen":"2025-12-21T01:06:57.457465Z","times_seen":18,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/901c9e7b4ea09d75a5963a19599879c90508465c.svg","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/901c9e7b4ea09d75a5963a19599879c90508465c.svg HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"325-68ad1512-126072;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 406\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":805,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"30e6d5e010b15466a6418f4870c1fdf7","sha1":"901c9e7b4ea09d75a5963a19599879c90508465c","sha256":"a5b0c459ca2b4a87efe9e5aec20177ce508ce30f78fd67b907df63c43b143630","sha512":"bc08d0e8c6abd96dc20ad07334725a2281f0e81a12eb5b1f82401eda83a26ffa8d0916175a8757b8ed8cfbb902b28f5cecd5ba710ffdbf1b36a67816aa63f976","ssdeep":"","tlshash":"6901bdf7a2d956cac04ff3368828a8327569742a2ba1061d92930dd4d764027eccada9","first_seen":"2025-10-07T13:04:25.533502Z","last_seen":"2025-10-07T17:52:52.30762Z","times_seen":2,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/a7333a0ad26ebc77bce0559cdfa500d16c22a842.svg","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/a7333a0ad26ebc77bce0559cdfa500d16c22a842.svg HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"abd-68ad1512-126066;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1012\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2df3bef16973b6ed74824a42410a25b2","sha1":"a7333a0ad26ebc77bce0559cdfa500d16c22a842","sha256":"1ec85ee680a74b2b776586a55eececbe12304452c1e720b5d5bc6652f6900ac1","sha512":"117c87a5dffd4ed492c575ba62bd61ff1d30407fa5222059ff91f53ca166a7431a79e8ac6d4a29ba15e6257595a5a6ebcacd66766c6be4e7dbedee52b5543840","ssdeep":"","tlshash":"465121f6f19471dae80bebfecd1c1462707ea8b97b9ad30212581fad923109155cced1","first_seen":"2025-10-07T13:04:25.535279Z","last_seen":"2025-10-07T17:52:52.308962Z","times_seen":2,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/favicon.ico","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/favicon.ico HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"3c2e-68ad1512-125fe1;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1274\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"5a5a3ea1a7039a5a7fdbafb24817eee3","sha1":"f5e7233b35ce602ebeb47ea7eed2d94105a609e3","sha256":"d5cc17b7a2df4be0123137ae896dae38df34aeb3f61f32f678cb0caba33f9501","sha512":"2e9e6bcde9084827787a02c41847df89e51337b04fc791ac304bfe213f6fe523e8ad84e3ce2e131b4fffe4bd8b82bc3b0369a5b8ede6271ef21537d73072a411","ssdeep":"48:bjNZGk5oY/rAQ66t3UNlsiguUevd8kbZI:bdyY/rTF3UXgU8C","tlshash":"7d62b2b7efe01e04ed6bba3375437dad109defe508a2a429047271019eb6f3168b7506","first_seen":"2025-06-20T08:36:00.962838Z","last_seen":"2026-03-24T12:15:58.014064Z","times_seen":73,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"amar.pe/no.php","fqdn":"amar.pe","domain":"amar.pe","tld":"pe"},"ip":{"addr":"172.67.150.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T13:03:56.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"amar.pe","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:54:31 GMT","end":"Mon, 15 Dec 2025 17:52:59 GMT"},"fingerprint":{"sha1":"25:43:56:43:94:6C:81:88:EE:50:1D:2F:20:D7:B6:BB:E4:99:4A:93","sha256":"FB:0F:54:D6:32:A1:F0:C6:27:53:B0:4B:0F:5A:06:7B:C3:95:DF:36:FD:2C:95:F1:48:E4:69:8C:7C:83:C6:04"}}},"request":{"raw":"GET /no.php HTTP/1.1\r\nHost: amar.pe\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 13:03:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EhFqji1FEjxwhQnXBb7q7Jsz%2B0RWR3V%2B%2F5hr4HEyCRaCX94LYuZiPi3zx8EsuTYfgYwZzYFRksNIFZwTFmSqwAu3i3li\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 98ad99fe1fb4b4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":174,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"ddf0f65d872b446679a3a8bb1b18ec85","sha1":"6a22de1a405dfb798af8316eecfd01cfe5a0f4d6","sha256":"92fd4bc1ef6c545c979f477f1dab6c386a892c3e6940f07f868a82bcc6d3dbd1","sha512":"70811662bb69e0d15e16f3c9d90db3aaa065a1951b05741011b30c91d9157fb19904833eb4dfb222442bc46791697f3c6ac2442ab613de580e5e1960e52d4d3b","ssdeep":"","tlshash":"9fc08caf0c9bc500047200a28af6bb05e967a17f0042c8c572cac032bf94b5bce4b9a8","first_seen":"2025-10-07T13:04:25.542317Z","last_seen":"2025-10-07T13:04:25.542317Z","times_seen":1,"resource_available":false,"data":null}},"time_used":656,"timings":{"blocked":231,"dns":28,"connect":1,"send":0,"wait":188,"receive":0,"ssl":205},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T13:03:57.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://amar.pe/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ndate: Tue, 07 Oct 2025 13:03:57 GMT\r\nserver: LiteSpeed\r\nlocation: https://logg-inn.uspar72.com/no/\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12887,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":222,"dns":1,"connect":107,"send":0,"wait":108,"receive":0,"ssl":117},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-07T13:03:57.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/ HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://amar.pe/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nset-cookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 3606\r\ndate: Tue, 07 Oct 2025 13:03:58 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":12887,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (940)","md5":"7bb91b4ae58db3dce4e97380da46b6e9","sha1":"b4e822bb19810cd9e2911984ece763c69b727a2c","sha256":"f7c625645ff0d145ddc56dadbee5cbdef56ca435eb53b079952a08ecfe3e70fd","sha512":"713cd2df9437a25bd59e9abfb1915286c6be64ba6e1feaf1d102fe5c3bf6f55b306be2f1ea1384f0fc20143098e18ab129c0f7dcf134fa7d0a633724db5bee54","ssdeep":"96:OUzIHmjz56MkiAZJsPmEk/MPK+cgx8X72w0y1K4M4Q0y+mb06RiTkh91NgxcDekL:O8lY1ZGODgxEXRe2Q/gxHpPLDmLh9J8M","tlshash":"8442e7c6e1f044b3644ac7feaf66da062e66842bca25050db1ad0f944fe3db4cd1f964","first_seen":"2025-10-07T13:04:25.544689Z","last_seen":"2025-10-07T17:52:52.319467Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1143,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"logg-inn.uspar72.com/no/css/Box.ChYBa-Lm.css","fqdn":"logg-inn.uspar72.com","domain":"uspar72.com","tld":"com"},"ip":{"addr":"82.147.84.61","port":443,"asn":57494,"as":"Adman LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"logg-inn.uspar72.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 06:32:38 GMT","end":"Mon, 05 Jan 2026 06:32:37 GMT"},"fingerprint":{"sha1":"5A:5C:A3:2F:56:E3:4E:C7:76:FF:A5:C0:D2:E6:72:9B:E8:95:DE:4F","sha256":"92:4E:51:A6:67:96:C2:25:1F:23:63:9F:5E:4D:75:04:0A:20:F4:59:A0:52:DE:19:DD:4C:A5:65:19:5E:5E:37"}}},"request":{"raw":"GET /no/css/Box.ChYBa-Lm.css HTTP/1.1\r\nHost: logg-inn.uspar72.com\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/no/\r\nCookie: PHPSESSID=fa9q0ftmh790476s6206atuv3a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 14 Oct 2025 13:03:59 GMT\r\netag: \"29b-68ad1512-126076;br\"\r\nlast-modified: Tue, 26 Aug 2025 01:59:46 GMT\r\ncontent-type: text/css\r\ncontent-length: 222\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":667,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (666)","md5":"11d9e8ba68a2489a9ae5e813bf7532d4","sha1":"c36814e9827c00e5378652c6a493402ffc4a8ea7","sha256":"bbf6a1b67054ead7a9e2f5de159cd26b017cd0ba5242d1985f314320466e3b94","sha512":"d2751dc0516c071405261d5672f5bfec8b9157d4480bead55347132eb8dba8049e9dcefb7e4f2f0d0b68d68f2921804431240197dfb99b5245cc416d4ec4c9e6","ssdeep":"","tlshash":"06012bb4fb2a60392431d957ac6f68df0998456a7b200a80fe952c7c8004a4d3f76cd8","first_seen":"2025-10-03T16:54:34.437064Z","last_seen":"2025-12-21T01:06:57.456661Z","times_seen":18,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-07","alert":"Sinkholed","trigger":"logg-inn.uspar72.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"designsystem.vipps.io/fonts/v1/VippsText-Regular-Web.woff2","fqdn":"designsystem.vipps.io","domain":"vipps.io","tld":"io"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"designsystem.vipps.io","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 01 Jun 2025 00:00:00 GMT","end":"Tue, 14 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:18:9D:E1:AB:8C:F2:7B:CB:37:9F:59:99:91:C6:11:10:6A:EF:3F","sha256":"37:F1:92:4A:0E:F4:1B:00:33:8C:1F:85:D5:9D:F1:4A:24:35:3E:62:A4:49:5D:3F:02:A8:7E:EF:EC:C6:94:5B"}}},"request":{"raw":"GET /fonts/v1/VippsText-Regular-Web.woff2 HTTP/1.1\r\nHost: designsystem.vipps.io\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://logg-inn.uspar72.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 51520\r\nlast-modified: Tue, 17 Dec 2024 06:23:30 GMT\r\netag: \"0x8DD1E6353359D21\"\r\nx-ms-request-id: e25925a2-f01e-0079-714a-37a92d000000\r\nx-ms-version: 2018-03-28\r\nx-azure-ref: 20251007T130359Z-r1f97b5f7b5zdlnthC1SVGfpvn000000025g0000000056qy\r\nx-fd-int-roxy-purgeid: 81079969\r\nx-cache: TCP_HIT\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":51520,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 51520, version 1.0","md5":"55194357d94bb0333782cec8bc5ffde7","sha1":"d762e202743928e897aac32d088d7928d520c6d3","sha256":"3a86a0f6b16b24d9e454f184a87f0775b45cfae8f5d1666d4135dc9c64779608","sha512":"ae55932fcca42a36e9cfe640c0367f863d3efeeb3dd29611ed996cd90463882b1f0a9c860a7466cbc5e9106fd6dcd9236c6459cc438d763a79e34af0c6ae5b49","ssdeep":"1536:HNkbwvG+mm7r5hv1c4jlHaEfeUzhmfmorx8:AwPPvnl9DzhpH","tlshash":"94330226c2d7dfe02c98ed328ba9663cacae4661105005fe517262998d779cbf0b80cd","first_seen":"2023-07-14T15:58:35Z","last_seen":"2026-03-24T12:15:57.997518Z","times_seen":143,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":171,"dns":146,"connect":7,"send":0,"wait":11,"receive":12,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"designsystem.vipps.io/fonts/v1/VippsText-Medium-Web.woff2","fqdn":"designsystem.vipps.io","domain":"vipps.io","tld":"io"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"designsystem.vipps.io","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 01 Jun 2025 00:00:00 GMT","end":"Tue, 14 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:18:9D:E1:AB:8C:F2:7B:CB:37:9F:59:99:91:C6:11:10:6A:EF:3F","sha256":"37:F1:92:4A:0E:F4:1B:00:33:8C:1F:85:D5:9D:F1:4A:24:35:3E:62:A4:49:5D:3F:02:A8:7E:EF:EC:C6:94:5B"}}},"request":{"raw":"GET /fonts/v1/VippsText-Medium-Web.woff2 HTTP/1.1\r\nHost: designsystem.vipps.io\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://logg-inn.uspar72.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 49824\r\nlast-modified: Tue, 17 Dec 2024 06:23:30 GMT\r\netag: \"0x8DD1E6353359D21\"\r\nx-ms-request-id: 6d148b10-301e-0066-5762-371a29000000\r\nx-ms-version: 2018-03-28\r\nx-azure-ref: 20251007T130359Z-r1f97b5f7b5zdlnthC1SVGfpvn000000025g0000000056r1\r\nx-fd-int-roxy-purgeid: 81079969\r\nx-cache: TCP_HIT\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":49824,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 49824, version 1.0","md5":"51187971372843f9b858973ede29e6a0","sha1":"13aa36ae10c83878cd0c0db4101c8ef03429dc61","sha256":"dca382997026cc4baee019e2f365e254268448670a6e9222557b76f09c9f8a2a","sha512":"1f80a538118d30efecb8f73dce23bbadbc8da61f7f7febf0b4cabad9940ed1e3c6b3634438c995509d22a74e1bda77b20bb1d4a3c9e138a3b5877272c15156fe","ssdeep":"768:jy/0eebmEZuDACkIHxP6NQuLwNcDQDWx9YSnNoImGtQy2kZ87K86T7:jYcUDkIHxP6NxDQ2uSNoI112887K86P","tlshash":"5123f1e1c08a4bd68875dde32b49b3584548a2114ab777bf330e3816e6d91043f0fba9","first_seen":"2023-07-14T15:58:35Z","last_seen":"2026-03-24T12:15:58.08976Z","times_seen":127,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":170,"dns":142,"connect":12,"send":0,"wait":19,"receive":6,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"designsystem.vipps.io/fonts/v1/VippsDisplay-Regular-Web.woff2","fqdn":"designsystem.vipps.io","domain":"vipps.io","tld":"io"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://logg-inn.uspar72.com/no/","date":"2025-10-07T13:03:59.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"designsystem.vipps.io","organization":"Microsoft Corporation"},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 01 Jun 2025 00:00:00 GMT","end":"Tue, 14 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:18:9D:E1:AB:8C:F2:7B:CB:37:9F:59:99:91:C6:11:10:6A:EF:3F","sha256":"37:F1:92:4A:0E:F4:1B:00:33:8C:1F:85:D5:9D:F1:4A:24:35:3E:62:A4:49:5D:3F:02:A8:7E:EF:EC:C6:94:5B"}}},"request":{"raw":"GET /fonts/v1/VippsDisplay-Regular-Web.woff2 HTTP/1.1\r\nHost: designsystem.vipps.io\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://logg-inn.uspar72.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://logg-inn.uspar72.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Oct 2025 13:03:59 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 37592\r\nlast-modified: Tue, 17 Dec 2024 06:23:30 GMT\r\netag: \"0x8DD1E6353326908\"\r\nx-ms-request-id: 727239b0-101e-003c-4e5e-377cce000000\r\nx-ms-version: 2018-03-28\r\nx-azure-ref: 20251007T130359Z-r1f97b5f7b5zdlnthC1SVGfpvn000000025g0000000056qz\r\nx-fd-int-roxy-purgeid: 81079969\r\nx-cache-info: L1_T2\r\nx-cache: TCP_HIT\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":37592,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), CFF, length 37592, version 1.0","md5":"172867698929d98b8878b03227f236bb","sha1":"3effe95541ae629253c4b44b81070060a7f3678e","sha256":"9b57dcdf0fcc8b9bb3918ae65e724c73a9fd9d669edf5350ec0290a0a162c837","sha512":"f0678c6f47dfbcf1d32997a002fd7ab70af9669c682cd27e8ba2a23e7e02ca21aab61fcb799e9deb5ce4cd1af8f4ceb5c71812b26a2a11965ac7d6350b9fcaec","ssdeep":"768:fJXdtekO9GlOB9lFOp3BWZvytENavlyOfk/T7zRYbUqnEuXkKwH5WKuXB/+Q:nteqOB9fOp0vySav4OcL7zRJqL0g7XkQ","tlshash":"12f2e1fd8a8816e196921cc821e1cf8a759276310ee4a8dd782f374f72ebc9e1c21565","first_seen":"2023-07-14T15:58:35Z","last_seen":"2026-03-24T12:15:58.041889Z","times_seen":130,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":165,"dns":141,"connect":9,"send":0,"wait":20,"receive":2,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}