{"report_id":"38e48797-9035-401f-86bb-07fb33f1b481","version":6,"status":"done","tags":["meta","facebook","phishing","social"],"date":"2026-06-06T23:45:45Z","url":{"schema":"http","addr":"cnvalores.icu","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":0,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"final":{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"title":"Facebook","dom":{"size":99921,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (30951)","md5":"8bddfa9b47ca73a8888f5d213f2d908f","sha1":"0d0bc5df1c574a47d9d9516d9917dcfa7ab25af7","sha256":"0111548ae6bbd8d43587676fc3ea587ea55f5e13c108a5cb854aa440ca23632f","sha512":"ad8255f3b7f2c52b946dd7670b22add28d95ff72451d90e8cafc74f2353bc14f16d9cf52ac2329da1095dbc85025a2f0438b89097f53990eae7014e03bd0fc8b","ssdeep":"1536:Px0mkl9+TRXqT52qdhPwdyDu2QnBqNPcYOK9urpHa:yuwgBqN5kHa","tlshash":"30a3c4219e801529abdf54b3f05d9777a65b0a43964280ecb1ede543af78c0dcba9f0c","dom_hash":"domhash071f6fa6a2c532bf82105f7f5ed25121","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cnvalores.icu","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":0,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-11T23:45:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-06T23:45:22Z","timestamp":1780789522,"ip_dst":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"ip_src":{"addr":"Client IP","port":44138,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-06-06T23:45:22.069609+0000\",\"flow_id\":505855628964627,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":44138,\"dest_ip\":\"185.236.228.43\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"cnvalores.icu\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":753,\"bytes_toclient\":5074,\"start\":\"2026-06-06T23:45:22.029459+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-06T23:45:22Z","timestamp":1780789522,"ip_dst":{"addr":"Client IP","port":44138,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.icu)","source":"{\"timestamp\":\"2026-06-06T23:45:22.094158+0000\",\"flow_id\":505855628964627,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.236.228.43\",\"src_port\":443,\"dest_ip\":\"172.18.0.13\",\"dest_port\":44138,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026890,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.icu)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=cnvalores.icu\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=YR1\",\"serial\":\"05:E1:4C:A6:4D:AA:96:A3:16:7C:19:FD:1B:AB:75:9F:76:09\",\"fingerprint\":\"d0:62:e2:56:50:e5:34:08:c8:7b:1b:14:28:3b:c0:ce:89:18:77:3a\",\"sni\":\"cnvalores.icu\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-06-03T11:05:08\",\"notafter\":\"2026-09-01T11:05:07\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"2fe9b0e731d3d41b2b84e8e1d6186836\",\"string\":\"771,49200,16-23-65281-0\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1127,\"bytes_toclient\":5179,\"start\":\"2026-06-06T23:45:22.029459+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]},"summary":[{"fqdn":"unpkg.com","ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2026-06-01T07:32:20.81408Z","alert_count":0,"request_count":3,"received_data":4330478,"sent_data":1391,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cnvalores.icu","ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"domain_registered":"2026-06-03","domain_rank":0,"first_seen":"2026-06-06T02:06:08.544793Z","last_seen":"2026-06-06T02:06:08.544793Z","alert_count":114,"request_count":19,"received_data":1332414,"sent_data":8968,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-05-31T22:26:05.480738Z","alert_count":0,"request_count":2,"received_data":731054,"sent_data":867,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"unpkg.com/react@18.3.1/umd/react.development.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"05c3e7e7ba74b97802b32c6781212a24","sha1":"90d578388b9ebfc83895b9533a9d15b8e537e108","sha256":"28348fef6cb0ed8b2ceeb22deaf824428fd13875d84c73d38f77dd216fc24e7f","sha512":"60523a0a168f439847f68f10e27e59cc31eb86bc19ddd860652436242fe982662e0f442d1b48b04207c56b527ea388ef925b0a06ea5c1f3e53c75caa6b6e4515","ssdeep":"1536:VmjA0bi0UH0uMP5Mmhm6/mFah0nNRva1LMf4fU353ohNjN70dYq4G/ekVxQm4G0Q:YjDizH0Sah0nNR8Vs4G/BxMBQ","tlshash":"7ab3d76db8e722b18813707947afb045f2798117121cd960788ed3b86fd467886eefd8","size":109931,"data":"","first_seen":"2024-06-02T08:03:20Z","last_seen":"2026-06-07T02:15:49.543818Z","times_seen":541,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/react-dom@18.3.1/umd/react-dom.development.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3edf0eb850cbd3326d48dd88b6c3029f","sha1":"ab3bd02c5322c693ebe6e824ba87141e57a3a18a","sha256":"f9044a5e9c39db8bb1a204dff924e526ec0a621e695bb69de1035811be8709e4","sha512":"51d09a415ef8ca0e2dfcfcb6ebbe0b8a4253a0103474c0623dc89cb23bd626815c832ee63589453dfd585fa876b06e17be16aa785a30fdb32c329ed9e2152048","ssdeep":"24576:Eb4LcitesQOUrfhl597ZRt4f/t7EQWRWqPwiQ3YaA4gSX:Eb4LcitesQOUrfhH97ZR2FEQWRWqPwi0","tlshash":"8e35f66c79e312629d9330799baf6491b77a8017021cdd50788ec368afc453486bffe9","size":1080227,"data":"","first_seen":"2024-06-02T08:03:20Z","last_seen":"2026-06-07T02:15:49.561462Z","times_seen":451,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":false,"md5":"efdcb393f1d77edabf22a6ddcb7a6608","sha1":"f1166a0cf1c39e757a623942ba692a5ee26d7847","sha256":"67d0d5c9cdc3ede7b4fe62e64d6ff44da0bad6f4ef283c3a8006775fcb73dc6b","sha512":"3d6146fa820408e779e5f76dd5fb7c09078173eadc3fe734d8f3c3a198b24f25e148739b06478e3c2925e9c15a95ab4ca9be7c99ed6c356bd2d65dd4067534da","ssdeep":"","tlshash":"c51140aa5c020c304de900f3a24c562fd243d093a672b5e485f0949e2030d0c1367e29","size":875,"data":"","first_seen":"2026-06-06T02:06:13.057134Z","last_seen":"2026-06-06T23:50:44.867753Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":false,"md5":"00dbfe06d85eed533f5fa4c5ab024fda","sha1":"3e9b3fe491d7a18fc904de46dc5cfd3045577174","sha256":"8834d37627fd771980a3da2da1e0ed8b396374b77f9fa12953c5d130dcfc1666","sha512":"9586735baeda39da1bc952c7093df421ecd31f6d94dabed8027a3e25b49d88d563ff43e39e358c4e4e3e3c8f130c47268ae7cdbc33ee4d59a44e2af6c0fd1cd8","ssdeep":"768:vJb2hO9Bk7vRsEa2CRUmOPOEFBXsqKl9Cg5snqdhdGgGfS/Rf/y7PcRLplo2/lgB:j9+TRXqT52qdhPwdyDu2c","tlshash":"a55392208e402579abdf14b3f04d8b76d69b0a43595290ecb59ef5076b78c1ec7a8f1c","size":65658,"data":"","first_seen":"2026-06-06T02:06:13.052555Z","last_seen":"2026-06-06T23:50:44.87128Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":true,"md5":"20a897cb2eeb4cc143ff6a4516100824","sha1":"2d44c74190f0e2cd995b21123210c7acf9c5a143","sha256":"1414a461043af46bc5d61d5580d189b5bc96a20d3b44db696099cdcf48bb70cf","sha512":"046c91aea8c037d62cde4ee9a5826a20d9c69aa99d383f39c37e65dd73a08b248180a9af8fbad0e1c473d95fc412d3c1fb2b2c1eb9cfd67bae75ce5ccfe3bb8b","ssdeep":"","tlshash":"3be0c0da70110871b59e89b733b5a528b153550cf4091d22ddfd88242c1858748124cc","size":350,"data":"","first_seen":"2026-06-06T02:06:13.054975Z","last_seen":"2026-06-06T23:50:44.868301Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":true,"md5":"ac54efb6e4785122cc6c009aaa6d47f4","sha1":"b6f931bd9a1be31346fee39f5e4fc4f20f089a2e","sha256":"1eb13fa79b96884eb7d99db7b6cab80a7e87b276f26fac4d8792a084a6303e78","sha512":"76404465b191126fd377987019cb1120bc43fc056ee54b9d712479bd41da090fc35207c5e67ad1b2009e8774cb035c85ccff90296526e32c5a19dcd15ed259f2","ssdeep":"","tlshash":"fbf023ad2c82b05737fe3634c22bbf6b37a7070078c2d868ca45c4243ca4a821c52dce","size":467,"data":"","first_seen":"2026-06-06T02:06:13.05579Z","last_seen":"2026-06-06T23:50:44.872734Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-NCXBDJ47","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a279880bbbe38f8d8ca9988d05e4a27","sha1":"e71a8b441245136e04999179bcb39834ea8e6558","sha256":"1aa929aab3df50cf1d81651acec841953281522af1dbda82aa2f6cacabf9ad5a","sha512":"12485c16860da6736852aea921e8104d9308f7db7bdea9efbda417edb5be7181426b8c2785cc500093af1dc1e96aec0d8498dc560aa4f963ccc048680efce1ff","ssdeep":"6144:063GsHP4gbP4V2pXW0w40dicSF2SuM5KQ:0c4ecS3","tlshash":"8f64e7cdb3d6b46283a3a478903f114ba23a79d2f44cc898f186d8d42e746694277f7d","size":334263,"data":"","first_seen":"2026-06-06T23:45:52.125862Z","last_seen":"2026-06-06T23:50:44.845638Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb8593942cbd4c42fa7d77910395254f","sha1":"b9140b0aa516d344bc869ad8328c475dedda644c","sha256":"00bb932ceb4969d68355a24744a667e5dd121312d4432b094fac2c394afdb666","sha512":"1a3f3ae45a59f3e01011f5f6aeaec2dac05e75fcb70065098f1d4fda737fb77a39412234e0e362f3de6c67108cc8bf0cfe169c3e6b4da78b019802d916fdf8de","ssdeep":"6144:+q3GsHPLtgbE47c2bXW0w40dicStQQ+OWKTlZjQ:+y947L6QZE","tlshash":"d784f9cdb3d6746653a3b478903f018ba27a79e2f448c898f086d8d42e746994277f7c","size":395491,"data":"","first_seen":"2026-06-06T16:16:41.59685Z","last_seen":"2026-06-06T23:50:44.860526Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@babel/standalone@7.29.0/babel.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"565ee59ce96923c2f7141dec8e1bc151","sha1":"0a92e5a5df7883989923f9fa0b85ab58b79efda0","sha256":"2623a9e22809915ce789b4461154e277ddce520d5a4320c14d44332a5d0dcea0","sha512":"33b16c5b1e7a71e408852a5758a4889ac5923a5e43a4b381a7017644fd7cb521f67ed4ef823b1955fad122c6318cbf7f14676e187af61ef004fbf18847684c3a","ssdeep":"49152:AVfyToBThYI32Se564Bk1Wv+MzXA7+Mih3D2Ei8inx8dTfA:Se5wMzXOe4","tlshash":"9de5e64963669c6f39cf22c6749b0e0efd661491f0a8d060fbcbdce2b424a458176b77","size":3137752,"data":"","first_seen":"2026-02-02T11:08:08.942597Z","last_seen":"2026-06-07T00:38:10.439408Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":true,"md5":"e87d68a7d3332e5786e60f56f04f8f49","sha1":"9d159237b9c99adfca09dbc4705f27ba8e2c42ee","sha256":"4ddfaa47f5f3f86fb4f26c66c54602e6cf38ad514396d99df73658ec96e8d2f1","sha512":"ce4867155179e31d369eacaa79b2089ccd7e73b4e034b5af8abb30ee7b5c4dac2a0230376cc279efe7109f25c6f4a518003b04c8b07ae3b4ac5f61b5b82424f8","ssdeep":"","tlshash":"f0c08c88210b1c7041a72e010b2fa200b04632129490aa30290a63044f31e33d744814","size":162,"data":"","first_seen":"2025-06-20T03:26:13.228405Z","last_seen":"2026-06-06T23:50:44.873675Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cnvalores.icu/assets/av7.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av7.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"2dce21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3664\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3664,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced","md5":"d3bce47a963b577e03053f945c2aa405","sha1":"3768754de3ffa4ac34a89ad2e84cea97628bdad9","sha256":"c5ccb72203a76d22f80206d8de9e5ef0e234501eb229dab6e98628c3050f23a4","sha512":"cc56ebd55c2ab3ec23730a1db42a8a6d580a53ebe1eacdc0b9f45eb66d30ae3cd7e25299919bc026e775cc5ff0d85c8044f0e9b93aef462b65de79f9d9b7063c","ssdeep":"","tlshash":"4a716d8269e7fc5d88e3e331f71dc9f02447f9c5e417647e24c15c62426960441af378","first_seen":"2026-06-06T02:06:13.036843Z","last_seen":"2026-06-06T23:50:44.842829Z","times_seen":4,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-NCXBDJ47","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 18:35:27 GMT","end":"Mon, 10 Aug 2026 18:35:26 GMT"},"fingerprint":{"sha1":"81:79:25:0A:2E:C8:CA:DA:16:EF:B8:34:B7:38:E6:48:7B:5B:4C:6D","sha256":"7B:74:72:15:7A:A8:4B:D0:1D:D6:11:DE:7C:D9:15:EE:E9:22:FF:E8:56:41:9E:88:6C:4A:F9:9F:AB:B3:6E:2C"}}},"request":{"raw":"GET /gtm.js?id=GTM-NCXBDJ47 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\nexpires: Sat, 06 Jun 2026 23:45:22 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 06 Jun 2026 21:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 116669\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":334263,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4506)","md5":"8a279880bbbe38f8d8ca9988d05e4a27","sha1":"e71a8b441245136e04999179bcb39834ea8e6558","sha256":"1aa929aab3df50cf1d81651acec841953281522af1dbda82aa2f6cacabf9ad5a","sha512":"12485c16860da6736852aea921e8104d9308f7db7bdea9efbda417edb5be7181426b8c2785cc500093af1dc1e96aec0d8498dc560aa4f963ccc048680efce1ff","ssdeep":"6144:063GsHP4gbP4V2pXW0w40dicSF2SuM5KQ:0c4ecS3","tlshash":"8f64e7cdb3d6b46283a3a478903f114ba23a79d2f44cc898f186d8d42e746694277f7d","first_seen":"2026-06-06T23:45:52.125862Z","last_seen":"2026-06-06T23:50:44.845638Z","times_seen":2,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":53,"dns":28,"connect":15,"send":0,"wait":53,"receive":31,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@babel/standalone@7.29.0/babel.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /@babel/standalone@7.29.0/babel.min.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cnvalores.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a07b4a529bc2a0f0-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KRCG2X1CXZNS22KE0B8TR2K3-arn\r\naccess-control-allow-origin: *\r\nage: 103432\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 06 Jun 2027 23:45:22 GMT\r\nlast-modified: Wed, 03 Jun 2026 04:06:44 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:JiOp4igJkVznibRGEVTid93OUg1aQyDBTUQzKl0NzqA=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3137752,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (61648)","md5":"eb8f665326c11d66e6d20fd8133ada4c","sha1":"7efda5fc33afa4f0919f6f34c95fa253a7d28417","sha256":"fa0083294d93ac927ea3423a0e1804926320e6490491ffcfe4f6288fd7af9e5c","sha512":"cdb080eee23b75903cfd33551397071b8016a620d4f1351e42d2f3ea1532f3a61a5dfd5a1d380d8bf8705c3b8c2ffa59e292761b5885d04eadbc997a2df38384","ssdeep":"12288:7k7+tnuAOm+hyToBThYIPflsSer/VuAE4m:7k7cuvmAyToBThYI32Se564m","tlshash":"7e25f7e972c5b5b166d7a1a7103f0002e27a6965644c401cfb68ceeb7e79c0e613bf78","first_seen":"2026-02-02T11:08:08.850592Z","last_seen":"2026-06-07T00:38:10.409063Z","times_seen":145,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":16,"dns":0,"connect":4,"send":0,"wait":122,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av6.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av6.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"2dce21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3365\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3365,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"27154b514a14145ffb93ada5e7bf87d9","sha1":"21fb655a28ae4f18b558d39da33cfe0cfd52b924","sha256":"2a05d59847ded3f8595582ff9170058db743bc0ee9e8cc297246591837181006","sha512":"70fda7c8ba2e9f9b44ec3056f4be20fa032fb56882b6ccb4a015486bb317331a4b27fec6f4185a2e2635f70ab009ff8fcdc3acfe131be919fd6b79dc510e4078","ssdeep":"","tlshash":"62615ae61c98a1d8acfc9dbd1362c4ba794d4a8857ab01ce50cbdfe0fc4d57a4281a00","first_seen":"2026-06-06T02:06:13.042447Z","last_seen":"2026-06-06T23:50:44.850327Z","times_seen":4,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/RegistrationForm.jsx","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:23.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /RegistrationForm.jsx HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nCookie: _ga_XXXXXXXXXX=GS2.1.s1780789522$o1$g0$t1780789522$j60$l0$h0; _ga=GA1.1.1344289585.1780789523\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/jscript\r\nlast-modified: Thu, 04 Jun 2026 12:07:06 GMT\r\naccept-ranges: bytes\r\netag: \"85ab9aa91af4dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:23 GMT\r\ncontent-length: 9468\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":9468,"size_decoded":0,"mime_type":"text/jscript","magic":"Unicode text, UTF-8 text, with very long lines (324)","md5":"60cf1fba3f750e5d59189c3afcda4ac2","sha1":"c88cb488801a9ed5f4444ee1eb21f9a88f796049","sha256":"c8f08ad495488b0763f07a82e28e074d33d44bb50e6705f986b5d8631254d010","sha512":"4fc5a9187c1ce1d3fb5fdbdd2f552cd90c7ddfc5c999a3beff8ecba80bc1f0392324b089541ac1c78bdb54e4aec88169902872417ccf627ec90f8fa69255c18a","ssdeep":"192:DtswfJuGCvfPaBW3yYkzvYQIw/bs+r/UIgQ3Zdkn5VSmc4sU:ZcGCv6BnI2WIn3Oek","tlshash":"1c12a9259ea1118328a3c0a57a639d065b39c317724dde68bb6d2b41afcdc159c637cc","first_seen":"2026-06-06T02:06:13.043254Z","last_seen":"2026-06-06T23:50:44.843831Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-06T23:45:21.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":235,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"d318878de2ca571e288570d5f4ca12ca","sha1":"2ea725e42d7c52830b9a09988a52b842e857704c","sha256":"d33d8ec57167a195aef68278eee56778c2dc9962d55803de37dc167213fa2647","sha512":"db6cb9d07a0c183f9481fae1af4c0501abe2b95238243c22ce27d0fef048542043c29e4ad495d43df65f9b1fc42cd441c1e88f2c8bc47c344771d9bcb9746643","ssdeep":"","tlshash":"e4d097829c00c80d50b083110ec0f20c0653c6ca23c28c402cc6f0a20c8434acd8b4cc","first_seen":"2026-06-06T02:06:30.915045Z","last_seen":"2026-06-06T23:50:44.844733Z","times_seen":3,"resource_available":true,"data":null}},"time_used":324,"timings":{"blocked":154,"dns":89,"connect":15,"send":0,"wait":16,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av3.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av3.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"1b5e21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3968\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3968,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced","md5":"3a5cf5ab37da2310e52980ff6c0050fd","sha1":"f99ab6fe86bf1a9ec944689e5b8061710fbc6526","sha256":"9f6a36a51b41a0bb6cf50cd731dc06f66c3d3f5cd672413eec317f2aaf459454","sha512":"96110a00db25031cd2a31c8131cd70d57b4a393f03a11521d65f3a662797c7d41ecf326407830fe76d43f7f0f312ec346051f347b6e7fcb8e4420001d70fb217","ssdeep":"","tlshash":"44815d969af7c44e728cf2072be53584fe6e29d780c36c20448d86f65de1d92c11ae15","first_seen":"2026-06-06T02:06:13.045374Z","last_seen":"2026-06-06T23:50:44.867049Z","times_seen":4,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/index_real.html","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-06T23:45:22.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /index_real.html HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-encoding: gzip\r\nlast-modified: Wed, 03 Jun 2026 13:23:24 GMT\r\naccept-ranges: bytes\r\netag: \"06e87275cf3dc1:0\"\r\nvary: Accept-Encoding\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 7872\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Tag Manager","description":"Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.","website":"https://www.google.com/tagmanager","common_platform_enumeration":"","icon":"Google Tag Manager.svg","categories":["Tag managers"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":30239,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (446)","md5":"49b85f31a7132b29f34fd11778f8d49f","sha1":"cf27c27af77fe782e8cb344d512b8898b5f7cebf","sha256":"c437fea53841ee399a6e99f9e9170a66916884d209e3aafa35bfbd9bc667b5d4","sha512":"9a14646d04f2498676df8ca1788d519388ff431afad7e3d7464bd14911318e5057789870bdea473809e7ed16aa8d9df40129b0b67b02901428793611679475bf","ssdeep":"384:lczxFNx18PQK2mtac7Uu6BqQeZsHpybFR2DF3kv3kd3kXF3kcg3k53kmHi:sxzS2mkzuSqQeZsJ2aMxfHi","tlshash":"f8d2e8732be2041a7457a490ae72e7577a659303d249c26876fc0ab4cfcdd8adc6738c","first_seen":"2026-06-06T02:06:13.038071Z","last_seen":"2026-06-06T23:50:44.847901Z","times_seen":4,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"unpkg.com/react-dom@18.3.1/umd/react-dom.development.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /react-dom@18.3.1/umd/react-dom.development.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cnvalores.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a07b4a52abc6a0f0-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KRHS9EK6ZNBHN92DQP5TJ404-arn\r\naccess-control-allow-origin: *\r\nage: 103433\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 06 Jun 2027 23:45:22 GMT\r\nlast-modified: Sat, 30 May 2026 01:24:49 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:+QRKXpw524uxogTf+STlJuwKYh5pW7ad4QNYEb6HCeQ=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1080227,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1352)","md5":"ff3a6e3b2bacf6f57a5484a1c0305338","sha1":"c4601563af1f027be7b7af8676a41a9ffc3689eb","sha256":"87738499b824f7c422e3c7af709e1f0ebaeb3040637c992c979717c19803a4bb","sha512":"7980c6031cae32ae2f7b8accfaa1258fd49f5d32f121d1803238cc3d9ef7ec5e783121379ab3d27884c74123ec307d86ea0d4a589f141e39bb6f4c1cfe9ac136","ssdeep":"24576:Eb4LcitesQOUrfhl597ZRt4f/t7EQWRWqPwiQ3YaA4gg:Eb4LcitesQOUrfhH97ZR2FEQWRWqPwio","tlshash":"9525e66c79e312629d9330799baf7491777a8017021cdd50788e8368afc453486bffea","first_seen":"2025-07-29T21:28:19.055158Z","last_seen":"2026-06-07T02:15:49.522924Z","times_seen":510,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":19,"dns":3,"connect":4,"send":0,"wait":108,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av2.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av2.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"cd8de21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3578\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":3578,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced","md5":"614aba0ea969797924c886fda5ecd336","sha1":"61f87ca8b4da0e78f73c6b373a6c6bcb1b391c95","sha256":"8894e2df9f0b382c9432cf4d7b9249d5eec9a254f7c4718d6539efbf1c26793c","sha512":"f48d6ef03c646fb40b3fcf2dba2d6fcc9036eb2cc1657ad31064dd758348b48414f8662f6abe2ddfcd9f5b2d9cf5f54649efb2c239fb9b0aa3fadd7dc1f51622","ssdeep":"","tlshash":"05715e8255aa1b62cc338371f6be0032a67ac3e23210ec6929df741cf0ad4565e613dc","first_seen":"2026-06-06T02:06:13.048198Z","last_seen":"2026-06-06T23:50:44.865175Z","times_seen":4,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av5.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av5.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"2dce21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3940\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3940,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced","md5":"cbe3fb86bc8a81fe982bbd72d55314ec","sha1":"dd70c6dd93acb7c632b46b0f6f93e97c71b36b5b","sha256":"e4df2eae19300a85267fcac04a422607df4056a2fb748507e0f4b87ae73843f7","sha512":"3600cdc1a61becd805fd51e85bc9cc00e675a43a0f37d78a51972cabb37a5affd0d29544582753490279e82616eca610a767915cae6a6f01b583a1f85d28c843","ssdeep":"","tlshash":"3c815cc789cc90b9d1a3555006a4636e1de542e5304d902f27a5b2195b69ac82fc458f","first_seen":"2026-06-06T02:06:13.051789Z","last_seen":"2026-06-06T23:50:44.862992Z","times_seen":4,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av8.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av8.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"73e31e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3251\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":3251,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 33 x 35, 8-bit/color RGBA, non-interlaced","md5":"4bb00b276cf2ee060df51dce5144d37b","sha1":"b48d42f21d05e489f34af67634f7c23e2509a488","sha256":"356ac8ebae03b29c35e8854de5bee8518f527b440e8282204ca9933f82261b5c","sha512":"aa892b23f251ee72e0a5931b3295e5f62a44d348f5df7e8d8700b4c0d2caf50d4e862c4cb0259f37eff98f97d7a26b35ec15d4f842b391840cee5e11d4be0d5f","ssdeep":"","tlshash":"9c616c61f920fc042da3d5dea4aa163ea177b602200cd8a1b0846a3799edcc5c7988b0","first_seen":"2026-06-06T02:06:13.049083Z","last_seen":"2026-06-06T23:50:44.853968Z","times_seen":4,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"unpkg.com/react@18.3.1/umd/react.development.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /react@18.3.1/umd/react.development.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://cnvalores.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a07b4a529bbda0f0-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KRKHXFJC0KK9EKSKHJRM4GXV-fra\r\naccess-control-allow-origin: *\r\nage: 103433\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 06 Jun 2027 23:45:22 GMT\r\nlast-modified: Tue, 02 Jun 2026 04:23:49 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:KDSP72yw7Yss7rIt6vgkQo/ROHXYTHPTj3fdIW/CTn8=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":109931,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (474)","md5":"05c3e7e7ba74b97802b32c6781212a24","sha1":"90d578388b9ebfc83895b9533a9d15b8e537e108","sha256":"28348fef6cb0ed8b2ceeb22deaf824428fd13875d84c73d38f77dd216fc24e7f","sha512":"60523a0a168f439847f68f10e27e59cc31eb86bc19ddd860652436242fe982662e0f442d1b48b04207c56b527ea388ef925b0a06ea5c1f3e53c75caa6b6e4515","ssdeep":"1536:VmjA0bi0UH0uMP5Mmhm6/mFah0nNRva1LMf4fU353ohNjN70dYq4G/ekVxQm4G0Q:YjDizH0Sah0nNR8Vs4G/BxMBQ","tlshash":"7ab3d76db8e722b18813707947afb045f2798117121cd960788ed3b86fd467886eefd8","first_seen":"2024-06-02T08:03:20Z","last_seen":"2026-06-07T02:15:49.543818Z","times_seen":541,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":16,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/logo1.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/logo1.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:57:25 GMT\r\naccept-ranges: bytes\r\netag: \"197f31c347f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 8583\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":8583,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced","md5":"14e23411c9c9978a1b1f0450e1107f1c","sha1":"39ec50f9cb7e9e937ed6a9f4591acb5c30320575","sha256":"a155726878a10c1865e405fe273d391b6f26af4753ffdc7c793d8fe85daa941e","sha512":"a19a32220ea9fd009a7088cbe79343c423c92fa93198224038b83aeac9a92fc10d1cd6231a7ef5e611db721958dfcd9df8ed66ebc0092d41b4ea039e2fd39457","ssdeep":"192:US0JryRTZ0nk5Hmj4J+1A8LK6QgVZo5emwQLQFml:T0lyRF0nk5Gc8qETQWoemwQLMml","tlshash":"1c02bf5c19890bd7db032814fd3c1e0036a2be5d2968f2ee38c4976189237bc9896c66","first_seen":"2026-06-06T02:06:13.040444Z","last_seen":"2026-06-06T23:50:44.856272Z","times_seen":4,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/img2.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/img2.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:57:25 GMT\r\naccept-ranges: bytes\r\netag: \"43cd31c347f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 1217338\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":1217338,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 968 x 729, 8-bit/color RGBA, non-interlaced","md5":"f5fd5760759b8589d0d66073ed820799","sha1":"34a91d2d3d2fcfe9f9ff613f75e762cb72755c5a","sha256":"5bf587ded8157f34bed5986132826a64dcf1edd4f2185a51207fb290eecc8eb4","sha512":"9c7d539f8a56ebe9d471742afaeaa39674f0b39f8710aeb5a3bbcdfc9018bf01b0a79df718cf029a46d87417d79fafab4ae5281c476680fc1a2aefbb0e58ed7e","ssdeep":"24576:FgcdiwkFGqxuKs86Esfo8BQwzlpQ26S8Ne6clOTdc8vNrol1Y6Du3om:Rkwsx3/sfoYQwzlp5L8NefOTmcW1S3F","tlshash":"722533b6c5e25321cf50f9c883cccea973682c5e06e576392b863f2cf9365a14867d61","first_seen":"2026-06-06T02:06:13.033934Z","last_seen":"2026-06-06T23:50:44.864445Z","times_seen":4,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/img3.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/img3.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:58:44 GMT\r\naccept-ranges: bytes\r\netag: \"791d16f247f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 1151\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"e68ad2fb1b72989ca2d860db3dbc92e8","sha1":"bac505038853047d5846abe47f7ecf1db51718d2","sha256":"4b17603bd9f5d31a5c4742532c24a1d1383598ddd2bfde14620e28d90bbe7700","sha512":"051dcce4bdedef427e51e6b3c53be7e665d0cfad546c8504ad216d8e3a600f9284261c67ee4809685a9f50f6cd2730edbe160a284c8ef099cd72a8b47f676116","ssdeep":"","tlshash":"be21cae8f7766d1d45cb5eaacb6a2033b416169f415dc234b1c4447d336303c429816d","first_seen":"2026-06-06T02:06:13.044242Z","last_seen":"2026-06-06T23:50:44.866239Z","times_seen":4,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av4.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av4.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:59:59 GMT\r\naccept-ranges: bytes\r\netag: \"1b5e21e48f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3851\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3851,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 35, 8-bit/color RGBA, non-interlaced","md5":"c737bcc077f4e28e0c9027e150096d1a","sha1":"81f65c3d812dff5fbe31fe9a069c7b15a8a2cbf5","sha256":"47a323155971fdef1c29bfa48df980a40d65613666e929d4523e3ef160611c8a","sha512":"a7175f42c13cc0928da7f865c8ce56e497f9504a1621cc872fd843fd8e6eb593e67be8a55588e8cd066c129030fd107e60e51a6e96462bfa01591f4d0ba6f81d","ssdeep":"","tlshash":"3c815cd3d8359f7865a8a8ab539cd20cd4b30e690d51e871ddab2445624772232e918d","first_seen":"2026-06-06T02:06:13.035994Z","last_seen":"2026-06-06T23:50:44.841047Z","times_seen":4,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/logo2.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/logo2.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:57:25 GMT\r\naccept-ranges: bytes\r\netag: \"5ff431c347f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 3590\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":3590,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 45, 8-bit/color RGBA, non-interlaced","md5":"594004be4f0de8b9317e11db666ab69b","sha1":"0f5accf71a5d0dd88edff79826f142158286fcd2","sha256":"f07a9ce8cc22d6f5c48d8b1217304806a0ee330506c969111cabf5b35f4f9f92","sha512":"7cbf773bb2afe1e4e86cb43ecddbfb2060f0098112f17e4116a33fda659e1bdb7684ad686c1003cf9a8276a82511679765361ff304163e2f26684bed3d6435a9","ssdeep":"","tlshash":"b5716dd1381d09303d9ef9897c966f58fea1504fd133e143659e50a7463815aa8e37c1","first_seen":"2026-06-06T02:06:13.039527Z","last_seen":"2026-06-06T23:50:44.857468Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 18:35:27 GMT","end":"Mon, 10 Aug 2026 18:35:26 GMT"},"fingerprint":{"sha1":"81:79:25:0A:2E:C8:CA:DA:16:EF:B8:34:B7:38:E6:48:7B:5B:4C:6D","sha256":"7B:74:72:15:7A:A8:4B:D0:1D:D6:11:DE:7C:D9:15:EE:E9:22:FF:E8:56:41:9E:88:6C:4A:F9:9F:AB:B3:6E:2C"}}},"request":{"raw":"GET /gtag/js?id=G-XXXXXXXXXX HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\nexpires: Sat, 06 Jun 2026 23:45:22 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 06 Jun 2026 21:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 138902\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":395491,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5462)","md5":"eb8593942cbd4c42fa7d77910395254f","sha1":"b9140b0aa516d344bc869ad8328c475dedda644c","sha256":"00bb932ceb4969d68355a24744a667e5dd121312d4432b094fac2c394afdb666","sha512":"1a3f3ae45a59f3e01011f5f6aeaec2dac05e75fcb70065098f1d4fda737fb77a39412234e0e362f3de6c67108cc8bf0cfe169c3e6b4da78b019802d916fdf8de","ssdeep":"6144:+q3GsHPLtgbE47c2bXW0w40dicStQQ+OWKTlZjQ:+y947L6QZE","tlshash":"d784f9cdb3d6746653a3b478903f018ba27a79e2f448c898f086d8d42e746994277f7c","first_seen":"2026-06-06T16:16:41.59685Z","last_seen":"2026-06-06T23:50:44.860526Z","times_seen":4,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":138,"dns":1,"connect":18,"send":0,"wait":36,"receive":51,"ssl":129},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/img5.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/img5.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:58:44 GMT\r\naccept-ranges: bytes\r\netag: \"994416f247f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 1133\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":1133,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"b6af601983af86bd12f44fc5a4b1f298","sha1":"07a0a16d39d7b738c8af2443128d2077f50ccaca","sha256":"64d69f1c37262908474e41546c69322212b93244531fd4c36457c0d8d02ce6b9","sha512":"8b2d87aa5c604d3b33bcc05b8efb642827ba3955f18bea8453f4b615b959f5f4c726de1cdef319b90d1975aaade559943ae030f4d78c743d6fee87bf26eae6c1","ssdeep":"","tlshash":"1e2196d891df58a0b9b2f604430fa62414df2a8e455e2488bcac724142f8e359a2e783","first_seen":"2026-06-06T02:06:13.041504Z","last_seen":"2026-06-06T23:50:44.862036Z","times_seen":4,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/av1.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/av1.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 13:12:56 GMT\r\naccept-ranges: bytes\r\netag: \"66cb59b15af3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 26651\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":26651,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 130 x 132, 8-bit/color RGBA, non-interlaced","md5":"b76c496369cbdda7284414d35e0cec8b","sha1":"7c63cb6e74700733b9ab39e6e500f55bd4a12c25","sha256":"2387f40ebb339effa60c9dbfa9977bee5a9371c22bf344ddfb95a56b695039b4","sha512":"1116e1ccd80fb712e98d100c0dc50d62d98e56b6d70204a894b66e7aed97e7a5ec79538ae43d35359110295e9aacdf3e6f5607ca3aa6476cd1a6776dcbcf827c","ssdeep":"384:f2g4POzNSYN96f8kheLWMnmJZJ1erbJIcF7JTeucHNwr83wXLj5ZmAlL62PxU8HZ:O9POfNchCn61en57FeuNnLfB","tlshash":"fbc2f2814921f2d62ea6cdd1f957235bbc7429a3717cb00a1518fc7d8916f3e6ad8350","first_seen":"2026-06-06T02:06:13.032807Z","last_seen":"2026-06-06T23:50:44.858569Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/api/serve.php?f=RegistrationForm","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:23.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /api/serve.php?f=RegistrationForm HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nCookie: _ga_XXXXXXXXXX=GS2.1.s1780789522$o1$g0$t1780789522$j60$l0$h0; _ga=GA1.1.1344289585.1780789523\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:23 GMT\r\ncontent-length: 1245\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1245,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-06-07T02:06:25.171126Z","times_seen":60025,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/favicon.ico","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:23.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nCookie: _ga_XXXXXXXXXX=GS2.1.s1780789522$o1$g0$t1780789522$j60$l0$h0; _ga=GA1.1.1344289585.1780789523\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:23 GMT\r\ncontent-length: 1245\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":1245,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-06-07T02:06:25.171126Z","times_seen":60025,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}},{"url":{"schema":"https","addr":"cnvalores.icu/assets/img4.png","fqdn":"cnvalores.icu","domain":"cnvalores.icu","tld":"icu"},"ip":{"addr":"185.236.228.43","port":443,"asn":47674,"as":"Net Solutions - Consultoria Em Tecnologias De Informacao, Sociedade Unipessoal LDA","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnvalores.icu/index_real.html","date":"2026-06-06T23:45:22.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cnvalores.icu","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Jun 2026 11:05:08 GMT","end":"Tue, 01 Sep 2026 11:05:07 GMT"},"fingerprint":{"sha1":"D0:62:E2:56:50:E5:34:08:C8:7B:1B:14:28:3B:C0:CE:89:18:77:3A","sha256":"4A:0B:FF:BE:F7:4B:93:11:A1:8E:2B:B8:3E:0D:50:E8:42:2F:7E:F5:77:77:EA:01:BF:86:6B:E6:0B:B8:C2:83"}}},"request":{"raw":"GET /assets/img4.png HTTP/1.1\r\nHost: cnvalores.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnvalores.icu/index_real.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 10:58:44 GMT\r\naccept-ranges: bytes\r\netag: \"994416f247f3dc1:0\"\r\nserver: Microsoft-IIS/10.0\r\nx-powered-by: ASP.NET\r\ndate: Sat, 06 Jun 2026 23:45:22 GMT\r\ncontent-length: 1243\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":1243,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"c1f75ebde6d310a9c22145ae06afd96b","sha1":"48619512241e0accf9091d349c849f42354cc0da","sha256":"a2c0884f88a537e9179e36875c449648c7839dd19e4ac0be039ee76cc0878138","sha512":"dc9cdbd0e7b3288f2aa84743fa77214e419f80eaaf9b93d7b92ed956153cdf4632ef0c12334f0edd167e8fc813d4a78d279cc6ed15a9b4156c43ecebe2e796c8","ssdeep":"","tlshash":"ae21eac4e53a50b56f8c162e87d74bed8fefd2f911f9042ee44c445111748864184ea3","first_seen":"2026-06-06T02:06:13.050917Z","last_seen":"2026-06-06T23:50:44.849171Z","times_seen":4,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-06","alert":"Phishing Block","trigger":"cnvalores.icu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-06","alert":"Sinkholed","trigger":"cnvalores.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Facebook","verdict":"phishing","severity":"medium","comment":"Resource associated with Facebook phishing","tags":["meta","facebook","phishing","social"],"meta":null}]}}]}