{"report_id":"3ac51efc-52ce-40a0-96c4-202c13764182","version":6,"status":"done","tags":[],"date":"2026-06-01T21:03:45Z","url":{"schema":"https","addr":"ultraprosavers.online","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":0,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"final":{"url":{"schema":"https","addr":"ultraprosavers.online/","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"title":"Home | Mobile Banking, Credit Cards, Mortgages, Auto Loan","dom":{"size":43205,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (27897)","md5":"ec4c3ffa2fe8528cb787cec23b943e5f","sha1":"e25b8d27e2b781978b04863a0d16b58333ba2904","sha256":"81844361b35a2e49bc9ddb7744fa275bc5ad7eb4927e35a99ac06d0a3cb0aa07","sha512":"a66bf25708e34e1c9c992c8822a17336a8cb860a490d9a3ef588a7aed5fb55d7946b3d3d8ec5378f668c41c41cbc4c4a9a15c1dacd3aefa6a1ffbecb3f4634ee","ssdeep":"768:4j28FTbfsTO+LDGmPKHs9TvfqaSQXOSqGMWYW7:4j28FTbfsTO+LDrPKHshqa/XOj6r7","tlshash":"fe1396176780462c9c53d2a8f399a54ea32df684ef6359eef7c62410c2d93ff088b456","dom_hash":"domhash5a2e7b986a359100c1311ce7180015d1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ultraprosavers.online","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":0,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T21:03:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-06-01T21:03:22Z","timestamp":1780347802,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57509,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-06-01T21:03:22.327841+0000\",\"flow_id\":537398984966305,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":57509,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-06-01T21:03:22.327841+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-31T22:21:48.210615Z","alert_count":0,"request_count":1,"received_data":19753,"sent_data":516,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"widget-v3.smartsuppcdn.com","ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2018-11-20","domain_rank":532262,"first_seen":"2022-10-03T13:48:45Z","last_seen":"2026-05-28T23:13:08.308943Z","alert_count":0,"request_count":3,"received_data":325302,"sent_data":1389,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"websocket-visitors.smartsupp.com","ip":{"addr":"3.125.212.45","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2012-08-25","domain_rank":411464,"first_seen":"2021-07-12T07:42:32Z","last_seen":"2026-05-29T00:26:32.981574Z","alert_count":0,"request_count":1,"received_data":224,"sent_data":610,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.smartsuppchat.com","ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2014-02-02","domain_rank":491650,"first_seen":"2017-01-30T05:24:57Z","last_seen":"2026-05-29T00:26:33.038337Z","alert_count":0,"request_count":1,"received_data":18549,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"ultraprosavers.online","ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"domain_registered":"2026-05-28","domain_rank":0,"first_seen":"2026-06-01T21:03:48.649737Z","last_seen":"2026-06-01T21:03:48.649738Z","alert_count":152,"request_count":76,"received_data":5339520,"sent_data":94221,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Adobe Fonts","description":"Adobe Fonts is a web-based service providing access to a vast library of high-quality fonts for web and print design.","website":"https://fonts.adobe.com","common_platform_enumeration":"","icon":"Adobe Fonts.svg","categories":["Font scripts"]},{"name":"Typekit","description":"Typekit is an online service which offers a subscription library of fonts.","website":"https://typekit.com","common_platform_enumeration":"","icon":"Typekit.png","categories":["Font scripts"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"translations.smartsuppcdn.com","ip":{"addr":"185.76.9.12","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2018-11-20","domain_rank":560346,"first_seen":"2022-11-04T22:28:35Z","last_seen":"2026-05-29T01:43:25.505851Z","alert_count":0,"request_count":1,"received_data":7733,"sent_data":502,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-05-31T22:42:17.707694Z","alert_count":0,"request_count":1,"received_data":111565,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bootstrap.smartsuppchat.com","ip":{"addr":"63.184.118.128","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2014-02-02","domain_rank":425291,"first_seen":"2018-01-29T06:10:36Z","last_seen":"2026-05-28T23:13:08.323171Z","alert_count":0,"request_count":1,"received_data":1552,"sent_data":535,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/vendor/smartbanner.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d43b65e00b7946bb0017c8235f8ffe4","sha1":"4c46db8d895f7301bc38c9bac5f4a9396c70f2a5","sha256":"25c22667a74743f46f77924f05d484606c7dc20383254a5a58103b5fc301ad11","sha512":"4c48f86ab850a7a1a595335d55765760f4e7cb3123f565cf793c1d3fb4760b6c9e976fb74acc61788b3a6155ceb9fd91c136bb05808d8bc4cc93a450a2436c56","ssdeep":"192:65tI/5+RO2W9Go5KHhjTLDI0BpMNrt6SB8LmaJtOwLJ8jS:65C/5+RON9Go5KB/2Bamax9","tlshash":"3922a20c72e1b172911362e9902f450fb0f5ecb9e848d8a9a27dc9c0afb185d41e7f6d","size":10700,"data":"","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.61495Z","times_seen":1196,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.validate.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5c90a53339966369b4f2cf43b77b5f3","sha1":"03bcedfc09c89497ed929aa3a2e785f9cbad530b","sha256":"997185a2091a96e5f429033e61e2e335d86c9b242a3a23ed479ecea4c8461872","sha512":"73073ba67c14350cbc0c77d58c57e53ffd867ad0a52592a3a64a938f04ee6d3b7b2c1ae6f80978cd87fa1992f3274ce2c24ae3a607687c08ab9ddee861e5d1f9","ssdeep":"","tlshash":"2641765d04a7072a88f332d9aebb500eb4b1a237b00a856276cc03c65f9f474e1f631d","size":2412,"data":"","first_seen":"2025-05-27T11:42:26.535923Z","last_seen":"2026-06-01T21:05:13.875347Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.conditions.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"94651f4a38b2e3faa1f199282ceca6f4","sha1":"bb396e944706c5f9f07afbe0d691bede78d11af1","sha256":"34c108773800a795b0f8d68a777892c2ecbf029f465eb6e1932e9487bfa3ff74","sha512":"08c558d2792500398954a5f38bc8a27d44d2f3c5ca8a1cefa066df4386a05b6937bc8ae0d8c7b996fd0d75cd5e6a7523cf3dcacec9ebc884f8a1cd158e5c3346","ssdeep":"192:DhQe9o1mUYEFmIftRZovbqDsuL3i86TIVrksyQRfIBr2pSCEMvLqTEabKnBMj9g6:py1mEF7JbLSTIVXeN7979J/8cFMflR+H","tlshash":"40b29b7eb6ea31428a1bb1254def9044b235c4539e0d9d04be1e41b27f638347aebf94","size":23447,"data":"","first_seen":"2025-05-27T11:42:26.543367Z","last_seen":"2026-06-01T21:05:13.868776Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"887fa31edd0b7b835b9dce2658a83321","sha1":"0203bdc3035f3c3dd2bfedf94a7ad1845d160497","sha256":"13243171b1f5976e74f79647f612a1d879bfa606816a204f72a833c0e89f269a","sha512":"ef080211f637c8efa0a4b31b73757f33e5069fb614a7a8e27d0f4b1798c19e44c0ee4b98df9a05493fe1b6286da2414a96f5a34e3ca5bf728969b96a8e397714","ssdeep":"96:m+ijDOVLHtxQTsgtB2vTM7gXRiwSQSoSFGDb408oXno6e2Qvm8KT2XZHfVHE8bpt:m+ikfQTsgtUvTM7gXRiwStAb408oXo64","tlshash":"f5b197883545a2a37df731fa20df800fb07656a4b0994401f14a96f19efded6a213b5f","size":5407,"data":"","first_seen":"2023-03-07T14:05:53Z","last_seen":"2026-06-02T09:23:11.636676Z","times_seen":1779,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.unobtrusive-ajax.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d453ebab9ca5d2f0599d87cd7f5fab4","sha1":"3379c18583c62f7bb0b78971d764da17e979e658","sha256":"7ee0565b7fddb7cc67171d3f783d2b55760fd178292e16c585ea2fa3961d6489","sha512":"178f0a623ccf973a378e62bf9942fef42d78abf009755c1fc440dc2a5473f3d61e50da8267cd73181471ced7dfbcb48634b37941d44e49e8f3d46360e9110e27","ssdeep":"","tlshash":"d581a5a87501b5b7bf2326f9881f4503511a76a876170d906c8fc0a82c3db8e38f3b62","size":4046,"data":"","first_seen":"2023-03-07T14:05:53Z","last_seen":"2026-06-02T02:03:17.897044Z","times_seen":583,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"5429b1573bfa37d32812024caf34906a","sha1":"8d752488324e7576a9d2389d73aea9422bd17aac","sha256":"90466cec0e856f30536472011d81a8d98afc757d1e46d3b78ed30bef9b15d2c3","sha512":"a24b437fd7e8bb4212b0369ce424b5e7c957563424f3484812e302d6a950a36c84008289b9d63642ebc432c70a133e7e1dd5fe8cd90949d4e5645cea14083a28","ssdeep":"","tlshash":"6ff0a33d7c334294575310b583bfe518391630674054c91b7c5dc8694f70fda6a04b98","size":490,"data":"","first_seen":"2026-06-01T21:03:52.791283Z","last_seen":"2026-06-01T21:05:13.929629Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"024ffe2b9d10d0063f93400983a9bf57","sha1":"67eb6df9398c3fa25fe9a3b702b5711703e6b6a9","sha256":"90fbc885a4db7cdc6f8106fd331c88c4b7f3403af2f21f4bc12a4c6de21a2701","sha512":"f823d4e04acc09f9540d78b1b1ab6c27c6cbbc3632fedb5dbdd42598892134fc9e1f979468b03d46763fa4c0be7b10d2c2a3921665f206464d19994c2d871c82","ssdeep":"","tlshash":"86c08c0b8031a0b4328d11199ace6bc1642840a802213e38eb55100a4b82a03030f042","size":159,"data":"","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.642244Z","times_seen":1121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/vendor/modernizr-custom.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"549054819a309723ae5961819ad15862","sha1":"45bfde91dd95baa8b45a1bdcc6be7bfc0c81e0cc","sha256":"084042d304a81e83677baf018c3b8c0c7e7c41076dae645436d867f8b5a31a5b","sha512":"1c53548427e89f37dcae91506b83f056f87ec7d37664d2c6601350006eeaad75a0c939e8190f2c4f70d143a511106c35bfa25e5789d71bb67074d58936d0f777","ssdeep":"96:GxE6y2mSg67LzZVReNNBj769EWPgtP051oFE4jG57DAYbsnCy:GxED2kqHgpSLgP0L4jG5fBoCy","tlshash":"1891d7e676e37555d31614bab17f400ab538885572448818d050f4b93e34978437ff3c","size":4510,"data":"","first_seen":"2023-03-14T05:50:51Z","last_seen":"2026-06-02T09:23:11.618548Z","times_seen":1211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/main.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8752611a187f5ae16099ad3d5a6402e7","sha1":"1b3127454f2621c7c1ddacd0460b093c911fc56b","sha256":"192f961340625ea28eb48091687e7d6038a89df0ab0aeaa3d81f387628e910b9","sha512":"6b82e72d5c1ef45fcdeccfcf7843461694f20cbc1d81bf93fc5a67bea11db7b8e8089fbf444ec1f24795cb4412ffa979d68c5fd40a8964f378a7a66f61a83823","ssdeep":"12288:14jnnJc1bribezvuYh6TxnR6v+TIVOV76AujD0:wnnJcdribezvuYhmnR6v+TIVOV763jD0","tlshash":"76f408897291713282a731f5502f010bb136a9b9f4498868b07dc8e53fb8d9d61bbf7d","size":769739,"data":"","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.622837Z","times_seen":1182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a742a0ad4fc607bbb3528006ae2176e","sha1":"fd4d9a87653d1e083f1aa3b6c5613560a79a2a5d","sha256":"80623d052ff8dc73dd703a58a77e62d2615a491f966e2fb395ddc74ca89fb840","sha512":"f42f9521db1aeae9c783b4c5554e3646add7db20aaa4eb3f7843fc3da3f15f2bf5235ae8760d17e490c0d765dc05e4b0dd0e4ec257ded36a74c27846ee772ec4","ssdeep":"384:QhrHpnky+JB6/tX2lHldkMiYnFpY54LjfTANAc0Eny+RWuW7NeoMwV/vtrx+OLDE:M+JB6/8lHldkMioFpY54PgQEny+kLxVc","tlshash":"cba2978d76d670465e9720f4909b660b61b66da0a008e83cb5f8e4d1baf4ecc50f7f78","size":23078,"data":"","first_seen":"2023-08-13T06:11:07Z","last_seen":"2026-06-02T09:23:11.533112Z","times_seen":1222,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.smartsuppchat.com/loader.js?","fqdn":"www.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"218d24439d4e2c0990f35338a7ac220c","sha1":"5a7b913584c1244bf61beab9dc644204d130101c","sha256":"efb497f7159de26ea5e0521d675d909dc063e36d0d23c2ad96fa9109b73ee263","sha512":"17af39bfdc350c9d1f8dd74652641d0c028881ecb3935d2d9fdb763d24136665d135d00219aabac57693112e2314d4fa91b802ba2662a1580aa35c5e0b6e624b","ssdeep":"384:2/xzy2A3wyxNeBWbEgl/EuVaBWbE0rIcvqSI/aQ/UpG:2/xzy2A3wXscuVaAxka05","tlshash":"4182b7cc7691b16543ab61b4843f620ff1376929740d8865b965eae13cb8c8ed037fb8","size":18024,"data":"","first_seen":"2026-03-30T19:01:55.527327Z","last_seen":"2026-06-02T14:24:45.784947Z","times_seen":2850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/rlforms.referlive.com/scripts/ReferLive_share_v2.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a5a796cd2e21b7361571cfc187b5465","sha1":"f4fe3e8f71a0bc39c5b8dd69ba007e6addd1a4b0","sha256":"1e882f8da70114fac20fccde02b81136af7ea47b607361f5c67299c10de5bee8","sha512":"ac8805841ccd6bd9a0bb67cff1d2ab71cfc12b3bc975e1ebe55913453b63e7b0437853febb89f82ff7cb88cc475baf26f118b3669a47259377c6241b2e2cb816","ssdeep":"1536:QzLF0Zn6+nNF1/vZcBJVQvKephwKNkLF0Zn8chjxmUSHWpjPyTehXV0N5zUNZYA2:YLF0Zn6+nNF1/vZcBJVQvKephwKWLF0i","tlshash":"fb63242c29b212f3dfb7e07632ab164474f57113a618d904b84ee4ca5f98c711c6ef66","size":67429,"data":"","first_seen":"2025-05-27T11:42:26.524021Z","last_seen":"2026-06-01T21:05:13.877601Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":true,"md5":"0efb509f352dab08ec837083b181cc45","sha1":"a7736eb18fb921e66cfa34fa67bf32a9c29a20a4","sha256":"1c4a92b900ffba1706e4ef57d95bcd9a771e85e513e97c2e123ba5257cff86c4","sha512":"3ccd911322f83d992d4e2190bd3e4ed6401b9ff00f7b79b45954a477eb7be8412abf753dd25eb491c6061c812029432b22a73bfcd2e5b025145164942ed8d4d1","ssdeep":"","tlshash":"6351101fb7026931ecb315bb17abd3adb53241132e01c000399ea4894fa4ea4b4bbac5","size":2613,"data":"","first_seen":"2026-06-01T21:03:52.797381Z","last_seen":"2026-06-01T21:05:13.933249Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/main-x4TEowgc.js","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"44790c45b98e089590e68b6aa63d0847","sha1":"076196cc5d69ae1d3f62fdd097b9c0227abb27ab","sha256":"967269533104fc33c2b78b38d91e5e8f8333490e914aa077357d40ae8d546795","sha512":"0f78548b36ee45e716dcd88d60e2638a64ef5154e7b46c1082000ed03b295db920fffaa2716bdefea97429db83c0ecc2e557a2e21008e46001a4fc8ac333d5b9","ssdeep":"3072:ZzRmsJ3lGXmd/SSVBVfKdEaKVnV8pzU4rESLEe/rSWjOAAGd3pGQQarBqZzQusQR:CyTaEe/7Nnx2YqZzQusOUyZTzP42sdg","tlshash":"3c5449d472a5747443a700e4507f2006b23e5c29a809c068f6adddf67db99c9a2b7fbc","size":284268,"data":"","first_seen":"2026-05-14T09:23:42.575671Z","last_seen":"2026-06-02T08:09:59.97578Z","times_seen":651,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/assets/common.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"introduction_type":"scriptElement","is_inline":false,"md5":"45022a63e20efb86b7856aac1f5550b1","sha1":"4d5c25ea0ad1536f3a1d8e7ae31dfd506a2c5bda","sha256":"dd6f512056a23a9cdb1791fd439ae19a2d55e64ae624b73d98706f25a6a0bad5","sha512":"a2bb2a7abe6835a090f438ecdecfe34ac74c2b2d01e92a9da5c624aaf50953660464161bc65894e647ff890d827107dd51191653c8d546d1657b45985afab93f","ssdeep":"3072:XrIYU/nfQmSPAp0s5yQkLE4bnh22gxBi8oaAqnbZyI5AqzNKaBch0iMj0/U1xYDb:bNcnNwzsTko4QnY8yeEVK0ayhFG0s1xq","tlshash":"f1146b96cfd455b8c5912fe4c9ee1206a0a9983b6894e1084ab3e0e71f3cf7d71adc1d","size":205980,"data":"","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.598909Z","times_seen":1201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/learn-and-plan-images/personal-finance-101/8554477.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/learn-and-plan-images/personal-finance-101/8554477.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 152892\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":152892,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=4480, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=6720], progressive, precision 8, 1200x800, components 3","md5":"c2dd439fe5a4095a90703130d28e4a37","sha1":"f865dff65e9d981b4dfe8bf5b1f615cc72bfb93f","sha256":"58e915a819e9f5c25b140086bd40242ca7ab17a422f984bf69225bee625c059c","sha512":"d5971ba837b895813b6ca591ca3dfc1838e03f308b703fea2c6df7b703c9b4c3a5e892c43fbc4be18263a212a015e82b760fb25992f5c715c8b0b931fe264255","ssdeep":"3072:pLQVtdIM87m/pCt7UYEonfz3EjhPTWbLjJ+YfNO:fR7ApLqfQ1SnwEO","tlshash":"eae302311fa41d63fde59736980bd7117239da11ade7b382b42ca80333726626b9e385","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.553984Z","times_seen":1189,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/selected-current-loan-rates-business-loan-ratese6b5e6b5.svg?la=en\u0026hash=54709063507BFE1E2B00883188CF5F2C","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/selected-current-loan-rates-business-loan-ratese6b5e6b5.svg?la=en\u0026hash=54709063507BFE1E2B00883188CF5F2C HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1259\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2733,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd06ee250148f7c5aa82724d0a83a7a6","sha1":"d41fbe2ae77679fa9bdb50eba106240a9bac1b3e","sha256":"d79b6f19606d02413fe2ddbdf94a0431220f98129b3c49c1dd8a1d9f85615317","sha512":"30c4bbd27d2c9e1b8bc6854f2c8e6c4f971a7431543181b4dbeb491b444edee0c0576d46713b1aac31850dcb07e997d99286689243398b2cf029ebe2968cf272","ssdeep":"","tlshash":"72516537830597ba6e52cb45ee65e05d3576586b70f4e0c8aff3b5469c058f38038d20","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.612773Z","times_seen":1161,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/selected-current-mortgage-loan-rates09810981.svg?la=en\u0026hash=57C8882AD80B2212AF34531169CD7E52","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/selected-current-mortgage-loan-rates09810981.svg?la=en\u0026hash=57C8882AD80B2212AF34531169CD7E52 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1048\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2296,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d2f666bf63953e913788bc227b7a3df8","sha1":"3e62484e6d14976d31525a632936c842a4017718","sha256":"d8a55151fa5634d463bad84e939d7ab5a550f188ed6fd081b15cf9879251299c","sha512":"5c660b5f5a403ce10328a2c07a8d425ceb3fa7d88e0504dcaf9b4e58f7d8f5c68595e33b40d0ccfccd0a493ef2bee1dafc18684ca9b4055cab4ead73ad43a74e","ssdeep":"","tlshash":"8341873753447bba66d2cb8c8955f05937d2505ab2b4d0d84fa36f166c06cf38038d21","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.531647Z","times_seen":1160,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.unobtrusive-ajax.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.unobtrusive-ajax.min.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1612\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4046,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3083)","md5":"0d453ebab9ca5d2f0599d87cd7f5fab4","sha1":"3379c18583c62f7bb0b78971d764da17e979e658","sha256":"7ee0565b7fddb7cc67171d3f783d2b55760fd178292e16c585ea2fa3961d6489","sha512":"178f0a623ccf973a378e62bf9942fef42d78abf009755c1fc440dc2a5473f3d61e50da8267cd73181471ced7dfbcb48634b37941d44e49e8f3d46360e9110e27","ssdeep":"","tlshash":"d581a5a87501b5b7bf2326f9881f4503511a76a876170d906c8fc0a82c3db8e38f3b62","first_seen":"2023-03-07T14:05:53Z","last_seen":"2026-06-02T02:03:17.897044Z","times_seen":583,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/images/assets/ico-lock.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/images/assets/ico-lock.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 181\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":278,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"41dd7e40ebea204a24cf1ca447b42181","sha1":"b81b89071b2d72d91108e889e7b066f119fce4ce","sha256":"89dfc37a35dc8f93478781fb56cb6cc0a44c7ce085a292d001c62ead400c0dd3","sha512":"32fb09bf1f5f3702ff069854168189545fb2982403266bc5dc9d3d98fb771047f8926faf3596078c202b5c5a8e91793e3ebbc92c43591a8719ddef2d777af2d9","ssdeep":"","tlshash":"0ad02b35430c5c1cf612c728dbb03734122a20437a4c1128d4672038e6565dff93b978","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.520017Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/click-credit-union-interest-rates2d242d24.svg?la=en\u0026hash=F645C6A70380501060089A848126191F","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/click-credit-union-interest-rates2d242d24.svg?la=en\u0026hash=F645C6A70380501060089A848126191F HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1344\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3514,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"20ce925db02c5134675f108bfdc57971","sha1":"36f0b73f2d6418d4cefeeaed8809dfc815d7d19a","sha256":"69ced6b8ae9f54e5da680d72933e0b5438a502f4119a7415280dab32706f96ad","sha512":"912c070c0eac91de89931daf9263829d8d4c3b91ea6a1b6fd014924d870d9ee85fb17302db599229413387b1913b160d06c44f7912530f0337f5d1ecc3998efb","ssdeep":"","tlshash":"2571647b5384777e40a25740c6d5a185216bf0c6f0b0a2ecaba1a0572e26cfbd27c611","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.588517Z","times_seen":1166,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/images/assets/ncua-lender.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/images/assets/ncua-lender.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1730\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1730,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 58 x 59, 8-bit/color RGBA, non-interlaced","md5":"48f0b35c2018a119af3c54f38a5e6486","sha1":"0ec248e71ddcfa215e30eeb41a5bca8fde1eb224","sha256":"fd9259a1000c38a8f482f9d650ed5368add125f7259253463c02e3be61204691","sha512":"3e4ad605df0aa1165157b3167e333921384eec1e9d84fcbf68c57bca1414e63006d7edcdc94db2f78001ce4239a912760c37a6bff5a823257a5c2f118c584211","ssdeep":"","tlshash":"723108a2dbe2dd4f52d3001acaffaa121c64125c6da142135947ed20183c1c8e6afb9f","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.590452Z","times_seen":1169,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/vendor/smartbanner.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/js/vendor/smartbanner.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2980\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10700,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (10700), with no line terminators","md5":"3d43b65e00b7946bb0017c8235f8ffe4","sha1":"4c46db8d895f7301bc38c9bac5f4a9396c70f2a5","sha256":"25c22667a74743f46f77924f05d484606c7dc20383254a5a58103b5fc301ad11","sha512":"4c48f86ab850a7a1a595335d55765760f4e7cb3123f565cf793c1d3fb4760b6c9e976fb74acc61788b3a6155ceb9fd91c136bb05808d8bc4cc93a450a2436c56","ssdeep":"192:65tI/5+RO2W9Go5KHhjTLDI0BpMNrt6SB8LmaJtOwLJ8jS:65C/5+RON9Go5KB/2Bamax9","tlshash":"3922a20c72e1b172911362e9902f450fb0f5ecb9e848d8a9a27dc9c0afb185d41e7f6d","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.61495Z","times_seen":1196,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/css/images/assets/ico-lock.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/css/images/assets/ico-lock.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/css/main0338.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:20 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 181\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":278,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"41dd7e40ebea204a24cf1ca447b42181","sha1":"b81b89071b2d72d91108e889e7b066f119fce4ce","sha256":"89dfc37a35dc8f93478781fb56cb6cc0a44c7ce085a292d001c62ead400c0dd3","sha512":"32fb09bf1f5f3702ff069854168189545fb2982403266bc5dc9d3d98fb771047f8926faf3596078c202b5c5a8e91793e3ebbc92c43591a8719ddef2d777af2d9","ssdeep":"","tlshash":"0ad02b35430c5c1cf612c728dbb03734122a20437a4c1128d4672038e6565dff93b978","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.520017Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/1526e5/00000000000000000001777c/27/l5bba5bba.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n6\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/1526e5/00000000000000000001777c/27/l5bba5bba.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n6\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 31688\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":31688,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), CFF, length 31683, version 123.26624","md5":"98623e6856fa8465bedcd20eff724999","sha1":"167f70b909b2d8846a4a4d58f60a89d6fcf5a2b8","sha256":"1770d8d2dcc05bbf45e3efb6795ace53bae6c29786144f182036bdff4c1a6e1c","sha512":"c5a600753f27d773a341a2103aa433d0970d8fe0ba91db331073465f92301ae59f5d6e47fd520e498d0446c5ac692c56ef554a054abcf37a4fcb2614c8138fa2","ssdeep":"768:X+T602sUzYpnR+o2VNyID4vgCCS/No3fTJRzTXiw6Ui/Q6nIp7XqQ3jQmg1jOKHa:X+T60HUzwR3xzvgIluJpLj6UPQIpGQ37","tlshash":"b423e1540385f730e2e9e5fdaa1706f4ba406784bbdfed90db94c112294323abb8d5c6","first_seen":"2024-08-19T18:27:38.360396Z","last_seen":"2026-06-01T21:05:13.886997Z","times_seen":54,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translations.smartsuppcdn.com/api/v1/widget/translations/lang/en/defaults","fqdn":"translations.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.12","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:23.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1087630013.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 10:30:49 GMT","end":"Tue, 23 Jun 2026 10:30:48 GMT"},"fingerprint":{"sha1":"FE:60:F0:6C:13:88:B2:39:2E:11:67:71:2A:8F:58:11:3A:45:30:5D","sha256":"BB:F8:AA:87:AE:AA:9D:E7:CC:47:F2:E8:98:89:5B:12:D2:33:6C:16:8E:C6:CA:61:CB:25:84:42:51:47:56:17"}}},"request":{"raw":"GET /api/v1/widget/translations/lang/en/defaults HTTP/1.1\r\nHost: translations.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ultraprosavers.online/\r\nOrigin: https://ultraprosavers.online\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:23 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: max-age=600\r\nx-response-time: 0ms\r\nx-version: 9894dc878aae0ac737f8001c982da8ed66a97657\r\nx-77-nzt: k2xQmRFZGSnZhKOW4mt79tmMhqqW7DLyh6ihoYw8RD1wNfWi0eFR0YbWkbo4aotWSeijjTI\r\nx-77-nzt-ray: e2f754203ec13ae19bf31d6a8e6c613b\r\nx-77-cache: HIT\r\nx-77-age: 89\r\nvary: Origin, Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":7216,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"05d7604a60456ab25eb809557b353edc","sha1":"e32135b721636e7994e42748da35341e03dfd123","sha256":"5892aca834fe3f9f8fb66f68c8a3eb2295708a3b428cf355d7f3e3c1a0b7b62e","sha512":"db4124c008e22597192e1f07b44575ff191a03322f763bffb1efd129152e0f6f1546d98f5016967b32cc71a8252fefc0546aef0be258e8343fbba4ae2afe00da","ssdeep":"192:Ccdft/hc4l6WKHSY8pZcqq+jT0UHAfoW/Ymz8:CgF/hcbWbYKZcF+jhqoWQmw","tlshash":"48e1b54f9a144ea987c6438276cfb84675bc80734250993afd8cc8b842697cda3e3b94","first_seen":"2026-04-01T12:23:41.393805Z","last_seen":"2026-06-02T08:09:59.908289Z","times_seen":1820,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":74,"dns":34,"connect":8,"send":0,"wait":26,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/rlforms.referlive.com/scripts/ReferLive_share_v2.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/rlforms.referlive.com/scripts/ReferLive_share_v2.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 8424\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":67432,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"1a5a796cd2e21b7361571cfc187b5465","sha1":"f4fe3e8f71a0bc39c5b8dd69ba007e6addd1a4b0","sha256":"1e882f8da70114fac20fccde02b81136af7ea47b607361f5c67299c10de5bee8","sha512":"ac8805841ccd6bd9a0bb67cff1d2ab71cfc12b3bc975e1ebe55913453b63e7b0437853febb89f82ff7cb88cc475baf26f118b3669a47259377c6241b2e2cb816","ssdeep":"1536:QzLF0Zn6+nNF1/vZcBJVQvKephwKNkLF0Zn8chjxmUSHWpjPyTehXV0N5zUNZYA2:YLF0Zn6+nNF1/vZcBJVQvKephwKWLF0i","tlshash":"fb63242c29b212f3dfb7e07632ab164474f57113a618d904b84ee4ca5f98c711c6ef66","first_seen":"2025-05-27T11:42:26.524021Z","last_seen":"2026-06-01T21:05:13.877601Z","times_seen":16,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/footer-images/live-video-call.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/footer-images/live-video-call.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4253\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4253,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"e10299b43b537988ffbe0139bb4e352d","sha1":"48fb021d0f153e19319c4d831130105d9e92d2f7","sha256":"098cc6b4a5b9ca67d2212b08bdf01f38c8bb9613a75121aa5a29e2bbacb8c098","sha512":"8a7c8c9c4c98b7011a268a744a5ad79bcccf1aee7b36994c263a8855820c96b871f552807beea06a9a2d06560f81581fc4941e076a90511f0b218e224c98d294","ssdeep":"96:IScAknmWpf3R/SHWpHihc5e6egziNsc4lf1YxfA+:ISTknw2pYcFBNlf1Y2+","tlshash":"0c914b2bf2419a129388dc053bec337726370f888ec49b69f8e6ed1768f41a5849c4d3","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.6166Z","times_seen":1187,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/css/images/assets/pattern-bg-medium.html","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/css/images/assets/pattern-bg-medium.html HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/css/main0338.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T15:08:06.767726Z","times_seen":16043088,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/uploads/1752447676_184f2e9f52ac314abfda.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /uploads/1752447676_184f2e9f52ac314abfda.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1816\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7192,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"f45d29382417f62efb175246fb37573e","sha1":"51c82ef7dd7a2c67742ee66b0ee48ebfc1c40477","sha256":"9617651b0ecf21b60bd9a187835b7a7bdcb5ab443855f8a32cf0f3b67892de0d","sha512":"9f4b63addc8517a1ed3d2837e3a58a704126f15e84759f54d9a46e25a86eeed6a802b0c7488df558e01ea5a491b8916899ba65d99ae1b5744aeb37b23f834c64","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJsm:v91m","tlshash":"45e1551975f311a32853a26427eb6f8936a59003dd16de263fdea240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.722012Z","last_seen":"2026-06-01T21:05:13.896061Z","times_seen":2,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/learn-and-plan-images/running-a-business/13418669.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/learn-and-plan-images/running-a-business/13418669.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 82054\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":82054,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=4000, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=6000], progressive, precision 8, 1000x667, components 3","md5":"3834466a8ee586e833c9b147af6083ee","sha1":"55c42b26009b5a23bf86c8bb20ed8f89db7948db","sha256":"4200906696d35bd2a522e84315c22151cfa34c8a9af5a96178b153118ead554a","sha512":"22689eebb5cae72b04c0bc2cffb9dad719db893932e53acd01fb7c181316659e431de2447b0deef71de32d6cd6a8a60bddf29dabf87594d7f04a4d6f68c48364","ssdeep":"1536:eZ1euFafZ1euFaqtUCZoMOcjAi5Bf+rE0++ENKooqGU89R8qHVB1OrY8u1FM4aA8:Q1eWah1eWawvxAyVxGjBIrY8oC4aA0dD","tlshash":"8b83013e9752dea1f0c21a3094f0f3d4921161ad6b43766f38ec65a137b13696c3466f","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.591126Z","times_seen":1184,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/tabbed-icons/icon-call.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/tabbed-icons/icon-call.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4575\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9897,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4937e08a0542ec8f002a7c6f8cd43773","sha1":"689285543784faaf75144ee77bd124fba5acd478","sha256":"f99bbd06a38606675057bcc208176a59d1a32b387e1d67f15b8c8c113da9e5dd","sha512":"ff5dcdc23461bef79eadf76112ba7b09528fec315feb44e06dbd0d8159d8889ed85d4a3fe2170b2edd1db597e7606f5eb5748e724f14adcee1a5a2deafa8abc5","ssdeep":"192:8huIiCC9a0bOJjn/5qPHuq9ThTs7kecy/vKGYC:8huvc0bIn/5qPTThTs7kjyGC","tlshash":"6f12f8c01326cbf9a4041afe5d132496343b1cfbbf6092ad949fa875f8026d94d6d8d7","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.570481Z","times_seen":1151,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/main-x4TEowgc.js","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:23.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 10:33:12 GMT","end":"Wed, 24 Jun 2026 10:33:11 GMT"},"fingerprint":{"sha1":"D0:0A:A6:39:E7:85:DF:64:B0:13:66:E3:06:E8:BF:2D:3C:AE:EA:7A","sha256":"70:D5:91:24:1D:F0:F9:7F:57:55:99:71:1F:A5:15:C2:B9:C7:21:65:6B:42:A2:34:4A:6D:A7:53:70:BE:C0:7B"}}},"request":{"raw":"GET /assets/main-x4TEowgc.js HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ultraprosavers.online\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:23 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000, public, immutable\r\netag: W/\"6a0584b0-4566c\"\r\nexpires: Fri, 14 May 2027 08:22:52 GMT\r\nlast-modified: Thu, 14 May 2026 08:15:44 GMT\r\nx-77-nzt: k+/89aL7fh7lhHSJSuyN30xnYy261bbB/MDzoVxX1mqKNr3eADRDa9kw9CFE1P3o4jJzsTw\r\nx-77-nzt-ray: e2f75420821315cc9bf31d6a9d56ef1e\r\nx-77-cache: HIT\r\nx-77-age: 1600821\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":284268,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28071)","md5":"44790c45b98e089590e68b6aa63d0847","sha1":"076196cc5d69ae1d3f62fdd097b9c0227abb27ab","sha256":"967269533104fc33c2b78b38d91e5e8f8333490e914aa077357d40ae8d546795","sha512":"0f78548b36ee45e716dcd88d60e2638a64ef5154e7b46c1082000ed03b295db920fffaa2716bdefea97429db83c0ecc2e557a2e21008e46001a4fc8ac333d5b9","ssdeep":"3072:ZzRmsJ3lGXmd/SSVBVfKdEaKVnV8pzU4rESLEe/rSWjOAAGd3pGQQarBqZzQusQR:CyTaEe/7Nnx2YqZzQusOUyZTzP42sdg","tlshash":"3c5449d472a5747443a700e4507f2006b23e5c29a809c068f6adddf67db99c9a2b7fbc","first_seen":"2026-05-14T09:23:42.575671Z","last_seen":"2026-06-02T08:09:59.97578Z","times_seen":651,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"websocket-visitors.smartsupp.com/socket/?EIO=3\u0026transport=websocket","fqdn":"websocket-visitors.smartsupp.com","domain":"smartsupp.com","tld":"com"},"ip":{"addr":"3.125.212.45","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:24.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.smartsupp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 25 Jul 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:57:04:01:81:87:91:69:91:5F:FB:F3:51:3F:C3:50:59:25:59:2D","sha256":"D8:0F:70:51:28:C9:4C:A6:5A:C3:91:80:AC:41:82:E2:B2:73:5A:0B:A4:07:51:81:EC:03:09:9E:87:4F:81:F7"}}},"request":{"raw":"GET /socket/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: websocket-visitors.smartsupp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://ultraprosavers.online\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: s8Dm/cWy99FlJ1Iq/z7IGA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Mon, 01 Jun 2026 21:03:24 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: PuJWRaNuW4dIR+73u7QAUVFUi8Y=\r\nSec-WebSocket-Version: 13\r\nWebSocket-Server: uWebSockets\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T15:08:06.767726Z","times_seen":16043088,"resource_available":true,"data":null}},"time_used":401,"timings":{"blocked":0,"dns":165,"connect":185,"send":0,"wait":23,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/rlforms.referlive.com/css/ReferLive_banking.css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/rlforms.referlive.com/css/ReferLive_banking.css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1351\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7265,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b6c0033718fc8007bcb65cda0817e48a","sha1":"f1630c17c80adeb0ed6d12ef04a0bf9831547c76","sha256":"b96beda966d849aa29892e2e339582155c871e9af0e1e85a61f1bc26f614be11","sha512":"7909ce57831118f47b0f9a633d03da4a7e78893238c547bc61e314428ef01a863bc477f68c5daeb3801352bc79b2881bf238940672b06b834bf3064312d3c994","ssdeep":"192:mPBJWW3UsyBCbkl5cbCFS1ekFe5TaP4+NOnkCV3BI4:mPK5PBCbBbCFS1i8s","tlshash":"0de10052eba3198a351bc4145bbb2784332980175149ce6ebf5af1fd8f0a3ea8471b49","first_seen":"2025-05-27T11:42:26.54225Z","last_seen":"2026-06-01T21:05:13.878328Z","times_seen":15,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/icons/rate-icons/new/ico-savings695e695e.svg?la=en\u0026hash=0E55614F75FB061850865FD235D7ABDA","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/icons/rate-icons/new/ico-savings695e695e.svg?la=en\u0026hash=0E55614F75FB061850865FD235D7ABDA HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1933\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c783870017d8416d7cb995737c25e8e7","sha1":"ae18ede07da3d8120fc9a25743cece2399334e5d","sha256":"1b0ee9beaed4cde08ee619e0d47c1b8308927f00b85b5077fd64627198e77ea0","sha512":"34cd6473bd30d5fc8d840846cee63954e7f794efb2b50613d76823b45b81a5037c3729fdc84166d8b97d87f06dec2636115f200ff693bfd7ff49975a117d8ed3","ssdeep":"96:AI6T5iqdcxqDGrCxwvFkFQ80lAXTopvl1r5EihXltdnfa:loyqaxviFQ1AX2V5tU","tlshash":"5c91227713048bff61e6c748ca69718933a698a572b5a2cc6f93bd06ac0a9f34074c21","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.603434Z","times_seen":1164,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/homepage-images/metro.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/homepage-images/metro.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:20 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 110812\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":110812,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=800, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1600], progressive, precision 8, 1600x800, components 3","md5":"06427eda3d89ade05e3edec0186bd922","sha1":"3a2a15c3e788573849c4c1e1025c61556d178c4e","sha256":"a36aa5e4deb7a3cfe317b655d71dbb9be49cc9eaaef23873bcfd26e6f0e635e3","sha512":"6095660772f288f4e2472871dc1b6eb49b259caee0b2be6846a89d0dfbb39e5263e354010ca27afdd4781aa5e51641723e33565a660bdb64b642f01c5c9709aa","ssdeep":"1536:37O77kXrrK+mqtsVe+4PaFZopjDkt2dLKvGra4Q7eHhtg6hhLf:3ScXrrK+fQe3PaToxmmKOraheHhttnD","tlshash":"19b30231ebb48e13f9d0d07284b3db439ab1a66917b7cf82319c94713ba85d14d2936b","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.547324Z","times_seen":2170,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-credit-cards.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-credit-cards.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 963\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2248,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0525f826a4314c6b1db281248018a618","sha1":"0a20ee1494a0be32640b683f9d5fcec8831685b7","sha256":"78678f87731e95b03b8aa54ae93c5e7ac9069be4d843fc919619b1d49773a230","sha512":"9ee0da37808bb88e21d8b3ed0e6eb5cddcdaae5290ebefa5ac9b1c733104cf1caba2a9a7c0fbdf024f5335a9d73d30b6040c21a1d8ff42299a13d5adbf23dcd6","ssdeep":"","tlshash":"ad4146326f4c47be6153c788c81ed55c232ea86a727d50689f5fa93e1c06df3c076811","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.515036Z","times_seen":1200,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.min.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 7209\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23079,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22940)","md5":"3a742a0ad4fc607bbb3528006ae2176e","sha1":"fd4d9a87653d1e083f1aa3b6c5613560a79a2a5d","sha256":"80623d052ff8dc73dd703a58a77e62d2615a491f966e2fb395ddc74ca89fb840","sha512":"f42f9521db1aeae9c783b4c5554e3646add7db20aaa4eb3f7843fc3da3f15f2bf5235ae8760d17e490c0d765dc05e4b0dd0e4ec257ded36a74c27846ee772ec4","ssdeep":"384:QhrHpnky+JB6/tX2lHldkMiYnFpY54LjfTANAc0Eny+RWuW7NeoMwV/vtrx+OLDE:M+JB6/8lHldkMioFpY54PgQEny+kLxVc","tlshash":"cba2978d76d670465e9720f4909b660b61b66da0a008e83cb5f8e4d1baf4ecc50f7f78","first_seen":"2023-08-13T06:11:07Z","last_seen":"2026-06-02T09:23:11.533112Z","times_seen":1222,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.smartsuppchat.com/loader.js?","fqdn":"www.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1161431244.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 10:34:08 GMT","end":"Wed, 24 Jun 2026 10:34:07 GMT"},"fingerprint":{"sha1":"C2:80:24:A2:B9:B5:FE:08:D5:9C:54:4B:3A:9A:8B:58:11:03:59:30","sha256":"4F:89:7D:DE:1D:14:7D:79:28:01:77:E4:A2:61:C6:AD:B2:D5:1B:97:99:F3:76:01:2B:E0:9D:C7:39:4A:42:7C"}}},"request":{"raw":"GET /loader.js? HTTP/1.1\r\nHost: www.smartsuppchat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:22 GMT\r\ncontent-type: application/javascript\r\ncache-control: max-age=300, public, s-maxage=60\r\netag: W/\"69cac7a9-4668\"\r\nexpires: Mon, 30 Mar 2026 19:03:15 GMT\r\nlast-modified: Mon, 30 Mar 2026 18:57:45 GMT\r\nx-77-nzt: k76JZY9N1c6crt5OilzQP94VF30v5VUb9jWuplakVLomJZxOPt2CfUqmPQQSJoc+0l3AkQ8\r\nx-77-nzt-ray: e2f754204ce61ab79af31d6abdad531e\r\nx-77-cache: HIT\r\nx-77-age: 46\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":18024,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (17951)","md5":"218d24439d4e2c0990f35338a7ac220c","sha1":"5a7b913584c1244bf61beab9dc644204d130101c","sha256":"efb497f7159de26ea5e0521d675d909dc063e36d0d23c2ad96fa9109b73ee263","sha512":"17af39bfdc350c9d1f8dd74652641d0c028881ecb3935d2d9fdb763d24136665d135d00219aabac57693112e2314d4fa91b802ba2662a1580aa35c5e0b6e624b","ssdeep":"384:2/xzy2A3wyxNeBWbEgl/EuVaBWbE0rIcvqSI/aQ/UpG:2/xzy2A3wXscuVaAxka05","tlshash":"4182b7cc7691b16543ab61b4843f620ff1376929740d8865b965eae13cb8c8ed037fb8","first_seen":"2026-03-30T19:01:55.527327Z","last_seen":"2026-06-02T14:24:45.784947Z","times_seen":2850,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":56,"dns":20,"connect":7,"send":0,"wait":9,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/remixicon@2.5.0/fonts/remixicon.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:21 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 13855\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 2.5.0\r\nx-jsd-version-type: version\r\netag: W/\"1af66-MA7aTWKCoG0FYjklj9PTw0TfSFM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230094-FRA, cache-ber1080048-BER\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1625103\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GKjvFAtuJq2lxbRWPAuhGpf5mXux35WyuunxunvqrmNj0h7KxdAjs0%2Fcceai7uObf3nYxxRkBL6M7NEtxEOHfPhL01e4wKJoVWRYkRCZqwZ8wvQXlZPX1qoP6Fej245Lxso%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a0512a215c502efa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110438,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"a8aec561d3b9b905472b815cb2b818c2","sha1":"300eda4d6282a06d056239258fd3d3c344df4853","sha256":"13e29a29baade86f4e7a88d8e076d6a6f3ac8950757b50a0f8bbea1c33658d5c","sha512":"096467665b61140bb4e669b83eee51fe290357fda33e8e9c82692976d04559463dfe6a8d16e4e68309e9056a8388878c767e70bf534440576df36fc093ebb392","ssdeep":"1536:jncvr8vn4cYzgKvP1IqRCwNd1l3JclUaqM1:j48v4cYcKZ7clh","tlshash":"45b3c8beea4f44801702e8d66367274163b9b77d8d817c7ad413688df7c766883862ec","first_seen":"2023-04-06T15:22:09Z","last_seen":"2026-06-02T12:08:01.712641Z","times_seen":3445,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":9,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/eeca02/00000000000000000001777a/27/le003e003.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n5\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/eeca02/00000000000000000001777a/27/le003e003.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n5\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 31908\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":31908,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), CFF, length 31938, version 31812.1","md5":"7ff1d80205cc798b8ae7d819e13abb59","sha1":"170e76f8168d1b8989f4fcaf56288c588ae413be","sha256":"6d1bb6e127733bdb0592d6a04af232eb33d79264f553202e4529e6c36cd6c7ec","sha512":"81d85a08e7fe8cf8433e852bdb49b1c6d1c2cfaedcafc805e083342fe7ad499d171e790fffe3ec18375a4bd8fb6e1d9dcf9378de70e11e7177fff69135f4eb2d","ssdeep":"768:0ShrywsLps/Axx9XLATeqa8OWFIWcL4Kmiz+GgWF6t8fomYLUpkaGa8rsXnjHztN:FOLpL/blqCWFk4KXz+uO8fozLL5jrszH","tlshash":"d723d0029201e360d79b11f2242247dc550537e89bebbc50d538b7715ed6b2eb6ef493","first_seen":"2025-05-26T13:27:02.411556Z","last_seen":"2026-06-01T21:05:13.915574Z","times_seen":55,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/business-navigation-mobile-icons/ico-invest.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/business-navigation-mobile-icons/ico-invest.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1392\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3003,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a5e0e07dd75e44ae80e2a476621fa7da","sha1":"42e74f5acac8a29afcec83281d32f73af5fea421","sha256":"d36f1405e8a2887bafa41514e63ceabb680d52bc14b16bc89f0e45957974757a","sha512":"99430d55d974ec53fea1ac3580eb852bc7355b7ecd138917bf5f46eb97970fdcc88297d01e1f9b3a23b1b02a73f756dddb767f38d34962c783afa4c327ee25ec","ssdeep":"","tlshash":"4751407b43809bba61d18348d1b4959e1beb608af0ff91cc4be3f9946c068f39074830","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.508521Z","times_seen":1196,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/jquery.validate.unobtrusive.min.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1884\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5407,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (5267)","md5":"887fa31edd0b7b835b9dce2658a83321","sha1":"0203bdc3035f3c3dd2bfedf94a7ad1845d160497","sha256":"13243171b1f5976e74f79647f612a1d879bfa606816a204f72a833c0e89f269a","sha512":"ef080211f637c8efa0a4b31b73757f33e5069fb614a7a8e27d0f4b1798c19e44c0ee4b98df9a05493fe1b6286da2414a96f5a34e3ca5bf728969b96a8e397714","ssdeep":"96:m+ijDOVLHtxQTsgtB2vTM7gXRiwSQSoSFGDb408oXno6e2Qvm8KT2XZHfVHE8bpt:m+ikfQTsgtUvTM7gXRiwStAb408oXo64","tlshash":"f5b197883545a2a37df731fa20df800fb07656a4b0994401f14a96f19efded6a213b5f","first_seen":"2023-03-07T14:05:53Z","last_seen":"2026-06-02T09:23:11.636676Z","times_seen":1779,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-check-account.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-check-account.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1974\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4366,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"76a0c7d7a1da5ba01ee2896a1a1b7df3","sha1":"435b307ebd3c0e1ba4afdbb7842f9d534a8cd845","sha256":"5c2b9c68d8770e3e5ee38bbd5623fcad7d212d8b99bb93a3a6b72ffaf085ad6d","sha512":"340da7f0710318b423d470387db958b38a04ec11992e5a5b509564b75009d3942d538cd430925a6283e018a86800d397789c9d0edd12f3dc22bf8db1e906c221","ssdeep":"96:i1gt5d78pdiGtDgEINHpiY43VdHVrGiXyW8RoFq0QDkn+vKh9:6gJoXiGtDgHNHp+3VFJGqyfPjCh9","tlshash":"8491c9c1a7a5c3f5f406c7b9a99790423e733caa78ab511cc2e45825603f4d51939cdf","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.503194Z","times_seen":1166,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/8dd886/000000000000000000010b5c/27/le003e003.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n5\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/8dd886/000000000000000000010b5c/27/le003e003.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n5\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 23180\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23180,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), TrueType, length 23234, version 23069.1","md5":"49e2e7b44a6aa8c8cbdf48146deb91e2","sha1":"a9efd33b1982e93494da691ce129730a8b1695a1","sha256":"28aecc503b3b4a097b7215b711cf72207a56093000035096cbb501c285055f19","sha512":"d7ddd3ff702a510a7ae593d8ebd60c1b574c0163bb10dc7257b4273d33f1d2849639815bb2ca23d28025da4b3476fd0975e19b3dec809559c14aa8af15cdff1e","ssdeep":"768:Obc4ywqYU02SE1Pgat+9GOQWLh8GJjgzRT9m/LERVr:ObcOqhNgi+YOQWLWGJjgzRU/LEX","tlshash":"8de2d00a8712f360a36396f6285125d0d14027a0fbfbdec6d6b4cd9a2d6211dffed185","first_seen":"2024-08-19T18:27:38.371445Z","last_seen":"2026-06-01T21:05:13.884811Z","times_seen":30,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/blue-seal-200-42-bbb-80015515.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/blue-seal-200-42-bbb-80015515.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3735\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 42, 8-bit/color RGBA, non-interlaced","md5":"83bfac888e371f6a9e50bc1b77690245","sha1":"ad5ab32c7c3c5e21d0f977568320b7aa18ebe09d","sha256":"caa470053d66190407a8d7a86458b491ff6fc3e1caede2fe747a5233d4c98c2c","sha512":"4d45673622d2602c6378ca7f35bd83441fe7f2f12e2eb4d75848c691bd0aba1cd5cb1fe286e4dba1e32e17eee4cd50bdd89146efd18cca7788b36dbd22314e8a","ssdeep":"","tlshash":"6f717db700ff187262bddfa6e4956571206dc1f2b7d6b0c5a626442ce0482ab0c92b3c","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.635803Z","times_seen":1167,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T21:03:21.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, private\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; expires=Mon, 01 Jun 2026 23:03:19 GMT; Max-Age=7200; path=/; secure; samesite=lax\nultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D; expires=Mon, 01 Jun 2026 23:03:19 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Adobe Fonts","description":"Adobe Fonts is a web-based service providing access to a vast library of high-quality fonts for web and print design.","website":"https://fonts.adobe.com","common_platform_enumeration":"","icon":"Adobe Fonts.svg","categories":["Font scripts"]},{"name":"Typekit","description":"Typekit is an online service which offers a subscription library of fonts.","website":"https://typekit.com","common_platform_enumeration":"","icon":"Typekit.png","categories":["Font scripts"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":139511,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (331)","md5":"2845696c28038ae7532c550be5e431d0","sha1":"2af93bf89e07a38a610fe7757a019947862c4cf6","sha256":"8f41d6b9a3e6a0e8b163a82e7ecb11e5c5b909557807c4cee686fd059fafa1f5","sha512":"3bc8aaca0f3ccbbf674b2fc78e4495d824e9dfbaed6cdc4a828de394b00ae560f3af4222436c66b3d622ac7b526ef24835da35d61ec59ac432421529f75c43d7","ssdeep":"768:7bc3eGmuiIm05VEkgvdtsGhlq3DRGEXBq6sbgYxQ0:DGm4m0gtsGaGEXBqnbgU9","tlshash":"47d3622064f158b760e784c596319b2afdf5c607fd160109f6ae4bea0fe3c99c937a18","first_seen":"2026-06-01T21:03:52.743013Z","last_seen":"2026-06-01T21:03:52.743013Z","times_seen":1,"resource_available":true,"data":null}},"time_used":346,"timings":{"blocked":133,"dns":84,"connect":24,"send":0,"wait":72,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/assets/common.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/assets/common.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 105840\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":205980,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"45022a63e20efb86b7856aac1f5550b1","sha1":"4d5c25ea0ad1536f3a1d8e7ae31dfd506a2c5bda","sha256":"dd6f512056a23a9cdb1791fd439ae19a2d55e64ae624b73d98706f25a6a0bad5","sha512":"a2bb2a7abe6835a090f438ecdecfe34ac74c2b2d01e92a9da5c624aaf50953660464161bc65894e647ff890d827107dd51191653c8d546d1657b45985afab93f","ssdeep":"3072:XrIYU/nfQmSPAp0s5yQkLE4bnh22gxBi8oaAqnbZyI5AqzNKaBch0iMj0/U1xYDb:bNcnNwzsTko4QnY8yeEVK0ayhFG0s1xq","tlshash":"f1146b96cfd455b8c5912fe4c9ee1206a0a9983b6894e1084ab3e0e71f3cf7d71adc1d","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.598909Z","times_seen":1201,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/business-navigation-mobile-icons/ico-loans.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/business-navigation-mobile-icons/ico-loans.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1257\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2732,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"036bc479d125df5c7cdfaafaf4828d96","sha1":"ddba66f78175713d38038d9341ebe8bf7c5e06ce","sha256":"fc6462e74b902c4d31ea869fb8dfecf80042cf97d217388c070c12d69ecda01b","sha512":"07ceedd64868debcafcb992db66ccc9e5ade32284b346569a5417bc02ed2e3152ef6f6f71730c64b183b68202eb5276942ab95980adad49fe92f3edb54e57ab8","ssdeep":"","tlshash":"d8516437830497ba6e92cb49ee65e05d3576586bb0f4e0c8aff3b5869c058f38038d20","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.558671Z","times_seen":1197,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/tabbed-icons/icon-calendar.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/tabbed-icons/icon-calendar.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2148\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6799,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"888f1acb9549ed7c6ac5253305e132d6","sha1":"58a2e83db7b5de477e92575015d7b9c735287810","sha256":"216c17a2f1073279e9ea2cc7bd7da4244c19f9d8b91500368993e0cc56583a79","sha512":"d73aeb565277b487381bbf4421c943a871292dee541833ea8cf7cda216eacd4be45028aea86264f6076cd3741a7413f045206c93a50ed7c6462b7c1b8d931c68","ssdeep":"96:IxoQImqAezsz517rurF5SydUkVaKk0vjIGMruS1R3xhpV28i+eD49yuJh06W:Ooi0TbdUaaRsUuS1Rh/gD499hjW","tlshash":"1ae197ca4335caf17e42ab9cc821584439eb34b934f2872cdc8e699d211b8e459576f7","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.598042Z","times_seen":1154,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-loans.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-loans.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1257\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2732,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"036bc479d125df5c7cdfaafaf4828d96","sha1":"ddba66f78175713d38038d9341ebe8bf7c5e06ce","sha256":"fc6462e74b902c4d31ea869fb8dfecf80042cf97d217388c070c12d69ecda01b","sha512":"07ceedd64868debcafcb992db66ccc9e5ade32284b346569a5417bc02ed2e3152ef6f6f71730c64b183b68202eb5276942ab95980adad49fe92f3edb54e57ab8","ssdeep":"","tlshash":"d8516437830497ba6e92cb49ee65e05d3576586bb0f4e0c8aff3b5869c058f38038d20","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.558671Z","times_seen":1197,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/manifest.json","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:23.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 10:33:12 GMT","end":"Wed, 24 Jun 2026 10:33:11 GMT"},"fingerprint":{"sha1":"D0:0A:A6:39:E7:85:DF:64:B0:13:66:E3:06:E8:BF:2D:3C:AE:EA:7A","sha256":"70:D5:91:24:1D:F0:F9:7F:57:55:99:71:1F:A5:15:C2:B9:C7:21:65:6B:42:A2:34:4A:6D:A7:53:70:BE:C0:7B"}}},"request":{"raw":"GET /manifest.json HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://ultraprosavers.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:23 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, public, s-maxage=60\r\netag: W/\"6a0584b0-7b0\"\r\nexpires: Thu, 14 May 2026 08:27:52 GMT\r\nlast-modified: Thu, 14 May 2026 08:15:44 GMT\r\nx-77-nzt: k5B+bpufdjXAoSp0o0AvmabyH6dNKwiQBis8D68V1EgAIXGWbOXnD32W4u6xlhdzpYODM9o\r\nx-77-nzt-ray: e2f75420821315cc9bf31d6afbfc3d0f\r\nx-77-cache: HIT\r\nx-77-age: 31\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"84d68ac51c9868d819a3905416f937eb","sha1":"7e5c953c014a0bf13b3e5669a84b03d753ade7e8","sha256":"915d7e77e24765b4a3b27b511b6aee9b26fad05d22de3e64f84516213886af37","sha512":"d275e6109d0106c8f09f8c55740068f1b40b87a090011b2b0cbe6d33868f398f9c01c2cf7f2bf05bc8111bdfa3fc485f71c79d38e75262811f31487d252b11bc","ssdeep":"","tlshash":"c6411593c0f80e531b9c622bb89459514d54c3c7e88a3d0d766d8a6f2f0cef914e6bad","first_seen":"2026-05-14T09:23:42.588765Z","last_seen":"2026-06-02T08:09:59.946521Z","times_seen":649,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":65,"dns":35,"connect":8,"send":0,"wait":9,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/css/inner-pages.css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /css/inner-pages.css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2026 23:56:33 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4639\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23809,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"78a01f2b60a061f330ed3cff2c1e3d69","sha1":"2c43c123ba8cae92f38e716de9cad988e056d257","sha256":"4ddd9137569a13c38e7e599235e1051ea0ababf21692f43749fb58789baa6706","sha512":"d43320036d87383c914942371ae5a20ae8f0a7e1f392ef8a95cb21e67eb07159a0b3a379b3cddf12af821dd87d07b8e14c7317556b75de5c5d2360291ee893d8","ssdeep":"384:+AynjK0evFT5b4EggAdjYw1GI1U8hNxUMBkvOb:+AynjWvFT5vw1GI1UuNigkvW","tlshash":"41b20f76632789007117d8ad75629f9e63b87002f10ed6bc6be2708dcbcc2845676bbd","first_seen":"2026-06-01T21:03:52.749293Z","last_seen":"2026-06-01T21:05:13.860671Z","times_seen":2,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/main.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/js/main.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 198098\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":769739,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32020)","md5":"8752611a187f5ae16099ad3d5a6402e7","sha1":"1b3127454f2621c7c1ddacd0460b093c911fc56b","sha256":"192f961340625ea28eb48091687e7d6038a89df0ab0aeaa3d81f387628e910b9","sha512":"6b82e72d5c1ef45fcdeccfcf7843461694f20cbc1d81bf93fc5a67bea11db7b8e8089fbf444ec1f24795cb4412ffa979d68c5fd40a8964f378a7a66f61a83823","ssdeep":"12288:14jnnJc1bribezvuYh6TxnR6v+TIVOV76AujD0:wnnJcdribezvuYhmnR6v+TIVOV763jD0","tlshash":"76f408897291713282a731f5502f010bb136a9b9f4498868b07dc8e53fb8d9d61bbf7d","first_seen":"2023-11-12T03:48:52Z","last_seen":"2026-06-02T09:23:11.622837Z","times_seen":1182,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/static-strip-icons/ico-clock-new.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/static-strip-icons/ico-clock-new.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 187\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":341,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a612f3542c3a4d649cfac720aaceba49","sha1":"6a44fc9789e190b9364223a78b8a6f8a2d2553b0","sha256":"46a0f8cda3693c46356a048e68d1efe7453e5fee7fe76aeeb79c7014fc9d562b","sha512":"ea85bf2c152596285b40b543f4fbeadebeff01dcb7d76cda438971e08645748eb3118c4b5b4a182165181c6f4648c5f8c1653aaefb886b6b240ea25e56a5f8c7","ssdeep":"","tlshash":"d1e08055121afd38f7164554d66b7430307701d202cd575ab4511e39e10a6df7cbb5e4","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.532519Z","times_seen":1168,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/images/assets/ico-clock.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/images/assets/ico-clock.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 297\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":753,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"065f623243b19aa8b419cf256956484d","sha1":"a549c6fa037a4d4bdbebe3ed996210612e796922","sha256":"926e5499883f2351b324b210dd76b7b5062b96aa153c9c2b569111f1784d5c60","sha512":"350f779124f4d743d960543aaad8f5878e61b9b44163f533159be697686d0cb1bb3df2ef42ab7b65f56a8fd228b3983f7c77b3c7b5f32fcfb33277454ee259d8","ssdeep":"","tlshash":"b70190551114fc38b11205a1d3e77470613fb1a2474d3748b590193ae61a5ef38bbaec","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.56144Z","times_seen":1170,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/click-current-loan-rates-business-loan-ratesd4a0d4a0.svg?la=en\u0026hash=1E16BF0885B28F4394AEF4D91B3D1795","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/click-current-loan-rates-business-loan-ratesd4a0d4a0.svg?la=en\u0026hash=1E16BF0885B28F4394AEF4D91B3D1795 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1259\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2733,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd06ee250148f7c5aa82724d0a83a7a6","sha1":"d41fbe2ae77679fa9bdb50eba106240a9bac1b3e","sha256":"d79b6f19606d02413fe2ddbdf94a0431220f98129b3c49c1dd8a1d9f85615317","sha512":"30c4bbd27d2c9e1b8bc6854f2c8e6c4f971a7431543181b4dbeb491b444edee0c0576d46713b1aac31850dcb07e997d99286689243398b2cf029ebe2968cf272","ssdeep":"","tlshash":"72516537830597ba6e52cb45ee65e05d3576586b70f4e0c8aff3b5469c058f38038d20","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.612773Z","times_seen":1161,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/homepage-images/feature.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/homepage-images/feature.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 166256\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":166256,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 1000x600, components 3","md5":"d8baf10f6a1bdc5762eedc1ed28fc73d","sha1":"6f9b262e75fad4076db0cdd9da6b7bd65c241bed","sha256":"dbede3778e4219f02405cfdc2159e993728a59d543424f29347b67ae2b070f7c","sha512":"88189fddb53ef68d2f1fdd56e4927990679c431f381ae8a045c837441ab5a81e2199e95ffb9a90e94f34a80440ab9d80ac2a94c2c38a570072ed3c5ee2787521","ssdeep":"3072:4HVGwsN1ZN/pJ+EF0VY2wpyq9MkmzlzmuPtBaWwwI2SBwrzck:47IZN/n+twpXm19YVq6wrzv","tlshash":"2df31395a19120c7fd8e293ab0eacf37ed064822de495b918109edd715c0fe3396a47e","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.510447Z","times_seen":2325,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/uploads/1752447676_184f2e9f52ac314abfda.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /uploads/1752447676_184f2e9f52ac314abfda.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1816\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7192,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"f45d29382417f62efb175246fb37573e","sha1":"51c82ef7dd7a2c67742ee66b0ee48ebfc1c40477","sha256":"9617651b0ecf21b60bd9a187835b7a7bdcb5ab443855f8a32cf0f3b67892de0d","sha512":"9f4b63addc8517a1ed3d2837e3a58a704126f15e84759f54d9a46e25a86eeed6a802b0c7488df558e01ea5a491b8916899ba65d99ae1b5744aeb37b23f834c64","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJsm:v91m","tlshash":"45e1551975f311a32853a26427eb6f8936a59003dd16de263fdea240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.722012Z","last_seen":"2026-06-01T21:05:13.896061Z","times_seen":2,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/icons/prefooter-icons/icoclock.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/icons/prefooter-icons/icoclock.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1032\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1032,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 67 x 67, 8-bit colormap, non-interlaced","md5":"5142abd1e5f94bb76d8e345615c11b93","sha1":"05cb15a8af586b9ae10eb238b39311d0b78deb3b","sha256":"921e92c5987b6c756aacc34720050b119592ace95a27ee576b65f3cfaee84be8","sha512":"f11d2ebaa8cf19593117066a0a3357c8ad71e90ea1a0cba717982d7e7900ab3555ff0c995d4083db97b822345b9bf963bf9236033d252d8d59bd0884c66ec2ab","ssdeep":"","tlshash":"1f117537c3ae7865db254d3610cfd405ea3e7c741f1a500e89a5f488e1b3e9119c4c1b","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.550447Z","times_seen":1188,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/icons/rate-icons/new/ico-credit-cardse892e892.svg?la=en\u0026hash=322BE42CDBB783680C29587753C3817A","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/icons/rate-icons/new/ico-credit-cardse892e892.svg?la=en\u0026hash=322BE42CDBB783680C29587753C3817A HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 954\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2379,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7c22959f9a9f3e63cf93fab3ee9be9d6","sha1":"f6757fa587c767b3a424625631b3a41434a276b3","sha256":"0b88fcd5c951a22fc9a111d070bdd9400c7926a40a21d246617eb998783e2dbe","sha512":"a0c65e20920cf7265821df6fa943b45c11f2056092ed0a59dd3181407b8776fbbd8d11170802bf655468ada80fdbb92cdec4e5a3b85ea2abf34651ccf010be52","ssdeep":"","tlshash":"7a41847b62440bbb60a287ccc40cd55d3676649ef1b990985fbbb21f2c08ef380b8d21","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.552354Z","times_seen":1165,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/js/vendor/modernizr-custom.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/js/vendor/modernizr-custom.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1909\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4510,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (4510), with no line terminators","md5":"549054819a309723ae5961819ad15862","sha1":"45bfde91dd95baa8b45a1bdcc6be7bfc0c81e0cc","sha256":"084042d304a81e83677baf018c3b8c0c7e7c41076dae645436d867f8b5a31a5b","sha512":"1c53548427e89f37dcae91506b83f056f87ec7d37664d2c6601350006eeaad75a0c939e8190f2c4f70d143a511106c35bfa25e5789d71bb67074d58936d0f777","ssdeep":"96:GxE6y2mSg67LzZVReNNBj769EWPgtP051oFE4jG57DAYbsnCy:GxED2kqHgpSLgP0L4jG5fBoCy","tlshash":"1891d7e676e37555d31614bab17f400ab538885572448818d050f4b93e34978437ff3c","first_seen":"2023-03-14T05:50:51Z","last_seen":"2026-06-02T09:23:11.618548Z","times_seen":1211,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/3df5fe/000000000000000000010b5b/27/lfdccfdcc.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=i4\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/3df5fe/000000000000000000010b5b/27/lfdccfdcc.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=i4\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 25160\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":25160,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), TrueType, length 25160, version -26880.256","md5":"2e3d704c8e7ede579fd3fa36d2aac206","sha1":"69f966d616931e80c4666e7b2d8981f899877f6f","sha256":"8c075f9a72548405d5c4d3e737499af44c3e28ab065699b24605a6b56da39717","sha512":"8772972ec80b8d18cfae2fd7ca5910a9b7b0ebb9f32896ea5f7503f04f0eeee824282155c5807e2302d96eb7dcaa49d9ccb5ef61eff0f40143d1ba9c1ada624c","ssdeep":"768:MVivWS8dZfgLLNZNV5yQ5qPUMpB2amh/L9pFlcMKHIREr/YyQsn:MiF8QLNjVoMMpBgBL9/iIRiYyHn","tlshash":"9ff2d0019381f384e2be44fa2f255bd4254827aac34faec1d638a170351e56dbecf967","first_seen":"2025-05-26T13:27:02.355848Z","last_seen":"2026-06-01T21:05:13.905636Z","times_seen":24,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/style-KNmfGZZQ.css","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.11","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:23.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 10:33:12 GMT","end":"Wed, 24 Jun 2026 10:33:11 GMT"},"fingerprint":{"sha1":"D0:0A:A6:39:E7:85:DF:64:B0:13:66:E3:06:E8:BF:2D:3C:AE:EA:7A","sha256":"70:D5:91:24:1D:F0:F9:7F:57:55:99:71:1F:A5:15:C2:B9:C7:21:65:6B:42:A2:34:4A:6D:A7:53:70:BE:C0:7B"}}},"request":{"raw":"GET /assets/style-KNmfGZZQ.css HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ultraprosavers.online\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:23 GMT\r\ncontent-type: text/css\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000, public, immutable\r\netag: W/\"69afcbd9-9217\"\r\nexpires: Wed, 10 Mar 2027 07:48:53 GMT\r\nlast-modified: Tue, 10 Mar 2026 07:44:25 GMT\r\nx-77-nzt: k4GEN8U5i3AYv+Mjl+ApU+zG78NLRyNJthcy6It/ht8L0roy/qHj2wiyZYNL6NZ+e1vDhbQ\r\nx-77-nzt-ray: e2f75420821315cc9bf31d6a5bc11a1f\r\nx-77-cache: HIT\r\nx-77-age: 7218859\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":37399,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (37398)","md5":"e0e19bc0ef5c8a7be30d687ff72b1d44","sha1":"103123375bbaaca149d026b729eaf3ef58d2d602","sha256":"f471612283039dacc9bbab82dafd8e35ed37c4fd9d099a7af946c41231daac21","sha512":"1be4a4bce5fd32ddc8843fb781a28a642c4815fbbb891ec33e5d5ee29d1555c7338eb07e4965a7dbb4ddbc26d45381178b973a26a8f8de0ce7ea10029ab11a6d","ssdeep":"768:E8CQgTcCWYtomXFbxrnSJPHs245q+ggFgZ:E8dgTcCWYtdX3uPF4X2Z","tlshash":"35f2a75daad5093cec33c166e3f8e58c9229f591df321adaf6433a048ac27bf1987514","first_seen":"2026-03-10T08:00:57.31215Z","last_seen":"2026-06-02T08:09:59.912194Z","times_seen":3597,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/learn-and-plan-images/personal-finance-101/unsplash.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/learn-and-plan-images/personal-finance-101/unsplash.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 149017\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":149017,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=3456, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=5184], progressive, precision 8, 1200x800, components 3","md5":"2cf9bf34d48a840382515c6f458cdf0c","sha1":"bcd181f20da8abf5740cf142c0e0af9e003ab430","sha256":"7528cfc28b6f4c8d89b7e738d9f8d1c94c0cc2cbf9f167f0ce848f95489f16cc","sha512":"8713e5bfd434f7410fade6318f56b35d7d5a236a9b33af5072960076d2eebc961fce4c23e9127edfe2fcb2aa4e2c69b7af3b75a009d0c3ae5f37b37f2a6ee72e","ssdeep":"3072:Bl6W2Bk+QzWcH08y0PUiSpuxmhU46nsOBWBDiFVcPdVi4a4:92BkRi4keHSpjx6s1xB5H","tlshash":"a5e312a7a995bd41e3c2767060aad283970c48e4ba377257781ce1f077373e10a5af17","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.58793Z","times_seen":1178,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/learn-and-plan-images/personal-finance-101/1116302.jpg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/learn-and-plan-images/personal-finance-101/1116302.jpg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 131889\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":131889,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=3648, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=5472], progressive, precision 8, 1200x800, components 3","md5":"12d783737237fde52a4a6b04df655511","sha1":"89bbd19358fd1649323d73f38cb27200426248ce","sha256":"52a03d1c69899b43a796abb1a41f03836f8b70f18ba8fbf72911b4b3a5a8c2d6","sha512":"df9c7a8587b9c7b4babb8203912b00e7e824349ffa1bdf6f7a36f2499c2f167fc82fc30d0910006c3e3eb0827a73f19f55adf743e0a37d4ce0962d1eea25768e","ssdeep":"3072:ydoIUdoI4ajq5jpr8XVo9V5hGkkkN8SzUgalp5Ep:Ve5jpr/5NkkOjlAp","tlshash":"99d302794e41dcbddbe8777080f3c36673241be8a5675e97f49d2a2a3b343a41a2d101","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.520859Z","times_seen":1188,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-about.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-about.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2255\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5934,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1b5e6ff96c6721f0b60708f182286d2a","sha1":"2f0989422a72d36c244ccf133a95b75cff5f1318","sha256":"27a760c6e26d9cb8768b2dffa7f6123c171c792bb615ea9d64759a1b8f4c1212","sha512":"bec88ecfe50a0b512af1ba94b7e8507779b8409864787d81fa3f37e58ede6db47a0ea7f4d352bea4ddcd513ac7a05e4aedc5c71dd4ad0e5917c3d4efd93d4e3e","ssdeep":"96:zlrpmjZidPrViCUOyNUQ8lJQqyXznJscztprSXk38cNsqyH:xrUWiCUvNH88zn6cS03NsqY","tlshash":"f0c1eb4743099b7c9846a54ced3930d2b28864c3d5ecb2edebc73112a53e4f1a0bad14","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.580074Z","times_seen":1160,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/uploads/1752447668_c6f6ed1c6009090adbdf.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /uploads/1752447668_c6f6ed1c6009090adbdf.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1816\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7192,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"e5ce798962f198fbc8719c323d174c03","sha1":"988ca7b843328c7ce8ca9433461b1bf460172893","sha256":"b974a69c52ffb9c88f36053c25d9c3ba188e6ed96bdd799bdf891a0bdd5ecd72","sha512":"a368eeff5f19989c3e5a6ca81d2f9c822f927eb739e6adce833217a77a08b2177e51536ad84dedb73e42471cccb66c035d274737855210869bbc5f87a62562d4","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJNQm:v9vm","tlshash":"8fe1551974f311a32853a26427eb6f8936a59003cd16de263fdea240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.765131Z","last_seen":"2026-06-01T21:05:13.881331Z","times_seen":2,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/business-navigation-mobile-icons/ico-credit-cards.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/business-navigation-mobile-icons/ico-credit-cards.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 963\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2248,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0525f826a4314c6b1db281248018a618","sha1":"0a20ee1494a0be32640b683f9d5fcec8831685b7","sha256":"78678f87731e95b03b8aa54ae93c5e7ac9069be4d843fc919619b1d49773a230","sha512":"9ee0da37808bb88e21d8b3ed0e6eb5cddcdaae5290ebefa5ac9b1c733104cf1caba2a9a7c0fbdf024f5335a9d73d30b6040c21a1d8ff42299a13d5adbf23dcd6","ssdeep":"","tlshash":"ad4146326f4c47be6153c788c81ed55c232ea86a727d50689f5fa93e1c06df3c076811","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.515036Z","times_seen":1200,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/tabbed-icons/icon-FAQs.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/tabbed-icons/icon-FAQs.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2183\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5613,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"36a3906e72e03a6886817f8f92947aa2","sha1":"2ef8d0c65c521a693eb74a5275c1ac6f36277343","sha256":"475afe5fb38a4cc48faaab1b2b980e6fe4a53ce4d17b0aa70d2550e10cc3a5d2","sha512":"8c734069243fd02576b3161326b3061b2f4ba58e0e74a8f9a9810d415602dda6c11e0b72aea9d3bc65c326b8a4280b6626bc0e56528936a79b1fe49417414830","ssdeep":"96:IFTHTpMnLB4B+f8ndx00mEETF28/TRCfzPZJkcAKL3WJG59oeQSzotVPHoV9+zhv:s+nLB4ZnFmEETFfbRCfzxJkcD79Nor+E","tlshash":"9ac1a6d102be42f9b80616e957725070374738f9f45a00cac6e9fe45ba2b28ddb28dd7","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.528745Z","times_seen":1156,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/icons/footer-icons/call-citadel-credit-union.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/icons/footer-icons/call-citadel-credit-union.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 890\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1762,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d0d489464b948707a9e29ae868271270","sha1":"9df33a3d9b5885268854a5281896b90d02220e83","sha256":"987c99b806f27d232ea9b44d66bb1ef548d477148456fe857a95d08849f269b8","sha512":"8b7662581a8178429fadd8255a5c603a4ec2ac76719f607a0295a47a6038f924cf46d8d40e9f5b65c8138b4ab78e173f8ed310b7f40cb91464b7f15e015d93d3","ssdeep":"","tlshash":"eb3141ca133ed328a3624e712eb831835bb8b4e4617522f8d2931c25ea61ed51615f99","first_seen":"2025-05-27T11:42:26.563121Z","last_seen":"2026-06-01T21:05:13.866659Z","times_seen":11,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/click-current-bank-certificate-savings-rates925a925a.svg?la=en\u0026hash=1259E47B753C2F5FD76918926080E30A","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/click-current-bank-certificate-savings-rates925a925a.svg?la=en\u0026hash=1259E47B753C2F5FD76918926080E30A HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1933\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c783870017d8416d7cb995737c25e8e7","sha1":"ae18ede07da3d8120fc9a25743cece2399334e5d","sha256":"1b0ee9beaed4cde08ee619e0d47c1b8308927f00b85b5077fd64627198e77ea0","sha512":"34cd6473bd30d5fc8d840846cee63954e7f794efb2b50613d76823b45b81a5037c3729fdc84166d8b97d87f06dec2636115f200ff693bfd7ff49975a117d8ed3","ssdeep":"96:AI6T5iqdcxqDGrCxwvFkFQ80lAXTopvl1r5EihXltdnfa:loyqaxviFQ1AX2V5tU","tlshash":"5c91227713048bff61e6c748ca69718933a698a572b5a2cc6f93bd06ac0a9f34074c21","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.603434Z","times_seen":1164,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/p.typekit.net/p5e615e61.html?s=1\u0026amp;k=ehc6rvq\u0026amp;ht=tk\u0026amp;f=6846.6847.6848.6849.6850.6851.6852.6853.10954.13453.13454.13455.13456.13457.13458.13459.13460.13461.13462.13463.25680.25681.25682.25683.25684.25685.25686.25687.25688.25689.25690.25691\u0026amp;a=83416576\u0026amp;app=typekit\u0026amp;e=css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/p.typekit.net/p5e615e61.html?s=1\u0026amp;k=ehc6rvq\u0026amp;ht=tk\u0026amp;f=6846.6847.6848.6849.6850.6851.6852.6853.10954.13453.13454.13455.13456.13457.13458.13459.13460.13461.13462.13463.25680.25681.25682.25683.25684.25685.25686.25687.25688.25689.25690.25691\u0026amp;a=83416576\u0026amp;app=typekit\u0026amp;e=css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T15:08:06.767726Z","times_seen":16043088,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.conditions.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.conditions.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2966\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23450,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"94651f4a38b2e3faa1f199282ceca6f4","sha1":"bb396e944706c5f9f07afbe0d691bede78d11af1","sha256":"34c108773800a795b0f8d68a777892c2ecbf029f465eb6e1932e9487bfa3ff74","sha512":"08c558d2792500398954a5f38bc8a27d44d2f3c5ca8a1cefa066df4386a05b6937bc8ae0d8c7b996fd0d75cd5e6a7523cf3dcacec9ebc884f8a1cd158e5c3346","ssdeep":"192:DhQe9o1mUYEFmIftRZovbqDsuL3i86TIVrksyQRfIBr2pSCEMvLqTEabKnBMj9g6:py1mEF7JbLSTIVXeN7979J/8cFMflR+H","tlshash":"40b29b7eb6ea31428a1bb1254def9044b235c4539e0d9d04be1e41b27f638347aebf94","first_seen":"2025-05-27T11:42:26.543367Z","last_seen":"2026-06-01T21:05:13.868776Z","times_seen":11,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/1709eb/000000000000000000010b60/27/l652f652f.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n7\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/1709eb/000000000000000000010b60/27/l652f652f.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n7\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 24740\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":24740,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), TrueType, length 24770, version 24629.1","md5":"b713714c739c72475a58cdcc870229b1","sha1":"7a8c0f1c94012bc751d2deae7e68bd1fb5a48ef1","sha256":"2be124674758894d843cf705c4d15022794c5ca03c684089e139f22458e0c974","sha512":"af387887954824cf24a1ad62cc614e23373aee5a944afb9391fd2158a8e9f7ecf5ad56e5796f48a98c669be240ef164879bc92a54947a19b6c30f19c6746ad35","ssdeep":"768:nFHIJVqJ24+mOpi7go10C7nBaWh0S6oPuT2OWBDoV88WQyv7hID2j18:FH6VZ4Qi7MCtv0S6oPs2OWBcVQ7hID2+","tlshash":"dcf2e002144af7f0d1d582fadc1309e07608e68da2ad4a56d8e1c2e10dedd1ef36eee5","first_seen":"2024-08-19T18:27:38.353921Z","last_seen":"2026-06-01T21:05:13.919573Z","times_seen":47,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/favicon.ico","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-02T14:26:43.32652Z","times_seen":131382,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/css/main0338.css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/css/main0338.css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 82294\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":655479,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"3045e77e0406f25cfd1cb805b7f43620","sha1":"71612919bfe2db502058a541a4d4e6f1da9cd324","sha256":"5cad4281fbd40a6687ffb2bc5ae1bb7fa21bea7f51079527cc5205b2e05f7ef2","sha512":"e0a82607b3ecf2fcb79779b6106eee5846d718c2794bfc38926484eb294137161070c6b04ffe1a7e2e7b36da6e0a3d0f9ec9f167c43bc2a7b08ce2517004d761","ssdeep":"12288:fucq7NfzNGYLdgQfsqXA999K6czFXNgSNegq5jJl:mpo+Rc","tlshash":"c1d4a55556b32909680b901c5bff1384a2689043ea0fdeb9bede3684cf4e1d49972fcd","first_seen":"2026-06-01T21:03:52.772947Z","last_seen":"2026-06-01T21:05:13.903443Z","times_seen":2,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.validate.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/sitecore_modules/Web/ExperienceForms/scripts/form.validate.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 592\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2415,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"f5c90a53339966369b4f2cf43b77b5f3","sha1":"03bcedfc09c89497ed929aa3a2e785f9cbad530b","sha256":"997185a2091a96e5f429033e61e2e335d86c9b242a3a23ed479ecea4c8461872","sha512":"73073ba67c14350cbc0c77d58c57e53ffd867ad0a52592a3a64a938f04ee6d3b7b2c1ae6f80978cd87fa1992f3274ce2c24ae3a607687c08ab9ddee861e5d1f9","ssdeep":"","tlshash":"2641765d04a7072a88f332d9aebb500eb4b1a237b00a856276cc03c65f9f474e1f631d","first_seen":"2025-05-27T11:42:26.535923Z","last_seen":"2026-06-01T21:05:13.875347Z","times_seen":11,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/cef9f3/000000000000000000010b5e/27/l5bba5bba.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n6\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/cef9f3/000000000000000000010b5e/27/l5bba5bba.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n6\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 24232\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":24232,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), TrueType, length 24258, version 94.13568","md5":"063d161ae8e147300823c80b26e119dc","sha1":"25cfc5f5b13efc2f30e3648dfe88f5d6d9866e85","sha256":"754c538195a891e57c50cc03957b4cd7dda9cd7ab70a9df2bef521b477bd7f7b","sha512":"4e2a3345be625db0c5a5cfa2c3b604d2d476eaf1b88d835ac0e894ea0815ba4fe9add24ceeefd6d94ca6824236edad40f3c287d6a9ee99a30feb18b2f5c6c346","ssdeep":"768:HdyGV+4EkHz7Wp8x0M1LMbkS9uMaQ8bUxtIWB1iD/l6N:9yG/Tz756MA7bDxnB1vN","tlshash":"73f2b04b8343e3a0d6ea32f77a520dd41905ab45a6937f60c679c1a0ac5742e73ff84b","first_seen":"2024-08-19T18:27:38.359697Z","last_seen":"2026-06-01T21:05:13.886235Z","times_seen":29,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/new-brand/click-current-credit-card-ratesd139d139.svg?la=en\u0026hash=223E4B99FFA90F053726A65798AAA796","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/new-brand/click-current-credit-card-ratesd139d139.svg?la=en\u0026hash=223E4B99FFA90F053726A65798AAA796 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 954\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2379,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7c22959f9a9f3e63cf93fab3ee9be9d6","sha1":"f6757fa587c767b3a424625631b3a41434a276b3","sha256":"0b88fcd5c951a22fc9a111d070bdd9400c7926a40a21d246617eb998783e2dbe","sha512":"a0c65e20920cf7265821df6fa943b45c11f2056092ed0a59dd3181407b8776fbbd8d11170802bf655468ada80fdbb92cdec4e5a3b85ea2abf34651ccf010be52","ssdeep":"","tlshash":"7a41847b62440bbb60a287ccc40cd55d3676649ef1b990985fbbb21f2c08ef380b8d21","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.552354Z","times_seen":1165,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/tabbed-icons/icon-send-message.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/tabbed-icons/icon-send-message.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3363\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7988,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ca1e6c8e17deb530083058b158f7a5f4","sha1":"e381a896a5eac409df3c19d37968bc298319cb3c","sha256":"4451ec01755ba4520a9bec154330adb8256709bae09d953ef4a013fe7a9b7762","sha512":"575403bbc5392fb39c4f807312a974ebd4494655edc16d9d065feb20bfa7495b6acfae50efc809594245010026c4035fedf8d49666a13aae8b92681ea936c81b","ssdeep":"192:7W8vqIPFowubPUaknOPumVsH/PFnwLP6kNsW:7rZWTbPUdnOWdH3A6c","tlshash":"6ef129906621cbf2d9496acdcc236d4a395a38f77a50a08ccecf563974331e5475c8c7","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.62464Z","times_seen":1155,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-invest.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-invest.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1392\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3003,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a5e0e07dd75e44ae80e2a476621fa7da","sha1":"42e74f5acac8a29afcec83281d32f73af5fea421","sha256":"d36f1405e8a2887bafa41514e63ceabb680d52bc14b16bc89f0e45957974757a","sha512":"99430d55d974ec53fea1ac3580eb852bc7355b7ecd138917bf5f46eb97970fdcc88297d01e1f9b3a23b1b02a73f756dddb767f38d34962c783afa4c327ee25ec","ssdeep":"","tlshash":"4751407b43809bba61d18348d1b4959e1beb608af0ff91cc4be3f9946c068f39074830","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.508521Z","times_seen":1196,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/icons/footer-icons/citadel-credit-union-routing-number.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/icons/footer-icons/citadel-credit-union-routing-number.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 556\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1200,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b8de133fe9bbf73a3ed884f3f0ef7b34","sha1":"45608fdf027f9784913fda1939cf72f939e1ef4d","sha256":"576f582c0e4d82653688dd9fdfa29b0675d8c7d867f108910a7b043d4869ef68","sha512":"864a4ccb99a27596bb7fa1d9ea20f228e24466c975166f60cd17f2d25be77df4d84ee3c06426d1aa62ae2f80194468eb39a6daace6842713ea00b3a06d1b353d","ssdeep":"","tlshash":"4c2121a6511d9796535f87901ffc22c7627d7ce8d0f024f8a3870461ee502d52d31eab","first_seen":"2025-05-27T11:42:26.560272Z","last_seen":"2026-06-01T21:05:13.918337Z","times_seen":11,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/css/images/assets/citadel-logo.html","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/css/images/assets/citadel-logo.html HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/css/main0338.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T15:08:06.767726Z","times_seen":16043088,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/images/assets/ico-x.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/images/assets/ico-x.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 160\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":245,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"77280f1e11bf175f1d2a558ed6219908","sha1":"1a76380fd50243d1c76d2efd45f4ac7cbf94a462","sha256":"cb6ee790bdcc6b3e6f13b77bc7645170af8465f956d4763687655cf031c8fe13","sha512":"115f3baf7301ad7d36be997f0f029789c5962eaf2ba2182ecdc02fdd66eda1d4087c624ddd124d8c664b61e7e89399584c996a9eda34237dd0bba9c09a32f728","ssdeep":"","tlshash":"09d0a775920c0d2cf917c658d7783334216a22925b4d512cdca115316545d8ebd3f9f8","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.535926Z","times_seen":1180,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/cdn.gtranslate.net/widgets/latest/popup.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /cdn.gtranslate.net/widgets/latest/popup.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1802\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7191,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"c6d522289c2b62a534eccadee0fc5b9e","sha1":"08e90738f669c1acd3d7984982407d2b2a632e31","sha256":"6bdafd4858a657c61b3fda4956493638aa02e92242b9df498eb0366e73ff4a74","sha512":"1e78b2637c2af3ea0cb0ec2f5d09b8c9cc0d4917cbf3fbd7c0dafab69a5127723a91f705ecb2ab6c8e933f54cb66e5ba3728718ccd1d23688d74c58ce9fdbadc","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJdm:v9Sm","tlshash":"04e1552974f311a32853a26467eb5f8536a59003cd16de267fde6240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.779985Z","last_seen":"2026-06-01T21:05:13.872957Z","times_seen":2,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/css/images/assets/ico-caret--black.html","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/css/images/assets/ico-caret--black.html HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/css/main0338.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-02T15:08:06.767726Z","times_seen":16043088,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bootstrap.smartsuppchat.com/widget/797aa71b248de7b626a4a41e25c80af3ab8ca80f.json","fqdn":"bootstrap.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"63.184.118.128","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.smartsuppchat.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 02 Dec 2025 00:00:00 GMT","end":"Wed, 30 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:47:26:FC:2D:4B:14:19:23:BC:B7:70:14:DA:60:A6:21:B0:1E:81","sha256":"0D:5E:FD:70:25:9E:DE:DD:47:CF:0C:58:1C:08:A2:A1:05:AC:A6:7E:0C:43:6F:50:E7:49:E0:A1:60:D0:0E:0F"}}},"request":{"raw":"GET /widget/797aa71b248de7b626a4a41e25c80af3ab8ca80f.json HTTP/1.1\r\nHost: bootstrap.smartsuppchat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://ultraprosavers.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 21:03:23 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-version: 6cb79abf75047496934c7756b55ec6f26e7d2373\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: private, max-age=0, must-revalidate\r\nx-hit: redis\r\netag: \"4aa-AHvOoAedc9Ga9sKroAnh39UhoTk\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1194,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b8f0ea4d1a0f0647aeaae4180bf253ea","sha1":"007bcea0079d73d19af6c2aba009e1dfd521a139","sha256":"4d592bd2165901ecacc48d70b8df9822eb6f2944f66bdf365e714e5990290cb4","sha512":"e9643ad1e07c02492dee3651065177400c8e2de280a119a0fcbb1dc50897e4c982d8b05e1492ed0f63f1e2d7f3a4a3a6379786fdf36642ab161136690073781b","ssdeep":"","tlshash":"8821346d4a6822fe9245c6d6c5047f075fbcdcb37104397efa0d0a4d60eb2a6213646b","first_seen":"2025-07-21T18:36:44.869963Z","last_seen":"2026-06-02T08:09:59.974873Z","times_seen":872,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":113,"dns":27,"connect":21,"send":0,"wait":26,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/business-navigation-mobile-icons/ico-payments.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/business-navigation-mobile-icons/ico-payments.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 5165\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12244,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6bd5d3278957180966c4507c1237a9ed","sha1":"979ed3716e2c76e4d6a5e2e4b9f30054810d979c","sha256":"54848d375a519a75c28251c91adede588e749ac4ca283a284ead80412c5e5387","sha512":"4d9e84f07cb5782fee1c49f382d36ae379b0cb7524d19b62cdbe80facd0d25b2ef5f36833e646b89f053322442370c98f16332196861f8d9cc5396bfde04086d","ssdeep":"192:Q8/34UVOkCHuDUo2P+/1Pvbuf8kfT2R5lEjE7M6DTBY0u:Q8/ojkaOg+hvBkfT2RveS3u","tlshash":"cf42f8c5233a93fdb0456afd88139c703ca328e67d059089c7dd2e52a8275d58e5bcdb","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.610333Z","times_seen":1199,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/images/assets/ncua-cert.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/images/assets/ncua-cert.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3067\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3067,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 136 x 57, 8-bit colormap, non-interlaced","md5":"a39abe39f635a5acae3b0a8ac4703853","sha1":"280e7241c3644f3f7ba777002b2b207f74eacff0","sha256":"7db44b977a11ac2518d53e2e55f6809ff1a75c4307ee94ed60d85a8493829e73","sha512":"7384b4827f90a827cb1ef957282d32f6f9afaad4a860fde09bb100853a386a80b1b3279ac85d68371192bebb4ca7f6520f49b690f85d84697065d12361acfe2a","ssdeep":"","tlshash":"ce511a858383be4f9f024a8e851e6887ea17eff08f818c64d3d125e351728cd06c6863","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.57284Z","times_seen":1163,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/section-links/ico-businessbanking.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/section-links/ico-businessbanking.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1429\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3706,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0de9d4a8332d9945fd679f34dcf85509","sha1":"3d33ce036e01bc0a00089004ae0257736094358e","sha256":"4c0757a16047b692c3fcc814a7958c09ed9ed11e6efbd11f783126679cb95153","sha512":"856ec04b0555ed305b4d5090a18e77e83930f25e74a33688859968541937f53a0fab0ff1f49080f87f1285d72662e41033db7d2ceede45c2eca732da2ef17b12","ssdeep":"","tlshash":"8671231a331aef3ae643054ec94022d261d56d83e3a8f2ecdfb32617911d9f3a435a25","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.585861Z","times_seen":1165,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800\u0026family=Manrope:wght@600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700;800\u0026family=Manrope:wght@600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 01 Jun 2026 21:03:22 GMT\r\ndate: Mon, 01 Jun 2026 21:03:22 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19067,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0cc43b4702f7268d97df554f3a1136ad","sha1":"48cb2d3f0216d9117f90c0a64ca6ef6c5093d279","sha256":"35d251c2555739e9c384415b4a20f69a5a975863bf547e82f25a2ecfed566335","sha512":"1e3158e054b978a1a35abb9390a038cba25ea71b5fdcd86b23d97e49849cbcba35d6b4bd15653d5005ee075f12c6224435cb024a68cc15a68a7a2247243340a7","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kCxHTJlOV3MMP:vXuM0p2+g7rE02EQJ","tlshash":"4d828991002be400ab871dc273cf7e3aad8e60856485c5ba5ffd0dc9acebd62536475e","first_seen":"2025-11-19T08:48:52.772394Z","last_seen":"2026-06-02T14:42:31.262535Z","times_seen":14,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":403,"dns":0,"connect":30,"send":0,"wait":47,"receive":0,"ssl":415},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/prefooter-icons/ico-star-circle.svg","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/prefooter-icons/ico-star-circle.svg HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 596\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1254,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8bd8e4ab85bf5196812d25108692fb3c","sha1":"40dd475661faed260af0bc51a301097b4d05d619","sha256":"876c6dc6605c0b8a9a67f0d12abb6253ebd92c0d18af171a0ecb6eb0b216528a","sha512":"a10cec67536b30c430027579a96c38f1105bf07adc15484e59d7d9f4f2392cbe9368a8691881b037b9e2fd20f0f08ffd9068d00df606e6314954de8fda69c9f5","ssdeep":"","tlshash":"ed2195f943981614ac5526abdca33470b23f38f66b8d120af49b45e1b8140ef7266264","first_seen":"2023-11-12T03:48:53Z","last_seen":"2026-06-02T09:23:11.597132Z","times_seen":1166,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/uploads/1752447668_c6f6ed1c6009090adbdf.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /uploads/1752447668_c6f6ed1c6009090adbdf.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1816\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:20 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7192,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"e5ce798962f198fbc8719c323d174c03","sha1":"988ca7b843328c7ce8ca9433461b1bf460172893","sha256":"b974a69c52ffb9c88f36053c25d9c3ba188e6ed96bdd799bdf891a0bdd5ecd72","sha512":"a368eeff5f19989c3e5a6ca81d2f9c822f927eb739e6adce833217a77a08b2177e51536ad84dedb73e42471cccb66c035d274737855210869bbc5f87a62562d4","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJNQm:v9vm","tlshash":"8fe1551974f311a32853a26427eb6f8936a59003cd16de263fdea240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.765131Z","last_seen":"2026-06-01T21:05:13.881331Z","times_seen":2,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/css/modern-homepage.css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /css/modern-homepage.css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 9807\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":49760,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"29c8121776b91253a1e5862e6dd65f54","sha1":"accf42d062bd4ab1d408b3351aadac20f4a4c4fb","sha256":"4e4fa6f744e21a6d2b6f44c22fc4ccbff686d8367fe732da71ccec889425e277","sha512":"5269a003ac820cfa2f69e57174e0a2e58904f30937bb3855120ed655d813e5f478b3a5eedd5fd7c726eb13e480adea062ab532ac8d7af42739bbe25980f5e659","ssdeep":"768:FNLQ6pajNsfDPpdVjqSdfOEv7EQe5ljR3OkCPlM:FNJpDv7EBfR","tlshash":"b123c6e47222a1bc7927e5206a8156dd7214e0d2d91b67e8dbc6b09c8dc73f31763b8c","first_seen":"2026-06-01T21:03:52.786379Z","last_seen":"2026-06-01T21:05:13.89985Z","times_seen":2,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/ehc6rvq.css HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1550\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21653,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (507)","md5":"df1435f6042d98746f986afc48c91699","sha1":"47385f92b57d044c975bdfb1b79f273946c5142b","sha256":"689b14c7063839fc5f82846a0c59b8fff3cd87f5a64a1989b748a69acd680952","sha512":"026b7e2a6472c7117a499947891dae8c41057bb3cfa2879b3c80fe473c03d6444534ce8e4f5050fe7f37b2a02380814c7a03a22a13f6e3bee0b61a385fbbc3b8","ssdeep":"384:8Il0a+NscYzV6gicExM/xxmgZ3SLP6kcKXR8d0nxCJDCjuw1x:P0a+NscYzV6gzEcxmgZ3SLP6JKXR8cCi","tlshash":"73a29870804a4cd3e0c05a5132cb7bf1f91a395735e48d556426ceb758fafe3a640bae","first_seen":"2025-05-26T13:27:02.424399Z","last_seen":"2026-06-01T21:05:13.926401Z","times_seen":51,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/templates/bank-pro/use.typekit.net/af/442215/000000000000000000010b5a/27/le196e196.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n4\u0026amp;v=3","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:22.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /templates/bank-pro/use.typekit.net/af/442215/000000000000000000010b5a/27/le196e196.html?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191\u0026amp;fvd=n4\u0026amp;v=3 HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/templates/bank-pro/use.typekit.net/ehc6rvq.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 23800\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23800,"size_decoded":0,"mime_type":"text/html","magic":"Web Open Font Format (Version 2), TrueType, length 23747, version 92.-15735","md5":"48311ec59d2000848c0b35f632720a1f","sha1":"adaf9be5cb57d3c46fab5fc126b4a914b4c0ed41","sha256":"99ab34c9dae1fee86047e49e602bae505ba6276faeb5087ae70c2dc8b00a7741","sha512":"2950c7af109d80e105c64a11742badf73de0e7a138987f5b1fa390342d99934bfde146fe93dd7fa4debc0bf300b80ddd13d4e94fa61dc5ca88d52c535b30b076","ssdeep":"768:IeZ2VPAEAP3yfBWsFrlRtiUWCWDvi//KwYYzePAjIQ2HXnru:IeZ0PARIB7TWCWDvwmYKH3ru","tlshash":"edf2e101b300f3c8cbaa56f416e729f8644906b4e693fda5db748a752cde601a1af2c5","first_seen":"2024-08-19T18:27:38.367671Z","last_seen":"2026-06-01T21:05:13.891479Z","times_seen":54,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/logo.png","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 08 Jun 2026 21:03:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 May 2026 17:11:20 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2162610\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2162610,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1536 x 1024, 8-bit/color RGBA, non-interlaced","md5":"442e2fcd025940ac5a8d20ccc40976e9","sha1":"1d6519339703b45b32c0ffbdea90b4f7851bb289","sha256":"e5598c8856e9b2f51d58d936b36530109e193ef8385f9168200f4cddf876991b","sha512":"34a1c8b9f7dc52ccbad8c2e609f8f3ce1bc63dd6de6be98060093e677bcf40be7b2360dba13203f88c75ab99e570ec80cfc9a0fabcaa46796efe649ec5402d6e","ssdeep":"24576:4/BFAwGgB8m3ScONX4OXLfjF9OM0d+nDREAEt/M15Lw7jOF6mJijP:wAwGgB8m3ScO3fjFkM0ADZEiFw7jOd8j","tlshash":"5225335fc8d076a4f3c319770fa08875bcb77b65349ba4836758a20a61eab009dddf06","first_seen":"2026-06-01T21:03:52.789369Z","last_seen":"2026-06-01T21:05:13.864402Z","times_seen":2,"resource_available":false,"data":null}},"time_used":389,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":332,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ultraprosavers.online/cdn.gtranslate.net/widgets/latest/popup.js","fqdn":"ultraprosavers.online","domain":"ultraprosavers.online","tld":"online"},"ip":{"addr":"37.49.229.75","port":443,"asn":3920,"as":"ESTOXY OU","country":"Estonia","country_code":"EE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ultraprosavers.online/","date":"2026-06-01T21:03:21.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ultraprosavers.online","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 May 2026 16:36:09 GMT","end":"Thu, 27 Aug 2026 16:36:08 GMT"},"fingerprint":{"sha1":"1C:65:3E:5C:F0:97:0E:53:B3:78:4D:58:59:1A:1A:2D:93:7D:47:A3","sha256":"58:6C:E8:76:0F:15:D5:C8:C1:C1:68:8F:79:54:21:0C:E5:A4:69:CE:F5:B1:24:79:DF:DD:B5:82:A0:13:DC:F5"}}},"request":{"raw":"GET /cdn.gtranslate.net/widgets/latest/popup.js HTTP/1.1\r\nHost: ultraprosavers.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ultraprosavers.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBpT3BLOXMrZ1kzRUg0a1l3TTRlSHc9PSIsInZhbHVlIjoibS8xMkxSNGZwcmRsM0lielJ3WFhMOUhhU1oxTmp0elBwTWdHL29EcDFTeVE4T3Bwc3N5TFc2Ly9QaFlEV1lXSHBGTVJsQnIyZVc1bW5FWmFhY3EvL2Q0R2NqSGk0SGNDekdiNkZJVjhVUk13WWl0VWVLNThac29nalJ1RXRNb3oiLCJtYWMiOiJkMWU1ZWM1YWY1NWNiN2Y1MDYzZTA2NTFmMjE0MzQ3NGE2OTA0NzgyMDM4OTczYmU5ODhhNWZiNTAxYzJmZTdhIiwidGFnIjoiIn0%3D; ultra_pro_saver_session=eyJpdiI6Ik0wQnhKZk1IMGlIZFFYQm1BRWh4K1E9PSIsInZhbHVlIjoiOTd5RWtIQ29VV0grQXJDdXA5QXVnVkxlTnNtNW1mSXFjb2ZJcFNJR0NCQ0hmVFVsNVZKd3luVzFxTVdHUG52NTU0ZWV1TXBDaVBRd0xUOFNPNXNrNkNQZURwWmVJQ0c4eVcrMHlCdm10VlNTYXhRanpXeVgvNUkxZytCUnFlQWoiLCJtYWMiOiI3YWZhNWQ4NWI4YzgzYWI2ZWVkNzA4MzcxNjEwMmIwYjFkOGVhYmI1ZmI0M2VmYTg5YjhhZWNiMjg5Njg3YjczIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1802\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 01 Jun 2026 21:03:19 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7191,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"c6d522289c2b62a534eccadee0fc5b9e","sha1":"08e90738f669c1acd3d7984982407d2b2a632e31","sha256":"6bdafd4858a657c61b3fda4956493638aa02e92242b9df498eb0366e73ff4a74","sha512":"1e78b2637c2af3ea0cb0ec2f5d09b8c9cc0d4917cbf3fbd7c0dafab69a5127723a91f705ecb2ab6c8e933f54cb66e5ba3728718ccd1d23688d74c58ce9fdbadc","ssdeep":"192:JF9HzDuaPvjjNDWvT+8OAQoiqeTWcS4KvZYKzvAkCylYybXTJdm:v9Sm","tlshash":"04e1552974f311a32853a26467eb5f8536a59003cd16de267fde6240cf867b87dd3348","first_seen":"2026-06-01T21:03:52.779985Z","last_seen":"2026-06-01T21:05:13.872957Z","times_seen":2,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"ultraprosavers.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}