{"report_id":"5ace46f3-4bab-4a2e-a1a3-364316c449af","version":6,"status":"done","tags":[],"date":"2026-03-28T02:46:14Z","url":{"schema":"http","addr":"leisurelandtourism.com/owa.auth.logon.aspx","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"title":"Sign in","dom":{"size":6940,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"7d8a6235ecb8ae69d18e6f513066a063","sha1":"1e8cdb87c5eff5905be32edbba615899018c49f5","sha256":"95fc509d522e40ae872ed921072469cd3e6d0f7506e2764d58246c881bde1264","sha512":"65b7ee82117bc49ef9a965696604c0dc0bfe8c26b0df4eacff218d1d07865b8e12fe59f8805d47923dc34dca3a0939f3417e891b7d6d89cfb07ec4eabc361026","ssdeep":"192:hDcDeVEOkQ3QjKI/tO1Y9s+54zCNFvdTrIfwvwR28uF0SNEKPrfXiSoUebTVcN6x:hniFc2F/NK","tlshash":"18e1465616a31446e803a4a96ffb16042298c113d30fcd697efd235ccf8a68a6df379c","dom_hash":"domhashc0bfd89d8c597fe8eed5f7adac1912c3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"leisurelandtourism.com/owa.auth.logon.aspx","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T02:46:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"leisurelandtourism.com","ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"domain_registered":"2017-05-27","domain_rank":0,"first_seen":"2020-06-13T18:39:32Z","last_seen":"2026-03-28T01:13:19.742515Z","alert_count":10,"request_count":5,"received_data":65917,"sent_data":2493,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8488b922a99253eff28f4bf0a4bd8bb","sha1":"2281bad8f4610e24e7c1aa29c2050828849a9ed9","sha256":"63e5162917375c768fc7e47a545c674ff9d0b362f6aa887805a070e637bca983","sha512":"0e079c67c2d7cb0af98d93a6e3093ab2f65b709d27dad4b09d3a16834a17af1c4c4d3aaef78ccbc161107526b960c605d6521593a222370bb1e4269984b14424","ssdeep":"","tlshash":"c8f0e26a20920c008812b1b6b7a711283132e103240a8842bb3dc31d7f76e2f6b62f9f","size":480,"data":"","first_seen":"2025-06-30T08:07:01.964817Z","last_seen":"2026-04-10T13:21:49.174797Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T02:45:52.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leisurelandtourism.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 00:06:40 GMT","end":"Thu, 14 May 2026 00:06:39 GMT"},"fingerprint":{"sha1":"69:F7:36:8B:E0:91:7F:87:61:1E:9D:16:94:E8:D9:1F:96:71:3D:E9","sha256":"C6:E1:80:3C:57:67:E7:34:65:E6:D0:A2:F2:B6:FC:22:48:18:94:E1:7D:FF:44:9E:23:3A:B9:76:19:A2:1E:07"}}},"request":{"raw":"GET /owa.auth.logon.aspx HTTP/1.1\r\nHost: leisurelandtourism.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://leisurelandtourism.com/owa.auth.logon.aspx/\r\ncontent-length: 299\r\ncontent-type: text/html; charset=iso-8859-1\r\ndate: Sat, 28 Mar 2026 02:45:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7179,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T19:34:27.179619Z","times_seen":16247994,"resource_available":true,"data":null}},"time_used":724,"timings":{"blocked":281,"dns":0,"connect":136,"send":0,"wait":162,"receive":0,"ssl":142},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T02:45:52.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leisurelandtourism.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 00:06:40 GMT","end":"Thu, 14 May 2026 00:06:39 GMT"},"fingerprint":{"sha1":"69:F7:36:8B:E0:91:7F:87:61:1E:9D:16:94:E8:D9:1F:96:71:3D:E9","sha256":"C6:E1:80:3C:57:67:E7:34:65:E6:D0:A2:F2:B6:FC:22:48:18:94:E1:7D:FF:44:9E:23:3A:B9:76:19:A2:1E:07"}}},"request":{"raw":"GET /owa.auth.logon.aspx/ HTTP/1.1\r\nHost: leisurelandtourism.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 17 Jun 2025 12:33:54 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 2297\r\ncontent-type: text/html\r\ndate: Sat, 28 Mar 2026 02:45:52 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7179,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"dff8a972424062d9782b10a0e93d3fa0","sha1":"219829766b49983f2082ab3937598d7bd5a480b6","sha256":"532721049968885f8a3bbd03413f7ff1fa5b347394ac3d6c8883631e58d0c45e","sha512":"863ee31c5be8ac053f1aa5ae009ca3bb349f9503dd241f236ddfb720be10a0ac46243b7fe897284db1bd27906f971a2a846dc15c510baa8440ac80bbb3a13d58","ssdeep":"192:eYQZFpZr+39dKZdDc6ViEfI+2yv/zCPyB5Q:+oPF","tlshash":"2ce1631552441806d033e5f8bff31204eaea8113c34781697ebd235a9ffa9499aa3fdc","first_seen":"2025-06-30T08:07:01.959882Z","last_seen":"2026-04-10T13:21:49.172982Z","times_seen":17,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/fasgfd.png","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leisurelandtourism.com/owa.auth.logon.aspx/","date":"2026-03-28T02:45:53.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leisurelandtourism.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 00:06:40 GMT","end":"Thu, 14 May 2026 00:06:39 GMT"},"fingerprint":{"sha1":"69:F7:36:8B:E0:91:7F:87:61:1E:9D:16:94:E8:D9:1F:96:71:3D:E9","sha256":"C6:E1:80:3C:57:67:E7:34:65:E6:D0:A2:F2:B6:FC:22:48:18:94:E1:7D:FF:44:9E:23:3A:B9:76:19:A2:1E:07"}}},"request":{"raw":"GET /owa.auth.logon.aspx/fasgfd.png HTTP/1.1\r\nHost: leisurelandtourism.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leisurelandtourism.com/owa.auth.logon.aspx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 10 Jun 2025 10:15:25 GMT\r\naccept-ranges: bytes\r\ncontent-length: 36284\r\ncontent-type: image/png\r\ndate: Sat, 28 Mar 2026 02:45:53 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":36284,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 396 x 115, 8-bit/color RGBA, non-interlaced","md5":"c0af2d72832130c78265ec9ad6f5cabb","sha1":"82795cd945a012804d1ae8c124847a771c2c0bf2","sha256":"ebfcefb18ee9032d6ee2548dc5bd053d75ff3bb0b0431c84e8a189c81e1ae334","sha512":"87cf4fb6b7c6fcbb9f80f51837aac0e03bfe771d751ba800a5d14a7d0780e66348266063a969da856680cef73fc833de25a14b8fa03a73746402dfa39818f28c","ssdeep":"768:Td+HQS+I/eU+Sv0d0e9BMZ6G8z4jc7Vj5BGVpNqkTueW7RJo:T/6+a0d0e7MZkwgVBGVpzTdQo","tlshash":"5cf20275c94a6af861f9f7b84b4cb034bf69a87e57089cc890d44759b4f392ca311b4c","first_seen":"2025-06-30T08:07:01.962502Z","last_seen":"2026-04-10T13:21:49.174062Z","times_seen":17,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/bgowaas.png","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leisurelandtourism.com/owa.auth.logon.aspx/","date":"2026-03-28T02:45:53.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leisurelandtourism.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 00:06:40 GMT","end":"Thu, 14 May 2026 00:06:39 GMT"},"fingerprint":{"sha1":"69:F7:36:8B:E0:91:7F:87:61:1E:9D:16:94:E8:D9:1F:96:71:3D:E9","sha256":"C6:E1:80:3C:57:67:E7:34:65:E6:D0:A2:F2:B6:FC:22:48:18:94:E1:7D:FF:44:9E:23:3A:B9:76:19:A2:1E:07"}}},"request":{"raw":"GET /owa.auth.logon.aspx/bgowaas.png HTTP/1.1\r\nHost: leisurelandtourism.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leisurelandtourism.com/owa.auth.logon.aspx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 17 Jun 2025 09:24:10 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6213\r\ncontent-type: image/png\r\ndate: Sat, 28 Mar 2026 02:45:53 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6213,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 203 x 162, 8-bit/color RGBA, non-interlaced","md5":"a8f9752fe7b1fe9d82943a365e2b8b12","sha1":"076d17fd2e756fab43f488f4ac8aab83026624c6","sha256":"47a8050c02f442dbc63020221426a18c41fc518ed7c02bc921a546fbd632a613","sha512":"a1b04feafe31611155e2c75b3244e0ac54366cef78bbe6a389c8cb52a9ea7f9152ac2f8c25ae077519127f2e523a5f6559660366f70783ab76b6e20b347558dd","ssdeep":"192:Uoyy7+KwJTX6fsvM4YuUvhOWUK+RyLLdMmiQmHAiPY:Byy7+KnfsvMduahiKDBMt7H3PY","tlshash":"b5d15d55889c6a6cb60e99380136256819dfa99c1c760f76d4a8e24d7d372fec307c49","first_seen":"2025-06-30T08:07:01.955245Z","last_seen":"2026-04-10T13:21:49.173472Z","times_seen":17,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"leisurelandtourism.com/owa.auth.logon.aspx/favicon.ico","fqdn":"leisurelandtourism.com","domain":"leisurelandtourism.com","tld":"com"},"ip":{"addr":"162.251.85.203","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://leisurelandtourism.com/owa.auth.logon.aspx/","date":"2026-03-28T02:45:53.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"leisurelandtourism.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Feb 2026 00:06:40 GMT","end":"Thu, 14 May 2026 00:06:39 GMT"},"fingerprint":{"sha1":"69:F7:36:8B:E0:91:7F:87:61:1E:9D:16:94:E8:D9:1F:96:71:3D:E9","sha256":"C6:E1:80:3C:57:67:E7:34:65:E6:D0:A2:F2:B6:FC:22:48:18:94:E1:7D:FF:44:9E:23:3A:B9:76:19:A2:1E:07"}}},"request":{"raw":"GET /owa.auth.logon.aspx/favicon.ico HTTP/1.1\r\nHost: leisurelandtourism.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://leisurelandtourism.com/owa.auth.logon.aspx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 17 Jun 2025 12:31:23 GMT\r\naccept-ranges: bytes\r\ncontent-length: 7886\r\ncache-control: max-age=604800\r\nexpires: Sat, 04 Apr 2026 02:45:53 GMT\r\ncontent-type: image/x-icon\r\ndate: Sat, 28 Mar 2026 02:45:53 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7886,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"759fade9033aa298629e4b000dcd6dde","sha1":"34a1adf5c7326d7bde5b5735471b5d81e611c189","sha256":"cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e","sha512":"e96e93b13d70420d4d509d89a6337651440ae049b2a23d57c6250987003c46512c40c85c41bfa1c473a704801c961ffbe421522b89a1c34ba3b9e82a6d0769ed","ssdeep":"48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY","tlshash":"0cf130334afb6800e6171df04556f774c16a2d16394e58c3d88c3a6ae037be6706a9ef","first_seen":"2023-05-01T18:01:52Z","last_seen":"2026-06-07T23:40:58.891234Z","times_seen":5577,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"leisurelandtourism.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}