{"report_id":"5fed00ff-c889-422d-8d1e-ecea200e1970","version":6,"status":"done","tags":[],"date":"2026-02-22T11:17:32Z","url":{"schema":"http","addr":"offersnetworks.click/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A","fqdn":"offersnetworks.click","domain":"offersnetworks.click","tld":"click"},"ip":{"addr":"66.212.16.133","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"title":"Subscription Settings","dom":{"size":3566,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"07fbdab89c76b30c34d14278b3279667","sha1":"15ad3f46b4cce2d555e1c6334a2662f3a65e6822","sha256":"b8b9396bc32da38404459703dee6ed772fe3e3f48a23581e5247fddb2031a675","sha512":"e72e2b1c3df81a937c42897a7947bd84ff4e151fc8613dcd2ae455078b23284c04a45aa43a7b08745461f65dae8853730d7e8f696fb85035fbb1a1b4c2fa25d7","ssdeep":"","tlshash":"14717223acf34c565063507aabfae405afe480078218dd40baccc6a89fc4fd99c9374c","dom_hash":"domhashe83232b3431a42056f1cfd7d003f57d2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"offersnetworks.click/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A","fqdn":"offersnetworks.click","domain":"offersnetworks.click","tld":"click"},"ip":{"addr":"66.212.16.133","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-29T11:17:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T11:17:11Z","timestamp":1771759031,"ip_dst":{"addr":"66.212.16.133","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":46692,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-02-22T11:17:11.033456+0000\",\"flow_id\":240461892946747,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":46692,\"dest_ip\":\"66.212.16.133\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"offersnetworks.click\",\"url\":\"/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.rarefulle.com/RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":535,\"start\":\"2026-02-22T11:17:10.396091+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"offersnetworks.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"app.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"www.rarefulle.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"offersnetworks.click","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-06-09","domain_rank":0,"first_seen":"2026-02-20T08:38:53.259364Z","last_seen":"2026-02-20T08:38:53.259364Z","alert_count":4,"request_count":2,"received_data":3871,"sent_data":994,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.37","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"AlmaLinux","description":"AlmaLinux is an open-source, community-driven Linux operating system that fills the gap left by the discontinuation of the CentOS Linux stable release.","website":"https://almalinux.org","common_platform_enumeration":"","icon":"AlmaLinux.svg","categories":["Operating systems"]},{"name":"PHP:7.2.24","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"opt.listarmor.com","ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2011-03-29","domain_rank":1171313,"first_seen":"2013-07-26T13:06:46Z","last_seen":"2026-02-20T08:38:53.902437Z","alert_count":5,"request_count":5,"received_data":224547,"sent_data":2443,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"gunicorn:0.17.2","description":"","website":"https://gunicorn.org","common_platform_enumeration":"","icon":"gunicorn.png","categories":["Web servers"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:1.4.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"app.listarmor.com","ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2011-03-29","domain_rank":0,"first_seen":"2013-07-26T13:06:49Z","last_seen":"2026-02-20T08:38:53.971967Z","alert_count":1,"request_count":1,"received_data":1657,"sent_data":460,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.rarefulle.com","ip":{"addr":"95.169.180.19","port":443,"asn":262287,"as":"Latitude.sh LTDA","country":"United States","country_code":"US"},"domain_registered":"2023-04-06","domain_rank":0,"first_seen":"2023-04-06T16:39:02Z","last_seen":"2026-02-20T08:38:53.964542Z","alert_count":1,"request_count":1,"received_data":3739,"sent_data":574,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.12.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"00c7e58fe43be713f919dd18c4ec815e","sha1":"8688bc402dc0c6faa47839f4326c294c010a038f","sha256":"35d9d8af0f50a4d79ba3b68bf0cca66cf7f91b32eb6c14b89ed8c850fade94c3","sha512":"680d227e6d8bae5f7f842cc8d3f62374dd1fb30a8908ae46ddebeadf9c4fc84c13b6a8ab88f5e14cf5de4fe3043ad05760734fb9bb314b72a613eae5c21093a9","ssdeep":"","tlshash":"4c80000abc008e2200280b0a23b2e28c2028200f20ecb2c032a08000200038b28802c0","size":29,"data":"","first_seen":"2026-02-22T11:17:33.324214Z","last_seen":"2026-02-22T11:17:33.324214Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e24f87a565d2ef6c54035e38c17b01c3","sha1":"379600bbeb86efb44ef52081f874f8f40f29c94b","sha256":"453c184cfa766996c81703fb05cb7f6737870a0f67139a9b7c58dcfa9a4f6fb5","sha512":"0ee16e938871d4b4f06c8ae6fe499fa9a05fabdba8e14286285fc6e00b76a93e74b449787b4a7059aa3c9aedfe520a4205b92bb57a713d4d28194ba6076cebb2","ssdeep":"","tlshash":"c1d05e0af0e92044007730390e1fa4809e5b780f3255cf00fa8e8ad04f2d929c40660a","size":250,"data":"","first_seen":"2025-03-03T17:20:17.165132Z","last_seen":"2026-04-04T01:35:59.44207Z","times_seen":3123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f0da2a6b725da8a3e0a52f7a3ff8a299","sha1":"6374bd2ac0519f517669e018bac144decd004afd","sha256":"6a4599440ec525d9451f05c3c898c6d913e4cdd2d3b52474ea1107e9c318de00","sha512":"0a8f2eb85c5ad244ae5d79959aa1e36d0afe7816ccfbdc604c06e29067bc90aa59d06d2d69493048b29afa9738595bd147f8d2f2bbc982cd2a96e64f3ab3518c","ssdeep":"","tlshash":"c6f05cafac1b58f89657411b67bed068ba78104f0250e200b44cd9125f50fa41c4ba98","size":504,"data":"","first_seen":"2025-03-03T17:20:17.166926Z","last_seen":"2026-04-04T01:35:59.442585Z","times_seen":3124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/static/common/js/jquery-1.4.2.js","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8a2a48ddaa95527c6d3db763e2b7809","sha1":"d5168c9a86579d1fc2c5c3f0706ebe3ac14dfe46","sha256":"1adeb9b7455c164e01a88173d356742be2a4b5dc4977f0f64fee5b5d4b38e0b3","sha512":"eb77a9bc7d317d2413ac896e2c61d26198b07614971a953586963f5a66c4fa52cecd41b5b2531a1a4a56eb573243f58777f4ca6686b2c5352d19f2b3be98b518","ssdeep":"1536:zTN+GpiGWMNWnprcooA6p0yYiUTUybQ9TGA3eEEYSH+cYjnhjy6GeuqvEsD:zTXYGwcAo5lcyyguqvEsD","tlshash":"0a63f8c9b2c27273c3e731b824af510af136a8aaa44c4854f06ce8e5bd74a55447bf7d","size":72326,"data":"","first_seen":"2023-03-07T01:16:45Z","last_seen":"2026-04-04T09:18:54.28959Z","times_seen":4181,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/sandbox%20eval%20code","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"64fe6fe97a487c82c5be70158b71aa87","sha1":"b93ba17d1796e404b0ca1ef6f262bbbb0c427366","sha256":"3ec8a12103cf9c2e91b9be1329d1e9f1c53043e38a641070650d1b8d07dbbcd2","sha512":"1a52d609a0d5b1688f664612d6fc98846ffc6d0899444651d29b0c076fdc4c6d4ea87a1ea3b97d816c166f3d91bac5e421f7160c6a00872cccb5aa126bcf7ba5","ssdeep":"","tlshash":"85c08cb3a790156b9a1267b1b8106013bbd6571047a78012b047011b1180ea659b8098","size":148,"data":"","first_seen":"2023-04-11T21:38:13Z","last_seen":"2026-04-04T12:50:00.594621Z","times_seen":60237,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssl.google-analytics.com/ga.js","fqdn":"ssl.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b6f6d7efd99960ab916ee096e061f2e7","sha1":"e21f1b5b99444ed4e4f62308cf616edd93ee852e","sha256":"bbb1ca9c206e0ed72478ea72f3ca038cf739fd540d5d1c2da19620c942e4c4f4","sha512":"1a6172d7bd59e113fb23d09bed6e42141e198709e59442972a15bc6445de0a5d5713611269ffc5fdda04f5cd2bbd81e52cb15bd19ee5fa0b6f163880ed2a34de","ssdeep":"","tlshash":"bb615045e8bf3cf11151200a097b8137632e8813ef5db454bafa52139f6e4de24b2fa9","size":3362,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:50:00.586821Z","times_seen":60056,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"offersnetworks.click/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A","fqdn":"offersnetworks.click","domain":"offersnetworks.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T11:17:10.022Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A HTTP/1.1\r\nHost: offersnetworks.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":196,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T11:17:11Z","timestamp":1771759031,"ip_dst":{"addr":"66.212.16.133","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":46692,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-02-22T11:17:11.033456+0000\",\"flow_id\":240461892946747,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":46692,\"dest_ip\":\"66.212.16.133\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"offersnetworks.click\",\"url\":\"/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.rarefulle.com/RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":535,\"start\":\"2026-02-22T11:17:10.396091+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"offersnetworks.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/static/bootstrap/css/bootstrap.css","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","date":"2026-02-22T11:17:12.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /static/bootstrap/css/bootstrap.css HTTP/1.1\r\nHost: opt.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 22 Feb 2026 11:17:12 GMT\r\nContent-Type: text/css\r\nContent-Length: 124223\r\nLast-Modified: Sun, 20 Jan 2013 21:29:17 GMT\r\nConnection: keep-alive\r\nETag: \"50fc61ad-1e53f\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124223,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"101205d0b6e392c86bbf404a7190dd3c","sha1":"7fd78348c86e96636537d6dd45213f21d1c257cf","sha256":"767c321a970efab2ec747611d60563bf98774f5d9ce8fa101c04af78cdc00184","sha512":"1ebb462b40223d528158e855e6410e65044ad83666add1d4792eebb7ca34e35e557ea65c12be2bb3132a8552e48f07df64437a3dde5edbeca9efa9f08fd063ae","ssdeep":"3072:CUuIpCRMSy+AhGeIJY6xhlaztKWkZuCFsz3Qc:CURpCRMSy+AhGeIJY6xhlaztKWkZuCFk","tlshash":"28c384e2aae12a14702bc15c66d1de82776d0082850fcd7e72fe71acff499c84573e99","first_seen":"2023-04-07T14:41:29Z","last_seen":"2026-04-04T01:35:59.438991Z","times_seen":3442,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":200,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/static/bootstrap/css/bootstrap-responsive.css","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","date":"2026-02-22T11:17:12.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /static/bootstrap/css/bootstrap-responsive.css HTTP/1.1\r\nHost: opt.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 22 Feb 2026 11:17:12 GMT\r\nContent-Type: text/css\r\nContent-Length: 21751\r\nLast-Modified: Sun, 20 Jan 2013 21:29:17 GMT\r\nConnection: keep-alive\r\nETag: \"50fc61ad-54f7\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21751,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b626be49731b63affaa1bd71fed6f8b8","sha1":"5aeb24d207a5e1de41346ba07a94407e369a7678","sha256":"209f176a41ecf09e48412acb60b6d9ad5e177acb0dd1e9f09a7c06498661a223","sha512":"8b684af72d7a870caff20712b7e06b9613a363ab30b8d9b582dc8d9c42048467bd25e0e13bc922c92f9b8b8e60c8de10c112ce72d36369fff61cba10efa54d9b","ssdeep":"384:sDi+XnHtUrZKt+uSmu+c30X8SGCxGfGYb/0EUN0QT0FeVF5cFLc:uiOnHtUrZKtqOI0MSGCxGfGYb/0Ery0k","tlshash":"3da2b19a2ee21044fa72e1b92efd03047682a813d3bfdd5339de51a8cf456495ca7e84","first_seen":"2023-04-07T14:41:29Z","last_seen":"2026-04-04T01:35:59.439698Z","times_seen":3438,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":296,"dns":1,"connect":98,"send":0,"wait":197,"receive":2,"ssl":200},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/static/common/js/jquery-1.4.2.js","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","date":"2026-02-22T11:17:12.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /static/common/js/jquery-1.4.2.js HTTP/1.1\r\nHost: opt.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 22 Feb 2026 11:17:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 72326\r\nLast-Modified: Sat, 26 Nov 2011 21:21:01 GMT\r\nConnection: keep-alive\r\nETag: \"4ed1583d-11a86\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":72326,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (820), with CRLF line terminators","md5":"a8a2a48ddaa95527c6d3db763e2b7809","sha1":"d5168c9a86579d1fc2c5c3f0706ebe3ac14dfe46","sha256":"1adeb9b7455c164e01a88173d356742be2a4b5dc4977f0f64fee5b5d4b38e0b3","sha512":"eb77a9bc7d317d2413ac896e2c61d26198b07614971a953586963f5a66c4fa52cecd41b5b2531a1a4a56eb573243f58777f4ca6686b2c5352d19f2b3be98b518","ssdeep":"1536:zTN+GpiGWMNWnprcooA6p0yYiUTUybQ9TGA3eEEYSH+cYjnhjy6GeuqvEsD:zTXYGwcAo5lcyyguqvEsD","tlshash":"0a63f8c9b2c27273c3e731b824af510af136a8aaa44c4854f06ce8e5bd74a55447bf7d","first_seen":"2023-03-07T01:16:45Z","last_seen":"2026-04-04T09:18:54.28959Z","times_seen":4181,"resource_available":true,"data":null}},"time_used":909,"timings":{"blocked":300,"dns":1,"connect":101,"send":0,"wait":200,"receive":101,"ssl":203},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/favicon.ico","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","date":"2026-02-22T11:17:13.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: opt.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 MOVED PERMANENTLY\r\nDate: Sun, 22 Feb 2026 11:17:13 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: gunicorn/0.17.2\r\nVary: Accept-Language, Cookie\r\nLocation: https://app.listarmor.com/static/common/images/favicon.ico\r\nContent-Language: en-us\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"MOVED PERMANENTLY","fingerprints":[{"name":"gunicorn:0.17.2","description":"","website":"https://gunicorn.org","common_platform_enumeration":"","icon":"gunicorn.png","categories":["Web servers"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.listarmor.com/static/common/images/favicon.ico","fqdn":"app.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","date":"2026-02-22T11:17:13.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /static/common/images/favicon.ico HTTP/1.1\r\nHost: app.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://opt.listarmor.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sun, 22 Feb 2026 11:17:13 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1406\r\nLast-Modified: Sat, 26 Nov 2011 21:21:01 GMT\r\nConnection: keep-alive\r\nETag: \"4ed1583d-57e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"a11b5ae8faf367e1efd4a4db9e3c9792","sha1":"fb5cde1d4728197f601a035b8e4f9f056f1e68b0","sha256":"fe9473fd41286004bc658d511cccb03fb0a8c1c3598d72b37470d9a1a5bd368c","sha512":"c969cf7b93417109d9f44c140274d27fb61a135082fdf93832979eac2617e90a819671a441881f1506642f26211e9dd2fc8f8e04013b02a4fe1ac553e2053a3a","ssdeep":"","tlshash":"71210c39777a0200de65e1b83844c711351ac6029042726fa8f29bd10c50aae9f50ae8","first_seen":"2023-05-10T22:21:46Z","last_seen":"2026-04-04T01:35:59.437121Z","times_seen":3408,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":13,"connect":103,"send":0,"wait":103,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"app.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"offersnetworks.click/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A","fqdn":"offersnetworks.click","domain":"offersnetworks.click","tld":"click"},"ip":{"addr":"66.212.16.133","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T11:17:10.397Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A HTTP/1.1\r\nHost: offersnetworks.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sun, 22 Feb 2026 11:17:10 GMT\r\nServer: Apache/2.4.37 (AlmaLinux)\r\nX-Powered-By: PHP/7.2.24\r\nLocation: https://www.rarefulle.com/RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server:2.4.37","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"AlmaLinux","description":"AlmaLinux is an open-source, community-driven Linux operating system that fills the gap left by the discontinuation of the CentOS Linux stable release.","website":"https://almalinux.org","common_platform_enumeration":"","icon":"AlmaLinux.svg","categories":["Operating systems"]},{"name":"PHP:7.2.24","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3510,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":786,"timings":{"blocked":147,"dns":1,"connect":148,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-22T11:17:11Z","timestamp":1771759031,"ip_dst":{"addr":"66.212.16.133","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.51","port":46692,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-02-22T11:17:11.033456+0000\",\"flow_id\":240461892946747,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":46692,\"dest_ip\":\"66.212.16.133\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"offersnetworks.click\",\"url\":\"/AWmWnNZu_joeRlXESB-u1XgFLS_-juzRARLiRvwONEZ0Uv4-9A\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.rarefulle.com/RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":691,\"bytes_toclient\":535,\"start\":\"2026-02-22T11:17:10.396091+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"offersnetworks.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.rarefulle.com/RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~","fqdn":"www.rarefulle.com","domain":"rarefulle.com","tld":"com"},"ip":{"addr":"95.169.180.19","port":443,"asn":262287,"as":"Latitude.sh LTDA","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T11:17:11.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.rarefulle.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 15:43:31 GMT","end":"Sun, 15 Mar 2026 15:43:30 GMT"},"fingerprint":{"sha1":"CC:0A:90:47:07:AD:03:44:2C:FF:78:54:01:93:C5:69:83:3C:AA:CC","sha256":"2A:9B:C1:75:B5:93:74:E3:7C:E4:87:46:68:9D:4C:A2:B0:BA:17:E0:68:FC:9D:55:F1:8B:E9:4D:23:54:B0:41"}}},"request":{"raw":"GET /RBqbTNgtQBpKy5T8UuFpNZiy-hxWUkAtY0TFg_qJnLezFwKKID9ko5T_vgJbqyESvV2MB4hvTkUvP7mIgUCRig~~ HTTP/1.1\r\nHost: www.rarefulle.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nDate: Sun, 22 Feb 2026 11:17:11 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nServer: nginx/1.12.2\r\nLocation: https://opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx:1.12.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3510,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T12:49:17.462299Z","times_seen":13332134,"resource_available":true,"data":null}},"time_used":1070,"timings":{"blocked":378,"dns":34,"connect":112,"send":0,"wait":314,"receive":0,"ssl":229},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"www.rarefulle.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"opt.listarmor.com/unsub/HADx3CsXgcV6BOtJaNkSZ9Kh","fqdn":"opt.listarmor.com","domain":"listarmor.com","tld":"com"},"ip":{"addr":"206.189.197.92","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-22T11:17:11.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"app.listarmor.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 16:35:15 GMT","end":"Sat, 25 Apr 2026 16:35:14 GMT"},"fingerprint":{"sha1":"A3:2F:6B:54:0C:95:5E:0D:E6:60:6F:5A:B0:24:79:03:60:93:66:EB","sha256":"13:07:62:89:AD:85:48:04:9F:EC:AA:C7:9D:1E:3E:03:64:86:7C:6B:2C:C6:C6:ED:A2:F2:6F:12:05:F3:BE:12"}}},"request":{"raw":"GET /unsub/HADx3CsXgcV6BOtJaNkSZ9Kh HTTP/1.1\r\nHost: opt.listarmor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Feb 2026 11:17:12 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: gunicorn/0.17.2\r\nVary: Accept-Language, Cookie\r\nContent-Language: en-us\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"gunicorn:0.17.2","description":"","website":"https://gunicorn.org","common_platform_enumeration":"","icon":"gunicorn.png","categories":["Web servers"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:1.4.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":3510,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"e44758d0197650af08ca1b36064ee024","sha1":"1444c6a7de51b9c7c86a4443672f45bd587f1e23","sha256":"edaad3ab9537c063f9beb2bead528c7ca7835367ed1b15bf5834e8ec5aa7c56b","sha512":"7f0ee64169b058f51b28fbbd56941418afd76f885ff0ac096f42732f68a81e20433be1197d2c7a58d638d6eff0d0bc3602eba766c6b4fcc416c5e40df5c4fc36","ssdeep":"","tlshash":"ca715222acf34c555063507aabfad516bfe480078218dd40bacc96a89fc4fd99c93688","first_seen":"2024-04-11T01:57:30Z","last_seen":"2026-03-25T20:18:20.295309Z","times_seen":3126,"resource_available":true,"data":null}},"time_used":763,"timings":{"blocked":314,"dns":12,"connect":99,"send":0,"wait":134,"receive":1,"ssl":201},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-22","alert":"Sinkholed","trigger":"opt.listarmor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}