{"report_id":"62ef313e-a6e1-49cb-b3ff-8a6898e29c35","version":6,"status":"done","tags":[],"date":"2026-03-06T06:56:57Z","url":{"schema":"http","addr":"ro-ver.link","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"title":"RoVer","dom":{"size":73781,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (391)","md5":"2fb68447b2ea13631a51d0199a2b54f9","sha1":"311a846cc4f2f0f72ee70e07a97d53909379c132","sha256":"2383cfcce906a26e647399cc879d54ea4538dc20479904895faee8f82c5eff3a","sha512":"122777844ad1906c8427fdee9053ec93054c0e0fccea1f5f7a58279d0d149b427524a2e46a038ba5f0bac3df6ab6797f711b68038351d02873cf04513cd7fafa","ssdeep":"768:7ixBfaTVplRhf/mGFHLiesG9MpjGGlMkMc/2ClW+RFFg+gUmwZ8g1ioMBzodMXw:+x0pPkMc/2H+RngnXw","tlshash":"847331194973e29d1c63941e23e15e231270e403ad05fb9f3bff81a48f4bad464dae66","dom_hash":"domhash2b11a2f8eff9e18844fef29f1807198b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ro-ver.link","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":0,"asn":0,"as":"","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-10T06:56:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"Client IP","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ro-ver.link","ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"domain_registered":"2025-08-20","domain_rank":0,"first_seen":"2025-12-01T23:22:14.584433Z","last_seen":"2025-12-01T23:22:14.584433Z","alert_count":31,"request_count":9,"received_data":268980,"sent_data":4003,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.251.142.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":2,"received_data":34110,"sent_data":1060,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":3391,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":895,"first_seen":"2020-10-23T05:27:50Z","last_seen":"2026-03-04T20:34:40.124586Z","alert_count":0,"request_count":2,"received_data":633,"sent_data":1027,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-03-01T22:33:58.871316Z","alert_count":0,"request_count":1,"received_data":31565,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f89ef5da8043fb70eacbb4d7d4b5115d","sha1":"c2bf1870ff8e6a0b009eeac2931543f26c72293b","sha256":"425d6e664e8eb6738305dde8e2a8e1267b4cb88af8575fbd15619f826ff31a66","sha512":"f0d7740c5e50e6fe16c77d3e794e51df92b2d225e27522925668e5afe905c7b8344f3fe191d2a184f2d35c429feb9b738d21da5c1fbe354a49d515148313dd35","ssdeep":"","tlshash":"14e0eb0bf02c01b18c2f58dba0c14ada79e080bb0bc8e041782e41ac0b31d3934efaec","size":325,"data":"","first_seen":"2026-03-06T06:52:22.875838Z","last_seen":"2026-03-06T07:00:02.4109Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","size":31169,"data":"","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-06-07T18:58:00.053442Z","times_seen":78098,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4dcc46f258f2e0e01a5d63c0bfa41eb4","sha1":"872c508a5b8d96fc9520e18afabeb5bc173a63a0","sha256":"3ec2c65bef65d9ca43901bade11cf6b4bf9b5ce5ece4edb9817e77cb1c4b8cc1","sha512":"ff714e4dc1862222f13c04409b16eeab937267184a90cb947e6285c2b7e0d1719d9fc0b2e518d8411d6c63c06b8c538d432c64ca9af8a9cbd5b03c5257495035","ssdeep":"","tlshash":"83518bb55eb21534a12b016f27cb69443700b0abf644ea7839fcc29a5fd0d90a2637bd","size":2554,"data":"","first_seen":"2026-03-06T06:52:22.876663Z","last_seen":"2026-03-06T07:00:02.411872Z","times_seen":4,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ce237992dbaa67490f863f9f91902bf","sha1":"92fd3b94ab77ec87bb20d66d49ed838045e82246","sha256":"00aaca9604b521d09315ed12007ce19d3e0c9902520e0c5d411291033547ebac","sha512":"58ea212ebe700bb5ca357afe97fd9fd30b9de923219891e9408deb02b5d42c74e85c6f7923cbea7b3c811f3e27721bee6bf5697d411a7b56e593997a9a4f82cb","ssdeep":"","tlshash":"89c0808fb6ee161002dfdd77047b9f4c3434800d4804070c3d2cc5d01d38d66e407945","size":180,"data":"","first_seen":"2026-03-06T06:52:22.877719Z","last_seen":"2026-03-06T07:00:02.412891Z","times_seen":6,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ro-ver.link/index-Z3GN4FTR.css","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET /index-Z3GN4FTR.css HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: text/css\r\nContent-Encoding: gzip\r\nContent-Length: 704\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nLast-Modified: Fri, 31 May 2024 12:54:07 GMT\r\nEtag: W/\"6659c86f-5e9\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1513,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"54aebd5706d8e94a865a854cf1db6b72","sha1":"3143bf0bd4ee927c6973dc2877fe421320233baa","sha256":"9e3ac2d469dc1b6fc06e7c193b776dd8de4914f0c82af1cdb9eff773e06ee7f5","sha512":"8eeb47ec29bbcab615f7ee48f98906b51dfad9761a60d4fc5a6cfc7020cd2e769be78afea236ad2a8a73b73addc243a2979f56ee98f4dd3476b604aa02798ef5","ssdeep":"","tlshash":"9231dc10fea3bb82a63384bf33dad6962b386017401aea0c7ee277544f4a14755e039d","first_seen":"2025-11-08T16:17:31.189008Z","last_seen":"2026-03-06T07:00:02.406324Z","times_seen":9,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":96,"dns":0,"connect":37,"send":0,"wait":92,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/oxygen/v16/2sDcZG1Wl4LcnbuCNWgzaGW5.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.142.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/oxygen/v16/2sDcZG1Wl4LcnbuCNWgzaGW5.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ro-ver.link\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 16152\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 04 Mar 2026 15:16:23 GMT\r\nexpires: Thu, 04 Mar 2027 15:16:23 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:08:52 GMT\r\ncontent-type: font/woff2\r\nage: 142814\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16152,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16152, version 1.0","md5":"233b219a1a4059fef591a77b01a04cae","sha1":"1f7e0508041ab3f009343e7b2fa119c10ae9907c","sha256":"4414b63c51aaef6d5d77ef9b45d9a936e476ad3a9902e046cf7cb8af05ce72bc","sha512":"12063b60fc3e15769370d063aabcb06c8f586af7fed476247c16a91b95ccdaa48747d72576b32b0dec6639fa48c2848d948983e3a17876ceed3ec668efae1285","ssdeep":"384:0pmXmslQc1mSrtvli0I0k7aG0tbu/zMtpozw0xYkkP:omXmsHdr7i0ZMaG0tburMtpqVW","tlshash":"b572e019aba02e0f78038bb312035954f34be55fed0bf7fa1d2aa191766bc003557996","first_seen":"2025-09-05T07:00:18.503878Z","last_seen":"2026-06-08T03:35:47.421117Z","times_seen":3541,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":60,"dns":1,"connect":8,"send":0,"wait":9,"receive":2,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Poppins|Oxygen:400,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css?family=Poppins|Oxygen:400,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 06 Mar 2026 06:56:37 GMT\r\ndate: Fri, 06 Mar 2026 06:56:37 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2705,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"04f496f1476ada4bc17ddb68f5810f1f","sha1":"ef34cd0783bec0f0e0bc866e9e92ce0764dbb0dc","sha256":"1513c1b40ad1eb5f4430c3f5198d006d77afacf2b6d835ae9d025b1adf40db71","sha512":"750c0a86ea76fb925d4b6528684aa8317c64aad26c2c057a97d96e4c9456188112976617d5b706d61e58184392eec48da67c9d696019b09ad78414b019ba1860","ssdeep":"","tlshash":"4951cd920c7be514a7930cc522ce7d33ef0e62517445a834aefe1c98bca7d659362b1d","first_seen":"2025-11-08T16:17:31.179616Z","last_seen":"2026-03-06T07:00:02.400083Z","times_seen":9,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":118,"dns":0,"connect":21,"send":0,"wait":36,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cloudflareinsights.com/cdn-cgi/rum","fqdn":"cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:29:28 GMT","end":"Mon, 18 May 2026 15:29:15 GMT"},"fingerprint":{"sha1":"8B:A9:51:50:78:B2:5E:75:31:54:23:BC:80:D6:CA:53:34:E5:CD:8F","sha256":"AF:D9:FB:4F:B0:E1:BD:80:DF:22:93:A7:4A:99:5B:50:0A:BE:47:59:37:98:C6:BF:C5:DF:8D:8F:F0:8D:FD:23"}}},"request":{"raw":"OPTIONS /cdn-cgi/rum HTTP/1.1\r\nHost: cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ro-ver.link/\r\nOrigin: https://ro-ver.link\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 06 Mar 2026 06:56:37 GMT\r\ncontent-type: text/plain\r\naccess-control-allow-origin: https://ro-ver.link\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-allow-headers: Content-Type\r\naccess-control-max-age: 86400\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nserver: cloudflare\r\ncf-ray: 9d7f762d6abd4c11-OSL\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":31,"dns":3,"connect":1,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-06T06:56:35.715Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":128,"connect":40,"send":0,"wait":0,"receive":0,"ssl":51},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/imaginary-menagerie-ZA3ZLRJS.svg","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET /imaginary-menagerie-ZA3ZLRJS.svg HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 10025\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nLast-Modified: Fri, 31 May 2024 12:54:07 GMT\r\nEtag: \"6659c86f-2729\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10025,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3c9d139726f0d7903974c705d492f85a","sha1":"85859b1df60372ba2ae27e043c65fac31f8aebdd","sha256":"59270755ca46fe4f9689a8467cf18aa8c0dda1b45a659f36ea8530a01aa41a7e","sha512":"84258c2601b26a7166e6657c0769389b87cb02779e5dd53e47ff377d89f9805b27a6af0a9ac2ee891fda0522e9871ed61d0124ac413c39f9fa920ffb1967db40","ssdeep":"192:HRrTEEskgakZfh6Vxq4juEiCKTwcaRYU+SEn:xcxdZ6VLrmwcuYU+9","tlshash":"132267ca6720f28869d3edddff444895311e90ffda6bc78181deca2655d39a1eb09c40","first_seen":"2025-11-08T16:17:31.191924Z","last_seen":"2026-05-30T22:40:13.692436Z","times_seen":15,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":185,"dns":1,"connect":43,"send":0,"wait":75,"receive":1,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:29:28 GMT","end":"Mon, 18 May 2026 15:29:15 GMT"},"fingerprint":{"sha1":"8B:A9:51:50:78:B2:5E:75:31:54:23:BC:80:D6:CA:53:34:E5:CD:8F","sha256":"AF:D9:FB:4F:B0:E1:BD:80:DF:22:93:A7:4A:99:5B:50:0A:BE:47:59:37:98:C6:BF:C5:DF:8D:8F:F0:8D:FD:23"}}},"request":{"raw":"GET /beacon.min.js HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 06 Mar 2026 06:56:37 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.2.0\"\r\nlast-modified: Thu, 19 Feb 2026 17:45:24 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9d7f762b1a0e35a6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31169,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31169), with no line terminators","md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-06-07T18:58:00.053442Z","times_seen":78098,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":13,"dns":0,"connect":1,"send":0,"wait":22,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/glyph-BPKPYTDI.svg","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET /glyph-BPKPYTDI.svg HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 665\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nEtag: \"6659c86f-299\"\r\nAccept-Ranges: bytes\r\nX-Cache: HIT\r\nX-Cache-Url: https://ro-ver.link/glyph-BPKPYTDI.svg\r\nLast-Modified: Fri, 31 May 2024 12:54:07 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":665,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"86a5cf3f034b3f0376bbf0759ae26d36","sha1":"867b34eebb34783a09c2021fd2b6c08dab4eae51","sha256":"c8e82ecfe9961ead21468c9f64b9958a361c5e08a31716f0c030a174d243cb7a","sha512":"31c2ac58d646094c77217f8d3a9dab79b1d5f0206c873bf04c2ea9e07ca56b08568b57e5f782803ade65a7ad8806a75e2d42414d422c149242cd91c01e330e8e","ssdeep":"","tlshash":"3001996ee7257e3a70132be4af59e5a14153f0d6e11a10c8e0e46133634ae69b012b61","first_seen":"2025-11-08T16:17:31.185131Z","last_seen":"2026-05-30T22:40:13.703205Z","times_seen":15,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-06T06:56:35.947Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Fri, 06 Mar 2026 06:56:35 GMT\r\nContent-Length: 0\r\nLocation: https://ro-ver.link/\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":38,"dns":1,"connect":38,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/index-LG3B7WR4.js","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET /index-LG3B7WR4.js HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Encoding: gzip\r\nContent-Length: 51154\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nLast-Modified: Fri, 31 May 2024 12:54:07 GMT\r\nEtag: W/\"6659c86f-2bb93\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":179091,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (763)","md5":"def38e33418a003976c541680bb93336","sha1":"555d70dba0043b4af21295dca594bd7caccab686","sha256":"ed160b00bd7a9cb8db9e7cc8bb18259079e15abdbba1c665d42065de0ffedecb","sha512":"c168ae35bfd2823b040131779493da06c2d19bc236f50bfb9bc00917ca32b236eaf86ddecbc19cd1287c8c1ba29241b0b632d7a533a9ff37bd62e72a920f4014","ssdeep":"3072:/Djr+DpMzYuXp6nf8tg0eOrorororororP:L8qz3p6nEtxeOrorororororP","tlshash":"26044148baf638319617b039493fd809b276585b254dde047d0ca2f85f6c43c97bafa8","first_seen":"2026-03-06T06:52:22.874704Z","last_seen":"2026-03-06T07:00:02.401384Z","times_seen":6,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/logo-white-NE2GPYXA.svg","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET /logo-white-NE2GPYXA.svg HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1815\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nLast-Modified: Fri, 31 May 2024 12:54:07 GMT\r\nEtag: \"6659c86f-717\"\r\nAccept-Ranges: bytes\r\nX-Cache: HIT\r\nX-Cache-Url: https://ro-ver.link/logo-white-NE2GPYXA.svg\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1815,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d840e77082e80d3ac0c1c3a2daaab60a","sha1":"ba15904dc09f4b3590b93b0b57fe706c2ee5bbb0","sha256":"e14679ae98b51601357ab91b9ae7efc75399e2868fbc9cfe77874abcb8ed4664","sha512":"aa5eff1528aceb280bd669a48da2124751a978f9937ecc7d693b8b22c04491b53442397e06270c04f35da57e27413de13061d8f696119bf978d95b68b61b3fb8","ssdeep":"","tlshash":"0931b57ee6297a3c700247e4d728d471725fb99f72116368c0f856326347e2dd4a2ea3","first_seen":"2025-11-08T16:17:31.18218Z","last_seen":"2026-05-30T22:40:13.705126Z","times_seen":15,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":186,"dns":1,"connect":41,"send":0,"wait":41,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/oxygen/v16/2sDfZG1Wl4LcnbuKjk0m.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.142.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/oxygen/v16/2sDfZG1Wl4LcnbuKjk0m.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ro-ver.link\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 16288\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 05 Mar 2026 01:47:23 GMT\r\nexpires: Fri, 05 Mar 2027 01:47:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 104954\r\nlast-modified: Thu, 04 Sep 2025 17:08:56 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16288,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16288, version 1.0","md5":"205f35f3d41b09dc8c60b4a17a0078e7","sha1":"d945c292ad20d91ddbf29c9aed09fa78da66c3c5","sha256":"cb77b974327584a478f8579490a5f118da52f1062e00b5ad31cb4dc5444efb37","sha512":"ce34eaec1dc4c39bec163f492d2ece57035b749149f82fd0a2a3a310e7feffa38ef5090cc9cb70b261c12fe39b734a1133b4d85b65d567e8f84c7e9d228f88ce","ssdeep":"384:n9r224rYCfSQ+kNLYq+kI7oCsY0w0bKpY8YaUhqMDaj:nA24rR+Scq3I7oX4Y8bUtDaj","tlshash":"fe72d0321d02117cf3615b25e01cfc9ead4c7857b15886b93d69bd030a63bdefa4e6a1","first_seen":"2025-09-05T00:54:03.60612Z","last_seen":"2026-06-08T00:00:43.873875Z","times_seen":4439,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":94,"dns":1,"connect":8,"send":0,"wait":9,"receive":2,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cloudflareinsights.com/cdn-cgi/rum","fqdn":"cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ro-ver.link/","date":"2026-03-06T06:56:37.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:29:28 GMT","end":"Mon, 18 May 2026 15:29:15 GMT"},"fingerprint":{"sha1":"8B:A9:51:50:78:B2:5E:75:31:54:23:BC:80:D6:CA:53:34:E5:CD:8F","sha256":"AF:D9:FB:4F:B0:E1:BD:80:DF:22:93:A7:4A:99:5B:50:0A:BE:47:59:37:98:C6:BF:C5:DF:8D:8F:F0:8D:FD:23"}}},"request":{"raw":"POST /cdn-cgi/rum HTTP/1.1\r\nHost: cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 635\r\nOrigin: https://ro-ver.link\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ro-ver.link/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":635,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":1580,\"startTime\":1772780196253,\"versions\":{\"js\":\"2026.2.0\",\"timings\":2},\"pageloadId\":\"0255cab1-dff5-4fb0-b20c-e9b7d383f145\",\"location\":\"https://ro-ver.link/\",\"nt\":\"reload\",\"timingsV2\":{\"nextHopProtocol\":\"http/1.1\",\"domainLookupStart\":1079,\"domainLookupEnd\":1080,\"connectStart\":1080,\"connectEnd\":1173,\"requestStart\":1173,\"responseStart\":1213,\"responseEnd\":1214,\"domInteractive\":66,\"domComplete\":1689,\"loadEventStart\":1689,\"loadEventEnd\":1689,\"transferSize\":11956,\"decodedBodySize\":73888},\"siteToken\":\"f14e7643b0b64ce288215918ec88c288\",\"st\":2}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 06 Mar 2026 06:56:37 GMT\r\nserver: cloudflare\r\ncf-ray: 9d7f762d7aee4c11-OSL\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-06T06:56:36.035Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":88,"dns":0,"connect":40,"send":0,"wait":0,"receive":0,"ssl":60},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ro-ver.link/","fqdn":"ro-ver.link","domain":"ro-ver.link","tld":"link"},"ip":{"addr":"151.247.193.142","port":443,"asn":0,"as":"","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-06T06:56:37.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ro-ver.link","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 23 Nov 2025 02:49:54 GMT","end":"Sat, 21 Feb 2026 02:49:53 GMT"},"fingerprint":{"sha1":"13:02:50:9E:70:0E:09:F6:F0:3B:B5:D7:9F:B8:B9:9B:87:E7:F3:DA","sha256":"A6:28:53:E6:0A:7E:1D:A0:1A:68:71:8F:BD:25:37:0D:62:E1:2C:D8:CA:EF:65:D6:B3:B6:5D:DA:E6:19:91:81"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ro-ver.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Fri, 06 Mar 2026 06:56:37 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nContent-Length: 11574\r\nEggy-Wall: 12.5\r\nAbuse: abuse@eggywall.cc\r\nVary: Accept-Encoding\r\nLast-Modified: Wed, 04 Mar 2026 15:04:49 GMT\r\nAccept-Ranges: bytes\r\nEtag: \"120a0-64c3424349eb5-gzip\"\r\nX-Cache-Url: https://ro-ver.link/\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73888,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (391)","md5":"d8cdd7b13396519cdc33d8b5b8cac3e8","sha1":"ea81431a7aba86742f49fb3b60c8bc408c0847fd","sha256":"f0fc2f20fcf901d623befe749ad6b20d70a9b6edca5c25043af8b1dc69589cc4","sha512":"232c20f2511f005524439b552d539677ee7c48d53978092ba25839ca01c20346b3e0c8beb8d945ab1046aaafce992da3c625746de14e21cc3151d2d518e94a10","ssdeep":"768:tgxBfaTVplRhf/mGFHLiesG9MpjGGlMkMc/2ClW+RFFg+gUmwZ8g1OuOBfodMxp:+x0pPkMc/2H+Rng1xp","tlshash":"ac7321194973e29d1c63941a23e15e231270e403ad05fb9f3bff81a48f4bad464dae66","first_seen":"2026-03-06T06:52:22.873695Z","last_seen":"2026-03-06T07:00:02.398142Z","times_seen":4,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":94,"dns":1,"connect":40,"send":0,"wait":40,"receive":1,"ssl":51},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-06T06:56:36Z","timestamp":1772780196,"ip_dst":{"addr":"151.247.193.142","port":80,"asn":0,"as":"","country":"Iran","country_code":"IR"},"ip_src":{"addr":"172.18.0.51","port":34580,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2026-03-06T06:56:36.022208+0000\",\"flow_id\":1294651229434746,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.51\",\"src_port\":34580,\"dest_ip\":\"151.247.193.142\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ro-ver.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://ro-ver.link/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":668,\"bytes_toclient\":328,\"start\":\"2026-03-06T06:56:35.947066+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"ro-ver.link","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-06","alert":"Sinkholed","trigger":"ro-ver.link","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}