{"report_id":"69e73be1-2697-459f-bb3b-49de60ec57c2","version":6,"status":"done","tags":["phishing","poisonseed"],"date":"2025-12-18T00:50:05Z","url":{"schema":"https","addr":"ihroma.acemlnc.com/lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz","fqdn":"ihroma.acemlnc.com","domain":"acemlnc.com","tld":"com"},"ip":{"addr":"54.235.205.181","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"driver-sgdashboard.com/verify?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"title":"SendGrid Verification","dom":{"size":4579,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4577), with no line terminators","md5":"cd36fd3939f6fef4fe07f149c44bf6ef","sha1":"8b931605492a00d842b9b03c86b52326f4f09e24","sha256":"b8f82073fbe8b840d990721c35ed6b669f5f81366fafb3fda4a83c058478f33c","sha512":"0e0800b71d9eba5785fc73ce337597b6446bd8f94279d933c93ee57ee98751499b2777c62bd418f02c6cfd70a12e44b92ae9fe1e6b11c8651f72ba3c10fb5ff5","ssdeep":"96:n5DC7RfvNJCvl0W7HgLlr4/NTFchLPMEUQqqw55XuLaEZ+2:5DqRfX2f0q/fMblh65XaaEw2","tlshash":"909154bc0401635ffaf34d47ae35765ea13122deef624840f9bb2205dfa3a94dae4464","dom_hash":"domhashdd28a34de4cc95d026a924e89af589d5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ihroma.acemlnc.com/lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz","fqdn":"ihroma.acemlnc.com","domain":"acemlnc.com","tld":"com"},"ip":{"addr":"54.235.205.181","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-22T00:50:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]},"summary":[{"fqdn":"driver-sgdashboard.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2025-12-17T18:33:22.992805Z","last_seen":"2025-12-17T18:33:22.992805Z","alert_count":10,"request_count":5,"received_data":262099,"sent_data":4054,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sgmanagementportal.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2025-12-17T21:15:13.003408Z","last_seen":"2025-12-17T21:15:13.003409Z","alert_count":0,"request_count":2,"received_data":1382,"sent_data":1109,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ihroma.acemlnc.com","ip":{"addr":"54.225.69.136","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2015-09-17","domain_rank":0,"first_seen":"2025-12-18T00:50:06.10513Z","last_seen":"2025-12-18T00:50:06.10513Z","alert_count":0,"request_count":1,"received_data":975,"sent_data":584,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"ihroma.activehosted.com","ip":{"addr":"104.17.205.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2004-09-01","domain_rank":0,"first_seen":"2025-12-17T20:24:23.985437Z","last_seen":"2025-12-17T20:24:23.985437Z","alert_count":0,"request_count":1,"received_data":2322,"sent_data":589,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"driver-sgdashboard.com/static/js/main.3efe2fc4.js","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec8cfe50a349ceb3c11c23f4a0f9569c","sha1":"0a28481be9bfca3faaaeb7951bfa325c8acf845b","sha256":"7543917e53eda29aa15f2ecefe1d9bad944ba8aaca663a935dcd0dfbd807c5e1","sha512":"7f5b8234bdc7d8fae9eb9d4f7f3cd55b313d8add3ef924ec06c4ba082626b1a0b6cecadedf2f65fe6d37977b9e3ad4f9522bedcf45e449e99a956a91d8300765","ssdeep":"6144:zMxWXMZok0005o33F++C/TqKa+m5NTZMXx5NTZMXJ5NTZMXiVw5NTZMX18:zMnGolw7Hah5NTZMXx5NTZMXJ5NTZMX1","tlshash":"dd342ad83591f5656bb301b740af140ab37d1a1b680d8860f220fcda78b945eb27bf9d","size":244051,"data":"","first_seen":"2025-12-17T21:25:07.640558Z","last_seen":"2025-12-18T17:48:17.352198Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ihroma.activehosted.com/lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz","fqdn":"ihroma.activehosted.com","domain":"activehosted.com","tld":"com"},"ip":{"addr":"104.17.205.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T00:49:45.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"activehosted.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 23 Nov 2025 01:59:41 GMT","end":"Sat, 21 Feb 2026 02:59:38 GMT"},"fingerprint":{"sha1":"49:D4:96:FD:9B:9F:C4:0A:68:18:E4:C1:47:CC:CD:EC:89:8A:80:E4","sha256":"35:C9:55:E9:8B:E8:F4:D1:A4:FD:F9:5A:41:42:87:9B:17:F0:28:82:8A:2D:62:D8:16:EE:75:92:82:5B:F9:1D"}}},"request":{"raw":"GET /lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz HTTP/1.1\r\nHost: ihroma.activehosted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://driver-sgdashboard.com?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\r\ncf-ray: 9afaa980a9ef0883-OSL\r\ncache-control: no-store, no-cache, must-revalidate\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\nreferrer-policy: same-origin\r\nset-cookie: PHPSESSID=512900dbfae4a829b555b381b84f3cca; path=/; secure; HttpOnly; SameSite=Lax\ncmp66642242=318316bac4a7f3d78a79abbe8718f883; expires=Sat, 17-Jan-2026 00:49:45 GMT; Max-Age=2592000; path=/; domain=.ihroma.activehosted.com; secure; SameSite=Lax\n__cf_bm=Iyp_uqA33ZGxsWreHlfVOO_FT5uqFtjhSWnC4FFv5ag-1766018985-1.0.1.1-AIb7cJ_RFTDt9I4iptw0O0TptV68yTPaSWr1Jnsnq4vExf3xx3WKDw4wEIq0pMReMoa_FtkubyIjxhATG4duJy1OO6K5s_Vj9Ah5952ZzV8; path=/; expires=Thu, 18-Dec-25 01:19:45 GMT; domain=.activehosted.com; HttpOnly; Secure; SameSite=None\r\nx-content-type-options: nosniff\r\nx-envoy-decorator-operation: ac-hosted-current-web.activecampaign-hosted.svc.cluster.local:80/*\r\nx-envoy-upstream-service-time: 263\r\nx-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/\r\nx-request-id: f31b7da7-50ff-4c07-86eb-08ef0588608a\r\nx-robots-tag: noindex\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":630,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":430,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":356,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T00:49:45.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driver-sgdashboard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 17:27:48 GMT","end":"Tue, 17 Mar 2026 18:18:30 GMT"},"fingerprint":{"sha1":"1B:C2:66:AC:FA:05:27:9F:A2:A3:13:68:A7:1C:F9:53:63:CC:41:69","sha256":"78:40:12:EE:CD:0A:A4:7E:FE:F6:91:02:93:1E:CD:F4:2B:EE:C0:26:41:C3:AA:E5:10:66:98:6C:F7:44:2C:BC"}}},"request":{"raw":"GET /?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA== HTTP/1.1\r\nHost: driver-sgdashboard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 17 Dec 2025 21:20:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uGoqSmROqLXH2Z%2BPb9VsDuZFrA1EcjWLhutd0rQe8wu%2Bo19H1WAKS%2FX%2Fp2xYn%2B2n9rHjZA%2BpWu1QBkrbepghyyrOf379r1K5RLzRw7tkLTLqSnl1\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9afaa9837984b4f7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":630,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (630), with no line terminators","md5":"3b83a31f08ed31bc6a8ef6db89728444","sha1":"e65c46f7cf74541d8c947f7ab33a446edd3da4a5","sha256":"35a3d6be9386c799b9014b16a5da5d3fe164e4fa76391468119eee87d33120dd","sha512":"4e45693497d35dce403f3c71054e87ecb788c21b7f36fb328c1cdbbe20309be849b3f606a82a20a57f2a76cdcbcfeadabc835b30247be3dc82f72b3359d6db63","ssdeep":"","tlshash":"e1f07d52cc10c48d6730577bed72b02cc946b90ca691bc14b8ae14fa0dd0ba28d72961","first_seen":"2025-12-17T21:25:07.638141Z","last_seen":"2025-12-18T17:48:17.351692Z","times_seen":11,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":76,"dns":54,"connect":1,"send":0,"wait":74,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]}},{"url":{"schema":"https","addr":"driver-sgdashboard.com/static/js/main.3efe2fc4.js","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:45.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driver-sgdashboard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 17:27:48 GMT","end":"Tue, 17 Mar 2026 18:18:30 GMT"},"fingerprint":{"sha1":"1B:C2:66:AC:FA:05:27:9F:A2:A3:13:68:A7:1C:F9:53:63:CC:41:69","sha256":"78:40:12:EE:CD:0A:A4:7E:FE:F6:91:02:93:1E:CD:F4:2B:EE:C0:26:41:C3:AA:E5:10:66:98:6C:F7:44:2C:BC"}}},"request":{"raw":"GET /static/js/main.3efe2fc4.js HTTP/1.1\r\nHost: driver-sgdashboard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 17 Dec 2025 21:20:41 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 16 Jan 2026 21:32:25 GMT\r\ncache-control: public, max-age=2592000\r\nage: 11839\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ysxn2Pfqg8YMeXbbsWZ1ymGA8JAXnBoUk4BNEF7%2FfXJr8vzOMbHly%2BxkLbLH%2FDcrt4A1gO5dtmSJ7I%2Ft91aKrvS3cCR8GGGSkVaovZ0fzANFfmIJrlA%3D\"}]}\r\netag: W/\"69431ea9-3b953\"\r\ncontent-encoding: br\r\ncf-ray: 9afaa98539f7b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":244051,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"ec8cfe50a349ceb3c11c23f4a0f9569c","sha1":"0a28481be9bfca3faaaeb7951bfa325c8acf845b","sha256":"7543917e53eda29aa15f2ecefe1d9bad944ba8aaca663a935dcd0dfbd807c5e1","sha512":"7f5b8234bdc7d8fae9eb9d4f7f3cd55b313d8add3ef924ec06c4ba082626b1a0b6cecadedf2f65fe6d37977b9e3ad4f9522bedcf45e449e99a956a91d8300765","ssdeep":"6144:zMxWXMZok0005o33F++C/TqKa+m5NTZMXx5NTZMXJ5NTZMXiVw5NTZMX18:zMnGolw7Hah5NTZMXx5NTZMXJ5NTZMX1","tlshash":"dd342ad83591f5656bb301b740af140ab37d1a1b680d8860f220fcda78b945eb27bf9d","first_seen":"2025-12-17T21:25:07.640558Z","last_seen":"2025-12-18T17:48:17.352198Z","times_seen":11,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]}},{"url":{"schema":"https","addr":"driver-sgdashboard.com/static/css/main.b481942e.css","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:45.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driver-sgdashboard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 17:27:48 GMT","end":"Tue, 17 Mar 2026 18:18:30 GMT"},"fingerprint":{"sha1":"1B:C2:66:AC:FA:05:27:9F:A2:A3:13:68:A7:1C:F9:53:63:CC:41:69","sha256":"78:40:12:EE:CD:0A:A4:7E:FE:F6:91:02:93:1E:CD:F4:2B:EE:C0:26:41:C3:AA:E5:10:66:98:6C:F7:44:2C:BC"}}},"request":{"raw":"GET /static/css/main.b481942e.css HTTP/1.1\r\nHost: driver-sgdashboard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 17 Dec 2025 18:32:48 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Fri, 16 Jan 2026 18:32:56 GMT\r\ncache-control: public, max-age=2592000\r\nage: 22609\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p9d3lDN3%2BTHxNkzJ1X6DhUmDRBJqQwFEyZza0G3alVNKTVn4mvDTajgd4SM9datQxwibpSDl%2FeLAvrh3dPh5s%2F38D%2BPd9uRFSNf%2Fh3NrfGSx5f40ls0%3D\"}]}\r\netag: W/\"6942f750-35d9\"\r\ncontent-encoding: br\r\ncf-ray: 9afaa98539f8b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13785,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13740)","md5":"a922f7d40fe2fe3864fe88dd7dc27b5a","sha1":"fc8a2f44f1862286872edaa49cf536e056dbe1b6","sha256":"e025cccea2a197867f5544fc5f767ba43721b76986148ddf06ad8e30985dcf37","sha512":"01de36281e63719a21f6c1507f491008abac85765184fdf03bea4e88b1d8b4d09d82644b9329585efb742020a5375f8db5b5a203263a870b6096e6ff197d073d","ssdeep":"192:apN9FZfEALkZv30Cm3EgPM4AL938sZ+zESFAhdaIE3tYnU/OPqexwqFZ:aPdTLkZv0Cm3E538H3tRexwqFZ","tlshash":"3e52c7216254792ef52fc57561d189893038c622ea63cb7efd366239cacb1a32773718","first_seen":"2025-12-15T23:59:15.940849Z","last_seen":"2025-12-23T04:39:03.302054Z","times_seen":266,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]}},{"url":{"schema":"https","addr":"driver-sgdashboard.com/logo192.png","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:45.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driver-sgdashboard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 17:27:48 GMT","end":"Tue, 17 Mar 2026 18:18:30 GMT"},"fingerprint":{"sha1":"1B:C2:66:AC:FA:05:27:9F:A2:A3:13:68:A7:1C:F9:53:63:CC:41:69","sha256":"78:40:12:EE:CD:0A:A4:7E:FE:F6:91:02:93:1E:CD:F4:2B:EE:C0:26:41:C3:AA:E5:10:66:98:6C:F7:44:2C:BC"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: driver-sgdashboard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncf-cache-status: BYPASS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OotsCBFskc93j4KxJezDU3zBVF9AdAyJixpurTeibl%2Fa2CvG7KZn3Vai7uekjp%2BJivFwMHQZ3M5YSSCB2jnzy7CMi358I0DU65beVJK4aS5rAhxlpS4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9afaa985ba7db1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1d1ed962f2c3b3101433906b6b71e395","sha1":"323b3ebdc78e3e6f9581706771cbd61bfed318a4","sha256":"2de2499f4e5f896995ee7ebaa527a39b75f520f98e12110ec6c156a2433dbe75","sha512":"5fafbbe993daaffcadae26c8db453bf195c30dea475dccdfa89166f58bb900004a81e21ca42ce1c61f8a8c85587b4d934a953082a1fb1a5256eb9502fcc92883","ssdeep":"","tlshash":"d6c08c67351e3c0ce7a322b422c36aa0d08bd3b088da1a10c640025331c31278ac7315","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-11T21:57:32.35973Z","times_seen":1864,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]}},{"url":{"schema":"https","addr":"driver-sgdashboard.com/favicon.ico","fqdn":"driver-sgdashboard.com","domain":"driver-sgdashboard.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:45.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driver-sgdashboard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 17:27:48 GMT","end":"Tue, 17 Mar 2026 18:18:30 GMT"},"fingerprint":{"sha1":"1B:C2:66:AC:FA:05:27:9F:A2:A3:13:68:A7:1C:F9:53:63:CC:41:69","sha256":"78:40:12:EE:CD:0A:A4:7E:FE:F6:91:02:93:1E:CD:F4:2B:EE:C0:26:41:C3:AA:E5:10:66:98:6C:F7:44:2C:BC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: driver-sgdashboard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Thu, 18 Dec 2025 00:49:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OeS5f49ZUb1r6Ms9Ton2%2BifCaQ1v2wDbzDpVHmKoHSbDZdrAPT9Eud3wZh1O9GmYN1C8UR%2FprdHAfbeeFCbgZTq5%2FwZY1TvuKRQBkTXN2naunugWgAI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9afaa985ba7fb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-12T12:22:18.497656Z","times_seen":20088,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"driver-sgdashboard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PoisonSeed Phishing kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","poisonseed"],"meta":null}]}},{"url":{"schema":"https","addr":"sgmanagementportal.com/api/check-email","fqdn":"sgmanagementportal.com","domain":"sgmanagementportal.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:45.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgmanagementportal.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 19:49:30 GMT","end":"Tue, 17 Mar 2026 20:41:14 GMT"},"fingerprint":{"sha1":"38:45:CB:D4:D8:C4:26:27:70:0D:A5:61:75:B9:F5:4B:69:71:A7:A5","sha256":"24:59:7C:C5:43:E7:2B:B2:E4:B1:76:00:10:15:60:21:8C:B3:53:92:BA:F5:98:E5:C1:2B:EB:E6:B0:50:86:D2"}}},"request":{"raw":"OPTIONS /api/check-email HTTP/1.1\r\nHost: sgmanagementportal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://driver-sgdashboard.com/\r\nOrigin: https://driver-sgdashboard.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 18 Dec 2025 00:49:46 GMT\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nvary: Access-Control-Request-Headers\r\naccess-control-allow-headers: content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zx4pg8oDSCkA1OucDKrqpoXu1lacwzbitTrizP8EHrk9ly%2B%2BD94ruzUl9%2FvOz%2B8%2BVQD6%2B5hfGGJdSPieb2e2dZnM3DqpWR7EA9v4RJxRzrZAlCnheog%3D\"}]}\r\ncf-ray: 9afaa986282a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":44,"dns":27,"connect":1,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ihroma.acemlnc.com/lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz","fqdn":"ihroma.acemlnc.com","domain":"acemlnc.com","tld":"com"},"ip":{"addr":"54.225.69.136","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T00:49:44.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"acemlna.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 12 Nov 2025 00:00:00 GMT","end":"Thu, 10 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"ED:5D:2F:B4:CD:27:CB:15:2F:B1:97:10:CD:EC:49:98:1B:81:22:C8","sha256":"2B:F1:78:81:C9:E6:04:9D:5D:B1:43:33:E4:73:9E:E6:05:99:A8:D3:64:30:4D:4F:8B:08:C7:73:1B:C1:C6:41"}}},"request":{"raw":"GET /lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz HTTP/1.1\r\nHost: ihroma.acemlnc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ncache-control: public, max-age=2628000\r\nlocation: https://ihroma.activehosted.com/lt.php?x=4lZy~GDLKabM5KGrzQA4guBt2K-gj_Yilxc3X8Y3IqXK7pR__Ey7x.hy230Rzk~w_x6uYHXMMnia5Y3Ay.xHVOhz\r\ndate: Thu, 18 Dec 2025 00:49:44 GMT\r\ncontent-length: 0\r\nx-envoy-upstream-service-time: 1\r\nserver: istio-envoy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":630,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T13:55:58.474524Z","times_seen":13664276,"resource_available":true,"data":null}},"time_used":1335,"timings":{"blocked":615,"dns":51,"connect":95,"send":0,"wait":97,"receive":0,"ssl":474},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sgmanagementportal.com/api/check-email","fqdn":"sgmanagementportal.com","domain":"sgmanagementportal.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://driver-sgdashboard.com/?email=gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh+6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf+Z+lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN+RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==","date":"2025-12-18T00:49:46.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgmanagementportal.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 19:49:30 GMT","end":"Tue, 17 Mar 2026 20:41:14 GMT"},"fingerprint":{"sha1":"38:45:CB:D4:D8:C4:26:27:70:0D:A5:61:75:B9:F5:4B:69:71:A7:A5","sha256":"24:59:7C:C5:43:E7:2B:B2:E4:B1:76:00:10:15:60:21:8C:B3:53:92:BA:F5:98:E5:C1:2B:EB:E6:B0:50:86:D2"}}},"request":{"raw":"POST /api/check-email HTTP/1.1\r\nHost: sgmanagementportal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 365\r\nOrigin: https://driver-sgdashboard.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://driver-sgdashboard.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":365,"data":"{\"encryptedEmail\":\"gTDoIHGPEwmBvl1duPP102aJZOo5rtWqiUkvROw0KuFXHI0kdAgdDONylKbzY/A6tVj1fvPbO8ewsAZn9XGd3qkzrnovuGqfvtwUHhiXPGh 6a7to4JxhMPzBTK7z8ew3x1cvgFpd2swf Z lGMLDA/jBs0okJ9D/ajIV/rk0Q7L9/gdWce3gtfBQpt7VDQYqx1Sd0kBCV3FqKjdex8txulO4zy5hHw016ZOejivN RafOEifUSGseXHFNnOM2m64i/i4ViYCeP5/b1cfVoolaurUzTZfeKMJfKv20HNtzSeCFwifRlGd56oOV/TEn2IpNx2DNzrIee18py0b5vUBA==\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 00:49:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\netag: W/\"1d-ajGG6nPu0Fg4eGJ1gktsw82LJd0\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3AywTHXKhjvWzzxw8TVb3RA8iYGFvDBmvSvpMgEit0JbedB8PUXnAjqKBY8HpFOe2UvbhdTiHrA%2FdDsjz4TcFfBWdKXCs%2FNrVaY4SMkIPjheytL%2FxEQ%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9afaa98698b81525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":29,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c769ed07a6248e19b69abad3d6024efb","sha1":"6a3186ea73eed05838786275824b6cc3cd8b25dd","sha256":"1aa9ba7cd3843882cfa388e92424c114524a3bcecd93eb7d4bd769a410589fc4","sha512":"e34b34150702f21e049bc7a4ad52cbbc901f8d1a191ec5ef6f314821df36bffbdeb4881c0e6e668a3ae4f2c830657dfb79a0f28fae64cef18f1a67c5db980a35","ssdeep":"","tlshash":"92800002002008aec88000c003c8ab0308a82833e2222008e0b8008028fba830200003","first_seen":"2025-04-26T04:13:16.600633Z","last_seen":"2026-04-05T22:23:57.980438Z","times_seen":2900,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}