{"report_id":"7309a6ee-ff5d-4e05-bd74-0c688de8048b","version":0,"status":"done","tags":["suspicious"],"date":"2026-06-28T12:41:31Z","url":{"schema":"https","addr":"beautybenefitscard.com/","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"172.67.201.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"beautybenefitscard.com/","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"title":"Sephora Middle East Rewards Card — Exclusive Beauty Benefits","dom":{"size":22152,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14199)","md5":"6f9b0ea7170cda70a1b1a0f5a5cf27bd","sha1":"5ec156e99bc010f2994f0afcf0ee82c991025ab9","sha256":"86622bb9ac1fdd90a9d917e576b2e70629275be4e8e22defeb3e3848565ddf6d","sha512":"870956dedcf39b7c8b62ee68c1833be025df43561e31b83f0cd4685dadd3b097548e5e34f2bb1dc0148f4cde093ec8ae415ed60526c11c7d957984853af6ae79","ssdeep":"192:4Q1fGtTTQBsDofbjK9M1Lyg191L1uz1PhqR/iAwCwWJEm+irIB:1CTQzbeiVyg1LczBpCjJNIB","tlshash":"2aa23144a8505e7a2d536ea246cceb1cc12bd1c389eb1a9d7edf014e0bc6bd90f76346","dom_hash":"domhash5e2410fc551c38c959981c8b640f2181","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"beautybenefitscard.com/","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"172.67.201.105","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-02T12:41:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-28","alert":"Detects file containing Telegram Bot API","trigger":"beautybenefitscard.com/static/js/main.d95e8acb.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"rezervtemka.cc","ip":{"addr":"172.67.159.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-02","domain_rank":0,"first_seen":"2025-12-15T12:38:06.57368Z","last_seen":"2026-06-28T11:09:56.20996Z","alert_count":0,"request_count":1,"received_data":811,"sent_data":586,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"beautybenefitscard.com","ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":22,"request_count":10,"received_data":2436125,"sent_data":5102,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"beautybenefitscard.com/static/js/main.d95e8acb.js","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f8ad2a18f16b9dfe1bbb1e0c27165cfd","sha1":"9d4852a485ab1944cac433f8e86e335a89378763","sha256":"a43863fb0ef160fbbc6a6373da170708b8250fdaaceab0fc63e52029f573ccb8","sha512":"cc0fadaa330eab9194bb853d192aaf1dd555f59da624c9834dd262671bbbcec6d7adb2a68ca21b691849f0981c71afcd54c95be8cb5d9a6b24053a10004a654d","ssdeep":"12288:aHO15sS+bBA7xeRH6F2ygHAr8lq0sEc1Yvd:dhGdH6yHAraNjc1Y1","tlshash":"b6c45c887251f5a5baa700e2547f4509f33e1a0eb80dc8b4b169fcca686454972b7ffc","size":589211,"data":"","first_seen":"2026-06-28T12:41:37.40688Z","last_seen":"2026-06-28T12:41:52.901916Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-28","alert":"Detects file containing Telegram Bot API","trigger":"beautybenefitscard.com/static/js/main.d95e8acb.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"Generated new UUID:6934055028367088","filename":"https://beautybenefitscard.com/static/js/main.d95e8acb.js","line_number":2,"column_number":361960},{"level":"log","text":"Connected to WebSocket server","filename":"https://beautybenefitscard.com/static/js/main.d95e8acb.js","line_number":2,"column_number":362062}]},"http":[{"url":{"schema":"wss","addr":"wss://rezervtemka.cc/","fqdn":"rezervtemka.cc","domain":"rezervtemka.cc","tld":"cc"},"ip":{"addr":"172.67.159.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.736Z","timestamp":1782650467736,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rezervtemka.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 01:02:50 GMT","end":"Thu, 27 Aug 2026 01:54:41 GMT"},"fingerprint":{"sha1":"84:1B:86:D4:E9:95:D8:3D:3E:C5:E8:58:17:7C:B9:8C:9C:44:42:7A","sha256":"CD:4A:F5:19:CA:93:0A:5B:32:16:6F:17:3D:77:D2:2F:E1:39:03:65:D2:EB:9B:ED:19:2C:73:A4:F7:5A:5A:88"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rezervtemka.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://beautybenefitscard.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: gaTHR0RQ06x8YdT42VOLsw==\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Sun, 28 Jun 2026 12:41:07 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: 1UZbEjBdTRJo1epbzc9Jw+/qxTc=\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Re75qhJDAwJxV77vmPAnyyTt%2Bg0bxT2f%2B9N7RfVWMNtOyTgM9UToBkY4wytObNJKPIiXFTOrUrHEbj3wpET4wYlWzXL5DekEAWZh4IfL3M5ENgEtUe23q4PE0WMJi%2BZslA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a12cc38f888923eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1118\u0026min_rtt=1099\u0026rtt_var=451\u0026sent=5\u0026recv=6\u0026lost=0\u0026retrans=0\u0026sent_bytes=3194\u0026recv_bytes=1325\u0026delivery_rate=2980891\u0026cwnd=53\u0026unsent_bytes=0\u0026cid=4da879aa374ee02d\u0026ts=71\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":811,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T10:32:18.27582Z","times_seen":16822995,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":21,"connect":18,"send":0,"wait":66,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/favicon.png","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.788Z","timestamp":1782650467788,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 26 Jun 2026 11:13:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ede-3610\"\r\nexpires: Tue, 28 Jul 2026 12:41:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VgZchzYfQ%2F0PSnXPf%2B48kR2FdxueiFRhTQlfTxAKnt%2BbWz8vt98we6feg9xmMf4y6CSagYlbakKFKP9%2BmVuyM3VkizgAbJlqJaOlhDIiNREwBYICbbWfXz4GzE3rJBysHp4JrO%2BPcwfL\"}]}\r\ncf-ray: a12cc38face94c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13840,"size_decoded":13834,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"0b1dd24468f57d58196fa8b603478f51","sha1":"8992929e2276ac0760cf72b7f562bfd135a2a812","sha256":"94028f2e92a68d68b583e9de50e3c4e23208b6ece0ddeb925ab8127eca1ca4ff","sha512":"6e0e566020877c44d115b09a3a647f0012541861bbb21a23dacfa052532e7c9562cfe35353899a19db51a06f7d43bae7d89d5cc8f3b1ad3f0877aa60609dd741","ssdeep":"384:YDeYVV4KDlUbs39KAvBd0GFMFRfQJbeCtVD4:zENDll39KKvqPEl4","tlshash":"d952d08a4b84d61d5ed1829cb3f748d4eb36b9b3dc8a5fe040a2604101162a6ca691fd","first_seen":"2026-06-28T12:41:37.395376Z","last_seen":"2026-06-28T12:41:52.908315Z","times_seen":2,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/static/css/main.7a6b000e.css","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.038Z","timestamp":1782650467038,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /static/css/main.7a6b000e.css HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 26 Jun 2026 11:13:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ed8-b9f1\"\r\nexpires: Mon, 29 Jun 2026 00:41:07 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BRsdS03tfC5G1gYhGHZdbH9xvU1zXxUXRn5YfWC5KGR0R%2Fmee9Ryoe0JYvloa%2F%2B2GEsfoiXec%2BmhxMqOEKMHnLTChuLYId3AQB0MLxPHDha%2F20poRqxFwzYEBu%2FyALaOjHaFfwmnvbMr\"}]}\r\ncf-ray: a12cc38afc1e4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47601,"size_decoded":9847,"mime_type":"text/css","magic":"ASCII text, with very long lines (47339)","md5":"6ee10487a842d0f74e2852717643b45c","sha1":"d4ef50f345f5ab394f33b8976d1fd1f4c03e324b","sha256":"716acdf7f8a2abb88e0be26ff7ea0dc84a16ad6bb738920ce7bd1fad22b09430","sha512":"b9c91793727152165b107d2f642d03d252f14ca21acd8d65b5cdb522edd346b16bf9dd0d1429c239c4807c9efacbee3612213bc52737c015c27a862f14797d06","ssdeep":"384:1tFLPsi2nPUdSxH/9NN01MwhwHhAbBj3b6gK:LFLPx8PUd+NN01MwhwHkrg","tlshash":"8c237308aa51193a7c5398f6d6dcea5cd11ab4c1debb26df7dcb500887c27e70ea3604","first_seen":"2026-06-28T12:41:37.396563Z","last_seen":"2026-06-28T12:41:52.905913Z","times_seen":2,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/fazaa/black.png","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.343Z","timestamp":1782650467343,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /fazaa/black.png HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 26 Jun 2026 11:13:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ed6-3176d\"\r\nexpires: Tue, 28 Jul 2026 12:41:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5L%2BhzGMEiq29fdEtLV7QMdAkbPrEx2QGapM%2Bjn659G5bMRuJDPX20KzqxeZW8n6J9%2FC2mduk7T03K7OeCrjglYq4EyI7qb%2Fv0oiwiRg8BXH%2FKyZLr0XNH5sLdpc2My7WD5FGY3uKjJzF\"}]}\r\ncf-ray: a12cc38d0c854c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":202605,"size_decoded":203154,"mime_type":"image/png","magic":"PNG image data, 885 x 557, 8-bit/color RGBA, non-interlaced","md5":"1d0754fc3cb6be78346d7d9a97f6fa82","sha1":"3a1669315308593d7eeacd070c4f08e8cf8c33ba","sha256":"7cf80cd7f79a0a2c3bbec4101cb3d5e5e1ed0afcdf29627f9be7f2c122177342","sha512":"29ad82a0c1ad3026f4bbd42b665c545b1907fda9907a1bdb460c7ba38a9714295ef093d82840641e52ed0b16cab80c05edd22a79d0ff473e643b9734dcfd62e1","ssdeep":"3072:2KtoAi+bzS6kDU6YbbO0VABaUPuBVAKyJ9WqsKnkqL+qvxR++6BKN+cksEONG9xg:2QoAFbz7kgK0WP4Ars8dzvr6wNDXaxUB","tlshash":"bd1422b17e39f351fd368554225a20a843f9285187cbce26a7fc3e91c08ace1d119eb9","first_seen":"2026-06-28T12:41:37.397782Z","last_seen":"2026-06-28T12:41:52.914765Z","times_seen":2,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/creo.png","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.351Z","timestamp":1782650467351,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /creo.png HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 26 Jun 2026 11:13:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5edd-16dd53\"\r\nexpires: Tue, 28 Jul 2026 12:41:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oc19miZ4NJvIpbl%2BkzLDmJKYBY0QihbmXnBwAYq4iXwEIY6aJLpG9vApLQtUawx8wofJ0QJONwJJBWjjtJgTIHvC%2BxrjCd6wUp9Ykf5A8A1HvPssKe13adFpuVAWJhikGobf%2FHtvU%2F40\"}]}\r\ncf-ray: a12cc38d0c874c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1498451,"size_decoded":1499674,"mime_type":"image/png","magic":"PNG image data, 1882 x 836, 8-bit/color RGBA, non-interlaced","md5":"eca8c3b69f042e6abacb2dc2608316e2","sha1":"87ccae9877f56a6743a9cd81f24ee112ee77e216","sha256":"21c03a7c80a80d88957c0a37e16a3aa47ef0028d583651485c555048a8e96bd4","sha512":"7b1509b160fcd12d1383546c640537b1ec650bcb1b678d3be78c1cb45a22517358862c2f019f58a45272f75d9483face5bbe29b99b3feb99b6cbb28967f7ffaa","ssdeep":"24576:hiI8Vvh6008cSscUjMY8k+PnggWDpngHtQ:hH8KtZrM7k+PnggWDpz","tlshash":"452533842b3b9f18d69cd06f04a46bb35378a0f25fb26614c03ed6b595e81ffa681734","first_seen":"2026-06-28T12:41:37.399185Z","last_seen":"2026-06-28T12:41:52.909326Z","times_seen":2,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":316,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/f4.svg","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.354Z","timestamp":1782650467354,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /f4.svg HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 26 Jun 2026 11:13:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5edd-329b\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6GfEbYdFfJGh0zYIWrLfcfl9nV5SsF60qFgjgmVE9XMvU7AMuMhXfmiFkm3LX1edzYOu5au8%2FqR6Nh4KkW5tR7fd3pSk3on9OYNFQ9rMS5gLNqwz1FWvOyyx2GoqtA7mk7pN%2BqDdnja5\"}]}\r\ncf-ray: a12cc38d1c884c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12955,"size_decoded":5803,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"49f2ba822c38198416ece6ff7029f322","sha1":"2c6d79bc7292347b963375c2b0633b1ba07391fc","sha256":"b82affff84599a0085bf78b687f166bbe616acb77a0e8be05e2b451b37d32f7d","sha512":"514ee5a7ca8f22e6b3bf0439b385e3bc1a7fffde88bbb72a592382c4e1db6c07c4ff7c5d34204700bf06a94cb0995c0ffa9142acc2adfcdb84dce83447cebd39","ssdeep":"192:aukGiUUTUXC8pH7xklBHRluMFX9TZ2ZrmNI1YOc5l+e7cyqWYRNZARceNdAXerI:x/fM8nQdJFNTZ2dmNV5lt4tWsQRcOzrI","tlshash":"1642d7f5ab7062e0e848e7a6b6254138795f78fb7fd5c288c355ad64bc521ad8c4ccc0","first_seen":"2025-07-14T01:40:28.338986Z","last_seen":"2026-06-28T15:35:09.705585Z","times_seen":48,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/logo192.png","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.786Z","timestamp":1782650467786,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 26 Jun 2026 11:13:23 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ed3-14e3\"\r\nexpires: Tue, 28 Jul 2026 12:41:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T8sizoSF9KV5CCVZqtbsmgxkZgwElPv8EYnAxEH8Is5mJjk9zsUuKPg94O2jA%2FZCpGpbh0FUMCMCjgB6jiAcxAgqgorDrSApgjIK0o7pvZKsXbQ7w0JGHZL97FhXeqiHHZ5M1pB9Taqk\"}]}\r\ncf-ray: a12cc38face84c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5347,"size_decoded":6080,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"33dbdd0177549353eeeb785d02c294af","sha1":"7f4f2d68782a7fafceda84554ecab9b489877500","sha256":"c386396ec70db3608075b5fbfaac4ab1ccaa86ba05a68ab393ec551eb66c3e00","sha512":"e34572cf754ff7e1d0acb12d8275252230ad1dd9adc5858e807fef0fb61aea82cb1f9ca3ebab3eeb449460373140105f8d773e7bddbf6745f9e81cc1546621f4","ssdeep":"96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv","tlshash":"deb18e4e37e13c238137de00aa8ee5ddff52c6ff81226144e24933e9243839d9591916","first_seen":"2023-04-21T11:39:01Z","last_seen":"2026-06-29T08:14:11.307438Z","times_seen":11048,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T12:41:06.654Z","timestamp":1782650466654,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:06 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 26 Jun 2026 11:13:34 GMT\r\ncontent-encoding: zstd\r\npriority: u=0,i\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nBjCD0XtO6151nNJL%2Blum4HKNhcKolEEjcOPObR9Esda6jwpkZWvcxSyVh7oUaNPr%2BnX%2FdVwz7%2FfiLoRXFzqokYce7Q7hzLlFe1szH6hfOmnzO2ElSIO7nOW%2FWspwuhcZLYNpFrxoqNT\"}]}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a12cc388dbd44c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1869,"size_decoded":1452,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1863), with no line terminators","md5":"0da37e46747b114ac65d068e9d4b8880","sha1":"fcff568c5909fc0b7856551b670b2f92bbc89d1b","sha256":"23e837d67f1610e0df1afc53ed07ebfb88de459cd453fa665d22859e5199ac4c","sha512":"0c337455ea7c39fae87c56102e608b68ab5ce4070bcc5efc58b95606357db8a9fbba8dfd4ef255e929c4401739936cee803f97857910778a320c417db4b10a4d","ssdeep":"","tlshash":"c13125138c20d4ba57b5a2314e437058d769e50a92b4ec28fd8936df4dcff9a8477910","first_seen":"2026-06-28T12:41:37.405865Z","last_seen":"2026-06-28T12:41:52.899805Z","times_seen":2,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":16,"connect":21,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/static/js/main.d95e8acb.js","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.036Z","timestamp":1782650467036,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /static/js/main.d95e8acb.js HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 26 Jun 2026 11:13:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ed8-8fd9b\"\r\nexpires: Mon, 29 Jun 2026 00:41:07 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sH4TIMfdIwrd%2FeWyC3HueARnegWn1%2FBihy9FKs2jdfeyoMPgcZonTgL6iwY4B9sKSJLFbUZNiLeWmWxdVlEP9ZT%2F73A4Xn%2FYMd%2B5juQW%2FyqD3nceIZQNuS8orgnaa5SY7hDTA%2Fa7Sz4i\"}]}\r\ncf-ray: a12cc38afc1c4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":589211,"size_decoded":187816,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"f8ad2a18f16b9dfe1bbb1e0c27165cfd","sha1":"9d4852a485ab1944cac433f8e86e335a89378763","sha256":"a43863fb0ef160fbbc6a6373da170708b8250fdaaceab0fc63e52029f573ccb8","sha512":"cc0fadaa330eab9194bb853d192aaf1dd555f59da624c9834dd262671bbbcec6d7adb2a68ca21b691849f0981c71afcd54c95be8cb5d9a6b24053a10004a654d","ssdeep":"12288:aHO15sS+bBA7xeRH6F2ygHAr8lq0sEc1Yvd:dhGdH6yHAraNjc1Y1","tlshash":"b6c45c887251f5a5baa700e2547f4509f33e1a0eb80dc8b4b169fcca686454972b7ffc","first_seen":"2026-06-28T12:41:37.40688Z","last_seen":"2026-06-28T12:41:52.901916Z","times_seen":2,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-28","alert":"Detects file containing Telegram Bot API","trigger":"beautybenefitscard.com/static/js/main.d95e8acb.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"beautybenefitscard.com/logo2.png","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.347Z","timestamp":1782650467347,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /logo2.png HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 26 Jun 2026 11:13:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nvary: Accept-Encoding\r\netag: W/\"6a3e5ede-3610\"\r\nexpires: Tue, 28 Jul 2026 12:41:07 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lK4nSZ77w2%2Bjt9O0giLi8hAgZo2fsJq5RiC1t12vXKB5CSmNmguDc74lqQGEzruNm7pVZbuWSt%2ByYIIwlHyECgFL15%2FSeO2JPrmy8F2pl6L5tXAqGt0Gd6b63xwEjbL4GrdaJVjFSs41\"}]}\r\ncf-ray: a12cc38d0c864c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13840,"size_decoded":13827,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"0b1dd24468f57d58196fa8b603478f51","sha1":"8992929e2276ac0760cf72b7f562bfd135a2a812","sha256":"94028f2e92a68d68b583e9de50e3c4e23208b6ece0ddeb925ab8127eca1ca4ff","sha512":"6e0e566020877c44d115b09a3a647f0012541861bbb21a23dacfa052532e7c9562cfe35353899a19db51a06f7d43bae7d89d5cc8f3b1ad3f0877aa60609dd741","ssdeep":"384:YDeYVV4KDlUbs39KAvBd0GFMFRfQJbeCtVD4:zENDll39KKvqPEl4","tlshash":"d952d08a4b84d61d5ed1829cb3f748d4eb36b9b3dc8a5fe040a2604101162a6ca691fd","first_seen":"2026-06-28T12:41:37.395376Z","last_seen":"2026-06-28T12:41:52.908315Z","times_seen":2,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"beautybenefitscard.com/static/media/good.2d3d80805a94acef66b0.woff2","fqdn":"beautybenefitscard.com","domain":"beautybenefitscard.com","tld":"com"},"ip":{"addr":"104.21.21.236","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://beautybenefitscard.com/","date":"2026-06-28T12:41:07.420Z","timestamp":1782650467420,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beautybenefitscard.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Jun 2026 13:13:18 GMT","end":"Wed, 23 Sep 2026 14:11:53 GMT"},"fingerprint":{"sha1":"28:1C:D8:B3:A4:85:BA:C4:01:64:3A:26:62:8E:8C:1E:16:0F:8F:70","sha256":"D8:3B:AB:41:50:53:49:10:2F:0D:BC:7A:63:45:F3:C4:D9:51:29:EA:EB:CF:F7:BA:D6:38:D8:79:05:1B:CD:D5"}}},"request":{"raw":"GET /static/media/good.2d3d80805a94acef66b0.woff2 HTTP/1.1\r\nHost: beautybenefitscard.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://beautybenefitscard.com/static/css/main.7a6b000e.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 28 Jun 2026 12:41:07 GMT\r\ncontent-type: font/woff2\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Jun 2026 11:13:29 GMT\r\npriority: u=3,i=?0\r\netag: \"6a3e5ed9-a870\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=st%2FlSqdblHG3cRIh8qCHCAsEzkLUsRsjBYJPDW98H9gDLPwbLERznTbdjRfNyxHgfSrhG04SbuT9VzenSrE6NdPVGchepPzZ4rxhB0Eo7N7pc15Y%2BJv3pJN5%2B%2BZvc9JRsHGOEo0jdgx2\"}]}\r\ncontent-length: 43120\r\ncf-ray: a12cc38d6c904c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43120,"size_decoded":43821,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43120, version 1.0","md5":"5032e93bbe3d120bece5d4d3309d3b8b","sha1":"15853fbdbf4948541a3356d9f874628d127f805c","sha256":"10f1a0ef3f3497901c1c3e9987d0cb97d092a6ce1ff45669a1aed503cf67e6ef","sha512":"daed69c64a41bacb33d23615156b57f994791b007d5b2e2a7a61abc1bf9f24b12e07c96fe82ceb9ebb680436c68b37e59883bbcb4ce3205362c134af590d9c6a","ssdeep":"768:83gClYq8YvIm/HUlL2QIwph9odr06lstg3u7uWqrGcL4MnOdV/F:O5b7MlL209od4qsm3uqWXcadVd","tlshash":"d513f259d60ca8c9f380fdaccd0717935e1ff5c3c9361122db59586c2b6932079ae9c9","first_seen":"2025-06-01T09:45:38.770498Z","last_seen":"2026-06-29T06:12:59.411187Z","times_seen":2349,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"beautybenefitscard.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"beautybenefitscard.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}