{"report_id":"8757127a-db1e-4531-9e33-a9d059025bc7","version":6,"status":"done","tags":["suspicious","phishing","tycoon","aitm"],"date":"2026-06-03T12:31:49Z","url":{"schema":"http","addr":"165.245.161.242:3000/","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"165.245.161.242:3000/","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"title":"Ghost C2 | Enterprise Platform","dom":{"size":3118,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1832)","md5":"a2ea1e378079e1b0f360ed7b0049cd4f","sha1":"1cf43917496784c88d440d8e76329f7c164a5552","sha256":"f98302e8ad41fc39e0cdfe89bc44d2c4adda003ad02a4f04b648899140b73236","sha512":"66f58c1e7914f80d0fa21c23e904bb80d706a1bd231e1935e9081b51d6c8a797b54560cc10e5240329c8c77e777d6f6d2406fe03ca0ed28f4cb87bda47a632e1","ssdeep":"","tlshash":"315142526420943fc2230ad47490db6d69e9f20fc7264da8f3be936da7c3ca29cd5d50","dom_hash":"domhash8943ad558251a588efa874f1366b84fd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"165.245.161.242:3000/","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-08T12:31:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"summary":[{"fqdn":"165.245.161.242","ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":5,"request_count":4,"received_data":946253,"sent_data":1381,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"res-1.cdn.office.net","ip":{"addr":"23.36.76.210","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"1994-11-14","domain_rank":990,"first_seen":"2020-12-08T13:32:22Z","last_seen":"2026-05-29T12:14:54.658149Z","alert_count":0,"request_count":3,"received_data":104701,"sent_data":1648,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"165.245.161.242:3000/assets/index-3hY90i6T.js","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"40dc87dc69ac0de00a3783320965bc0f","sha1":"d32cfbd1ef941c9ed1ae4e976dec8057a727a9dc","sha256":"d28f59ce87509df4196ab0c4abd86de61879508f18e7dd82d09d6ea40a554f49","sha512":"ad4dde018fe8acf9547c151c4b7d8a3c41ccf7612dd475561542bd7204ef70eb4cee3c66ce5e21b0584b3ee7ca490f2007a188ec24831d0e85b40ad09e6ea1f5","ssdeep":"24576:YgEYFQTMjh5RRRkJSe3JSsJ8yLd9JKaY8koQ:VEYFQTMjh5RRRkJSe3JD8yLd9JKaY8kT","tlshash":"e1156c98b155757daba745e9903f0007b33e3908e80d8864f13ed8de2bb8549b127fb9","size":911279,"data":"","first_seen":"2026-06-03T12:30:05.474186Z","last_seen":"2026-06-03T12:31:54.638244Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"165.245.161.242:3000/assets/index-3hY90i6T.js","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:28.100Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/index-3hY90i6T.js HTTP/1.1\r\nHost: 165.245.161.242:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=31536000\r\nLast-Modified: Wed, 27 May 2026 12:12:21 GMT\r\nETag: W/\"de7af-19e69599c9b\"\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 911279\r\nDate: Wed, 03 Jun 2026 12:31:28 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":911279,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (37534)","md5":"40dc87dc69ac0de00a3783320965bc0f","sha1":"d32cfbd1ef941c9ed1ae4e976dec8057a727a9dc","sha256":"d28f59ce87509df4196ab0c4abd86de61879508f18e7dd82d09d6ea40a554f49","sha512":"ad4dde018fe8acf9547c151c4b7d8a3c41ccf7612dd475561542bd7204ef70eb4cee3c66ce5e21b0584b3ee7ca490f2007a188ec24831d0e85b40ad09e6ea1f5","ssdeep":"24576:YgEYFQTMjh5RRRkJSe3JSsJ8yLd9JKaY8koQ:VEYFQTMjh5RRRkJSe3JD8yLd9JKaY8kT","tlshash":"e1156c98b155757daba745e9903f0007b33e3908e80d8864f13ed8de2bb8549b127fb9","first_seen":"2026-06-03T12:30:05.474186Z","last_seen":"2026-06-03T12:31:54.638244Z","times_seen":2,"resource_available":true,"data":null}},"time_used":720,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":605,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"http","addr":"165.245.161.242:3000/assets/index-D5Ny49O8.css","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:28.102Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /assets/index-D5Ny49O8.css HTTP/1.1\r\nHost: 165.245.161.242:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=31536000\r\nLast-Modified: Wed, 27 May 2026 12:12:21 GMT\r\nETag: W/\"796c-19e69599c98\"\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 31084\r\nDate: Wed, 03 Jun 2026 12:31:28 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31084,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (31083)","md5":"21a02225910942f5d59e36c7cc898fbc","sha1":"95f23eea10ec735044bb1d1323d674f1cd0f5418","sha256":"7d4b5a5e04e503171fe61c2e3ee53da98a81c2fd29c8d869eed1d2e9d2aa5423","sha512":"6cf2fec2ce990f893d7841a242564556b986eb0f441c3dd441e5900613d0f5c033f394b7285aad5640f117992918b3a629cf8eb0e21e03be3b73b021d70be2ab","ssdeep":"384:kZh9UxJhm5waRWh2fOnn52exFjrc5IiNE/y/hr9em:w9kJhm5waRWh2fOnn52Br9em","tlshash":"67d2332dab15043b3c6780f5d1e8fa99f25a75c1df2a9aedbc92122097c23f35d93604","first_seen":"2026-06-03T12:30:05.473222Z","last_seen":"2026-06-03T12:31:54.639196Z","times_seen":2,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":109,"dns":0,"connect":113,"send":0,"wait":113,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-bold.woff2","fqdn":"res-1.cdn.office.net","domain":"office.net","tld":"net"},"ip":{"addr":"23.36.76.210","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:29.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.public.cdn.office.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Mon, 11 May 2026 00:24:36 GMT","end":"Wed, 25 Nov 2026 00:24:36 GMT"},"fingerprint":{"sha1":"C2:60:C5:21:14:BE:DC:39:AB:31:57:C3:75:5C:85:F3:66:08:A3:C4","sha256":"14:E3:1B:C5:2C:FC:72:82:F5:9D:D6:FC:DA:65:B0:E6:A3:60:61:1C:B2:A1:F3:C2:08:E4:EC:05:6A:5D:DB:B8"}}},"request":{"raw":"GET /files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-bold.woff2 HTTP/1.1\r\nHost: res-1.cdn.office.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://165.245.161.242:3000\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 32964\r\ncontent-type: font/woff2\r\nlast-modified: Tue, 15 Aug 2023 21:20:28 GMT\r\nx-ms-request-id: 256f18b9-201e-0024-6554-610937000000\r\ncache-control: public, max-age=630720000\r\ndate: Wed, 03 Jun 2026 12:31:29 GMT\r\nalt-svc: h3=\":443\"; ma=93600,h3-29=\":443\"; ma=93600\r\nakamai-request-bc: [a=23.36.76.110,b=928623021,c=g,n=NO__OSLO,o=20940]\r\nak-network: FF\r\nreport-to: {\"group\":\"NelM365CDNUpload1\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide\u0026DestinationEndpoint=OSLO\u0026ASN=20940\u0026Country=NO\u0026Region=\u0026RequestIdentifier=0.6e4c2417.1780489889.3759a9ad\u0026TotalRTCDNTime=0\u0026CompressionType=\u0026FileSize=32964\"}],\"include_subdomains \":true}\r\nnel: {\"report_to\":\"NelM365CDNUpload1\",\"max_age\":604800,\"include_subdomains\":true,\"failure_fraction\":1.0,\"success_fraction\":0.01}\r\nserver-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0\r\nakamai-cache-status: Hit from child\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-cdn-provider: Akamai\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32964,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32964, version 0.0","md5":"2c47175b890a2788244dbbb04fd15810","sha1":"3e7a905849a1f7456361448b560e91c622980db4","sha256":"c599144a6ee494d56d4622e7cc57873a3ba7b3413e525f3e3b4aa7d8298aa2ec","sha512":"15abd352af9d158a36b159e6a797544bb559f6a537fccfbbc931fc38e9ebfae859bbcb06fa58fefb3ab8e25c2a2c9a396dd9877cd909075312fb8d270da026d6","ssdeep":"768:MpavdBoA7dObHqEaNLbT2R8FGjAzpRYmo+KBXWNIJLq:MpIBrETqEYG5szpO5BXNq","tlshash":"0ce2f2f96dcc60b3afc0b77fb226375b23138d920904cd6081e928d0bdb5de82661897","first_seen":"2023-04-24T22:28:20Z","last_seen":"2026-06-11T09:23:29.300504Z","times_seen":490,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":92,"dns":56,"connect":1,"send":0,"wait":4,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2","fqdn":"res-1.cdn.office.net","domain":"office.net","tld":"net"},"ip":{"addr":"23.36.76.210","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:29.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.public.cdn.office.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Mon, 11 May 2026 00:24:36 GMT","end":"Wed, 25 Nov 2026 00:24:36 GMT"},"fingerprint":{"sha1":"C2:60:C5:21:14:BE:DC:39:AB:31:57:C3:75:5C:85:F3:66:08:A3:C4","sha256":"14:E3:1B:C5:2C:FC:72:82:F5:9D:D6:FC:DA:65:B0:E6:A3:60:61:1C:B2:A1:F3:C2:08:E4:EC:05:6A:5D:DB:B8"}}},"request":{"raw":"GET /files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-semibold.woff2 HTTP/1.1\r\nHost: res-1.cdn.office.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://165.245.161.242:3000\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 31824\r\ncontent-type: font/woff2\r\nlast-modified: Tue, 15 Aug 2023 21:20:28 GMT\r\nx-ms-request-id: 0b3a87a5-401e-0022-6554-613a88000000\r\ncache-control: public, max-age=630720000\r\ndate: Wed, 03 Jun 2026 12:31:29 GMT\r\nakamai-request-bc: [a=23.36.76.110,b=928623070,c=g,n=NO__OSLO,o=20940]\r\nak-network: FF\r\nreport-to: {\"group\":\"NelM365CDNUpload1\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide\u0026DestinationEndpoint=OSLO\u0026ASN=20940\u0026Country=NO\u0026Region=\u0026RequestIdentifier=0.6e4c2417.1780489889.3759a9de\u0026TotalRTCDNTime=0\u0026CompressionType=\u0026FileSize=31824\"}],\"include_subdomains \":true}\r\nnel: {\"report_to\":\"NelM365CDNUpload1\",\"max_age\":604800,\"include_subdomains\":true,\"failure_fraction\":1.0,\"success_fraction\":0.01}\r\nserver-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0\r\nakamai-cache-status: Hit from child\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-cdn-provider: Akamai\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31824, version 0.0","md5":"66d11e55b7a413ddf6a84e858697e7b6","sha1":"fe2693ad426bd3dc173c870ca856478c7e20d43a","sha256":"22e7ac6e00b3f7463f2c89c577877ed717686d6f219614c890317d86560c413d","sha512":"bfbcbdca48f43a15af46c69ba3fbc4e8c5e797da8b67e74f4d33252c041561098974a21ca3d9925d3385f2faefb7f6cef6ed9ed0026969ddb4668149fef588c1","ssdeep":"768:JO5bMMh7kS+OZjiWxeKLYS4pr5WEMm3PtAZF3CCiHREWX:Gl7ZTjiDKLF4VIFm3AHiXX","tlshash":"c5e2f11a1cb99626f2013f207521f6b9a68834714e0315638f17213815e6f77cfcc7e8","first_seen":"2023-04-05T17:34:10Z","last_seen":"2026-06-11T07:50:26.144517Z","times_seen":3860,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":106,"dns":55,"connect":4,"send":0,"wait":7,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2","fqdn":"res-1.cdn.office.net","domain":"office.net","tld":"net"},"ip":{"addr":"23.36.76.210","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:29.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.public.cdn.office.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 ECC CA OCSP 02","organization":"Microsoft Corporation"},"validity":{"start":"Mon, 11 May 2026 00:24:36 GMT","end":"Wed, 25 Nov 2026 00:24:36 GMT"},"fingerprint":{"sha1":"C2:60:C5:21:14:BE:DC:39:AB:31:57:C3:75:5C:85:F3:66:08:A3:C4","sha256":"14:E3:1B:C5:2C:FC:72:82:F5:9D:D6:FC:DA:65:B0:E6:A3:60:61:1C:B2:A1:F3:C2:08:E4:EC:05:6A:5D:DB:B8"}}},"request":{"raw":"GET /files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2 HTTP/1.1\r\nHost: res-1.cdn.office.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://165.245.161.242:3000\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 36344\r\ncontent-type: font/woff2\r\nlast-modified: Tue, 15 Aug 2023 21:20:29 GMT\r\nx-ms-request-id: 5fa8d819-a01e-001b-5cf1-6cbe18000000\r\ncache-control: public, max-age=630720000\r\ndate: Wed, 03 Jun 2026 12:31:29 GMT\r\nakamai-request-bc: [a=23.36.76.110,b=928623046,c=g,n=NO__OSLO,o=20940]\r\nak-network: FF\r\nreport-to: {\"group\":\"NelM365CDNUpload1\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide\u0026DestinationEndpoint=OSLO\u0026ASN=20940\u0026Country=NO\u0026Region=\u0026RequestIdentifier=0.6e4c2417.1780489889.3759a9c6\u0026TotalRTCDNTime=0\u0026CompressionType=\u0026FileSize=36344\"}],\"include_subdomains \":true}\r\nnel: {\"report_to\":\"NelM365CDNUpload1\",\"max_age\":604800,\"include_subdomains\":true,\"failure_fraction\":1.0,\"success_fraction\":0.01}\r\nserver-timing: clientrtt; dur=0, clienttt; dur=, origin; dur=0 , cdntime; dur=0\r\nakamai-cache-status: Hit from child\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-cdn-provider: Akamai\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36344, version 0.0","md5":"865f1db6545fc94a2f4444dd60e7bbc6","sha1":"b00d806dd42101881ab94e1c96f8235b74f6ab7f","sha256":"94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49","sha512":"2d99c33c5ce99de13a3946ba6d0bc30f99f20e012d456ecfa3f1200bd65e4b93fbace20e802d8e96d6ce495aa242c6961df65bb07d61491fe428333cca265bbb","ssdeep":"768:r7Fm4SILMdkRcyXxXvFNq2/GMRzVNQgfkgjDIKZfDSV5:dm/IgajXxfFiMegfksI+fD+","tlshash":"98f2f1acbd05906ef290a2a97f8dcaeedc18317d8a74f325387113e4b544c4b1c10b8b","first_seen":"2023-04-05T04:45:10Z","last_seen":"2026-06-11T09:23:29.257554Z","times_seen":5175,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":101,"dns":56,"connect":5,"send":0,"wait":2,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"165.245.161.242:3000/favicon.ico","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://165.245.161.242:3000/","date":"2026-06-03T12:31:29.337Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 165.245.161.242:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 27 May 2026 12:12:21 GMT\r\nETag: W/\"1ac-19e69599c9a\"\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 428\r\nDate: Wed, 03 Jun 2026 12:31:29 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":428,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"ed0415245dacbcb3d689578dd3f7d060","sha1":"3eb8d306f51a54469676f9294ce116a273846322","sha256":"cc4c014d8d4230d3937558c7b99ed6d890d0faa3453f39eaa83d168fa3139792","sha512":"654d66b61ecf2ec650d0c53e1e83b78d15f28499559b7f4808c4e10adc4d88cfa860c11fee409148f54164aa04b26e122b8633e1c84b343ea96bb9414694c93a","ssdeep":"","tlshash":"9ee05507c840c927933447902ec0f80464a7eb8a8b8aee4895eaa07d5ac4782cd9b978","first_seen":"2026-06-03T12:30:05.472151Z","last_seen":"2026-06-03T12:31:54.642942Z","times_seen":2,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}},{"url":{"schema":"http","addr":"165.245.161.242:3000/","fqdn":"165.245.161.242","domain":"165.245.161.242","tld":""},"ip":{"addr":"165.245.161.242","port":3000,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-03T12:31:27.783Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 165.245.161.242:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: same-origin\r\nOrigin-Agent-Cluster: ?1\r\nReferrer-Policy: no-referrer\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains\r\nX-Content-Type-Options: nosniff\r\nX-DNS-Prefetch-Control: off\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 27 May 2026 12:12:21 GMT\r\nETag: W/\"1ac-19e69599c9a\"\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 428\r\nDate: Wed, 03 Jun 2026 12:31:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":428,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"ed0415245dacbcb3d689578dd3f7d060","sha1":"3eb8d306f51a54469676f9294ce116a273846322","sha256":"cc4c014d8d4230d3937558c7b99ed6d890d0faa3453f39eaa83d168fa3139792","sha512":"654d66b61ecf2ec650d0c53e1e83b78d15f28499559b7f4808c4e10adc4d88cfa860c11fee409148f54164aa04b26e122b8633e1c84b343ea96bb9414694c93a","ssdeep":"","tlshash":"9ee05507c840c927933447902ec0f80464a7eb8a8b8aee4895eaa07d5ac4782cd9b978","first_seen":"2026-06-03T12:30:05.472151Z","last_seen":"2026-06-03T12:31:54.642942Z","times_seen":2,"resource_available":true,"data":null}},"time_used":339,"timings":{"blocked":109,"dns":0,"connect":114,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon","aitm"],"meta":null}]}}]}