{"report_id":"8b10a9e7-164f-4461-966f-11b1f3e83aa5","version":6,"status":"done","tags":[],"date":"2026-04-27T05:42:36Z","url":{"schema":"http","addr":"portal-beyondbank.com","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":0,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"final":{"url":{"schema":"https","addr":"portal-beyondbank.com/login.php","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"title":"Internet Banking Log In","dom":{"size":7727,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (405)","md5":"8138b7353eb4adffedc6903c9f56174c","sha1":"4cff9909936a5689ee7d914bbb64789a611d3f6a","sha256":"1b026f8463e4be690b0f796f8ee6ed389fb24e8abc218dc13e0660e4ceec1dd1","sha512":"1089b664a78406d372d51ebf3ea0de8a90ef1b978607a0df43dd2163bafd7c14219ac8b711bfa721db6f041a81d9c68b740bfdb97e390982c162f1befec3d1e9","ssdeep":"192:u6O/D2GOmlVSQiVoV2uS2/e0prq/zf+EYV2/MQQGMKrwyPz2tOAd:u6O/D2GplVSQiVoV2uS2/brq//YV2/Md","tlshash":"c2f1ed2140dc0d7b004362c17160278a759fce37da2789eaf6bf46652bd7cc6ed2b12a","dom_hash":"domhash3af0946410d6ba109e29c9887e36da82","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"portal-beyondbank.com","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":0,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T05:42:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-27T05:42:15Z","timestamp":1777268535,"ip_dst":{"addr":"Client IP","port":58006,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 15","source":"{\"timestamp\":\"2026-04-27T05:42:15.053823+0000\",\"flow_id\":822013643391938,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"91.202.233.133\",\"src_port\":443,\"dest_ip\":\"172.18.0.9\",\"dest_port\":58006,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400014,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 15\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-27T05:42:15.000962+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-04-26T23:16:34.884005Z","alert_count":0,"request_count":1,"received_data":90136,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"portal-beyondbank.com","ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"domain_registered":"2026-04-09","domain_rank":0,"first_seen":"2026-04-27T05:42:37.048161Z","last_seen":"2026-04-27T05:42:37.048161Z","alert_count":10,"request_count":10,"received_data":1191944,"sent_data":5260,"comment":"","tags":null,"fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"ZURB Foundation","description":"Zurb Foundation is used to prototype in the browser. Allows rapid creation of websites or applications while leveraging mobile and responsive technology. The front end framework is the collection of HTML, CSS, and Javascript containing design patterns.","website":"https://foundation.zurb.com","common_platform_enumeration":"","icon":"ZURB Foundation.png","categories":["UI frameworks"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-26T22:34:03.62582Z","alert_count":0,"request_count":1,"received_data":90217,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-30T08:35:48.66689Z","times_seen":457993,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"portal-beyondbank.com/fonts/proximanovaalt-regular-webfont.woff2","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /fonts/proximanovaalt-regular-webfont.woff2 HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/fonts/main.css\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 21892\r\nlast-modified: Sat, 15 Nov 2025 19:53:26 GMT\r\netag: \"6918da36-5584\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21892,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 21892, version 2.458","md5":"f46e1d1c23dc72e62faf09435d763207","sha1":"38c38388f391a655d49aed0eb0ce45858ff76d7b","sha256":"0caf91e8ad9b3e8048e595394d3ca43223c489e54e79ba7dce405e3249b2c674","sha512":"1508022600292cc9aaa08aea76f3e3e595789ce36635faeae588161b5d22dff62ca31c56ee45fab4d23692555e4efb9a64a9f212861cf272ba7afbbd4b907766","ssdeep":"384:hTIEE3XFRxoImctzxWrNes7fg31devwWwI676IuznBo/lswjVp2N3z9bon4cS:hLE3VDoPZheneIW+Lua/lJaRbonxS","tlshash":"28a2d11884ed9b7f4e6ec2ad471bf8bc647fc6951d252643070b121bb70f41dea8e628","first_seen":"2023-11-13T03:41:30Z","last_seen":"2026-04-27T05:43:01.852626Z","times_seen":3,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/fonts/proximanovaalt-semibold-webfont.woff2","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /fonts/proximanovaalt-semibold-webfont.woff2 HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/fonts/main.css\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 22012\r\nlast-modified: Sat, 15 Nov 2025 19:53:21 GMT\r\netag: \"6918da31-55fc\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":22012,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22012, version 2.458","md5":"1171fde95fb64acf7371e9e73ce2c1e7","sha1":"632b3996ed23d281b073edc7c49f9b2197cde919","sha256":"dace250e9be084d5f0410fa5212c85b05a09a13c1d4c4d5361114246d67d73a2","sha512":"f523f91df970ca58dcef0de33f6b42376a281e23ab79394c31c6a85e5d3ad0bce9e491bb64c4df3f0759116267a11c15cf40cb1fc4fb9313f6641e63456c7b95","ssdeep":"384:hTim2wBHnrjh8dgrbI6f7REDAnUAhy3ADNCX+a1p8sMpruB/qsOK60UWp:hYwph9rbcAoAe+G8Hp6gsp60UG","tlshash":"04a2c06479931325630da2f73129e90236ba4a5f0cf8dbf156c72d7b11b43b889a0f27","first_seen":"2023-11-13T03:41:30Z","last_seen":"2026-04-27T05:43:01.853145Z","times_seen":3,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":66,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/fonts/proximanovaalt-bold-webfont.woff2","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /fonts/proximanovaalt-bold-webfont.woff2 HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/fonts/main.css\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 21756\r\nlast-modified: Sat, 15 Nov 2025 19:53:24 GMT\r\netag: \"6918da34-54fc\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21756,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 21756, version 2.458","md5":"161b87a77c523c21f2060f532aa30299","sha1":"4d1d03bf2f6b159d8732da4ad305ecfc527844bc","sha256":"fad10817f9c7d629085537d37496bfd2d0bdd4761dd3a156a12c0c034f14f981","sha512":"e11293fc75b59250956a43abcd9a68b5ef8235621d41960344284a66c8e7300c40d9385cf58c03d3473a9f4462fdf9901c1b109e086b5d6b108bc74c8dbfc201","ssdeep":"384:e2pIthF1dnJEQN39efBDnWqjM6JciYpWTwqZYX86ZTQYep5LvGvpz7tYv1gXlY49:f0nJEKUfln146JrYpWgZW7GvptICXmYP","tlshash":"3ca2d0fd69f8f56fd26f2957c0108fb1e9824d8fd2a88321fc6d21bb0550808e783556","first_seen":"2023-11-13T03:41:30Z","last_seen":"2026-04-27T05:43:01.852125Z","times_seen":3,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":65,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/favicon.ico","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/login.php\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 28 Aug 2025 00:20:05 GMT\r\netag: W/\"328-63d61ddff9533\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-30T08:25:36.6741Z","times_seen":35906,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 15248\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"620188b3-3b90\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 708328\r\nexpires: Sat, 17 Apr 2027 05:42:15 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5wxzDQe3S2P%2FQjl7KRax5728D2XHSRPVVhCCsLKtV2UDn%2F3srcOAkueAfbftsiVIkPlObCo48xXJQkkgsBIT7qYQJIxQzYjhQpe7vM4vinq92OfNLst2otBr2DPWJv8YG9j4o5An\"}]}\r\ncf-ray: 9f2b80bacd325684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89220,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65317)","md5":"dfb8fc36e102730fddf78b5494eb0035","sha1":"b513d9a39af2ee145f12c1ba03f9982960c47029","sha256":"8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e","sha512":"f6eb006b5d0844ed078689e9c80215a63af294fbe80f088f52229d5a4e6ddcfca8958d5c39de03484d066beae2e00b93ae83d1e5a42f5d4f710baa8e3e7cc57a","ssdeep":"1536:iUMVM6MVMkMVM9MVMNMVMispxd1zJJ29Nll3IV7UHsR+z:Dd1NY95IV7UMR+z","tlshash":"8a93a9e9e04c05d56732c44baf99b37ca5b6f73cd5810da9f02f580c19d26a822c6f7a","first_seen":"2023-04-06T16:57:15Z","last_seen":"2026-04-30T07:19:56.130651Z","times_seen":9703,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":6,"dns":1,"connect":1,"send":0,"wait":7,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\nage: 899967\r\nx-served-by: cache-lga21931-LGA, cache-hel1410026-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 144406\r\nx-timer: S1777268536.576476,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-30T08:35:48.66689Z","times_seen":457993,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":74,"dns":21,"connect":26,"send":0,"wait":28,"receive":8,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/images/hello.svg","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /images/hello.svg HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/login.php\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 9994\r\nlast-modified: Sat, 15 Nov 2025 18:50:22 GMT\r\netag: \"6918cb6e-270a\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9994,"size_decoded":0,"mime_type":"image/svg+xml","magic":"ASCII text, with very long lines (1018)","md5":"322e4456b89cc5d26c08caf7d5521592","sha1":"5b846e18de696469dd1ecdfed91f423c028ef6cf","sha256":"2f2b063ce2d6821b7075a39cb89fbc9e0679b6ea00fedfc1e1fca3049ad355e3","sha512":"ffb1d27bc279cb5975b0cb2f667cb6df8a235e6f123243f24fadbceba24d2bb5db6c342bd2ef9e8d895c39a76c1bfd9c83e47ab5cf08354ea8e395c72fad16be","ssdeep":"192:+T7A49WqzmO5CM1CCmmdWwp2NlvXWe4F6Z0B02pU5O3STomJlGTfV:+TUSZm8R0KkQe44U4dTjaT9","tlshash":"ac22a6d82baaa2f4ed05e3e6da1750353b6b50f66b13c720c3d4be0e78154dd88ac8d5","first_seen":"2026-04-27T05:42:41.257561Z","last_seen":"2026-04-27T05:43:01.850862Z","times_seen":2,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/fonts/main.css","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /fonts/main.css HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/login.php\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Nov 2025 21:37:26 GMT\r\netag: W/\"6918f296-59660\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":366176,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"30e82f2f26b4a92bc4fae8d8cb60eac9","sha1":"ae29ea7503633d89e458b426c92113c1f8f301e0","sha256":"fc42b07b0c841aa3bbe7b6b92ae93050f93f4b6a67a5256915c89feef4855d68","sha512":"32b0d55432f8e05d8cd36ed7617a71eaec10859dbce6d36a64e0a0101dacef9c900b25dd3ad2878f7f8786c016cfb97dea9f5bd6b0a010ce2b9cda919ce67c70","ssdeep":"6144:2lSdm7VQJraBelcjA/F3czbXvEC8+JZ22RO1tfb9:2lSd6QJraENd2ROV","tlshash":"5a74b809a6b31d016417c7687bef2b54332a0083850ddd7dbadd26e48f8d2a59932fde","first_seen":"2026-04-27T05:42:41.258707Z","last_seen":"2026-04-27T05:43:01.848959Z","times_seen":2,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/images/sus.png","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /images/sus.png HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/login.php\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 613337\r\nlast-modified: Mon, 17 Nov 2025 20:26:47 GMT\r\netag: \"691b8507-95bd9\"\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":613337,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 775 x 516, 8-bit/color RGBA, non-interlaced","md5":"f00f8c9332a9fc82ba2323f21f186f79","sha1":"567f807275024c720a75d88fd440a14ceebb9b1b","sha256":"d3bc9f8ee31ee028afb601baff071bb6d8118d6194071d7b7d920b1c2bbd9bae","sha512":"2d12ab226f36ea58ac99881d2c8e436ad9ca79426d379ba5001bf6af2ae0028dc170ac3dae0caaa8de57f8895c96019d660c6dd2daf80b4738d3e55319125ea2","ssdeep":"12288:mE2B/KmL6EQNfPM68b8Izcmef0odxYu4zmHDBxWb0BdDALwdb:mEwSmLInMPnTcHlxW4B+2b","tlshash":"e3d4239464b086e59d2b7471fbd9460e4372ab1ff20b1048669f3b12eb1f9a317727e0","first_seen":"2026-04-27T05:42:41.259821Z","last_seen":"2026-04-27T05:43:01.851499Z","times_seen":2,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":120,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T05:42:14.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: login.php\r\nx-powered-by: PHP/8.4.20, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":7745,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T08:35:13.891136Z","times_seen":14413895,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":129,"dns":16,"connect":53,"send":0,"wait":71,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/login.php","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T05:42:15.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /login.php HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 2031\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f; path=/\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-powered-by: PHP/8.4.20, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"ZURB Foundation","description":"Zurb Foundation is used to prototype in the browser. Allows rapid creation of websites or applications while leveraging mobile and responsive technology. The front end framework is the collection of HTML, CSS, and Javascript containing design patterns.","website":"https://foundation.zurb.com","common_platform_enumeration":"","icon":"ZURB Foundation.png","categories":["UI frameworks"]}],"data":{"size":7745,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (405)","md5":"ff78cd6759eb41184114196c69745f5b","sha1":"efef80b44e3514dd37efba8bb52de5a41a919908","sha256":"9b34b1fee407e8fcc8d09f9f3c384f58e3c21de985d648fe41efc6aeaac620f4","sha512":"bcf46e51369904bad395f4643bacfb3bfe8dd01f712566188339ccf863a1d469a3290aad0f44174b02060d5bbb7354d20629ce0f239acfff4738882fee661418","ssdeep":"192:A6O/D2GOmlVSQiVoV2uS2/e0prq/zf+EYV2/MQQGMKrwyPz2tOAL:A6O/D2GplVSQiVoV2uS2/brq//YV2/ML","tlshash":"6df1ed2140dc0d7b004362c17160279a759fce37da2789eaf6bf46652bd7cc6ed2b12a","first_seen":"2026-04-27T05:42:41.261399Z","last_seen":"2026-04-27T05:43:01.850198Z","times_seen":2,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"portal-beyondbank.com/fonts/icons.css","fqdn":"portal-beyondbank.com","domain":"portal-beyondbank.com","tld":"com"},"ip":{"addr":"91.202.233.133","port":443,"asn":200593,"as":"Prospero Ooo","country":"Turkmenistan","country_code":"TM"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://portal-beyondbank.com/login.php","date":"2026-04-27T05:42:15.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"portal-beyondbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Apr 2026 23:13:44 GMT","end":"Wed, 08 Jul 2026 23:13:43 GMT"},"fingerprint":{"sha1":"20:1B:D2:86:5A:66:0C:1B:89:7C:96:6E:90:22:F3:EB:CA:BD:EE:3F","sha256":"7E:23:F5:81:07:15:C9:A6:29:BD:C5:CA:71:61:6B:B4:29:27:BA:44:18:67:0A:20:39:DC:AA:42:2A:4D:EA:FC"}}},"request":{"raw":"GET /fonts/icons.css HTTP/1.1\r\nHost: portal-beyondbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://portal-beyondbank.com/login.php\r\nCookie: PHPSESSID=7ea208eaa14c19d19b7ab7921f8bf62f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 05:42:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Nov 2025 19:49:31 GMT\r\netag: W/\"6918d94b-1cc9b\"\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117915,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65499)","md5":"987bbe0048c22c1c0508014427087523","sha1":"26d02749ab117859c19a5f1a5c6f5b4040367f30","sha256":"92fb9f64dcc495139282a15ffee9be9cba9d848d958ede8eb29c0883cc54d566","sha512":"e6d454e14a8c6ba5123d32f7b4b92d22bde4a6d92bb27cd3d8fe1ede90fc226d7e42a3e7e3ab0c4c341a3cf4a04e9969c9226d22a9c7217607afa2c919cdaa0c","ssdeep":"1536:qvBg0ZKBcsUDBOws3UTD1AU2+1xq0NKUBgIOmzmsLY+oategnVFbsQ8:qv5dsUDVs3Az2+fhNKydN882","tlshash":"dab37cfe98be5fc46b6494d1020311c1ae0df0638a522c3afa5ef8ed7bd6760671469c","first_seen":"2026-04-27T05:42:41.265911Z","last_seen":"2026-04-27T05:43:01.855601Z","times_seen":2,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"portal-beyondbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}