{"report_id":"8c017f58-ec6e-4233-83c5-19c623e9eac0","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-04-04T12:39:52Z","url":{"schema":"http","addr":"rooms.lsglobaladvisory.com","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"title":"Xfinity Login","dom":{"size":11475,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9e6533bdeb97217dc1ec3755878c22f6","sha1":"c38baebdf45d447a1e40a0c698ef30ca4f074695","sha256":"3aec0d36cdc0cca35be081c3fe5f62a11f4bb7439d7bcf3a038a0a9bd3825183","sha512":"901dbe2091a382d4121f91032ea88e848352195ee3de4cef0348e1d0e0f040120b13c8453c527ce9d029c4d1feaaa9d83354947df778fa9ded14a9967075ede3","ssdeep":"192:BrUIZJ8k+sK54a1+47Ry6w1eaNbSyGxEqwA+iWttYHAxAD9Ik9ftiIG4HIitKGSe:BrUI2HanoY4/cEL/JAUScixiAidiJ4i4","tlshash":"7932512a31e20491a213a4a83dd39b063a74d503d54ad9a47dac4699dfcfe92cdf33cc","dom_hash":"domhash1340459ab69d6aeb3a54afc1bacadc91","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rooms.lsglobaladvisory.com","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-09T12:39:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-04","alert":"Detects file containing Telegram Bot API","trigger":"rooms.lsglobaladvisory.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-04","alert":"Phishing Block","trigger":"rooms.lsglobaladvisory.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"rooms.lsglobaladvisory.com","ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":18,"request_count":4,"received_data":224231,"sent_data":1873,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"md5":"8b8cf5b36c66e7ac880dd729ac814178","sha1":"69417bcabefc899b7a99b29f7e71a7add55e746e","sha256":"521758577812c25c1513dbf2a46e5a97cc65f845e21c80632ef32a88ab1e71aa","sha512":"231c8c8051e7dbd517e68e2216ce6de8a18161c6169e7ac09b365f403e6909c351327197e59281b8cb58d6b6e43ecd7b6d17e55c18943bda2b63cf40533b3339","size":3454,"token":"8420735956:AAG8vkHbNNb6CmzyMoW2Ljjxdljw7bCzMSo","is_revoked":false,"bot":{"token":"8420735956:AAG8vkHbNNb6CmzyMoW2Ljjxdljw7bCzMSo","user_id":"8420735956","username":"NComcast_bot","first_name":"comb_bot","last_name":"","chat":{"chat_id":"6367538525","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8b8cf5b36c66e7ac880dd729ac814178","sha1":"69417bcabefc899b7a99b29f7e71a7add55e746e","sha256":"521758577812c25c1513dbf2a46e5a97cc65f845e21c80632ef32a88ab1e71aa","sha512":"231c8c8051e7dbd517e68e2216ce6de8a18161c6169e7ac09b365f403e6909c351327197e59281b8cb58d6b6e43ecd7b6d17e55c18943bda2b63cf40533b3339","ssdeep":"","tlshash":"9561ed8b35e70878076b71be2ad7d3053838c4032c06c8493d2c92265f26ea2d5f778d","size":3454,"data":"","first_seen":"2026-04-04T12:40:07.787463Z","last_seen":"2026-04-04T12:40:07.787463Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-04","alert":"Detects file containing Telegram Bot API","trigger":"rooms.lsglobaladvisory.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/favicon.ico","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rooms.lsglobaladvisory.com/","date":"2026-04-04T12:39:32.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.rooms.lsglobaladvisory.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 23:11:47 GMT","end":"Sun, 21 Jun 2026 23:11:46 GMT"},"fingerprint":{"sha1":"62:33:FB:6D:14:1A:80:B6:8C:30:25:EF:87:5A:B8:90:A9:B7:46:DB","sha256":"AB:A9:00:88:B8:65:05:5B:E2:2D:8E:30:19:03:5B:C7:86:1C:70:9B:AD:7C:5A:5D:86:89:AD:EA:D2:B8:79:64"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rooms.lsglobaladvisory.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rooms.lsglobaladvisory.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 500 Internal Server Error\r\nDate: Sat, 04 Apr 2026 12:39:32 GMT\r\nServer: Apache\r\nContent-Length: 720\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":720,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"f246515ddc1820169801338d2e040fdf","sha1":"12653e8b9acfc97ba36bc362aaf5e9d179f983e8","sha256":"1903e273820dc10b487621921148b8a1fc6d9673c53d627cebfce03093f5e02f","sha512":"45abfea47c83320ba6bc4a0edfbcff8cb3de290641b7d40176dc6d8e1d6cb9dfaa709a38236a76e9742c81c6edad0a6790acbc021c6aa8cc27b2b0de513bbae0","ssdeep":"","tlshash":"2b01c0af435a23635130b748b88121c47f11203715e1d9991254d97ba1c65d9db3e6ec","first_seen":"2026-04-04T12:40:07.779424Z","last_seen":"2026-04-04T12:40:07.779424Z","times_seen":1,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-04","alert":"Phishing Block","trigger":"rooms.lsglobaladvisory.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T12:39:31.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.rooms.lsglobaladvisory.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 23:11:47 GMT","end":"Sun, 21 Jun 2026 23:11:46 GMT"},"fingerprint":{"sha1":"62:33:FB:6D:14:1A:80:B6:8C:30:25:EF:87:5A:B8:90:A9:B7:46:DB","sha256":"AB:A9:00:88:B8:65:05:5B:E2:2D:8E:30:19:03:5B:C7:86:1C:70:9B:AD:7C:5A:5D:86:89:AD:EA:D2:B8:79:64"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rooms.lsglobaladvisory.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 04 Apr 2026 12:39:31 GMT\r\nServer: Apache\r\nLast-Modified: Sun, 04 Jan 2026 17:42:47 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 11869\r\nKeep-Alive: timeout=5, max=150\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":11869,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"243b7352a84f63e2f4d6d36813bc7f46","sha1":"464a1704c508b1bc8495ab99bff2c0149aae474f","sha256":"c0410ac66b52ac533a01e108946b0cd8c6759cc77ad1f1c9fa54e4da433dd561","sha512":"1deb1e6c3bb5cc1c888cd9b710d81664c306d3acb0d2aabb210bb57285775a5e3dccbeb7aeeee931c865de03a8f0bfd93430045de6c899ddb3d6c97058847b8d","ssdeep":"192:TIwToIVoV8eTt3X1xsm1sx5T+JucpUFd472n60UcOL5SXtmLiqLi1ULimLiXE4zZ:TIwpCrVsWwcKtnJUZLNisi16iIif3ip+","tlshash":"b032412a21810455a233a6b4ba93c70afe758113c64695643dec574a9fbfe11cdb3bcc","first_seen":"2026-04-04T12:40:07.781158Z","last_seen":"2026-04-04T12:40:07.781158Z","times_seen":1,"resource_available":true,"data":null}},"time_used":916,"timings":{"blocked":364,"dns":166,"connect":93,"send":0,"wait":102,"receive":86,"ssl":102},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-04","alert":"Detects file containing Telegram Bot API","trigger":"rooms.lsglobaladvisory.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-04","alert":"Phishing Block","trigger":"rooms.lsglobaladvisory.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/image.png","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rooms.lsglobaladvisory.com/","date":"2026-04-04T12:39:31.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.rooms.lsglobaladvisory.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 23:11:47 GMT","end":"Sun, 21 Jun 2026 23:11:46 GMT"},"fingerprint":{"sha1":"62:33:FB:6D:14:1A:80:B6:8C:30:25:EF:87:5A:B8:90:A9:B7:46:DB","sha256":"AB:A9:00:88:B8:65:05:5B:E2:2D:8E:30:19:03:5B:C7:86:1C:70:9B:AD:7C:5A:5D:86:89:AD:EA:D2:B8:79:64"}}},"request":{"raw":"GET /image.png HTTP/1.1\r\nHost: rooms.lsglobaladvisory.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rooms.lsglobaladvisory.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 04 Apr 2026 12:39:32 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 01 Jul 2025 11:26:32 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 207574\r\nKeep-Alive: timeout=5, max=150\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":207574,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 921 x 812, 8-bit/color RGBA, non-interlaced","md5":"c1e7ee0a6c73babcd516dd427e250011","sha1":"ae4ad375c7739e75b032755f4e23d2f22214cc80","sha256":"d36a29adf5cff78f0d0d7086d8508a9e5377ecec856cc5e833a17c473954c08a","sha512":"9fb451f2c2c044f258ce9d2cc7341bccb055b12c3ce37cc577ddfb66c368d6c24437adc6cefb4a0d83216b7664505ab864b83f08a7e0904fb23c7884a8d78ec7","ssdeep":"3072:DGJKmz/3FdnT3jjUIOJqN0+ewyYbvImNNW33OwceVPto4z+D7wUI9ye1Asz82:qwM7b3esXewyKAmNNJwcSe4i3LMz82","tlshash":"8914124e547b9c06c682cfe02efb88db133581a78e81027ddad075887244879e7bda5f","first_seen":"2025-08-17T13:36:40.436062Z","last_seen":"2026-04-04T12:40:07.783384Z","times_seen":24,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":185,"dns":1,"connect":91,"send":0,"wait":98,"receive":279,"ssl":99},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-04","alert":"Phishing Block","trigger":"rooms.lsglobaladvisory.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rooms.lsglobaladvisory.com/login-logo.png","fqdn":"rooms.lsglobaladvisory.com","domain":"lsglobaladvisory.com","tld":"com"},"ip":{"addr":"69.10.62.130","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rooms.lsglobaladvisory.com/","date":"2026-04-04T12:39:31.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.rooms.lsglobaladvisory.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Mar 2026 23:11:47 GMT","end":"Sun, 21 Jun 2026 23:11:46 GMT"},"fingerprint":{"sha1":"62:33:FB:6D:14:1A:80:B6:8C:30:25:EF:87:5A:B8:90:A9:B7:46:DB","sha256":"AB:A9:00:88:B8:65:05:5B:E2:2D:8E:30:19:03:5B:C7:86:1C:70:9B:AD:7C:5A:5D:86:89:AD:EA:D2:B8:79:64"}}},"request":{"raw":"GET /login-logo.png HTTP/1.1\r\nHost: rooms.lsglobaladvisory.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rooms.lsglobaladvisory.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 04 Apr 2026 12:39:31 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 01 Jul 2025 11:26:44 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 3160\r\nKeep-Alive: timeout=5, max=149\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 177 x 66, 8-bit/color RGBA, non-interlaced","md5":"72f9a786dd4d2248ef7c19918579d400","sha1":"643005a3395e4cfcced2ebeaf4716ba797f6fb5e","sha256":"e11d74aaa1040bea2d76cf714c39ec9f612c6fcaf98f1b62ceecabdf64513deb","sha512":"29512e45674fcf68e2743b965b431ee718041baade7c0c8e4fd838706a60350eaf47a6809b52bb2136c74cf6c2f2a2a3ed882757dab5cdb487b4eb5615c6f0fd","ssdeep":"","tlshash":"bc516cfb2b113cec5ed830f930597388a662cfcd301e68659c066ae539c7cd816e1887","first_seen":"2025-08-17T13:36:40.441168Z","last_seen":"2026-04-04T12:40:07.786118Z","times_seen":25,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-04","alert":"Phishing Block","trigger":"rooms.lsglobaladvisory.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"rooms.lsglobaladvisory.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}