{"report_id":"95d6609c-98a4-449b-ac60-1500c1e01fa4","version":6,"status":"done","tags":[],"date":"2025-10-12T19:37:10Z","url":{"schema":"http","addr":"login.legesys.com/","fqdn":"login.legesys.com","domain":"legesys.com","tld":"com"},"ip":{"addr":"3.146.153.124","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"login.legesys.com/","fqdn":"login.legesys.com","domain":"legesys.com","tld":"com"},"title":"Document"},"submit":{"url":{"schema":"http","addr":"login.legesys.com/","fqdn":"login.legesys.com","domain":"legesys.com","tld":"com"},"ip":{"addr":"3.146.153.124","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T19:37:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"login.legesys.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"login.legesys.com","ip":{"addr":"3.146.153.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":7027,"sent_data":1652,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Inertia.js","description":"Inertia.js is a protocol for creating monolithic single-page applications.","website":"https://inertiajs.com","common_platform_enumeration":"","icon":"Inertia.svg","categories":["JavaScript frameworks"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-10-05T22:12:07.524768Z","alert_count":0,"request_count":1,"received_data":18103,"sent_data":530,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.dribbble.com","ip":{"addr":"3.167.2.32","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2008-03-19","domain_rank":463869,"first_seen":"2017-04-03T12:44:06Z","last_seen":"2025-10-06T00:42:59.8648Z","alert_count":0,"request_count":1,"received_data":1374464,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-05T22:12:06.373682Z","alert_count":0,"request_count":1,"received_data":1058,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-10-05T22:15:09.164871Z","alert_count":0,"request_count":1,"received_data":122204,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://login.legesys.com/","date":"2025-10-12T19:36:48.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.legesys.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 19:36:48 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 16149\r\ncf-ray: 98d90c57d9944e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb04010-1d970\"\r\nlast-modified: Mon, 04 May 2020 16:17:20 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 660047\r\nexpires: Fri, 02 Oct 2026 19:36:48 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yxRu4pJCYLQ8vLXTdnvCm1ZgY9rEezm3iVKUUsN3x1%2BpETpAdJm4WWi0IL3RfL2gMshq2v0UUqCCgboKwFkAqX1uxKVX%2FOPGKWPumW6rGVQFFo6mc0nhxSPUbmlLQGzVuWSxb%2BmI\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121200,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65371)","md5":"ec3bb52a00e176a7181d454dffaea219","sha1":"6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68","sha256":"f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c","sha512":"e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b","ssdeep":"768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh","tlshash":"2cc3c7a0f21031ea7333c55a75d0ed872219a153e56a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-05T11:54:25.90909Z","times_seen":56344,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":21,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"login.legesys.com/favicon.ico","fqdn":"login.legesys.com","domain":"legesys.com","tld":"com"},"ip":{"addr":"3.146.153.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.legesys.com/","date":"2025-10-12T19:36:48.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.legesys.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 02 Aug 2025 00:00:00 GMT","end":"Fri, 31 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5F:F9:04:82:DC:94:D5:B8:F2:2B:1C:A6:28:B1:CC:AA:A2:D8:DC:DC","sha256":"F6:C3:B0:17:08:D9:BB:76:A8:2A:EC:28:E3:3F:A8:28:EB:8A:D4:6B:6C:30:99:69:FC:A7:20:85:44:43:75:75"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: login.legesys.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.legesys.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IkxSdnp4V1FxcGpsUVU4QUNRakNLQmc9PSIsInZhbHVlIjoic0VlY29hUTJnVGJwQ2w4WGtTMnE2bXAyV05tVTBBRjJubG9EVlN0V0U4a0dVTWRIZ1A3bFBkOU0zYm1QUElnNEczbnFOc1hpay9nS1QwMlRzRy9mNm43Nit5RWExSjZRbjU2Tm40MmtlUVVMU2RFSXRBbDYzVWRQbTJLR1M4cUwiLCJtYWMiOiIwYzk5NjljZjcxYjJiOTQyNWIyMDNiMWZjOGI5YTU1YWEzYjg1ZTk4YzQ2OWJhYjNhNzg4NzI5ZmYxYWI5ZjIzIiwidGFnIjoiIn0%3D; searchyin_session=eyJpdiI6ImdTWXYwMUlnWjkrNWlWVFNkcmdBRUE9PSIsInZhbHVlIjoiSUloM3dRWmlVWStBeDhyNzFVM3kwWUUvU2VpT3h1Q0QxYWFuYm9XZWRSdGFrNStUd1JzejR4bkJZRjY4WklKbGsydVlpYWRSbmp3V1RxMkxaTkNPMzNQUkY4bjBsSDY3VlUzd0tDbElWV2lBS2NNOGpKbEdkcHVvUkJUbWNsM0YiLCJtYWMiOiJlYTRkYzkzYzc2NTAxOTgxYzBlMjNmN2Q4NzdkYjRhYzY1N2JjNzM4YzFjODVhNjBkNjM1MzBlMTE3NzQzMGNhIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 12 Oct 2025 19:36:48 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nCache-Control: no-cache, private\r\nVary: Accept-Encoding, X-Inertia\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nPermissions-Policy: geolocation=(), microphone=(), camera=()\r\nX-XSS-Protection: 1; mode=block\r\nSet-Cookie: XSRF-TOKEN=eyJpdiI6ImlaRjVnRFhQOVJFNWVGOHlvQ3dBS1E9PSIsInZhbHVlIjoiVThsbUdqczM1enNiK3NjNE9sN1pzLzZEbkNIVWw0ekhyN3VrdGlldzhqcksySFp1cGRRaHlhYk1Bd1J3QlJsTzdjeW9KSGFnL0pHWVNucEp2cGlMeWZPRGNhRlpvdjlybVVTaS9xWmpWdzJWRTM2amZHZkRHRVN6L25Zek4yR04iLCJtYWMiOiIxOTQ3YzJiZDZjZDQ0MjQ1MmQzMDY2YzdkYmNjMDczYWU3NmMxZTU4ZDU2NTI1ZmFmNTk3Yjk2ODZkNzYzMzRmIiwidGFnIjoiIn0%3D; expires=Tue, 11-Nov-2025 19:36:48 GMT; Max-Age=2592000; path=/\nsearchyin_session=eyJpdiI6IkZOTHg5cUZXU3F1cDllZ3g2czFiamc9PSIsInZhbHVlIjoiWUlVWmtiSmhKUFpIZU84bDl6TG9hTWZTK2NrV2tLQ3NLNVZXdXRnQXdaSE9IcFRFRkc3Z2NzR1drR0Y4RjYxN1N4WGh1WW9vbFR5QXg4aVdxOE5ERXVlZUhadlZJT3ZYYytaZHJBd1J1TVp6d0Q1MlZYaXBkTUdXbXE0Qzc2cVAiLCJtYWMiOiIyYjc5M2EyNjI2MzA3N2JlZTFkNGRhZThlNThkOTRlNDhlZjhjMzE4ZDM2MDNkMzIwNTAyMGE2M2NmMmIzMWQyIiwidGFnIjoiIn0%3D; expires=Tue, 11-Nov-2025 19:36:48 GMT; Max-Age=2592000; path=/; httponly\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Inertia.js","description":"Inertia.js is a protocol for creating monolithic single-page applications.","website":"https://inertiajs.com","common_platform_enumeration":"","icon":"Inertia.svg","categories":["JavaScript frameworks"]}],"data":{"size":2086,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"779ad6166cff82042f95c94c80daa202","sha1":"2cf7b45f57a5e9d63c42a7d6c58be9335ec5afb2","sha256":"b022af0cd335d616c13c3166263e2182cb3b9767d962dd5e1da5eed113ec77a7","sha512":"154348954568bb0d80f82a492e8dfdddd0cc4206786c770745d017a83b577cd54243789a56234f5c46745b892318abc8e1080e98d490b15a8c92e017c46bcc1c","ssdeep":"","tlshash":"2241ed9340f25016300398952fe563465f95d807c60bca197afd67e5efc6c9bc8d3a1c","first_seen":"2025-09-10T15:02:51.996587Z","last_seen":"2025-10-12T19:37:14.297237Z","times_seen":2,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"login.legesys.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/arvo/v23/tDbD2oWUg0MKqScQ7Q.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://login.legesys.com/","date":"2025-10-12T19:36:48.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"89:22:0A:7D:C4:DA:9A:62:E8:BB:1D:75:F2:AF:6C:80:09:53:D0:9F","sha256":"3E:15:EC:D6:31:6A:14:01:07:F9:F2:65:18:42:B3:08:7B:47:93:0C:CE:2C:93:2D:DA:E4:21:74:79:B6:F0:6F"}}},"request":{"raw":"GET /s/arvo/v23/tDbD2oWUg0MKqScQ7Q.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://login.legesys.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 17268\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Oct 2025 11:47:25 GMT\r\nexpires: Fri, 09 Oct 2026 11:47:25 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 02 Jun 2025 16:44:53 GMT\r\ncontent-type: font/woff2\r\nage: 287363\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17268,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17268, version 1.0","md5":"0373e3f7dcf2fae4582c84ac30e0e9ee","sha1":"5b358bb8675919d1f883be426ac355ea931eaaa1","sha256":"b4eb4284188dcd4a4643d900bbe50b2d6b336afeb7c126eace219276b5d30521","sha512":"a82a24532a338bfbd224a9fccce64d32c93d3eb9d505b2061abd63e2218c741555f903a3db412b143722b79c63f43a1b4aa610fccd6f885383636adf8264611c","ssdeep":"384:8kujbosS65pL9f73hpZ7VI4Y1FNEMnHZOCGfbCzNX:Tyos3j5FJIF95ef2zNX","tlshash":"dd72dff4ec99b154ccbf067384aaff2c9ecd1afe2ca55fc54c24285102979928353c99","first_seen":"2025-06-04T01:47:48.66017Z","last_seen":"2026-04-05T11:34:04.398162Z","times_seen":1523,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":74,"dns":1,"connect":8,"send":0,"wait":12,"receive":1,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dribbble.com/users/285475/screenshots/2083086/dribbble_1.gif","fqdn":"cdn.dribbble.com","domain":"dribbble.com","tld":"com"},"ip":{"addr":"3.167.2.32","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.legesys.com/","date":"2025-10-12T19:36:48.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dribbble.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 27 Nov 2024 00:00:00 GMT","end":"Fri, 26 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"ED:5F:90:E1:D7:72:E4:25:25:0D:F0:62:E0:FA:B4:9B:E1:E1:87:56","sha256":"8E:09:06:A6:8F:6B:2D:A4:BD:4F:6B:BB:47:6D:FB:3D:C0:AA:1E:8D:4C:07:E0:0F:5D:DF:23:D5:84:65:9D:1D"}}},"request":{"raw":"GET /users/285475/screenshots/2083086/dribbble_1.gif HTTP/1.1\r\nHost: cdn.dribbble.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.legesys.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 1373645\r\ndate: Thu, 09 Jan 2025 16:16:52 GMT\r\nlast-modified: Thu, 28 May 2015 15:21:39 GMT\r\netag: \"e430101033efff9a294eaafecbac846a\"\r\nx-amz-storage-class: STANDARD_IA\r\ncache-control: max-age=315576000\r\nexpires: Wed, 28 May 2025 14:00:13 GMT\r\nx-amz-version-id: P9hxB7tyd4Ch839iBBxh8yD4BWnTGn8Y\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 1b7f8001b2b06f9624559a35b6822156.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: nHMzIl6VO6-Q0zQyqe0DhppHoE_UbApYCm1ubGswYisQA86_8IPi0A==\r\nage: 23858397\r\nx-xss-protection: 1\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nallow: OPTIONS, GET, HEAD, POST\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1373645,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 800 x 600","md5":"6264728f4ad92ab1e59bff397b11c706","sha1":"eef104da415d61199458039d15042d49906e8210","sha256":"4699d998430d90d5c2ead93b64c89940f5ae73ce821edfcda7d660c710c9e5c7","sha512":"cfea0c663eaa8c28786fc289687a3aaa7849216d238deed9ef03e7be12cc814a07bd3ff27b8c35f745eb98b9c4777751e3c59d98c7fabf55d1af72bfc370c438","ssdeep":"24576:c7U/O0ckNi61iXdRtxBI+Ma2b7Aw9QuXaJPs2qvEJ3iVnQ7I:c7Mq6adRtxCVbb7FxX6kT9VII","tlshash":"2925223f46780138763740ec39ae4ee958beccb96bd0077b5e3f2199515852ca52ccba","first_seen":"2024-07-21T07:50:41Z","last_seen":"2026-04-03T17:12:48.601329Z","times_seen":80,"resource_available":false,"data":null}},"time_used":698,"timings":{"blocked":303,"dns":37,"connect":1,"send":0,"wait":5,"receive":83,"ssl":266},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"login.legesys.com/","fqdn":"login.legesys.com","domain":"legesys.com","tld":"com"},"ip":{"addr":"3.146.153.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T19:36:47.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.legesys.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 02 Aug 2025 00:00:00 GMT","end":"Fri, 31 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"5F:F9:04:82:DC:94:D5:B8:F2:2B:1C:A6:28:B1:CC:AA:A2:D8:DC:DC","sha256":"F6:C3:B0:17:08:D9:BB:76:A8:2A:EC:28:E3:3F:A8:28:EB:8A:D4:6B:6C:30:99:69:FC:A7:20:85:44:43:75:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: login.legesys.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 12 Oct 2025 19:36:48 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: *\r\nCache-Control: no-cache, private\r\nVary: Accept-Encoding, X-Inertia\r\nX-RateLimit-Limit: 60\r\nX-RateLimit-Remaining: 59\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nPermissions-Policy: geolocation=(), microphone=(), camera=()\r\nSet-Cookie: XSRF-TOKEN=eyJpdiI6IkxSdnp4V1FxcGpsUVU4QUNRakNLQmc9PSIsInZhbHVlIjoic0VlY29hUTJnVGJwQ2w4WGtTMnE2bXAyV05tVTBBRjJubG9EVlN0V0U4a0dVTWRIZ1A3bFBkOU0zYm1QUElnNEczbnFOc1hpay9nS1QwMlRzRy9mNm43Nit5RWExSjZRbjU2Tm40MmtlUVVMU2RFSXRBbDYzVWRQbTJLR1M4cUwiLCJtYWMiOiIwYzk5NjljZjcxYjJiOTQyNWIyMDNiMWZjOGI5YTU1YWEzYjg1ZTk4YzQ2OWJhYjNhNzg4NzI5ZmYxYWI5ZjIzIiwidGFnIjoiIn0%3D; expires=Tue, 11-Nov-2025 19:36:48 GMT; Max-Age=2592000; path=/\nsearchyin_session=eyJpdiI6ImdTWXYwMUlnWjkrNWlWVFNkcmdBRUE9PSIsInZhbHVlIjoiSUloM3dRWmlVWStBeDhyNzFVM3kwWUUvU2VpT3h1Q0QxYWFuYm9XZWRSdGFrNStUd1JzejR4bkJZRjY4WklKbGsydVlpYWRSbmp3V1RxMkxaTkNPMzNQUkY4bjBsSDY3VlUzd0tDbElWV2lBS2NNOGpKbEdkcHVvUkJUbWNsM0YiLCJtYWMiOiJlYTRkYzkzYzc2NTAxOTgxYzBlMjNmN2Q4NzdkYjRhYzY1N2JjNzM4YzFjODVhNjBkNjM1MzBlMTE3NzQzMGNhIiwidGFnIjoiIn0%3D; expires=Tue, 11-Nov-2025 19:36:48 GMT; Max-Age=2592000; path=/; httponly\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nX-Content-Type-Options: nosniff, nosniff\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Inertia.js","description":"Inertia.js is a protocol for creating monolithic single-page applications.","website":"https://inertiajs.com","common_platform_enumeration":"","icon":"Inertia.svg","categories":["JavaScript frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2086,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"779ad6166cff82042f95c94c80daa202","sha1":"2cf7b45f57a5e9d63c42a7d6c58be9335ec5afb2","sha256":"b022af0cd335d616c13c3166263e2182cb3b9767d962dd5e1da5eed113ec77a7","sha512":"154348954568bb0d80f82a492e8dfdddd0cc4206786c770745d017a83b577cd54243789a56234f5c46745b892318abc8e1080e98d490b15a8c92e017c46bcc1c","ssdeep":"","tlshash":"2241ed9340f25016300398952fe563465f95d807c60bca197afd67e5efc6c9bc8d3a1c","first_seen":"2025-09-10T15:02:51.996587Z","last_seen":"2025-10-12T19:37:14.297237Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1476,"timings":{"blocked":615,"dns":121,"connect":109,"send":0,"wait":246,"receive":0,"ssl":381},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"login.legesys.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Arvo","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://login.legesys.com/","date":"2025-10-12T19:36:48.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"04:E6:D3:58:E3:A1:E3:05:2B:C3:56:5D:68:BB:1B:0A:08:C6:E3:FB","sha256":"25:4C:B3:A3:9A:E1:D7:FD:25:B6:BF:E9:AA:97:95:20:5D:F2:15:EA:41:46:B6:6B:01:17:19:26:EC:EF:D3:CA"}}},"request":{"raw":"GET /css?family=Arvo HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.legesys.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Oct 2025 19:36:48 GMT\r\ndate: Sun, 12 Oct 2025 19:36:48 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":372,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"6e81b337c9c36c58c53f290b33a4e629","sha1":"73b7389d564cfcb5eec0af88e48e8aa76d7a68b0","sha256":"8a56edf63bbf133e9f437a13a1e4b869d6547cb9ec50dbbc50fa54630249e8b1","sha512":"ef43ffa7497a13a59151fada1564336e948a9d1b1f70935b47f8e7accd0fb071956763e23c56921aad348ceed25c7bc622239f1e3d59d79f9508480401ed4399","ssdeep":"","tlshash":"89e0c041082ab500e7930cc112de3931df0fe0406444de35eafe18d8bc51c669352b1c","first_seen":"2025-06-10T19:30:16.038062Z","last_seen":"2026-04-05T10:17:33.438846Z","times_seen":390,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":94,"dns":0,"connect":7,"send":0,"wait":19,"receive":0,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}