{"report_id":"9e3785d5-fc76-4159-8bc9-6d30cc4fe59e","version":6,"status":"done","tags":["malware"],"date":"2024-12-04T14:35:42Z","url":{"schema":"http","addr":"91.103.252.32/b215cb267ab6caee/msvcp140.dll","fqdn":"91.103.252.32","domain":"91.103.252.32","tld":""},"ip":{"addr":"91.103.252.32","port":0,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"http","addr":"91.103.252.32/b215cb267ab6caee/msvcp140.dll","fqdn":"91.103.252.32","domain":"91.103.252.32","tld":"32"},"title":"FASTPANEL"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-12T14:35:42Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"91.103.252.32","ip":{"addr":"91.103.252.32","port":80,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2018-11-27T20:56:52Z","last_seen":"2021-02-04T09:08:45Z","alert_count":4,"request_count":2,"received_data":23866,"sent_data":779,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2024-12-04T01:36:34.847512Z","alert_count":0,"request_count":2,"received_data":38790,"sent_data":1034,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.1.95","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2024-12-04T01:33:09.302406Z","alert_count":0,"request_count":1,"received_data":5460,"sent_data":450,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-04T14:35:17Z","timestamp":1733322917,"ip_dst":{"addr":"91.103.252.32","port":80,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.4","port":46766,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Dotted Quad Host DLL Request","source":"{\"timestamp\":\"2024-12-04T14:35:17.623022+0000\",\"flow_id\":858847038507099,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":46766,\"dest_ip\":\"91.103.252.32\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost.dll\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027250,\"rev\":4,\"signature\":\"ET INFO Dotted Quad Host DLL Request\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_04_23\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_04_08\"]}},\"http\":{\"hostname\":\"91.103.252.32\",\"url\":\"/b215cb267ab6caee/msvcp140.dll\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":687,\"bytes_toclient\":1801,\"start\":\"2024-12-04T14:35:17.559195+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-04","alert":"Sinkholed","trigger":"91.103.252.32","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-04","alert":"Sinkholed","trigger":"91.103.252.32","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Possible Infostealer Payload","verdict":"malware","severity":"high","comment":"","tags":["malware"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"91.103.252.32/b215cb267ab6caee/msvcp140.dll","fqdn":"91.103.252.32","domain":"91.103.252.32","tld":""},"ip":{"addr":"91.103.252.32","port":80,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-04T14:35:17.578Z","timestamp":1733322917578,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /b215cb267ab6caee/msvcp140.dll HTTP/1.1\r\nHost: 91.103.252.32\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nDate: Wed, 04 Dec 2024 14:35:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 11694\r\nLast-Modified: Fri, 06 Sep 2024 12:05:04 GMT\r\nConnection: keep-alive\r\nETag: \"66daeff0-2dae\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11694,"size_decoded":11694,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (6573)","md5":"b7759166a0f1807b202b45f510c2172e","sha1":"ef160ebdf82a6cadd27197fb589a3786e58e3fa5","sha256":"825eb1a627f34c3d1fad85cb5904b5ac0fded65f677c5a85fa992e42c450fd99","sha512":"5085882d85f2d3ab9fa2c2b3bfbde24072ae732b02529946700df1ee92fbafb0e7d305bf21f6034b44012d310495bc7ebd4826b226685a1cc3790b429d0169ec","ssdeep":"192:OO0vOM7R1YehNAKU3IEjHmaq44BG0wK5FhYg/4fT0Cmlz+S+CVy+g/S:OV6KU3IEq44BG0wK5FhYg/Q0Cmlz7+C7","tlshash":"c632c41e9268386f11eb5195f777b3ec503a4878c060028db07f5929a257a93ea235fc","first_seen":"2024-09-09T18:15:01Z","last_seen":"2026-05-09T23:48:22.313246Z","times_seen":4323,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":15,"dns":0,"connect":34,"send":0,"wait":30,"receive":30,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-04T14:35:17Z","timestamp":1733322917,"ip_dst":{"addr":"91.103.252.32","port":80,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"ip_src":{"addr":"172.18.0.4","port":46766,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Dotted Quad Host DLL Request","source":"{\"timestamp\":\"2024-12-04T14:35:17.623022+0000\",\"flow_id\":858847038507099,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":46766,\"dest_ip\":\"91.103.252.32\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost.dll\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027250,\"rev\":4,\"signature\":\"ET INFO Dotted Quad Host DLL Request\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_04_23\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_04_08\"]}},\"http\":{\"hostname\":\"91.103.252.32\",\"url\":\"/b215cb267ab6caee/msvcp140.dll\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":687,\"bytes_toclient\":1801,\"start\":\"2024-12-04T14:35:17.559195+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-04","alert":"Sinkholed","trigger":"91.103.252.32","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Malware - Possible Infostealer Payload","verdict":"malware","severity":"high","comment":"","tags":["malware"],"meta":null}]}},{"url":{"schema":"http","addr":"91.103.252.32/favicon.ico","fqdn":"91.103.252.32","domain":"91.103.252.32","tld":""},"ip":{"addr":"91.103.252.32","port":80,"asn":210644,"as":"Aeza International Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://91.103.252.32/b215cb267ab6caee/msvcp140.dll","date":"2024-12-04T14:35:17.945Z","timestamp":1733322917945,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91.103.252.32\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://91.103.252.32/b215cb267ab6caee/msvcp140.dll\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nDate: Wed, 04 Dec 2024 14:35:18 GMT\r\nContent-Type: text/html\r\nContent-Length: 11694\r\nLast-Modified: Fri, 06 Sep 2024 12:05:04 GMT\r\nConnection: keep-alive\r\nETag: \"66daeff0-2dae\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11694,"size_decoded":11694,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (6573)","md5":"b7759166a0f1807b202b45f510c2172e","sha1":"ef160ebdf82a6cadd27197fb589a3786e58e3fa5","sha256":"825eb1a627f34c3d1fad85cb5904b5ac0fded65f677c5a85fa992e42c450fd99","sha512":"5085882d85f2d3ab9fa2c2b3bfbde24072ae732b02529946700df1ee92fbafb0e7d305bf21f6034b44012d310495bc7ebd4826b226685a1cc3790b429d0169ec","ssdeep":"192:OO0vOM7R1YehNAKU3IEjHmaq44BG0wK5FhYg/4fT0Cmlz+S+CVy+g/S:OV6KU3IEq44BG0wK5FhYg/Q0Cmlz7+C7","tlshash":"c632c41e9268386f11eb5195f777b3ec503a4878c060028db07f5929a257a93ea235fc","first_seen":"2024-09-09T18:15:01Z","last_seen":"2026-05-09T23:48:22.313246Z","times_seen":4323,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":29,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-04","alert":"Sinkholed","trigger":"91.103.252.32","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://91.103.252.32/b215cb267ab6caee/msvcp140.dll","date":"2024-12-04T14:35:18.119Z","timestamp":1733322918119,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 21 Oct 2024 08:37:59 GMT","end":"Mon, 13 Jan 2025 08:37:58 GMT"},"fingerprint":{"sha1":"2A:56:7F:C1:73:8D:7A:48:D9:E7:52:83:15:27:9D:C3:C9:23:71:52","sha256":"D5:2F:F6:60:B9:FD:F8:3A:98:B6:63:06:DA:0A:62:0D:58:B5:98:CB:E9:68:3C:8A:0D:8E:BB:13:75:11:35:8E"}}},"request":{"raw":"GET /s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://91.103.252.32\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18536\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Nov 2024 19:08:18 GMT\r\nexpires: Sat, 29 Nov 2025 19:08:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 415620\r\nlast-modified: Thu, 01 Aug 2024 20:41:24 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18536,"size_decoded":18536,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18536, version 1.0","md5":"8eff0b8045fd1959e117f85654ae7770","sha1":"227fee13ceb7c410b5c0bb8000258b6643cb6255","sha256":"89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571","sha512":"2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058","ssdeep":"384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc","tlshash":"d882dfa0f21610f7df085c39a41f9d3964274bbc613c7c437379587aaa0068d56bbb79","first_seen":"2024-08-01T01:33:28Z","last_seen":"2026-05-09T21:57:59.859562Z","times_seen":50120,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":86,"dns":1,"connect":7,"send":0,"wait":8,"receive":4,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://91.103.252.32/b215cb267ab6caee/msvcp140.dll","date":"2024-12-04T14:35:18.118Z","timestamp":1733322918118,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 21 Oct 2024 08:37:59 GMT","end":"Mon, 13 Jan 2025 08:37:58 GMT"},"fingerprint":{"sha1":"2A:56:7F:C1:73:8D:7A:48:D9:E7:52:83:15:27:9D:C3:C9:23:71:52","sha256":"D5:2F:F6:60:B9:FD:F8:3A:98:B6:63:06:DA:0A:62:0D:58:B5:98:CB:E9:68:3C:8A:0D:8E:BB:13:75:11:35:8E"}}},"request":{"raw":"GET /s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://91.103.252.32\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Nov 2024 18:53:40 GMT\r\nexpires: Sat, 29 Nov 2025 18:53:40 GMT\r\ncache-control: public, max-age=31536000\r\nage: 416498\r\nlast-modified: Thu, 01 Aug 2024 20:41:24 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18588,"size_decoded":18588,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18588, version 1.0","md5":"115c2d84727b41da5e9b4394887a8c40","sha1":"44f495a7f32620e51acca2e78f7e0615cb305781","sha256":"ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6","sha512":"00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45","ssdeep":"384:WF9srt3EJfKy7iOpqErJeqQhzsaZqPTPabcoqYdBTKYPvS9BlTf:Wn6UhKYieqAiPQTwclYQLlTf","tlshash":"e382d0075ef03749b0717dfbf9176109930350844fbcb097e63501b3a2ac53368b9602","first_seen":"2024-08-01T01:35:45Z","last_seen":"2026-05-09T19:26:56.465225Z","times_seen":20126,"resource_available":false,"data":null}},"time_used":365,"timings":{"blocked":177,"dns":0,"connect":20,"send":0,"wait":9,"receive":2,"ssl":152},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:regular,500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.1.95","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://91.103.252.32/b215cb267ab6caee/msvcp140.dll","date":"2024-12-04T14:35:17.852Z","timestamp":1733322917852,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 21 Oct 2024 08:38:06 GMT","end":"Mon, 13 Jan 2025 08:38:05 GMT"},"fingerprint":{"sha1":"69:86:A1:6B:1F:1B:CF:FB:22:64:8F:22:24:43:09:BB:74:A6:A4:ED","sha256":"AF:80:CC:3E:89:A2:2B:BA:08:57:95:22:69:41:C5:B8:43:A4:B5:43:C8:60:85:5C:AE:05:88:99:9A:0C:20:A9"}}},"request":{"raw":"GET /css?family=Roboto:regular,500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://91.103.252.32/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 04 Dec 2024 14:35:18 GMT\r\ndate: Wed, 04 Dec 2024 14:35:18 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4774,"size_decoded":4774,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (4900), with no line terminators","md5":"d69c5f8d4eafa32709b3d2f7beef0e98","sha1":"ad1d72acb61444ac4a56b4e5e986f5d5aa6b0f57","sha256":"47a1d45b5c67ce951842b1ec667b1f91b2e1830f2b9d485d04b859b687b52103","sha512":"b0392a60536da3c6860ffe9d1d339728b78236dec2d696328b87230772d478fed75a3d1e6b2d5e6fdcafb4afe148820ff66d10fe6801e018db687ace2eb38e44","ssdeep":"96:GOWlFZrW65FTkJc+unYpNYthdFZ4l05KAkJc+uEhNK:GOW9W65FTgaYkthal05KAgVe","tlshash":"d6a1ac81441b9404ea830ed237cf7a36bd0f2b2560b291329ffd58aeaddbc22535875c","first_seen":"2024-10-17T16:34:16.835822Z","last_seen":"2025-01-08T21:06:39.104798Z","times_seen":263,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":128,"dns":1,"connect":28,"send":0,"wait":32,"receive":0,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}