{"report_id":"9f563477-b6cc-4e4f-b475-b7cfa3ba13b5","version":6,"status":"done","tags":[],"date":"2026-04-21T08:33:06Z","url":{"schema":"http","addr":"qfssecureledger.xyz","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"66.45.248.177","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"qfssecureledger.xyz/","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"title":"All time Secure Ledger","dom":{"size":54276,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (18353)","md5":"0652e01fc6bf1c51a6b19422ab852f9c","sha1":"0ca7cc21b54fc980ec368507e01f5e023f7a5a59","sha256":"a1ea5ed0ba98eecb22676efa25009b8a31a8c7038d9b2c8c47d9ed5421a52a6e","sha512":"3c5e27146e3c959b22393669abce14550e67a13bcad55ad25c662d13c8afd02368e1bb7ab0c89d40ae2ec0dd8f46d67aeee362091cc1ea5ba5df5345f4cd05da","ssdeep":"768:S0hnh+WbQ2WI4Yb3Ujsl7WHZg99BvvzUWnozpiZC/ScQcvc9:3hhz3EdwZ","tlshash":"9133967c66f0103e6c9780f6f5a5ae3dfa19e2c3dd2ba28ab15d42105fd7ca18c93644","dom_hash":"domhashe2986e003233308da1074197cdc22d01","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"qfssecureledger.xyz","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"66.45.248.177","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-26T08:33:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T08:32:46Z","timestamp":1776760366,"ip_dst":{"addr":"Client IP","port":36188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2026-04-21T08:32:46.425169+0000\",\"flow_id\":1118154842262254,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"66.45.248.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":36188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"qfssecureledger.xyz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7166},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":35990,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1464,\"bytes_toclient\":8115,\"start\":\"2026-04-21T08:32:45.346862+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"qfssecureledger.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-04-20T05:47:47.109581Z","alert_count":0,"request_count":2,"received_data":815995,"sent_data":828,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"qfssecureledger.xyz","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-17","domain_rank":0,"first_seen":"2026-04-21T08:33:06.933669Z","last_seen":"2026-04-21T08:33:06.933669Z","alert_count":5,"request_count":3,"received_data":468980,"sent_data":1284,"comment":"","tags":null,"fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-04-22T08:46:35.745188Z","times_seen":31018,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qfssecureledger.xyz/","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f35059d79d9800e245f563d5e016cbe6","sha1":"eec32ea0397d972dcff2018a87ad27638fe74678","sha256":"10d8e93c075147ca533c830032bf8c29ac2805e7e5779d05a97556f28231b567","sha512":"cb142ae2f1c44b31c7896c29f71b59d44471e46daf3eb8ba3327ce1ebbf405034fcf7e68469137fdce80bbf3f3e83f4f816a246ee5cc5caeda31b7e85863a8f3","ssdeep":"","tlshash":"caf092aa09b82a63210aa630055e10a5fd2912efbc287e7a3ede42c42f5c41d90b8b55","size":504,"data":"","first_seen":"2025-05-13T12:25:35.673378Z","last_seen":"2026-04-21T08:33:26.677778Z","times_seen":34,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T08:32:46Z","timestamp":1776760366,"ip_dst":{"addr":"172.18.0.15","port":36188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2026-04-21T08:32:46.425169+0000\",\"flow_id\":1118154842262254,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"66.45.248.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":36188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"qfssecureledger.xyz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7166},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":35990,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1464,\"bytes_toclient\":8115,\"start\":\"2026-04-21T08:32:45.346862+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qfssecureledger.xyz/","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"40c4715577dbe43ad754a52e0d175ff7","sha1":"2c55a0ce9dac05818d63d27980c00b6750e65ce5","sha256":"715f639561c72cb3f93c8d940497d2722f581a1fddd0b06d0535b55713a71ca7","sha512":"07c9e4482a5f11f6c8342698c0226c750ea7e77d32b5e7e18b19062356b3312162901d5b73628795f26fa2a6eb2d338778ba7a6b13630fa0f1c4227a2518339d","ssdeep":"","tlshash":"3e216b37355e20a645b355f923cb9ea8751b30433065ee06ba8c83054fa2fd592b36fb","size":1346,"data":"","first_seen":"2025-05-13T12:25:35.674423Z","last_seen":"2026-04-21T08:33:26.678428Z","times_seen":26,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T08:32:46Z","timestamp":1776760366,"ip_dst":{"addr":"172.18.0.15","port":36188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2026-04-21T08:32:46.425169+0000\",\"flow_id\":1118154842262254,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"66.45.248.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":36188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"qfssecureledger.xyz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7166},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":35990,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1464,\"bytes_toclient\":8115,\"start\":\"2026-04-21T08:32:45.346862+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"qfssecureledger.xyz/","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T08:32:44.680Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: qfssecureledger.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T09:09:23.231314Z","times_seen":14053099,"resource_available":true,"data":null}},"time_used":582,"timings":{"blocked":0,"dns":189,"connect":91,"send":0,"wait":0,"receive":0,"ssl":299},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T08:32:46Z","timestamp":1776760366,"ip_dst":{"addr":"172.18.0.15","port":36188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2026-04-21T08:32:46.425169+0000\",\"flow_id\":1118154842262254,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"66.45.248.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":36188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"qfssecureledger.xyz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7166},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":35990,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1464,\"bytes_toclient\":8115,\"start\":\"2026-04-21T08:32:45.346862+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"qfssecureledger.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"qfssecureledger.xyz/","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T08:32:45.350Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: qfssecureledger.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\nContent-Type: text/html\r\nLast-Modified: Mon, 01 Sep 2025 03:40:57 GMT\r\nEtag: \"8c96-68b515c9-4b3f2eac659570e9;gz\"\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding,User-Agent\r\nContent-Length: 7166\r\nDate: Tue, 21 Apr 2026 08:32:45 GMT\r\nServer: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":35990,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (973)","md5":"bb8729b7a1135efd948ab2a00448f133","sha1":"f1c7dbc6b09406439c952a48e13f01eda1f38e1c","sha256":"1146decffd342ff08927ddc30913c14426715ee497b16a2761aedc5fe1e0717b","sha512":"9cb61fc5344a5c8f7a95712c71c46b8802520ce1cb38ed3d418bfdc6c3cb464f0c8308a36733d68e59b797b0d12fdfad0871888e9b1edcaeea4e1cff670eea20","ssdeep":"768:dkI4YH3JmslLXHZg99BvvzUWnozpi7C/ScQcvch:H3UCwj","tlshash":"f5f2967c26f1147e10cb8072ba65ae3afe99e743dd1ba18ab26c87511fc7c41cd93294","first_seen":"2026-04-21T08:33:13.445082Z","last_seen":"2026-04-21T08:33:26.677047Z","times_seen":2,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":90,"dns":7,"connect":100,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T08:32:46Z","timestamp":1776760366,"ip_dst":{"addr":"172.18.0.15","port":36188,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"severity":"high","alert":"ET PHISHING Possible Phish - Mirrored Website Comment Observed","source":"{\"timestamp\":\"2026-04-21T08:32:46.425169+0000\",\"flow_id\":1118154842262254,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"66.45.248.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":36188,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018302,\"rev\":7,\"signature\":\"ET PHISHING Possible Phish - Mirrored Website Comment Observed\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2014_03_21\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Major\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2023_12_19\"]}},\"http\":{\"hostname\":\"qfssecureledger.xyz\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":7166},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":35990,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":9,\"bytes_toserver\":1464,\"bytes_toclient\":8115,\"start\":\"2026-04-21T08:32:45.346862+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"qfssecureledger.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://qfssecureledger.xyz/","date":"2026-04-21T08:32:45.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 09:41:26 GMT","end":"Fri, 19 Jun 2026 10:41:19 GMT"},"fingerprint":{"sha1":"1C:D9:C0:8C:4D:FA:FF:5A:2C:CC:48:EB:7B:35:CF:FA:AB:7F:C0:61","sha256":"1E:81:97:52:8B:47:37:54:3B:62:1E:0B:E5:1D:D6:F7:F2:6D:CD:F7:D3:1F:8C:0E:78:14:26:9F:B9:87:EA:5C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qfssecureledger.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Tue, 21 Apr 2026 08:32:45 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::rb9dp-1776759645893-36e7ccece414\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 719\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KIVt%2FEaFYdl5ddZuL6YhXKU3Kjwef%2FuZboT3QsB48OUyUtcip25jBYTeRkKqRgC1hYRKcsS%2BsklKpZX1GBAPlyuFCnRyWO4LM9HorDAf3D7IP8H4uR3%2FlUE5nW2Yp8PMhf%2FVHWA%3D\"}]}\r\ncf-ray: 9efb0a3d6d45b28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T09:09:23.231314Z","times_seen":14053099,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":16,"dns":1,"connect":3,"send":0,"wait":6,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://qfssecureledger.xyz/","date":"2026-04-21T08:32:45.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 09:41:26 GMT","end":"Fri, 19 Jun 2026 10:41:19 GMT"},"fingerprint":{"sha1":"1C:D9:C0:8C:4D:FA:FF:5A:2C:CC:48:EB:7B:35:CF:FA:AB:7F:C0:61","sha256":"1E:81:97:52:8B:47:37:54:3B:62:1E:0B:E5:1D:D6:F7:F2:6D:CD:F7:D3:1F:8C:0E:78:14:26:9F:B9:87:EA:5C"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://qfssecureledger.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 08:32:45 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::md8nh-1775101186152-d45e2b42ab64\r\nlast-modified: Thu, 02 Apr 2026 03:39:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 1659179\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HzuO2aH%2BA3R%2FrIcV47khj0Kk014zzLwecyT4AU3h1ppLYooxyrXD0zWnBG4Qxz2XfqbTV1vA4PZ84XZ3BJvhq2b2f%2Bjga%2FmHHyPQ7Ibz9yMnTfdcY3WTFOl10ELVlrBX%2FekXYTo%3D\"}]}\r\ncf-ray: 9efb0a3d7d7bb28a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-04-22T08:46:35.745188Z","times_seen":31018,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qfssecureledger.xyz/uploads/favicon/1734287653_favicon-1.png","fqdn":"qfssecureledger.xyz","domain":"qfssecureledger.xyz","tld":"xyz"},"ip":{"addr":"66.45.248.177","port":80,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://qfssecureledger.xyz/","date":"2026-04-21T08:32:46.296Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /uploads/favicon/1734287653_favicon-1.png HTTP/1.1\r\nHost: qfssecureledger.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qfssecureledger.xyz/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=5, max=100\r\nCache-Control: public, max-age=604800\r\nExpires: Tue, 28 Apr 2026 08:32:46 GMT\r\nContent-Type: image/png\r\nLast-Modified: Mon, 01 Sep 2025 03:41:49 GMT\r\nEtag: \"6987e-68b515fd-42e0aacd5957c3da;;;\"\r\nAccept-Ranges: bytes\r\nContent-Length: 432254\r\nDate: Tue, 21 Apr 2026 08:32:46 GMT\r\nServer: LiteSpeed\r\nVary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":432254,"size_decoded":0,"mime_type":"image/png","magic":"MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"8fa68471eca5ede96879f2b52a439160","sha1":"cae7f30112d7da0d127031a1e552079c99feabff","sha256":"826c1c8429a1d696efe8e3dde929d5007a3dbf00163fd60c256b59f7e94403c5","sha512":"c241228999462a9f326a4c6374db0b123814e6a7d62fbf89e998723241283249d902175f7ec93666c22e60144655374e696af823813ac6a3f9f3f744819daf97","ssdeep":"6144:z3Lzs7MRZjFlb8XsYP93k1VBqkWyNZjG0U1WGlerOtWOLpmHok5Qa7zdRB:z3Lzs70Zjvb8t9+qc3K00rCok5FR","tlshash":"4494b7359da4258ff0350432102512b59869759fb2e318faaa9de7bb3434612c87fb3f","first_seen":"2025-05-13T12:25:35.67237Z","last_seen":"2026-04-21T08:33:26.676485Z","times_seen":12,"resource_available":false,"data":null}},"time_used":884,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":654,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"qfssecureledger.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}