{"report_id":"a3a7ddd2-556b-4872-be63-9dbac93763dd","version":6,"status":"done","tags":[],"date":"2026-04-24T07:11:45Z","url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"192.99.21.75","port":0,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"final":{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"title":"成人色站,久久综合精品在线视频,高清无码看片AK88AV","dom":{"size":147474,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"3992736c45b061779484f6afd1ad8111","sha1":"32a7bd4af2237fe7c48eca72fbe23e89609ea85f","sha256":"f49c7bc411bd63be49e35da68a5308adf8324ef6db66198c5dc0b13fe347d148","sha512":"9bf72635d0bff79c8b6f537e3c0bbc6ce8cb9df4ca16234fee667ce497b1c7fd2efc292aed08714d7f4bdefb573b3c277985dbb0941688debeee7cdbcaca8fe1","ssdeep":"1536:OfP7f011y9I5gmqcwgmUgmygmxNkiDZ0a2:OfP7sXy9I+mzPmTmlmxNe","tlshash":"97e34f7520f145b701abc2d0e4b06b2ebed2e26bc5639985f7ed4ad14f8fc92c943168","dom_hash":"domhashd46a76b43a4dbd56ec31041e3d29d32f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"192.99.21.75","port":0,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-29T07:11:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":7}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"Client IP","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.tj66789.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.hervo.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.www-robinhood.halhsc.com","ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":111,"request_count":27,"received_data":3499204,"sent_data":12368,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"picsum.photos","ip":{"addr":"104.26.5.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-09-14","domain_rank":29556,"first_seen":"2017-10-10T10:03:26Z","last_seen":"2026-04-18T05:19:15.617522Z","alert_count":0,"request_count":1,"received_data":114242,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.meituan.net","ip":{"addr":"138.113.181.188","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2010-01-25","domain_rank":189994,"first_seen":"2017-02-03T02:36:44Z","last_seen":"2026-04-17T10:05:00.434397Z","alert_count":0,"request_count":2,"received_data":214221,"sent_data":974,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"www.tj66789.com","ip":{"addr":"137.175.104.129","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"domain_registered":"2025-07-29","domain_rank":0,"first_seen":"2026-03-26T23:03:48.764324Z","last_seen":"2026-04-17T17:16:02.99974Z","alert_count":2,"request_count":2,"received_data":68666,"sent_data":1251,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.hervo.top","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-08","domain_rank":0,"first_seen":"2026-02-12T22:38:18.852066Z","last_seen":"2026-04-16T23:10:12.873916Z","alert_count":2,"request_count":2,"received_data":114588,"sent_data":940,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.erpweb.eu.org","ip":{"addr":"104.21.92.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":3860157,"first_seen":"2023-10-23T12:11:36Z","last_seen":"2026-04-23T22:24:47.805778Z","alert_count":0,"request_count":1,"received_data":92575,"sent_data":472,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2026-04-23T09:53:03.902884Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":351,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-03-24","domain_rank":0,"first_seen":"2026-04-06T19:09:31.400155Z","last_seen":"2026-04-17T17:16:03.136373Z","alert_count":2,"request_count":2,"received_data":0,"sent_data":1004,"comment":"","tags":null,"fingerprints":null},{"fqdn":"p.sda1.dev","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-02-28","domain_rank":1720343,"first_seen":"2020-01-09T03:29:16Z","last_seen":"2026-04-19T03:59:14.797653Z","alert_count":0,"request_count":2,"received_data":223800,"sent_data":993,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-19T22:35:51.253585Z","alert_count":0,"request_count":1,"received_data":2934799,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"img.alicdn.com","ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2026-04-23T05:23:21.716068Z","alert_count":0,"request_count":1,"received_data":103803,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"api.share.baidu.com","ip":{"addr":"14.215.182.161","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2026-04-23T02:06:50.970524Z","alert_count":0,"request_count":1,"received_data":116,"sent_data":405,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-19T22:33:42.593215Z","alert_count":0,"request_count":3,"received_data":323643,"sent_data":1608,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fastly.picsum.photos","ip":{"addr":"151.101.1.91","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2017-09-14","domain_rank":452388,"first_seen":"2023-01-26T01:05:02Z","last_seen":"2026-04-21T06:47:03.602927Z","alert_count":0,"request_count":1,"received_data":113962,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/ljbeqrq.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"e7a8ddd085dfbc497e21b66c0b97300e","sha1":"b8be56d6409406f9d32328301f09f4826faf30b4","sha256":"b37168cf11f78345b084ae5f1c0ce97356de75aa4db78af13567c53507a1bf6e","sha512":"d92734c9b6ea19ca1c9072ae4298b9cfb245872d1e0f963164681a53f25a7710cb9b443c8a5b7955d75a4d59ab2e964c7b80eb6c08676f3ae135d2f625e94e00","ssdeep":"96:s/vmM/1YI1ppz9Ws5wAwZ+QKNYD6+i6R6eQH9L4VkcMmaK/x17EPT:4cILXYDkkkcMm//xVEPT","tlshash":"c31231f71678663adb8295d0d4a5fba8f5f2e039ed139621b4bf0c18499387c8846d8c","size":9535,"data":"","first_seen":"2026-04-24T07:11:58.156094Z","last_seen":"2026-04-24T07:11:58.156094Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"f3c93d34c307be1452bac95f7c216f55","sha1":"05a79e923ad540cbcddab69abfb912702869b650","sha256":"6cd84a40cda216c46ed202f5a142e60a1ea662c9df5a11f929d26923d80c4c51","sha512":"a89711458f326c0e42209dfa6673b885d5e97da9b7fa8c5d6afe5a66fcf256e4f8c36e42a2ca66ca7f542a098bf5fb1709dfcb20bf79ad4d469663c198595ce0","ssdeep":"","tlshash":"79315021d9ef19fd553b617e6dbec92d73a72819e0a0c1406d90d4185eb258186402c8","size":1714,"data":"","first_seen":"2026-04-19T08:47:00.742352Z","last_seen":"2026-04-24T07:11:58.158029Z","times_seen":2,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"172.18.0.16","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":true,"md5":"0858406579c05ebfa2d2d770597fc3b1","sha1":"2e19327cef31b45590b08a43935dc9b83bff0b6a","sha256":"b72218a9b2195718aea623f65cd567e8568c344ce0ed6b7b99cf9a08ee580ed9","sha512":"6b91bcff568a79366a0a7c40e45de1f81fb7f018976b9247de673cb486e60db6a4c31656e7e599d119eb129b1e5593e44cf048519d8ea2bd121e598c33533416","ssdeep":"","tlshash":"74f02b6e5cb716b4769614be4a2fa418f1d5516f1044d5027d4cfc014f10dab4b2dbd4","size":494,"data":"","first_seen":"2023-05-21T08:19:15Z","last_seen":"2026-04-24T07:11:58.159822Z","times_seen":344,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"172.18.0.16","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.tj66789.com/matomo.js","fqdn":"www.tj66789.com","domain":"tj66789.com","tld":"com"},"ip":{"addr":"137.175.104.129","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67976,"data":"","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-24T10:16:13.485277Z","times_seen":2254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T10:15:49.54675Z","times_seen":21863,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/injvowq.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8254de1594ac8eaa1117c13a575b15d","sha1":"413d053cdad4775e2c88949b8e4893e382b32dc8","sha256":"2c099e89378c44a922c458557bc8d980d679073a9848021877ed619745290afd","sha512":"6329d4f966a300a647171182eaa109e8c95437d518960caeb4c4d5d95eb874033e6e0219afbb2607acad5b23fe29a9d321eefd31c63e2fa05916bd363aa2a91a","ssdeep":"96:6uWWDzBjmeA/4Tf/SNPjBA6V8+s5bBE5Jxg3:/9Dz1lVTHbt+s5bBE5fi","tlshash":"3602cdd142b1737b9a4391a4a4e2f3bc74f6c0fced636a1156bf0d3984e2828859898d","size":8780,"data":"","first_seen":"2026-04-24T07:11:58.160683Z","last_seen":"2026-04-24T07:11:58.160683Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3769fdb0d968b16f9cb78486d74352cd","sha1":"47f3cc7ccfb9a40c57140e513307ece3fddddc32","sha256":"fdf511832214880550670ff00f1a205b8383676e0052fc0e3c9a78c9fbe57ce8","sha512":"f02e1ff08eb330f213f289e1812320f1eec734d87a6e7fd8f47f9ff808f6c8c60b20ea64ba43c56ed885e49983f041dbd833efdeedbfbb8bb34b6bfbb6a0f14e","ssdeep":"96:yohGNqpKctu2+lUR9pGbpqA60zTqQfTMTzGN4N5SHz6E4W:yyYctu1+HQ1TMTawjLW","tlshash":"0812f3a942b237b3a65282e0bcb5d6ac3ef9c270ed53e254b6df49719387c34c86550c","size":9838,"data":"","first_seen":"2026-04-24T07:11:58.162467Z","last_seen":"2026-04-24T07:11:58.162467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3769fdb0d968b16f9cb78486d74352cd","sha1":"47f3cc7ccfb9a40c57140e513307ece3fddddc32","sha256":"fdf511832214880550670ff00f1a205b8383676e0052fc0e3c9a78c9fbe57ce8","sha512":"f02e1ff08eb330f213f289e1812320f1eec734d87a6e7fd8f47f9ff808f6c8c60b20ea64ba43c56ed885e49983f041dbd833efdeedbfbb8bb34b6bfbb6a0f14e","ssdeep":"96:yohGNqpKctu2+lUR9pGbpqA60zTqQfTMTzGN4N5SHz6E4W:yyYctu1+HQ1TMTawjLW","tlshash":"0812f3a942b237b3a65282e0bcb5d6ac3ef9c270ed53e254b6df49719387c34c86550c","size":9838,"data":"","first_seen":"2026-04-24T07:11:58.162467Z","last_seen":"2026-04-24T07:11:58.162467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3769fdb0d968b16f9cb78486d74352cd","sha1":"47f3cc7ccfb9a40c57140e513307ece3fddddc32","sha256":"fdf511832214880550670ff00f1a205b8383676e0052fc0e3c9a78c9fbe57ce8","sha512":"f02e1ff08eb330f213f289e1812320f1eec734d87a6e7fd8f47f9ff808f6c8c60b20ea64ba43c56ed885e49983f041dbd833efdeedbfbb8bb34b6bfbb6a0f14e","ssdeep":"96:yohGNqpKctu2+lUR9pGbpqA60zTqQfTMTzGN4N5SHz6E4W:yyYctu1+HQ1TMTawjLW","tlshash":"0812f3a942b237b3a65282e0bcb5d6ac3ef9c270ed53e254b6df49719387c34c86550c","size":9838,"data":"","first_seen":"2026-04-24T07:11:58.162467Z","last_seen":"2026-04-24T07:11:58.162467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3769fdb0d968b16f9cb78486d74352cd","sha1":"47f3cc7ccfb9a40c57140e513307ece3fddddc32","sha256":"fdf511832214880550670ff00f1a205b8383676e0052fc0e3c9a78c9fbe57ce8","sha512":"f02e1ff08eb330f213f289e1812320f1eec734d87a6e7fd8f47f9ff808f6c8c60b20ea64ba43c56ed885e49983f041dbd833efdeedbfbb8bb34b6bfbb6a0f14e","ssdeep":"96:yohGNqpKctu2+lUR9pGbpqA60zTqQfTMTzGN4N5SHz6E4W:yyYctu1+HQ1TMTawjLW","tlshash":"0812f3a942b237b3a65282e0bcb5d6ac3ef9c270ed53e254b6df49719387c34c86550c","size":9838,"data":"","first_seen":"2026-04-24T07:11:58.162467Z","last_seen":"2026-04-24T07:11:58.162467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tj/n5vxi33om5vgs.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"e2c9e271072dc082722f1ff10da8b266","sha1":"0583efa5c132e10911ca2fc5fe66b03ec4609c32","sha256":"4465c4efe266d3ce1db60180989f3bbbb6238b60804810b40db100e488611a86","sha512":"12d233eb903125e677ebe44d6f69da24e3f91701f181eba394b73f28bd27b6121144696e6558dcfdaf3c15f8ece85ae7983058350295c8d62d7eb51caf651cbe","ssdeep":"","tlshash":"e811e0a08b797b76961845b67cf9cbfc3ffe9438fc12e260999f483414e39680c84a44","size":940,"data":"","first_seen":"2026-03-26T09:59:46.515616Z","last_seen":"2026-04-24T07:11:58.114741Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/pj2w66lpovygsylp.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"introduction_type":"scriptElement","is_inline":false,"md5":"24ee91d00f82a93c29cb79dae16a7436","sha1":"e7ac744364c031fead0ccd705c9fc01d684716c3","sha256":"ff752a594a6a09ab40803c61bd0b86c77136b1d413e362f4f7c2ce0202fee883","sha512":"25be217ff6d99225a80d9da94897552f51dca1336deef5a660fa5d55e5a4650743178a3698810254ec55f6d7c22f37edca5ecc2a4552057ccbfcae0510a174fd","ssdeep":"96:kMGZ1msOtdLEqsq1BRDTKimlMiJboiE7o61ci1J:jGq3wOdmZYomP","tlshash":"e3f13230d16a362a83369132f451cbea38b5e573ef33e600a39f591da1c4ea95c5cd8d","size":8089,"data":"","first_seen":"2026-04-24T07:11:58.164214Z","last_seen":"2026-04-24T07:11:58.164214Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"7c0d15113548ccd9f8bf0a45908ace35","sha1":"f1185a750b2cc663e79d41fd9c833e2dedd8b2d0","sha256":"8f945e05714d2700811731be1f16bc8da3b328a843dc782ececd5c410052474a","sha512":"1dbdb3de3c9db7221d2f35f70eac6870586e81e64cbda78dbc1ec77688fe3c6926dd6e0b73bc87494275b32764a21b589394dd115b0b2db0dffe227f92fdc849","ssdeep":"","tlshash":"c7b01273484c07591b452049e022a74cc01354447c817012f1710d4d921d368631b53d","size":101,"data":"","first_seen":"2026-03-09T14:56:50.550446Z","last_seen":"2026-04-24T07:11:58.166238Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"13d68734cd6eae5c695ca763e521e0ea","sha1":"5287e9c3ca9202f131f5ea67d0c9febad56a1864","sha256":"ca589ec53ec251c3fd84f7d4f6ee12914e31e98d22edf818d620ef037e690095","sha512":"e8597b8963e21b9fda3e0c48da46e542b080df59d12911ddfc5a79aade6a5b52f6c602eb10001f7af89371437b06729df59c771a07c2481dab558cce9f6f29df","ssdeep":"","tlshash":"fec02bf209dc912b038705c5c103ba4c083204885d573081a4794fa49260540210238f","size":135,"data":"","first_seen":"2026-04-24T07:11:58.1675Z","last_seen":"2026-04-24T07:11:58.1675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1b8ef4cf9a75cd1b7877e815ffc212ac","sha1":"bfaf17a530f843bff511cc453a555cc6fa83c4c5","sha256":"6b92e86d4a1e5eacd2da462c2c7155c745d6ac8bbc9d47879ef1752c6d4c1c01","sha512":"2b7d49e08b0bac0fcff0d14b88b3d3deee902d2daefaea6fdfc1a15c8b622f6f47b0dca5894360326a43b5e1231ee62f239a314735a4eb4a612daf34785c9ccd","ssdeep":"","tlshash":"bfb022be03c033ee020b0efb32082ef080a83228c003ec20fe0c8320030c8ac2282380","size":94,"data":"","first_seen":"2026-04-17T17:16:20.132334Z","last_seen":"2026-04-24T07:11:58.169564Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6223f5ea44288e477c7b73b76c8b4afc","sha1":"d20f3bbce144649b1768bd5d5f42a0189ff470d7","sha256":"cd04a468536473745e0a623f4a6f02a165e97c1fd64bc85826647bebd6487d86","sha512":"8dbd5d9605e0f5e1f27dc38de9858875e0bb0b82c9164dd4b98ccd9ae03dbe0f3f11ecac9d1c84490109b50a682bba0cf91557278321e38fe35a7742ae10f3f7","ssdeep":"","tlshash":"3fa012271750c815418941901492303850410141e4238444b9be380277081958300041","size":86,"data":"","first_seen":"2026-04-17T17:16:20.083864Z","last_seen":"2026-04-24T07:11:58.170505Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"47139a3e65fa8a90d3c9863141e51837","sha1":"e0c55491fc4ec10fba4a9b3be7a1014acf56b055","sha256":"f219a8a99f43140231749fb5d18c1cb24dc8657c4ed56879d26288026ca05ac2","sha512":"abd3f9fd8d7ac49c301a1c5104ec3e7115af733d0991f373b804c56ccbd69d30638c687e537fb7dc0dc8d0f0fdb7f7724951912f164d1708ccf3241133fa1a98","ssdeep":"","tlshash":"5ec02b92746084c70513c7d2843c1bd4f9413188c0a04101fdfc8d0633000406611191","size":140,"data":"","first_seen":"2026-04-17T17:16:20.200254Z","last_seen":"2026-04-24T07:11:58.173419Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a477ddaf65fed3ff30b565bab9d67f8d","sha1":"3272144d91a25363713b61c2ed24474fe0d1a92a","sha256":"f62664d79a91c7b4667bb4c9f3ba7b3c241c24b95b035f393fb775ec3c24c662","sha512":"d2e3747276e3130e8ba5f65c66e40593da6c769247091edc4fade92eb4be0198c22311ed34aefc6272caebf4fd25a69f8b7d56df415abafb128ad041ca39d4e3","ssdeep":"","tlshash":"8f90026241c890590510c1c05015e158d45304566c42161ac852038e10045628543589","size":49,"data":"","first_seen":"2026-04-17T17:16:20.08693Z","last_seen":"2026-04-24T07:11:58.174589Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c921816db0a763a0b687db0fb6f8cc28","sha1":"914625f8d0d33bc4ea00983c8a09d05f331c8622","sha256":"e0283d45b344fae53f4c4545a01da7cd0b5dda316d70868431b25eb87cdc0704","sha512":"0f22c8fafea214525874cdf9ba7783591d4204511372255972dd8f101b54ee3c0104ec02af5f39a0e936f19176e00026422be5338316a89295362b796f57fea4","ssdeep":"","tlshash":"9ab09230d9687915a490c183b304edca2442ba2282298414abe434256a29c293aa924e","size":118,"data":"","first_seen":"2026-04-24T07:11:58.177093Z","last_seen":"2026-04-24T07:11:58.177093Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3135320e06e191fb08a6af5280e9266b","sha1":"36b5fee4175fa0bc88e8561e463e92c5c56e99bd","sha256":"2b49edb5f2dbc9651303a58e62f83f2ccd23ac8f6c32ef24575d722c3302ec69","sha512":"d9285d7c9b67f668773233834bcbb87994e224e7e55da73d107f27d1e0f046e23d9da8d9896651c25e69b4160b6e615cbd830587e61df66dada6caf1f0ea6ffd","ssdeep":"","tlshash":"0fe05e166ea9194fd645903beab40e096281a21b67db84e27d3d2580cf3964cc1b23e1","size":292,"data":"","first_seen":"2025-04-19T18:03:23.291985Z","last_seen":"2026-04-24T07:11:58.17945Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"18ff826946766d08bb093b81a8d8e543","sha1":"c8382cb4d8819d227e163305ab3f5a0e838777f5","sha256":"ae5e1ae96471eec131e64774157089ebe96b78173e6d36f11a8ea44a455f6f64","sha512":"dc74c26b35e070dbccd6fe803853d5acc94b5812ba78a2fecb6e7fc11bcfb11be9124abb96d8a1e5086f8360731087bfccc8d401a3ab5666caf7218f0c2504b4","ssdeep":"","tlshash":"6fb012d500394a001402c180cd740684b89638340d334d841ac48081de41c615ca2484","size":91,"data":"","first_seen":"2026-03-09T14:56:50.483597Z","last_seen":"2026-04-24T07:11:58.180466Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7877e32ac4204b70e73d81ce9bde899f","sha1":"1241fa5df80ef7cf0a8832a52f9cc93c20667496","sha256":"7e6d90971ea0c1dc2d9f66e99e5227f089507dcace903d2092af0776bde88d9f","sha512":"8a16d7bdd518bc08b647db29bd334a4ef7b45d0bbe9a9fbd0d4dc2c57a9536725e4d26e7275fca3cdb51b959c7e95fc82362006acdaafbd9ede43f86165afeea","ssdeep":"","tlshash":"c0c022b7b0e511aa086b84e3c0385d81f280b2404ce22011f8cc88301306c0c4000094","size":191,"data":"","first_seen":"2026-04-17T17:16:20.065606Z","last_seen":"2026-04-24T07:11:58.181414Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7d94977a519a9c45d5432662ef69eb0a","sha1":"4855d5c4d4ee2943229ccdbcd3d7a1c06490555b","sha256":"97576352ca0fb66454bde3876bf9a3ce49682ed71b0641e55642c86c9fe9ce65","sha512":"8ce4c8c375fc1683ced9f00521f7b3f7e4f5b071e99db8f9225eb37e499ed76e66589570b2973190de5a894a6fb90519cac0e7eca502fec3ebd12bf0157b7999","ssdeep":"","tlshash":"48c02b13910780c6345bc3cfc4595fc4fec07260c8ec6000b8cc881b23008c88001110","size":138,"data":"","first_seen":"2026-04-17T17:16:20.085271Z","last_seen":"2026-04-24T07:11:58.183595Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b200505f9b0cce4d256348a00d040e2d","sha1":"fa2c23ab722a481729db0cafb94bdbc44a8cff3b","sha256":"7ed82fce8f524a9069eaa3694e06693a339e95eb0434e7c9e1dd44a140062f61","sha512":"b94af5c7fdca805ce8c9d34bf77da6c8afc99749aa0fab78227c6aab1334f5c8888f62b9925ade0a7bb5ed9ef9cd88c8cf3074143cbe3a88dfea5da4d11acba8","ssdeep":"","tlshash":"52b0129766c4d23c52216142f5b9524ccd1ae3c2cde160a7c355218f14720a46449d4c","size":113,"data":"","first_seen":"2026-04-17T17:16:20.299299Z","last_seen":"2026-04-24T07:11:58.185855Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"03dbae5ad5cef34a14c1a69211804c2a","sha1":"9fccf5c3cf23d27d7ae5a58f65bc8899cf7ee16e","sha256":"42d36a6eb7710e0a7d9b5341e96e85a92017170629f9a3c9b1406d2c5bef61b8","sha512":"89a9ca64d6dc5a9445b2a97f589c9238152d4ed97dce5dad1ef318084bb8db8c9803e9b9006d1d313958d4db2ca33cbb48c240207539daee9ad4cee5e691ea8d","ssdeep":"","tlshash":"60a022f2c2c0888a0202800030c2a22ce8c2a20cae00020ac0a2022c00b0bf0800280c","size":73,"data":"","first_seen":"2026-04-17T17:16:20.215025Z","last_seen":"2026-04-24T07:11:58.189399Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a4e53af7e93e71661335129c11e6871a","sha1":"e51998ccd888316f8c95021a804642fd03bbb492","sha256":"2979db39b2d194ef96a86c3aa3bd906356cd85efa7ff75ea63d8f5a520fb4d79","sha512":"6dc8b8fa4676406c36681fa6ee642c7847e170d487668fd63efb77876ec7f9a64f610053ede8075750ff7a5bc0c1124b4705d86aefd3c29748ce8de5740ed72a","ssdeep":"","tlshash":"b1c02b62454151290343890ec010b205a802050828c42002ff6c0d994464328da0630c","size":137,"data":"","first_seen":"2026-03-09T14:56:50.480331Z","last_seen":"2026-04-24T07:11:58.190347Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0f8db074fb7c9ed46f93651fd2e1fee8","sha1":"59214f67e37de50e5903b54bc69be8d379812934","sha256":"3337ad4a41121508aefeefbd696eaf5d42d86182bcc1729b333f644a25834639","sha512":"16d46a758d53a8bf4367cb49bbf0c1edd7d40afbe945aeb8daac784469f8e7c95ff789bec3decd564edc8fc48d743520f401ab72b046bac827906ad027bbc2c9","ssdeep":"","tlshash":"0b60003f030000000030c00cf3030c03033000cf0000000f0303000300030000300033","size":14,"data":"","first_seen":"2025-04-19T18:03:23.275709Z","last_seen":"2026-04-24T07:11:58.191231Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"eeb242c4f3cadbb808700743b0f1ff73","sha1":"202a25ea4a10ac0abd656fcb8e2bc87030925723","sha256":"f07183f322e15b4d0395526494c4c9319b95e6d59fc338e1d3f13c6f928945e2","sha512":"5636f1e34eba470affd98cddff58ed01ebdcde85a3deffca5dd697e1ac6a438af0b97cc7b1878093340b4664c8c3f07a94a562c78036ffb8adb242c75af9cac7","ssdeep":"","tlshash":"f4c080c733c1c18d281341d7cd648f4d75b2790484ab5501bedd8dde67125144512415","size":175,"data":"","first_seen":"2026-04-24T07:11:58.1921Z","last_seen":"2026-04-24T07:11:58.1921Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f7951c2bf2ee9a48297c191a8cf6ae46","sha1":"0cd3b977dbd21b0e66ce4f20d1d5ecddacf2bfb1","sha256":"c87ff5426d5ea37b0d075fc91c6f9f372d72b68bc418eb59d20680af7df59f05","sha512":"3cf01e8c37072d09b5a846491fb4d3bd7d9445277fb7359745fb4e91798f5cb2f4fea48c7762397e6440322e0528488f7c909d184a31f2a63619097443618fd9","ssdeep":"","tlshash":"82c0800511182d5ec525a306e8458ccd117051579b33b404675cd769e594476ccad3c4","size":161,"data":"","first_seen":"2026-04-17T17:16:20.124952Z","last_seen":"2026-04-24T07:11:58.19431Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6e262133dd98f1fd154824ee6dc0cd3c","sha1":"0b8dcd42b4fb9d398e043f754c53190243cd804a","sha256":"6e9b7791db48888669850904c1ae6cfa7c4381c6bcd27285965f7e219cac9fb9","sha512":"f6d5d881c0cb10aa52e6656a5d490c484174fd4b831c5f32ea67d0d3316fabf6cecb798a0962505108b80bd00320449abddd2f1133d1575e9511cbf9db227ce1","ssdeep":"","tlshash":"09b01250555e151a81d6b085a5e52714f57246c497e7893040a09394d3dec5e048e9ef","size":108,"data":"","first_seen":"2025-06-09T04:15:10.535948Z","last_seen":"2026-04-24T07:11:58.195306Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4ca0e47043d92f74aaa5ee1ff805cc4f","sha1":"ba0be4b8e2422f1df2387e2418873bcc7bee40f0","sha256":"b72cc6114df029a9d2d9a08d88a2f20d108da100fbcde91e19130b2f0cfcdc2e","sha512":"0a8cd1cf3e94fd994f026a4b96a8869cd2587d7cfd75e99f941f0ee06fc0f1ec2af8f97ddfef3cd5500e52b23f2d6a18f4ca81f17c5abad4768a6955b8dfb080","ssdeep":"","tlshash":"1ea012618548001312819804d14357048002488164c26042e0b14d441551348620ab04","size":84,"data":"","first_seen":"2026-03-09T14:56:50.501663Z","last_seen":"2026-04-24T07:11:58.198559Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3b376a60779c1d8ec7c243a0fa1cb294","sha1":"eadc1b1863569f7d8b61eb07a4894d08eda13315","sha256":"0bd8c239099861cf097610e5b6111cb606b6d671c4ac73a9f91ed023483e0582","sha512":"04dfe8ef4d48aeef4b8af865db8fd9d76670972b502ab701a74305631cfa94cc222f8e19921cae364fd98362d9e4c35d08638f7fa56f7b94bb2e366f488fe6e3","ssdeep":"","tlshash":"37b0121d08394c881c174185c9f08407b89230341d204c040ae48000de01c605dab09c","size":89,"data":"","first_seen":"2026-03-09T14:56:50.538416Z","last_seen":"2026-04-24T07:11:58.19973Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cc0c2a6fd4605e93311896e4901778ac","sha1":"ea84f1e16f49458a0da5d7f8a8cfad66735193c5","sha256":"f13e9f807135cdda7dbc8da04d0ce6d76e2e0ba6df73684753fb95e7f8187a94","sha512":"68ce70058d2f5e6f2edc427af170e3c750f52ac4a9e60f6c521f6de3f8fc6c45d3580bb9a69b369f0aa317db8374735c32ca8c59352d23fbdc3a67daf3b60912","ssdeep":"","tlshash":"be7000aa0308020000300008c2028c300320008a8000002e23a2c02200230200300223","size":22,"data":"","first_seen":"2025-04-19T18:03:23.28802Z","last_seen":"2026-04-24T07:11:58.200841Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8120e67b6dd50951d5d26400103485f4","sha1":"f929e7e75f61b8176b0838638a7f42c09747bbd8","sha256":"12497dc21843af8e7fc69f188832e39f39ec1b403e95d6b6770bec30e76f963b","sha512":"b0ab141dc855c8f9efae3968173b8430cf8c407a0909e1e47a49d9aa1f1f268f242655d3fa99e9f440eb3202258fd367e053426c12de0c678a7726b2dfb1683d","ssdeep":"","tlshash":"f6b022b082cca00f0083c823c0838f00303208caec83a0c0e8f30f30b2b0208e0c2bca","size":122,"data":"","first_seen":"2026-03-09T14:56:50.633448Z","last_seen":"2026-04-24T07:11:58.20174Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2fae57c6ba3ed0602b5a466e0d64735d","sha1":"d5c9ec0b7c3ea87446ad57437d53176b52d16699","sha256":"2089af257a218c1df6e0349d91eed8d2734f151da6f364d46364c35c07521e4a","sha512":"fda3e60519b41eac85ef645e847ad6412f0a2ea0c141c218e65b50adb70e9d598ae52ca3756e1c532de21ef68447de168e23adcea7f265eb3b4bcde88f89e2fe","ssdeep":"","tlshash":"39b01248048023a2411acda321401690005d1018c1028854f55c461003580e05042300","size":87,"data":"","first_seen":"2026-04-17T17:16:20.198351Z","last_seen":"2026-04-24T07:11:58.202673Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5316ae2d6d0c610d17005a0e8888857a","sha1":"82572936d3423b5b0c0376771b69d5cbb679195a","sha256":"1fd2e3a251b9acc14a5deafb73d7225813e901e43f0869968ac6c4e201aa105b","sha512":"e0a91fd290c6ee9ed8afa79869d893ee0f31fa39078ec6c2ed795a81694866f4ff83656d30697533311703427687b8dc69577402ea87e6d0130d719534a8222b","ssdeep":"","tlshash":"34b09296886e5a214b863944e1469a0d9126a489a985a922e2618d8c86b2759620e148","size":124,"data":"","first_seen":"2026-04-17T17:16:20.090178Z","last_seen":"2026-04-24T07:11:58.204858Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"66323a054113bb45ac6feadb33bbbf02","sha1":"2fe376ba22c976a8616a2e07b6123877b176fefe","sha256":"c04414a34fb80441a109b8dda8003ad4871cdd52b440814718379d33c717eb18","sha512":"11fced98f060fd6326c69deed64c7d3a5ff686beffd98efa27579e19cf84342ae09f3300d29b57130283b492a176bf74d9b9d2380ff0969b051cd0cd12d4a246","ssdeep":"","tlshash":"69c08ced8494d86e0247d5c380d34e0d90292c4c9e174000e8650e148774298d002688","size":151,"data":"","first_seen":"2026-04-24T07:11:58.206247Z","last_seen":"2026-04-24T07:11:58.206247Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8ba79f2dcb56c194b99dcaef744deca2","sha1":"b797fef893f178d7885dbeeedd63c6b001d0e860","sha256":"5feacb3ec27f384f92ea44f0f137e9e6fcfe1a2b499a383895cd85b77ebc9367","sha512":"e5478949645662b6f5f38d2ca3db5d0a00f672dd560cd79ab66f59d3c723bed30cd7d553f3f03e96e0b8abff11a4d1896cda669a2365333847a7e3b47647d19c","ssdeep":"","tlshash":"a7c08066815514ab05465557c00f564e30760c58ed63154665e50d5466a4554e2041cd","size":172,"data":"","first_seen":"2026-03-09T14:56:50.71865Z","last_seen":"2026-04-24T07:11:58.208662Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"62ea7c60f07e4f98007d77df725ed42d","sha1":"47c02cb5040080c413c1cf2ee87654403e704eeb","sha256":"133eb1b940a209be5ddbc1b1ff46d41d5b896a1ae340dd08cfbf6c01f6c7914c","sha512":"1da1df8758418e2e427e3d80265171d471efb85f3e107b89339f77f14935d26230db65e40464c21f43c07db61e6910f7296a8a942d0e09e904a232c8f1917a91","ssdeep":"","tlshash":"62a00276e0908fde215e457360555e50780d7286e10bc86db69e89a4830b40dc802111","size":76,"data":"","first_seen":"2026-04-17T17:16:20.278151Z","last_seen":"2026-04-24T07:11:58.209695Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7957d5ad27af71eba886fe409e9ee67c","sha1":"50ea764fa7019bc26d19de04441986f8b4b2167b","sha256":"42f563d17aba858c77c3d3d96b5fb52e21a7c9a4b3d34e8b5da4952f8a8e6769","sha512":"38e5a6a691aab49b1609d1bc9d2fafbad3cd63f078dbbe85082563d6090ecc4cf184c4281f4ba3c8d0f78ca61ea777418732f256efcf342b0aee3457b06c6424","ssdeep":"","tlshash":"416000082822aa222008a020ec000200020080cb800000002000002020000880008800","size":15,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.210569Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"39d12f190b7755d66ac868e33a444431","sha1":"0cd06e4422c742b49a740c00b0fec00352b24424","sha256":"be30dcccb9556e082eed09c2bc28d90a59eec0f8f59fd002ee61c00f6408af92","sha512":"9f2bd9fde18c2c2264213e83d8c96863982709c426a79e78d1b464d525cb1775a093edd7075eecf3ddbe9403e400436454c7e0545ad17512f84ef2912767e849","ssdeep":"","tlshash":"eab0121502fa8188583c5378b00d91ac977b882170b6c994e713804e085e51000606cc","size":89,"data":"","first_seen":"2023-04-25T18:15:15Z","last_seen":"2026-04-24T07:11:58.212629Z","times_seen":187,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"282ad80a17763323e6fdb465f288ca95","sha1":"447d6c5c8b6ea05251c007c627017c4500d2282e","sha256":"a51020f49ee8bb2a3c80933a11ba3f69b9eb9bfcfce39156c97dc65978b7b2e3","sha512":"9655a769d91270df86f69c69db69ef16d38159987be18da9dd1c9c4fa1f5ed9c0bb9300fd120c549d3961591a9271cfa705689b8b8946c8ab3a39ed8f2743284","ssdeep":"","tlshash":"4bb011a28a8c0822038a2ac0e008e388a0038c08388a2002e8220b8e0222b08a30b380","size":88,"data":"","first_seen":"2026-04-17T17:16:20.30084Z","last_seen":"2026-04-24T07:11:58.213581Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f8484ec9183a97a0a229dcff906dc2e7","sha1":"7e844584965eb0519e5263fe6c0cda1040a5b2f3","sha256":"365013798bfdc81466a22fb3ff34ef8e6f34a1b313e754a9aed05f940088b402","sha512":"d5654d0dfa960eeecbb2e8b27b730caf0c38b335365a255e698f0bdbd142fa9f331fff60aa79c6e0a62ba22139d13a1f656122fe2a88bef9963ae0262628f729","ssdeep":"","tlshash":"55c08cf3416e89d8ba83c0a0eee21828e4a3302fc8fa941c86fa4000e104ef020818f8","size":173,"data":"","first_seen":"2026-04-24T07:11:58.214445Z","last_seen":"2026-04-24T07:11:58.214445Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e582f9e45fd978f58763b49260f5a90e","sha1":"7eec518504f40e6a99f39cc7890df693a79dcf13","sha256":"7b641dea31a7d1010be5f38b4f2d3403cc900f2135bb987a719c2be4eb5acbca","sha512":"a4376bd7e6d38ca4eb4710a551e1a41cde915ddb2b050ac361236607514d076bfe251ef6cc572c1afcd5e14f8fe1d4ba2c6ef47953e42c7dc5742a8786bff8f7","ssdeep":"","tlshash":"52c02bb10459605f01461147c0029bc8b23310d85e471041b0f20f54db302c401013f5","size":132,"data":"","first_seen":"2026-03-09T14:56:50.577427Z","last_seen":"2026-04-24T07:11:58.216439Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1d6606d8c98de9dc2bdbc07a2b39fefe","sha1":"26c5355e125f66d2887c1982d606e641b971f0b0","sha256":"d7eafb0450d259e33aef9404798ddec214341a3b7d5a1c05e3c18f1468aaf51a","sha512":"b3171b7f4631c9d3c7ecde62eec6d4620d273b78ff2e8c88467103a31fa0fa042c5da440b20b02ccd8039e3745e1c69ca91fa95a9d1b5ac0fc303a6a134efb2e","ssdeep":"","tlshash":"afc02bd5c05ca435020b5282c01b7f0c70361448ef635055d0b50fa4a17470045091cc","size":144,"data":"","first_seen":"2026-04-10T16:24:49.070471Z","last_seen":"2026-04-24T07:11:58.217583Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fa17da2fa26e4f617b8eb3a3c6665ff4","sha1":"cd24a87a68c8d2db608a1d93d64518282f8e4f56","sha256":"20dbad32eecca89775152d335b9933765567752c977b12104ccd1cd90b93b032","sha512":"5ffb8f135ae52c27837ba4324b6ab3875ffc53371a048ced779d12e452e9d4c0b2f81af59e7999ac3156b185310a0ca8ffdd0b5389ceba790a6e161355c9c939","ssdeep":"","tlshash":"f4c0c0d744c4c13d02975183d0674f0cc435b2c8ede35083e6710e0d557004c600454c","size":194,"data":"","first_seen":"2026-04-17T17:16:20.303325Z","last_seen":"2026-04-24T07:11:58.218441Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fcc3c75380c124cbb812678e1c50900b","sha1":"e9532bd964dcc3a5afb7f462a8dddda4a88ebe51","sha256":"d0e339c0d126d133b9e8c101bd0ccbec051933bff73a98087aa45fdb316b7b74","sha512":"e8ab8e7cb0c798f8a79731f4d19828dc1abe227be3fb4369ec2012d4f7f4ad64d2f6d340aac55f64f51561a4d4b5b8edf4d50408dcda50042a42e3f589daaf96","ssdeep":"","tlshash":"44600000000000000000000003300c0c0f00c30000000000300c03c00fc3c00cc03000","size":12,"data":"","first_seen":"2023-03-07T01:16:29Z","last_seen":"2026-04-24T07:11:58.219297Z","times_seen":501,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8c3d40da9baddf2213f6c2aaef3e6f25","sha1":"858bf4b2b005368dd91fe962257c56986f5c69f7","sha256":"9090697705a534fd93ca66e3c9e9b1737b38aba1bae55039ee362b7e94869095","sha512":"44eb3b219dc3d516fca4dbc1ff28635d0a9cad0271501f7448696f33e47d5de71a86603b4296d5321766d3e8500a878713d497f36cf40b24e0271c089416c522","ssdeep":"","tlshash":"dac0228928428043c2270d3200ce45608d381e82f122185d339b508e494b364a7e3f3e","size":187,"data":"","first_seen":"2026-04-17T17:16:20.092489Z","last_seen":"2026-04-24T07:11:58.220108Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f701c49f578b5d443b92dfd9b346c6b4","sha1":"ff69a574cfb571e1ca684b0866a04ea4cb942dc4","sha256":"4e216f9714535580c4ad780183ff103935cd30bfbd2e366b425f9290e10c9572","sha512":"9ccfe7c6ba5a657b2c27627d34dde3a3f6bee8e6f4a1b383ea7cbd294ce317d7accd3bcad70ac335db7a315dae58271709d291bef73856320cd48658cca3090b","ssdeep":"","tlshash":"e960000c00003300cf03c0003cc003030030cc0300c0c30c0c00000c000f000cc000f0","size":16,"data":"","first_seen":"2023-05-27T00:35:38Z","last_seen":"2026-04-24T07:11:58.220944Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cfb0b5f8ccae71824d6eaeed9d5efb2c","sha1":"f26a5fc2d93401fd0a0fb60d5b8ba770e74ca387","sha256":"ecd5b806462c7dfdf078ac76c549060a06660422d00e55bd5823be6747361085","sha512":"7914477a4859b1ef55cc19a134a337e099b9c288aaa06e253e830ac299a653220c2a8f1c6dfd6f59176f483b8664193398177a456fa1d6e8460cff242af6c854","ssdeep":"","tlshash":"433000c000000000000000000000c0000000000000000030c000000000003000000000","size":4,"data":"","first_seen":"2023-03-07T01:06:20Z","last_seen":"2026-04-24T10:34:12.862012Z","times_seen":5138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2e0c55816e992fb872d79088f0ded62e","sha1":"ff02cda2f4765590a138b74c605cf3474789a1a6","sha256":"c27cdb0afc85b8f7aca34641d4c816d7d06f9a6435eee8dda9d1f2f5006d8292","sha512":"aa09392079999c2c8c74ba1ceb169edf3b35dbbeb8ea3e66efcead579ea1e257451e3218aa7f1f071197fe61f617b1cde18d583b722cb4b2c35254f73f82f0dc","ssdeep":"","tlshash":"c6b02b1e027758008d4641c083f20414e0c330380e226c18cf8b0004b5118601595048","size":126,"data":"","first_seen":"2026-04-19T08:47:00.878985Z","last_seen":"2026-04-24T07:11:58.222978Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"24190acdfa8747935c05edc0e8c0f52b","sha1":"2c4dd7ada516cdf8dbb1af4393a9a5ad7206b3a1","sha256":"0f22debc20066a6dc22ab0dec4a362e879b9fd2f7e91e2cfdad4ebb8245f49a1","sha512":"226c5b13db4e878c308b09a16d3c40ceec618d77002665249a3a89c97dce00f561e18df0fc112b363c13f8d00efeb52c40e0eef5432f34266e2132893f981d64","ssdeep":"","tlshash":"45b012d6d9aca431434ab685d21e7f0cf21b6804bbd3b027f4b40ad865767585b0f54c","size":125,"data":"","first_seen":"2026-04-10T16:24:49.1144Z","last_seen":"2026-04-24T07:11:58.225221Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f263aab03a9b9c776403d88b8c79c5c2","sha1":"8bd95a16d3a9cf8016c670639ef8187568e29221","sha256":"4e567bcaf6a4ab40543c850cf24e2eeae2bcb2503280ca3849fd4b300004ea28","sha512":"49fe68fec5a2f0044c7c6575c331b34905decac8bc63bda41eae1662af4dc02049cd05167b1c407c59828e2ca13453fd0844dd7853f5de4dcdcb88173c1e9561","ssdeep":"","tlshash":"b6c08c99c49ca829020f9283802b6b09b0362448af635055a4b65ae5a57470065091d9","size":161,"data":"","first_seen":"2026-04-10T16:24:49.095829Z","last_seen":"2026-04-24T07:11:58.226139Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f045b67921427780ddac6c55af00f936","sha1":"19829a93b4023e48639889c17a1026e380e04666","sha256":"dd8b45d2d68852f4546a1b1923e7404395f064442a70340ba698108625f804c8","sha512":"cbe9897eb47f61d8a0c28ed0fd345b1bea6d26351c0ceb39f0c6f0cd6ff26354e8e06f84c32ebd776c0cf61cbeb5df5122080783981ced8e07a39bd8a615ca65","ssdeep":"","tlshash":"56c080758445a69a02470957c052965944b155d8ec8350c454710f58b1b42145205185","size":169,"data":"","first_seen":"2026-04-24T07:11:58.226969Z","last_seen":"2026-04-24T07:11:58.226969Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"886cc9c007d858b624053ccb2bc11731","sha1":"06b0d967bdf9d62cb8d5126cdabb9aa270699315","sha256":"8ed10f7ee2e58185a8ffdda0b40876866eb08f70b77653accc9abf1688363ce7","sha512":"79158f8649904662d0a337bdb43c42eae76100c5573436934cf09a8507fd1858c3c5cdf23d86462aac243dd0e181d3b23e7c8aaaa4da7c33774846e6b9a4df23","ssdeep":"","tlshash":"80b09bb250596c5f01474193c0865706543514cc6e535441b4f21f55a26855451213d9","size":128,"data":"","first_seen":"2026-04-10T16:24:49.097143Z","last_seen":"2026-04-24T07:11:58.228954Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6498bfcece8bd9d1b859b864d14c198f","sha1":"598ed19c490ce1c62feb352d92c0a694865a0216","sha256":"3df6f1181128cd1b49ff13e62c98444ee916b5251cdaf949fe308abc2eb11606","sha512":"44d99c98d78e82ca1018f211a58106f736c4eac47be243a697b417e6c4770fc2c1259cb885657ce8c73fa3ebef7a1bf6db0c9ae1ec17e04c46fb6b85217c7e09","ssdeep":"","tlshash":"c8b01215713c316a93ab7597e9816f30367107a98b734d2551e08356b38fc7510498ce","size":107,"data":"","first_seen":"2026-04-17T17:16:20.261765Z","last_seen":"2026-04-24T07:11:58.229836Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0b9fef7602b474febb1e71804aecc451","sha1":"15f3bc9d487240f11528bdaa5c03c733db52b6fa","sha256":"d6f46d2b3cdb7d4df1a770f7117ca309cd1ac0ee3cd0e9119ad1e84132916c16","sha512":"3622082cbed9f436736160e84c74b0bd45cd7f4d6e335655e1bef753fa7218a607f70527458d306d51e2ab4275b4ba22c8cf84b7d222fab38e9299937cc082dd","ssdeep":"","tlshash":"72b0129ada55852353837c54f2c77f4ed122b444f4823013f2745d8a91b1358f206794","size":111,"data":"","first_seen":"2026-04-24T07:11:58.230674Z","last_seen":"2026-04-24T07:11:58.230674Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b26434a994ce9d45dee20b67f44ac0dc","sha1":"974f52b12f4ecef1d2ea810ea23f731864c48316","sha256":"4486a346a5a150e4fad753fc17f2d815e112866c1b4cd4cd747d950297a3d5d0","sha512":"3d4d5577de74cec78f649daae035d7e6e7155530edc68a78edfe1dd4c71fac973ae8f75a6cbd76ce0cf96369e3de24c0190829e1dc04bfd710acc02158f84fe1","ssdeep":"","tlshash":"8ed0a7d323d7c0856d104299c2a19a1d7062b41c0f1348463bea948ef493861e67284c","size":233,"data":"","first_seen":"2026-04-24T07:11:58.232733Z","last_seen":"2026-04-24T07:11:58.232733Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d0146c81ec2fb11cf203bc15a72779ba","sha1":"6af5476fd97a973f01c284632c9b51583c5c49e0","sha256":"7a7a2149f4829e3957317ffbcc4daede4cc60b69e65597d86293b8badce5c027","sha512":"472e3c15d7bc5894379eaced1ba324ed38446305600f765d5e155a6aad5c9ea490f066faef16e6712d12d7cff686521cac65a5700371dcd52228ec76223085e6","ssdeep":"","tlshash":"39d0a7e7b4b183d8318356c8c27a7c2ad553f1148ce04a5b1bece534b123f109c80448","size":237,"data":"","first_seen":"2026-03-22T15:47:05.178287Z","last_seen":"2026-04-24T07:11:58.234779Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2507da25824e7b30764ef210833f7015","sha1":"f8bf5d759cb484ed329625474060cbb5b11f925b","sha256":"afc103e86e4cfe59a5176b4f00e6837cf9d2eb1b65fcf4a89a51cf364822d66e","sha512":"508d623d22c4e5c2bb8cf79251af7ae555a2d34fa2fbc1980a3534158b3aecb805db787810631b083be4ab7ea631d1e3e882e5f0c2fd6fbeae068f978358ac8d","ssdeep":"","tlshash":"d3b012958239480c1cde41a4c3f12e2db9b630371d357c0d4acf9801df11d7054af094","size":101,"data":"","first_seen":"2026-03-09T14:56:50.589116Z","last_seen":"2026-04-24T07:11:58.236998Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"48aaf596e07fe232d5f71ce395c8daa9","sha1":"cfebb065628ce13bde85f41d9c39261f1a2c9746","sha256":"d74364f0af2f4a8181f4d43099bab03597b73874af24de9882279aade5161dc0","sha512":"3b3aee2fca178e17618176afd44d4eb7c12868fda6f2c08aa965a1556aebdcc78d05c77d6742e57d4d1e9a25dd6161a85b04398bcba4984af335edb7da95b1a5","ssdeep":"","tlshash":"39b02b754044180f000b0262d8429600103000ccec5344406af10f00a76414072017c5","size":123,"data":"","first_seen":"2026-03-09T14:56:50.791911Z","last_seen":"2026-04-24T07:11:58.237874Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b97cdf8a92b7fa07057ce76b5eac3314","sha1":"8cf1075f61e370a71311d02656a8c24150e8402b","sha256":"96788eb3f28d1dafd464bb20acafdb9cdd8504ab3cb8115c14f30ca39a0c3fe1","sha512":"f5ee8003eb2ec9b295d70a7695ef14bf4ee1c9b8b8bac6cfa3a82e841b3524ddce7ac060fc5490a2faaf9516ef3b62db88b9f87fba807d535b9b704a03f11795","ssdeep":"","tlshash":"9d900244054427e141165da2724422d054201128c042dd64fa5d8610435d4615192254","size":56,"data":"","first_seen":"2026-04-17T17:16:20.082377Z","last_seen":"2026-04-24T07:11:58.238728Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1ce4dbb4dea6ecaf3f2e609be7f73c05","sha1":"05cab31532e0f87b1994f9350f6ae3a57c10ea52","sha256":"f63c897b2d199d13991a6c65870417a66d68df08d8477991667eec25ca881e1b","sha512":"c4e0b976eacf4aa95d590f3490eacb8b9db82e990bf95ec5a9a662f55f5e7a032015d96de659ab3836bf0c0a7ef758f7640ab13f1c44d95eb20a0973d78f6368","ssdeep":"","tlshash":"f6c02b2369a34857a03bc1c384241e90bac3230481f86601faef08a33310040c506102","size":145,"data":"","first_seen":"2026-04-17T17:16:20.104283Z","last_seen":"2026-04-24T07:11:58.239605Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b596718d978ba6914aa7fc49f11ad941","sha1":"95f22c8f5e135bf2852d4e38d23968ce7389fcff","sha256":"3fb406454e4cdacba3f03bbdf80170509613b8d8ff16ccfee8e7294795fe9028","sha512":"b7c7d761b75b22494abb7f1a6709e295d092609edeafc046f4ee4d76278782eecfcf9ba4ebe790036bb546913a4e72d96003c52a7fcabc8e21a1f3d16b44e95f","ssdeep":"","tlshash":"51b02b30c59c31009080c0c3f104efc61043641252340105dfd034142108c143d5014d","size":129,"data":"","first_seen":"2026-04-17T17:16:20.180252Z","last_seen":"2026-04-24T07:11:58.240377Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a197c6103731d262f5b27b5bc273af6e","sha1":"ca6510af576259165e67de4992a4795cd363f026","sha256":"9a45485598855d612e8e9c13740025ff7e26b5d7ad28b46a1e4cbd2fac60b03c","sha512":"66673b61dec9e1e7b6bc78f5765c08ac39ab089ad2d56a7c0532648d8ecb0744576383442ede6dc3d3bf7a52905a4857435f02a3b1794d1ebcb6ef1a99df4792","ssdeep":"","tlshash":"1ba012644844402512856444e005c70580414484a8856002e1b00d4406123881206a08","size":81,"data":"","first_seen":"2026-03-09T14:56:50.49065Z","last_seen":"2026-04-24T07:11:58.241153Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fd12ccb3e4d404d4a1062fecab03a181","sha1":"cd146cd30c17701aa72fd9c7217e8904885e0645","sha256":"647a7bb2dc09f784bac53ae2ce0a11d73ac424e75d96b1cdaccb6cdafc4de5c6","sha512":"3a29a369f7b73d0a25b83a6ddcd6bec7da1bfb35179927baec2f9cf35112ea5613d2b6ca12b8b82d1e9b97ccb228fa422388157892c0d71a57d673c8044ed1f6","ssdeep":"","tlshash":"f350000c00000000c003300c000000c0f0033303000003c000f0000c000c0000000f00","size":11,"data":"","first_seen":"2025-04-19T18:03:23.265071Z","last_seen":"2026-04-24T07:11:58.241873Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"413fc6e455752007e5afafe8930509e8","sha1":"b5380686d35fdc0b33819e55ae46da732f5fe76b","sha256":"d793085e260735128fb6a8b75737bfc67636179d290bba00d7a22a73b4d1d23e","sha512":"bf2fe1033f7200faf0274acb54586640c191ce447a3142f2c617e0b3d0677547f4e4a9fcd4ede2897b64958c254ea87664ceb7ed99bb20e94cb99d203952093f","ssdeep":"","tlshash":"827000a02c0c00022020ea0020008ac02082030200200080a0c030300000a280820008","size":21,"data":"","first_seen":"2023-03-14T12:02:28Z","last_seen":"2026-04-24T07:11:58.242634Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a3a0b592b9c285e050805307cee87c2","sha1":"125a168e24b2bd38aadb84cbb5f87f316b073c41","sha256":"aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23","sha512":"4097f05a9ce819914160aeba71fa11524f6b291a39b7c948509d756318b600934f1d195980df66bc7731e327979135bfcbe0e9ff3758d779a72481ed623cd3a5","ssdeep":"","tlshash":"a34000000000000000000000003000000000c000000000000000000000c0000cc00000","size":6,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T10:19:26.856954Z","times_seen":234323,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f1c00de520ffb0cc2648f4ce53191db9","sha1":"14cdcc6854baff5b8c31777ba148a89c24db43b5","sha256":"9106df8541030274e69e67054e403e51e1dc76794e07edee90e0afceafaa977e","sha512":"306fd81cbcbe39ed22c9ee1cf0bf2bc5202d5b2b46e0215777074fa3c15f7bcb6c68681b52795a7488da879863351870ec3df1b5cdf31d106571fcaa82341efd","ssdeep":"","tlshash":"84c02b34c41835015000c103b341ddc72082781242354001ebe038182916c342ad16cd","size":131,"data":"","first_seen":"2026-04-17T17:16:20.311888Z","last_seen":"2026-04-24T07:11:58.245391Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9abe1bb09188c569e60c1433f815f09a","sha1":"44fd6da0d9a6d289992a063568c2eab48408de01","sha256":"76a8567d443fa380c294ac8204bb1c9a1df3bb331c9fda2c03373a4c498abe14","sha512":"564521a2b31c261b5856ee4dd036570a07588cfa0025ec0821e681c0fdb723367c9a42ce8de805c7c6bfd0f597bae2df0f437b5083b33bdf3af54936727c3b99","ssdeep":"","tlshash":"5cb01215723d316983eb7193e6916b20367107998b77492191e0c3a2b39bc7500498cf","size":107,"data":"","first_seen":"2026-04-17T17:16:20.229322Z","last_seen":"2026-04-24T07:11:58.246158Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3d670eff1ea24ee84827c2a8af316527","sha1":"183ef8b577b51eba701217f52513bc06522de175","sha256":"144ebcf40f9a42e877a824e900f277587e88d9644091f38fc1ad984999f761c6","sha512":"9e018fbb7254991246d052e20153c4c10225f4b0b4612eb1d2b8541e990755900f6e73db46f7b9cfd3df19a116bd7951a374be7c4d5ff6b7c6ca2017c821636b","ssdeep":"","tlshash":"eac08cb1e968b1075140c382f21ceeca1003745a42298008aba8391461148242aa424e","size":159,"data":"","first_seen":"2026-04-17T17:16:20.313099Z","last_seen":"2026-04-24T07:11:58.246888Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f988d8df15f67cd1fcb42f5b28499c9e","sha1":"9ea2ec92a9bd710febfa140084ba18047d241438","sha256":"bb084076c0a05d9ccdf3f3ecf64af7006e52d16e56a919fcc02f6e1a64d72886","sha512":"c7202a6ee8b7836b879ed24aca88346a641170b276e79fe13560d90d03b388b861465155569371335e0f5c9d56782c7446e4658c2f84fddaef8e363688c98588","ssdeep":"","tlshash":"4660000cf00c30000003303000ff000c0033330030000000000000c00c3300c0003c0c","size":15,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.247566Z","times_seen":230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b7653fc449f065f2d55a31a8810eaf84","sha1":"093c38181dbe83ef84371a63a20a209acc57f37d","sha256":"d0d735c938abf84dc8a722f615f40fb8018521dc1a15bce9c9b8191fafddd9da","sha512":"40682401e250d158dd24a7f27f8bc4199904d9da8d773d15084614bdb06f30e101fbc2df28465379341ab523c57bfae3f0b327ec62e0c4d6bdabce1122e002b8","ssdeep":"","tlshash":"34b01296c88ad7a603872d4cd056e7ddc993e4d8fcc5e0d6e8714f8ca1fa369a30e605","size":123,"data":"","first_seen":"2026-04-24T07:11:58.248283Z","last_seen":"2026-04-24T07:11:58.248283Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"12241077843966a51b753ffe8ff0e83a","sha1":"441d2426a3e8496a0959867aeb537f06ec979b2d","sha256":"83b50f9ed9244ba2165bbb1d6631615fbd77c19977363eb9406c389a961708a8","sha512":"8a5972540e8d1bd4df0eee90304ef48d727ea64be7fe15d261819aec866f927df45d2fad10eda0c3115419adb060840196a11634c21292e9141a1081acda8f3f","ssdeep":"","tlshash":"1ec08ca189899aae12a701b3d00ba68e283111ddec9b164396a24f9c419c604921d2cd","size":169,"data":"","first_seen":"2026-04-19T08:47:00.996671Z","last_seen":"2026-04-24T07:11:58.250186Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1c5327afd1f6827a10c530f23e7ebf0c","sha1":"da45e7a8f5e574d57b26e5defe65a3840538baee","sha256":"42539b6b264995484b41b4d964287162ba48f422ca1241a3e9f7a3306b65b06d","sha512":"e7bf7fd4289ff63cea7d292c39290cbe2f12b6e61bb96f1294f00525e3a33c59f7d350bd2809e83aa16f716b4928d2d1aec3ce7e6ecb737f711f236dfce3cd01","ssdeep":"","tlshash":"ccb022fa8888200e028282a3e8028a08203020c8ec830880b0b20f00bba0288b202a8a","size":121,"data":"","first_seen":"2026-03-09T14:56:50.458865Z","last_seen":"2026-04-24T07:11:58.252282Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d18b9829d0cd0befe958c7b1a450b1f1","sha1":"24c7468779543401b1c25d3c083175a5ae288af8","sha256":"9d3efe7894d62777363beed4a8b11ab659efcc6a28367a4b1b0fa8b68fde82e5","sha512":"2fc985949f00e543b0849dc426133e9d14fe3c3e1e070b1e5948741d955737721a21968c833bac8c6c23fe166881aeb00c9d4ee30ba32552baf7a99a1dfa0936","ssdeep":"","tlshash":"4cb0922ae66648ee3a17c0c3a5297f80bad17395c0e26914b9ec8e7a4b058098852592","size":127,"data":"","first_seen":"2026-04-17T17:16:20.187193Z","last_seen":"2026-04-24T07:11:58.253239Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9aebb2b91b48183cb7e6355175526d42","sha1":"fae2957200b9afbe62a69d16841599bab43e94da","sha256":"17f869e4dd793c4c0fe71def1a5706ce1efdbab3a9c0f2d85bf0c6ae26928ae9","sha512":"af7931ff8a0ca250d7ef4fd59720d04d56701401610891fa22d84f99515a90b7ba3ae671587b7c6c6761d22c46bfbb12d871a2e91d9a8ae1b9ab27bcae33228a","ssdeep":"","tlshash":"20c0800551182c5ec525f306e8464ccd107451579b336404571cd769e2944b6c8ac3c4","size":161,"data":"","first_seen":"2026-04-17T17:16:20.067324Z","last_seen":"2026-04-24T07:11:58.253965Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bb5342b9fb42ba51aeb29d1e7be8fef1","sha1":"7e7aebdf76f1f794d288f2e6638487602de68b7c","sha256":"9f168d139cb864adf83b9675ad5a2c19f04c45eae7ac3d4abfa19b4979ec36ec","sha512":"49edf8d202fe46656f5f2a9be57e2f15fe72df0eaf865014f7544f2af8356c4ef4b7c868f4d54cf6a92d72fc6e819efd4b9e3e4c2c06ae6cf7201dafc6d9f498","ssdeep":"","tlshash":"1eb02200000e000e80c2b080a2c02300f03202c083e3882000e08380c3cec8c008f8ef","size":108,"data":"","first_seen":"2025-06-09T04:15:10.567986Z","last_seen":"2026-04-24T07:11:58.254621Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ea0a98174f473d9e66f401b1b076dd2d","sha1":"9995b5b0c8bce73575d6fe68746ac4ae8baeaaac","sha256":"42a2a0e95c448db281dd1bcc3929e3dda1fb5044ccf9f5fc6bda29bc9de2f441","sha512":"baec258d7d4e81603dcad7302380f5675c58b0ef144f506e845a9332da3350c4ab466e50d210782dc9f7e9799fe69f59697d7addbd08a19de91fd956ac7abcb5","ssdeep":"","tlshash":"e9c0800155192c5fd525a346e8464ccd21f091579b336508d71cd769e298476c8ac3c4","size":165,"data":"","first_seen":"2026-04-24T07:11:58.2563Z","last_seen":"2026-04-24T07:11:58.2563Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9122f0e36f81fadef74001ccc2831fbe","sha1":"20703f0bd35391f15a8bb247186f65b6a66ad602","sha256":"624a3c58112f714db0a0ba1d45ded91a0e6aa50f9992e64c26b648493ec79f36","sha512":"bcfb965f8262587b176a08583b186b68e8514a4f0f38d2194c47f246e55a7e28a865f392411062fe554842029c81f9723e79a7f73ae8f5acfcddc06a7585d255","ssdeep":"","tlshash":"6db012566945142123473044c102974d900244042dc67002f9704d4942197684306106","size":98,"data":"","first_seen":"2026-04-10T16:24:49.231753Z","last_seen":"2026-04-24T07:11:58.258612Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0409acbc9e7766469d619ebe83b912e0","sha1":"10ecbbfe63a48a833a6143c5508024ff51eb7da0","sha256":"c9ccb6044d90338880f998e3779df2ef8e793fde0e0178720f1637e316f901c4","sha512":"8fed8a8956f1c27d0a4fe93985fb54801d97ef1e0ea4edd3b634ad57bf87a72586a6fc66f842a11bcaa3297171bdab4913f52fda4f48cbd823c82d8441e138d9","ssdeep":"","tlshash":"6fb012e688a4dd660383a5c5c0d35f1cd006ac086a8b6002e0700d488275388d207a08","size":108,"data":"","first_seen":"2026-04-24T07:11:58.259443Z","last_seen":"2026-04-24T07:11:58.259443Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0d124fc1f5c284689b007588dc468180","sha1":"9dc21acff6f018b18b029d624bfcdea946fd5aae","sha256":"36a181a2b46d6f82b0c8cebdf0cfe698d38d4da455158002ec333048aadce704","sha512":"029ac60736116f96afe77b0407c40cc479d7981e49ec613e04e37787ad9b8594a840d24527e33a84b92ae8d2ed2a3fddb2f761dd79586ba4bedaa7ad57873e7f","ssdeep":"","tlshash":"7ec08cf3b074c74482f328d0c0fafd58e842f0a80ca004b335ef6400e227e188b11148","size":171,"data":"","first_seen":"2026-03-05T07:33:05.153412Z","last_seen":"2026-04-24T07:11:58.261176Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"97dd2c5c23ba2aba43948013a53d41c9","sha1":"4e7d7a6928b9f80dd74e38cee9dd8302937de144","sha256":"744fa0c683d0e0e2cedba662a1b09edd4990eecf42edd526dc61e1579fa4a5a2","sha512":"f6f7c17c3d13b7573634f77a1e8238435295457263a3501fc142efd7ac0cf01e5b5833cfdb8c1ccc164ebd6dccb586b3d2be3d0524eb6bab2bba87b2f02aee5a","ssdeep":"","tlshash":"1b8000a80020003ccfb8c0802038a8a0e08ba0ecc8a000ca00bf008c08eca2820e3ea8","size":33,"data":"","first_seen":"2024-12-03T21:04:56.232147Z","last_seen":"2026-04-24T07:11:58.261919Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f72f0f7b7de2075658acbe3fed011fe0","sha1":"24f3993ea0f299e3ce68ec8eadcd6a10dc72150f","sha256":"ab7c34ae48fde16c992b90b1f360162ff5aa03395650f1c2143318eedf3c9f16","sha512":"97c0aa9ce685257dd789adac3423d363b827bea959bc0a4c2240d956a7a6b698c510a850277449762354fe8dda2c90f13ab14096ff8ca1bafa5d21457dad98af","ssdeep":"","tlshash":"50c02bb7c8cc684a060f04d3c00ecb0e30711c4c9c8324c4f1b60e44ea7875cd1062c8","size":154,"data":"","first_seen":"2026-04-24T07:11:58.262643Z","last_seen":"2026-04-24T07:11:58.262643Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"29b88d06596629c16402ec1271095abc","sha1":"03546585e0b8bbd10a51e4c0c26c89cbef02a3c3","sha256":"f6c5129a35b24fc8914291f67abb439c8f148860398fdd6210167efe9621a0eb","sha512":"8584e3bf881e9dade441cc54ae75e7abfdc72f35a22b45b0c1a58cf279da7db13ccfefa5a519f2721694e368c444a630aa5330b50ba7ad6140ac3e413feb9f6c","ssdeep":"","tlshash":"69c02bb788cc6999060b00e3c00a8b0f24715c4c9d4314c573f60fc4e67851cd144694","size":153,"data":"","first_seen":"2026-04-24T07:11:58.26425Z","last_seen":"2026-04-24T07:11:58.26425Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cf3bd28004dd11e89a4029ab30f321d3","sha1":"33ed9942fbf4e69e3e373e8d390d825b4028b1a9","sha256":"405f2804c5d4c1e672175f5cb05772fc4430b91b870d4b5643d46ca681569d1b","sha512":"53e9d6c257e0dd98b279caf262e53bdfdbe1636054a9827f81ca632a4d5136724b3ee3c72d02ab59033548ff44974831a511b8b480178d8a1ef055e2cbb836b7","ssdeep":"","tlshash":"ca40003c00003000c00c000c000000000000000c030000000000000000000000000000","size":7,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.266006Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3fd3ee45bdfca68b044aec4cb8038c3c","sha1":"2a4f227da878237ead776853e357da3d95c5d3f7","sha256":"5c175ce911e52ad9f4d6d35cbca16e1f82a32212b9e22de951667fb7217fda8e","sha512":"816160b55a4aac636e042d060f38d7d39da1ef8ed573c010c0c1bdb7227686b4cfcc38dc5e7dc8881b7fe423c6724993fe99047f01d9b7c8af461d47d57c66f7","ssdeep":"","tlshash":"5ab09217ccb948e87aca81c0c1f62804fc92227a05344d390bee8100df02ca864a2085","size":119,"data":"","first_seen":"2026-03-09T14:56:50.448363Z","last_seen":"2026-04-24T07:11:58.266761Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e549086d76810c0b94b1e13779b6c99b","sha1":"bc96bded7c03eb95be21ed728e61da1517ad1806","sha256":"2c2b4d7e1d35b313cae97ad9b4511442d0244dbd2f04cda555ac22ab9d6f8b98","sha512":"2811ade655641684836def129f6d5aa08abb759ed1e7c26704cea8297a37bd5178ccd42b1bc8eb4c665852ac03a7de5a80c4668199cf87f2bed50b0d6f635137","ssdeep":"","tlshash":"7ad012632a2d49080e97ce988ca17c78d4c7b12a4bb5ca54057940cd94feee4b7bb2c4","size":203,"data":"","first_seen":"2026-04-17T17:16:20.281934Z","last_seen":"2026-04-24T07:11:58.267554Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a902b68bae6f5cb12b5be6e213465cb","sha1":"47a945fb4ddce794020161250bafc7194346130c","sha256":"035000d4ee9cd75e076adc0d4d7a5e76b790e73b3d70fdac27929b6dc2b5732d","sha512":"e087826b74494c3c8e72ce6e38726fa78dc5561d2248d85e8264387e3e042f3dd5c888e10d59d7035a917dd4f37b9287f73050c496e04fc365ee13feb8644c61","ssdeep":"","tlshash":"7eb012b34d88513603c658c8c303bb8c80024804298a7043f0748fc45162748120b30f","size":102,"data":"","first_seen":"2026-04-24T07:11:58.268192Z","last_seen":"2026-04-24T07:11:58.268192Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e31f197481348f516a534f7273b6a3e1","sha1":"b01f43793c600aba9e1fb9ed3a248e053b3f5ce2","sha256":"8e5d99fcfb881eb6017956860d0d8e89aa06bea00e179a399fcc657f143e4483","sha512":"5c2d700edb8d8b389deba83dc168f281ff4d589b5d36d408adecb8a5092b2788ca212df143f5dc1934fe330c931931fded18db6f89d3725c5880eb8ae75b082e","ssdeep":"","tlshash":"bbb012d720394a0034024384c97404a4b89231340531cc040ac58081de43c635ca26c5","size":89,"data":"","first_seen":"2026-03-09T14:56:50.531958Z","last_seen":"2026-04-24T07:11:58.269687Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e2e1e078be05ece348e37c6a10b846c6","sha1":"ccdbb41bd09be4695483bf70a40b447482855db3","sha256":"881491e42a0cc55d15df509eae0323a6d3ea979c90caf9841d1f85bd0464eb86","sha512":"e62c520022c4260565575d577c2e0f1ab41649b34ddf5f988ab5029517ee7613a8fe2cb08d6d88d824acd43d0f5ba50ed063ceae4928c7dc5c9a5ee66f4f8374","ssdeep":"","tlshash":"f5700002008202002002a0200200032080808a28aa8be832000220a2888288003aa208","size":21,"data":"","first_seen":"2023-03-14T12:02:27Z","last_seen":"2026-04-24T07:11:58.27054Z","times_seen":107,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f9bb54125c67de3e67e3e7709c04b22c","sha1":"e3e9ea4c62a7775d6c9afbe16a8e9144cde00606","sha256":"f25183e0b6f8a7a72bb73102695de047553abcaf0cce79480fdd3159138f5643","sha512":"8ae02bb9ad59c9dc036330a39eb4a130467b8453b4e473d77bffcafef5359050e64d5786f03b530ec2f4da2d6c527b7cab6a5964b15e8eee56234fcc84bbb249","ssdeep":"","tlshash":"a5c02b6694451459130f10a3c0038f4d303104586f832040bcb20f19d29c7548100196","size":139,"data":"","first_seen":"2026-04-10T16:24:49.081789Z","last_seen":"2026-04-24T07:11:58.272031Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ddabe985718a4b4b45cc8e454006b459","sha1":"fe37626159f3bcc1ece63e12aa141e84667944e8","sha256":"e9452cb4c5895fb9c177894f3c7412dcc8f0036c00483e88a9b5f80223e49770","sha512":"59a5284d43d9b242aa631d7aafea9a2318929ade4cfef3fa625c79417b0b0f1fa13648c88a1d1174ba5ef8a8e8051975b9be242733cc6646b200308b7a127c85","ssdeep":"","tlshash":"cbc02bdac49fdf390a473992d043da0e143260dcde479d50d3724e9cc6f0640724d1c9","size":158,"data":"","first_seen":"2026-04-17T17:16:20.306108Z","last_seen":"2026-04-24T07:11:58.272682Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"31de3e76d3e5d3e552f64bdac63207eb","sha1":"dcbfccf01ab4dc12ff227838071f7b16c6220fdf","sha256":"d7fde358e08bff08d19c9fd1700f29dd9b3306f8340aea4e7ed458fde3e571a5","sha512":"716a27933f1c43b2086bf41ed2bd8f01bf96ba5bd60901c5cd7650a0a019364907b4f43784f54a0b502865802f33e8cef65ef7b08ee521195547115b6fb05e60","ssdeep":"","tlshash":"29c02bea8166951f03832973daf36f0a50313088fd831045d1b65e86d1b031ce1013d4","size":153,"data":"","first_seen":"2026-04-24T07:11:58.273339Z","last_seen":"2026-04-24T07:11:58.273339Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"51fb683db4145e817bc89b3d3ba4f5b3","sha1":"b1e20843ea2ac55b7954f7ba998d9ee03da955a2","sha256":"08cc9551280d023594282c48b59b26e53c48f41e4b04654f0b4df919a4f8d7fd","sha512":"5ddb1ec9afce2eccb5f6fec3b0587e2cd8b811983cb7a1dabbba02c8055f304e010155883ac209f8fd90aa366be5be8cace21a5c42b45dc376ef20e66fc9c9dc","ssdeep":"","tlshash":"45700020002200a22a020080080a028238000808880300c080a88382030a88c0c20202","size":24,"data":"","first_seen":"2023-03-14T04:19:57Z","last_seen":"2026-04-24T07:11:58.274665Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a3c1e858b6d156e8a93fd402327b5197","sha1":"2981ace91c72ed7d63b69823542d70cc7fcb4051","sha256":"5c92e9d887a1b537ef728fbf3a950d6c91b5639f98d0991a834e7d362352c3ad","sha512":"5a8ab63166778fee1f6c607d70260626b58cc7e708043aec772705d5f8d504f3ec8bcea37054cfc443fd39d77b05047fabadffea09a1fc81e56bb6233c869a74","ssdeep":"","tlshash":"7570000208a02008e0ca203008b00002200a0800a800a0f220002200c000c20803a000","size":20,"data":"","first_seen":"2025-04-19T18:03:23.272162Z","last_seen":"2026-04-24T07:11:58.275372Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"faffcbc9434124a94e88eceb82dda9dc","sha1":"3140776712e5bcf8cc66f24b33782bfe1af7f941","sha256":"70e8703cdc63bcaf61be448ca86c6ef1d14a1beb112aab0a1d0590e6b1b6319f","sha512":"b66483290caa872655cd38c7da87882627807ded8b3baf4507876f033d0aee62e6d4e7143b5a7cfe72d6234a2df5adc2bbd25474996159bff13f6f2b233e7f19","ssdeep":"","tlshash":"81b022b80088802e008b80a3c00aca02003000ccee030082aeb20e008b302880200b8a","size":122,"data":"","first_seen":"2026-03-09T14:56:50.435723Z","last_seen":"2026-04-24T07:11:58.276072Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9a70d424426df6325b5e2115df5224a4","sha1":"dca5ae0c90dd08ea9b339d5bff488b803a74be21","sha256":"587e0e8eaa4552ca82be1c030c0e99aa06b397e8974c1ad8f9556653f6bf349e","sha512":"be0c1ddd01f91eafbe2db06f749a372ed2e063e8e1561edf18ee112f77a86098a2910adf3051739487521b7e524e0464d064c0d64ec0451ddd2bc6125bfb06cb","ssdeep":"","tlshash":"dfb09b75418c545f01464553c4539f45903254c9be53508190b74e55ea5454c51557d5","size":124,"data":"","first_seen":"2026-03-09T14:56:50.569219Z","last_seen":"2026-04-24T07:11:58.276685Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d3421997d4e30693951a2bbec7b4aec1","sha1":"c0d60aece2acee73dbbe91c9b16f8972a42895ec","sha256":"fc64d0386af002e7802d9a67d3d2a6bd1039532a63adfd4f62b8708905f2f026","sha512":"f4eb29731008d5ae93c32b2d37ebd683070e50c2a6ed6e5d590f1986b5d3a3e237b74c0138a954aadd37cd7714617f1fcd09d4933ad52a07d52f0c9d2ab90216","ssdeep":"","tlshash":"22b02208200308c3280b80f380ae82803ac02a8080f2a002f8ec8ca8bb03320c0c30e8","size":122,"data":"","first_seen":"2026-04-17T17:16:20.297718Z","last_seen":"2026-04-24T07:11:58.277372Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bb62bdf70eccc56f4eca29d28fee2ad4","sha1":"f503371961fa47ff2cae431ad1a15b00cfa9e8e5","sha256":"d478ef54d061f992767e3d6d501dc98692ebda88f92f042f4884a85b1a2c4a93","sha512":"764a56817a4477dfd2637a3946c0bebe54c63d0a982b0a5e8b38e30cc82a882b2d7c265ebee698ef99a225d5c8d5da82f8686cc5aa6acf51e2a42108181c936c","ssdeep":"","tlshash":"62a022220a00a030802082f80023b8388a0330ccf0ea8828b8be2800e30cfabc300008","size":73,"data":"","first_seen":"2026-04-17T17:16:20.219731Z","last_seen":"2026-04-24T07:11:58.278028Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b5464d83d3172cd40b7ed3c2e20a7116","sha1":"b9b707d53056928f8a3f46920196a057c0c09d29","sha256":"f32f2373775f118948253b58abb2a5720c57f3b9101d321eed8dd68247cdd3bb","sha512":"0e64c420fa653c505b1dc0c343de6c092259f37dd84e47decf10607a0edb958c1dee33909e54cef7198b8442384fd5719f81cc62c1987f2a7c9e547e5449ef78","ssdeep":"","tlshash":"0fb01299da74e4304205d3d111ba3d2cf65a2040e3678068f4bc0151a7787a6ce49448","size":110,"data":"","first_seen":"2026-04-17T17:16:20.185251Z","last_seen":"2026-04-24T07:11:58.278655Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"520c7d845ce8e467b6aa2f10359b4511","sha1":"7ef692c70f1edb950d7a4be736509abea998097c","sha256":"78bb0bf193cb10b257cd50367b5284470ca8e9fc57bfd4afe38e7ab5829fbd0c","sha512":"24a5245a01c6e81f166ae62df5116a65c99a52ba99204c6e91d0d0a097574ac8bec8c18dc0237e89a69f3a2fb5c0431c9cd1c31d90336acdc87809a716934110","ssdeep":"","tlshash":"d2900444054437f141171df1734433d01430111cc043dd74f35dc310435d47151d3354","size":54,"data":"","first_seen":"2026-04-17T17:16:20.171927Z","last_seen":"2026-04-24T07:11:58.279355Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0c96d7c3dbe5329a56d484ea0c022ea8","sha1":"19169caed16feec1c953d26e245836e5889c60ac","sha256":"51f1906af641a32345da647ce7c4dd4056c2308f77b41d3091c184d15ecbca7c","sha512":"f9689e29154233a95da129265ec599a69c1b39234db9984c82cd180a866128acd59073f7b219c986b783f4d5489b5c0fa848f5ab5ced9ccce7f106a3bd04a2bb","ssdeep":"","tlshash":"1e700030000c3333000300c00000c3f330cc00c0cc03000f00f00300c300fc00000000","size":18,"data":"","first_seen":"2023-03-07T01:40:22Z","last_seen":"2026-04-24T07:11:58.280015Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"be3a00545ae0f07ebea1876abb020b71","sha1":"3982ccc5995bca8c9fa1725e897d20f79280f76c","sha256":"00a8375dbf173364688c63996df3f4f57628a9fa092851a1f9badca2266cbe59","sha512":"020f9ee549d56694dd2b2923f04e98b51a67e9fe2ba68c0783249e48d40906bd706726a53643996d913b2abf417806d2e27a8605e77b97f92720e2448babe823","ssdeep":"","tlshash":"36c02b8369c4c23413d23041f26a474cc526e281bdd17053e370094d057324c220d90c","size":151,"data":"","first_seen":"2026-04-17T17:16:20.12075Z","last_seen":"2026-04-24T07:11:58.280629Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"44580d964f90ff575efb5e0fed169c37","sha1":"b1e1b1a19b1f1d5852cc6fe7d4df48419b068e0d","sha256":"c19220000fbd1370597aebb0e39a34be80066f44a038b0fd47e8ece090cc746e","sha512":"ca2ce1b4f0b53356a488f7c11924e7fa9b27be63459760a64fa3c7161f87e8327f944fa9e77eb095847e0fbeb1a72192d7d9a53edf2bd2cba293fdff962893fe","ssdeep":"","tlshash":"ca70000002220880a8000000000880280a0282080022882c80a0008820080c00880288","size":18,"data":"","first_seen":"2023-06-04T02:16:19Z","last_seen":"2026-04-24T07:11:58.281252Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3948475dc4c04059502e3a319dc706fa","sha1":"e3aee6c7f4caaa9af36edfa05c6dc1c368694268","sha256":"d76f26ee7a84505b9e99c35e97ab34da7a1e527e5118a2ba7c536bd79ec7b4e8","sha512":"d2e1e63ea7858e0a6ac8f27a78a29e25415f5a19aa386357ae9324a0c8401943c81b0b1134a0b3dabfea93349537e12ad879410ecd42e141c52ec12e77b54704","ssdeep":"","tlshash":"c9600003c300030300030ccc0000c0c00f00c0c00000030c3c00c030f0cc0c03c3c0c3","size":17,"data":"","first_seen":"2025-08-08T00:46:28.748046Z","last_seen":"2026-04-24T07:11:58.281905Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0f42d018f5fceee5e45c3565d8737ddf","sha1":"19499d705bbb329b2c4cc1f9df6a4bb40b7a16f5","sha256":"b83613bace5dc31afe54c348a14603507d7acb14e950d6b2a713d78cf343e29c","sha512":"f40d23dc923f83d9845aa36f04977ab2766a4a51a9b748fb9f3bcd709c30498d5c30b57be5a918a3b7a327aac6c104f54a6e31a017f40db89f56b16fda6868c6","ssdeep":"","tlshash":"43b0122684d940977e3584c64c3e5f41d98f52fe64522af17dad18e83b514c2ba032a0","size":119,"data":"","first_seen":"2026-04-17T17:16:20.23941Z","last_seen":"2026-04-24T07:11:58.282554Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1afd2320c49a594e98ae2801190f85c9","sha1":"3c37d4568906db52138bef0d3abb0509ce633ff6","sha256":"f8894e8672782372b957c2fa93961571735cf2169fd6a7d0d8d539acbe53008a","sha512":"39b88be337dc026f8b88f2ea547647c2a391871dac8bfb857d6afb75aa9e9cc9df2087cb18b2fd4d9a0555f15727b6052cf7defeb4f374caef75f69ab7c7139e","ssdeep":"","tlshash":"b3a022b30a88a02f0200c8000323b80cc88200230c083083c0088bc20000022008330f","size":64,"data":"","first_seen":"2026-04-24T07:11:58.283177Z","last_seen":"2026-04-24T07:11:58.283177Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9a2393bd71b2e9f809299bc3f6dcfcc8","sha1":"acf87a48b5149ac2bcb8e7e193fa11d6e98dd5c9","sha256":"18bafc2efe0aeb1432537ebfb72a7aeeedbf71bb5213a47ee6283ae644b56dc1","sha512":"edb74d1b4f040291a1b3b0593ce66aadd142e8813edeb56768a5d9f0ff58763937d3d7091f30e8ba32efdec05338f3f528bddae6d28557266b181e60adbb2d96","ssdeep":"","tlshash":"ddc08056454614ef16461553c00a560d307b185cad63154751e10d5476e4548e20428e","size":170,"data":"","first_seen":"2026-03-09T14:56:50.673112Z","last_seen":"2026-04-24T07:11:58.285033Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1845543cf0a66f2c3cf27209482ebae5","sha1":"925fe9885c7c5870b8f6ec213b864713198df996","sha256":"773e7114e42aa9290c852d3ca81533bdeec280127224dbe80081b2ab4763953a","sha512":"c2c2697ae966a17b0c53981135d29bf3f9b15d65e2c37e0d251c04170528908553d7c6720291717a9874150d54d7b609b0994883def89248d105d91e0c362964","ssdeep":"","tlshash":"6890043004c014075410c00cd500ccd354f3c4014545041f05714114f3ff0f4c540334","size":44,"data":"","first_seen":"2025-04-19T18:03:23.271232Z","last_seen":"2026-04-24T07:11:58.285731Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"746a95a66efeeb85822084b7b865564d","sha1":"77e18ffc4e0f1b7f63a13a8e1cef702dd0722326","sha256":"273537607ca11252f66a9da5918befb15f93ec55848a8ec8bc6ab642bc5b42b9","sha512":"fec2c308acd1ba458ef9d32c191724b2e60fe817812d547cf919c943e16bef0313b0a63d8734d4fb949d523c43121dc5bc219013e0d0ee24b609623565524af3","ssdeep":"","tlshash":"95c08057c089965e0247155bc0529d4944b174c8dd8390c474710f58b5b411c5105185","size":172,"data":"","first_seen":"2026-04-24T07:11:58.286399Z","last_seen":"2026-04-24T07:11:58.286399Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4062b1b9f2febf433c9d54ed2a515b33","sha1":"05d67b23f2963a91289fc99334ac077538889501","sha256":"c34ff149e446bce5c30852ddb79f97d8f206a021228551c0dc90e3199cd75938","sha512":"1e3f20672a54542f117651b22e272a15a521213d4b419cf3a25f799e3ea3c991a8c7b0766333e8ddce17a42dc4286c70e8649847154390c933db3ccad5d42a72","ssdeep":"","tlshash":"a9b01218c58023d9030a0ce331003ad020546028c0439814f58c4310470c0591041344","size":90,"data":"","first_seen":"2026-04-17T17:16:20.17612Z","last_seen":"2026-04-24T07:11:58.288056Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"26ad0ce548a9bc4cbc670eb1a62475c3","sha1":"58e214c745803e029214fcf60aa13dc9fee30b87","sha256":"6e779b88966991bbbf05bfe61cb468371fcb2f44c02de828eac2319688f6ab06","sha512":"b8c8a0fc832fc8c2a2266dcd37307bc20e1c44e6510df67856a511df54f56e04753a9e9ba54dc27200627feb4769af2edd2aea226702d5748c3d131bea8ccc9d","ssdeep":"","tlshash":"19b0129a49369a304d427aa02092b82c913630c5d149cd60f36d9c08c7f55a7d60d044","size":109,"data":"","first_seen":"2026-04-17T17:16:20.054393Z","last_seen":"2026-04-24T07:11:58.288752Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0b31df752d8f011417716dfafc423930","sha1":"e0231e7a5a71971a6925b8320e99e51b98f5fd08","sha256":"43b772fa80a1c75c84320e11d87a5bda28e02abc22e6ab7d717858e9acce6e0d","sha512":"b9c442d2bd15be59c8986b2afd2fd1bbecfd9ad1e3d1b7e5266b77e542cb5a1a6db88e6edeb526fb97dacf4975bda21cb53fc9e0c527796504a8204996ce01db","ssdeep":"","tlshash":"30a022b22a30ac2a000082e0e0e23228c82200c0e8ab0800fcfe0202c32c8aec23000a","size":74,"data":"","first_seen":"2026-04-17T17:16:20.259689Z","last_seen":"2026-04-24T07:11:58.289445Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"50396449cb977d02d9856dbe19b26699","sha1":"4215d0da368ff9e0ce6321a0fcf2469d83141403","sha256":"250a605add689394a148d8896a3cf3a31b84d5d59f537f62e489bffac2420975","sha512":"ef1bdff82ea43a7df80339925340bb688ec498835407b359947ba4736fa85110f5303bce9981b7c5eecf5f55143618c3caf83fd2242a5f6a38efc9fd5dc7a086","ssdeep":"","tlshash":"eba0222802c823e8022b0fb332002ac0a028a028ccb3ccb0f22ec320030c0a822cf380","size":86,"data":"","first_seen":"2026-04-17T17:16:20.226777Z","last_seen":"2026-04-24T07:11:58.290154Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"eb003f9892df410999bf17660223b11a","sha1":"7a6eee9138d8c3268497dd4d19ace891475370a5","sha256":"471c9d0e602e3ce7a741ee82aeaa2363cb10c564c2f44a25b398e550d9ed95fc","sha512":"768a4824e7ab7fb41378a56de82dc221fb3040829ba2cc834eb8e6150486ff2407dcd47f19db659aeb740f57a9195d40056268f85d1a22240e5feffa7f4e7462","ssdeep":"","tlshash":"dfc080f3b7d8f0056840c157e140ddcf3053b912173f4426ffe47459a536c65296550e","size":191,"data":"","first_seen":"2026-04-17T17:16:20.304699Z","last_seen":"2026-04-24T07:11:58.290851Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d80ddd15bb00b19413360a28ac6f9b3f","sha1":"5bc049ab17694a59e718191e7659e8d31c43d70e","sha256":"fec6737368024682bf15dda100968c353c2b5f271f483dfca65cc155b6af266a","sha512":"6c20a19c34064fa0e3b534bd6e6a5f280c4f3109ad51e2a6005b4ebbf17e8387b152b9e92eaf0cf6170ab5099ea363e25b315c2605b5ef58dee9588a3cddbb8d","ssdeep":"","tlshash":"85b0121582b94a0c54065d83c3f40c24bc9233741d204c245aef8800de43c685df20d7","size":109,"data":"","first_seen":"2026-03-09T14:56:50.658065Z","last_seen":"2026-04-24T07:11:58.291566Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d222099e3edc00376f416a026b040677","sha1":"169130844b4f910a32bf570faccb31970c319a3f","sha256":"10dee706884ae3905f8787c899c6cdfbb664618bc9a1b0fe6430c14954826a46","sha512":"d8d0eef5d5d0d0a0ab2f0c9c019656efbc053588cfe872a33e97b86e38dc954e099b149ef5df4666a709679dd22781745e75bf227b4816910f8106853362c16b","ssdeep":"","tlshash":"2560003fc300c3000030000cc3030c03033000cf0000000f33030c030003000030003f","size":16,"data":"","first_seen":"2025-04-19T18:03:23.243249Z","last_seen":"2026-04-24T07:11:58.292282Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fa0b4b888671f1cea9da5e318b8354e8","sha1":"0439a2bffc816fb9a75a432e3eb8576fb567f24c","sha256":"262ed9286f98d32dc0519f29de8ac7ff8495368f349593ed4c01f355d1371d3d","sha512":"5b8f43b5c5940f3b46d7f713fc4efd82d02861937665f0e120523a37a0e4ee015dc3e05b66202c3576461b387dacec22c42cad089c7b37115c5eb196f316c05d","ssdeep":"","tlshash":"c6c02be94498ec5f034b85c3c0e34f1ce0313c6c9e2f0001e4710e04d3bc248c013699","size":151,"data":"","first_seen":"2026-04-24T07:11:58.293766Z","last_seen":"2026-04-24T07:11:58.293766Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"226dccc1ce0bb3df52814c5c31bd95ce","sha1":"d1712c364e0bcee4aee10e5ced48345dac6ea438","sha256":"f7da94711d1248071217ffbf8fed80a82ebd36f8168c87f97d9f5723c771352d","sha512":"8e0aa5816d90e9aa5ba640b39b8ea5887413136f9178091154e30162d2bdc2742804ad7e57b9be925cd3b28e762896cdd6a80c61a18da68a999f405b1c55ac7e","ssdeep":"","tlshash":"aca024331401cd5c140cd444ccc15c00f5ff51050030c000745f04fc533c007411d530","size":74,"data":"","first_seen":"2026-04-17T17:16:20.127849Z","last_seen":"2026-04-24T07:11:58.2953Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3b2b0f65de7cf4024f3323ec3804c665","sha1":"5ecf46cf478648db785651fbb81563215a32370b","sha256":"1929e7313a871ea0e112ef243bda9159b512d1e440dbc2e1c1115510774f43be","sha512":"60c022c4dbcc102f7ece70ceb5756189cd4f43890245e37c4d682cf2d395cd1cfa9916ebb36604ffb837be1474748f3b8b24a83fe36e3813baf9d008af5e85c2","ssdeep":"","tlshash":"20c0800115192c5fd525a306e4454ccd10f091579b336508a71ce769e298476c8ad3c4","size":165,"data":"","first_seen":"2026-04-17T17:16:20.190659Z","last_seen":"2026-04-24T07:11:58.296079Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"56fc4afc27557668a52c57effc3cc9e5","sha1":"8cdd82169192960ba3fcad2ae05ff6b3c2ea2a77","sha256":"4f36d9ccf78eea0bf7926622af959a60793121f87c1c26250f7cbac67f808c27","sha512":"889d3a9adc09b23c11b098743a35f92c9a3a86dd22517900ad0e0bc187197ca6ba8472964634dc052766b6b810d99434a21725567c00af4e97731978061b309f","ssdeep":"","tlshash":"68800410c15545fdd01040155c7c0457715d1103005440045f004001045354040d1144","size":31,"data":"","first_seen":"2023-03-12T22:44:58Z","last_seen":"2026-04-24T07:11:58.296806Z","times_seen":979,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ae64771d7aba0707a97ea6a0ee2516fc","sha1":"424b86c88fa6a75608c59601bc940274099f2b2d","sha256":"46379ad1684028998e16b5db3c32b54f42c915e72185050053a50aad8522ce0a","sha512":"f48bf922e1d6e30cf2b9a7e3ecc4b59074ee4f8805dd2adddcd099944d601907241af168e33e2d1f9b8c7adbdc90b1682058c7d11aa66bfb37e4ba5a387f031a","ssdeep":"","tlshash":"66800000c28ab00e300f802800a0c200222a0080c8080b2c203a30a00208080283a880","size":28,"data":"","first_seen":"2025-04-19T18:03:23.296343Z","last_seen":"2026-04-24T07:11:58.29752Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"39ddc0a22d019a63468c2d0fdb04a567","sha1":"123b61ae0349ade34b4dfe97242d3a73ef7107be","sha256":"0d49172992d3e135028c41c014f59061b77baa402d7db32ed4112738e74dfeea","sha512":"60bfb550d95afece4f1123ff6eeaf002bb197872df5f640757a866369443f76be4e09906fab9e980248e232d920e906c3be119a2a9bc1eba7f67c976efe6ea39","ssdeep":"","tlshash":"24b012771d90a810050391d100597a1d64652444d009048872bc0000977c4bfc204400","size":101,"data":"","first_seen":"2026-04-24T07:11:58.298275Z","last_seen":"2026-04-24T07:11:58.298275Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"944d0fc9c4600684211131eb41e47fc9","sha1":"fe932d15a4840c67bade34f0577f1a2181e7183e","sha256":"a924dcd5399588aae32fdf091835e6018280081f2bb5bf3e3eb998cdd4283731","sha512":"e318743f76bc36e603c84af00075930f2ca93824d6a9c501db8e0b7b3b2985433d2be1349e43a49441ac3649e0422b19030b201312105831e2b15908e0da254c","ssdeep":"","tlshash":"7db012760a62f13d0152c6afc0b2b425bd120248e4a544107ffd4d669bec2bbde4024c","size":121,"data":"","first_seen":"2026-04-17T17:16:20.270258Z","last_seen":"2026-04-24T07:11:58.29988Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ba17dd0d297680d86d348270fca71c8f","sha1":"18d2594a316a568d8c83ac39205cbdbc65590ac3","sha256":"e323657bd1a211542aeed02e5efb172a975e67023428f46deaab78edc8dbff9e","sha512":"f0e19f51eafc968b76d6f3b6c1c95b59fea0252b7a52d9c5a903b0882946200fc7a30b11ff8ee5e580ece3b20f3cb28c0e11edd195e90e435d86a0ff30f53b71","ssdeep":"","tlshash":"1b6000300f303003c33000c30c003c000300f0033000f000c3c03c0000000003c300c3","size":15,"data":"","first_seen":"2025-04-19T18:03:23.278692Z","last_seen":"2026-04-24T07:11:58.300597Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8e17f6bdddcd71291e8fb9eb9b3b59fb","sha1":"5d849881eb7952d27ea401a5079a5106fe89f7cb","sha256":"b67f55105cfa8a678d8d8f4e336f78f17ea50e99dba717886018ea79a52c16cc","sha512":"48ba43b169eef3cb7d8093e7a6d96b0a5ee656c6ca9011a8e2a6abb4ed84e12157847e5418b132c4a2b9f95cb0fe6515ed764f845decb1cbbd1a9194a2aeeec5","ssdeep":"","tlshash":"73c02bbdc599849742433861d1f36f0a5131208cec632041b1752f46d3b0b00e1013d4","size":145,"data":"","first_seen":"2026-04-24T07:11:58.301278Z","last_seen":"2026-04-24T07:11:58.301278Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7b22a883a59d04edf7ee7a17546dd3af","sha1":"66677c61d37ee8d2834e99a338ecc5d818129770","sha256":"b6209c1a928d3af8468fbb521eaccdc9b7652a86a07a20713a26d0761026356e","sha512":"1de7799c17ff515ec64b5055bb5437e4f7d5d9ae0891eb7e61dad053fc5d53be7fb47504f62a9399da3ae261782fd97bec663f7910c5f59f2bb5d37a3f87d5d1","ssdeep":"","tlshash":"23b092b2408d58aa015a45e2c007da8a6032088cbd931485a8b21f9da268a0892912c9","size":119,"data":"","first_seen":"2026-04-17T17:16:20.276208Z","last_seen":"2026-04-24T07:11:58.303337Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b7a8e33ac05527b5a4d12c248cbb583f","sha1":"c4b7945820ff3431f639068b899aced820bf56df","sha256":"993c029359e4bd1a08e42e2b42a03d5bec8a6b344d09c648e57c2487c8dc6d74","sha512":"0fdd3055a45547ebecbedf542c355bf982b389019a3e0a7afaf2f66ecebfeb3e2acf1cd9ca897cd6a48a15aeacd298162d2e19bc795d37967eeeb78695c956b7","ssdeep":"","tlshash":"5fc08012216d54955d22c4c788566d50bf51b25487e35452bcdd08541345d5c5431155","size":163,"data":"","first_seen":"2026-04-17T17:16:20.174091Z","last_seen":"2026-04-24T07:11:58.304102Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"46644e0bddf3c405a1d5c6a3b47ba513","sha1":"ae358d71cc3655faa8c9bf54e967339300a52e77","sha256":"88e94a1f4743f5b63ea683fbd87c5b199b80793a24d03237bd0be7d6baf0fb0c","sha512":"e7bfee75f27c3464b2d0dad0876c7432b816af2bf61d29e1f232941971d2f0bb1821550226d08066cf8a52b68ca6db2d2bc0ed73369921a74b89a3154eab88fb","ssdeep":"","tlshash":"ffb01250556f151a81d6f085a5d52714f57246c497e78a2060e09394d3dfc5d048e8ef","size":108,"data":"","first_seen":"2026-04-24T07:11:58.304776Z","last_seen":"2026-04-24T07:11:58.304776Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5d34a55a7267a2a8767030d8c21de9ff","sha1":"03152f81023d91bf62046d5a3d97adee3bafab22","sha256":"ec11cf6ee0f8d77f5b8a4b5d85e571b86db06bbb08e8c654106bb1cecddc9b3b","sha512":"fe2888bc87d5bbede7b9bdda7a7185fc7936680f61fe60afcbee088299f18937a24779f7b0a9995f0ad40a713925ad0f137636b43e731224f34ef842bfde82e4","ssdeep":"","tlshash":"52700002282a3222228c28322c000300c20882ca82000c02e280020833c00880008b02","size":24,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.306422Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"36be40815678f3e9bbc3b9acd35cac0e","sha1":"9bc97335e1ff18277f50307a56bdc3d6fc9090c2","sha256":"bf85a5ee4830cd1bcf77534f7de0593358b462b8f52299337ead9a5f455199ed","sha512":"6e558df8b9b4224e6d6da6b355890a1b4bba442db78155de3084a5ab4983a15baa9c33dfa26902e4edb11d135840fbf2c9ee2fd5580db6ccfd81c27a37288954","ssdeep":"","tlshash":"a5d0a7f6b6bd9ac411eb89c4e0adaf29c0c1b038089008a59fd9a551e23fdac4e0149d","size":237,"data":"","first_seen":"2026-03-09T14:56:50.619302Z","last_seen":"2026-04-24T07:11:58.307262Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"14f35afd5b55a5d3a6c55d2a9ae2fb73","sha1":"dfa22281eccc759fdee485123489b61e66066dc5","sha256":"787671f1fe9b24c0c5c48fe9caeb4775207d2d35ffec148a2f96a054c96fb52d","sha512":"528a7ebd60c61330dd69657891699bea15e10cf0f54eb4256027c8f0a5e83ce96db9c3e62d42676d6f5c3210d4a062be3a562bc38f5bc0025cf827c0a2ff238e","ssdeep":"","tlshash":"a1b012958039c80c16ce4184cbf1aea5b9b6b0371d376c0d4acc9801df11d7154af094","size":101,"data":"","first_seen":"2026-03-09T14:56:50.771908Z","last_seen":"2026-04-24T07:11:58.308336Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7bf48b71ca583255cc617159134ac324","sha1":"e9c10b5a03b79c4a09dd87e639062491d48879c7","sha256":"2b6896cff736b500f270ff884478832e854533dd7bc6f81afb09c5c9ee98e0e0","sha512":"d07ac156d23bff93462375f77bf9c27c637fe1665bc6fd069762434d181dd0db3935754e287e958043ff6856c3edae5ab5cda6ed33775dbc143c85802cb7a5a2","ssdeep":"","tlshash":"52a024754c44401513415404d001470cf001d4c074c17033f0f00d44051534c130ff05","size":81,"data":"","first_seen":"2026-03-09T14:56:50.442922Z","last_seen":"2026-04-24T07:11:58.309468Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6aeb3bb47581b9b4b385985bf5cf8be3","sha1":"1f1173867f5166f0d7215ec4bc1670ae8c719130","sha256":"c17d4206cdf6008ab17d94d99820326ee6d65101e3a7817a812f8bf600d12988","sha512":"ada6a06aad42f2f6f0b9733f984bf7f98743ae3a84a08fd5af35b46f17128e098b22a41940a25c64fa72011f35f623f95c6f2c96fc050486505b3fe145ebf3dd","ssdeep":"","tlshash":"91b012df80394a885cced5c0cbf30684b882313e07374c041acc8080fe01c71d4a208d","size":103,"data":"","first_seen":"2026-03-09T14:56:50.638174Z","last_seen":"2026-04-24T07:11:58.310306Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f2555efa8d62969b7c931583155233a6","sha1":"8cda9de9ff01d4f789ffdbfda12b81425add71a7","sha256":"1145cb9c796c45d882c5863aa87ae09d5450af1018722c10b15d5813b3308fb2","sha512":"77b8ae9d53034141053d907dedf3410acb7fb664b5b4e69b53200bce79015849628496c7e0c81a88b3ba48552a11e23e8f4eae09daff944355b0664fb4fed3a7","ssdeep":"","tlshash":"38b092a366c6a62273a31da8d185af4892774c04a8cda412e570498802513d8220e287","size":118,"data":"","first_seen":"2026-03-09T14:56:50.444055Z","last_seen":"2026-04-24T07:11:58.311053Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7ca9bfebe65a636bd351229a5b6ed699","sha1":"1d8202f73cee53752a4c67883a29765f49de0bab","sha256":"3b34fd635e138b146a2e5257ff86ef6b1e93aa18662624e8af7f6e9b4df5268f","sha512":"6f8e7369c359ce634ec0bb7b7a631e7b1bc1fe311a40bd8c6d372cb59920b2ec5588e912b3c038b9e05ddbeb89472a4682b74ff062d3e1e0d281d3fa85b7d317","ssdeep":"","tlshash":"abc09b6240cd695a014f05d7c017db4a50725c4dbd93108955721f5d61b450991512c5","size":130,"data":"","first_seen":"2026-04-17T17:16:20.076017Z","last_seen":"2026-04-24T07:11:58.311891Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9aa98b2a5e76fe2db75f39699ca0b4b0","sha1":"56b80dd58e4e48e7ff9e5aca728924a98ac9ee33","sha256":"03287bb508ccff576d5ada912869ae016648a287061ab034afd62915bb73d32a","sha512":"8e48a8fe924cf8e15af71e3e6691cc39f57ea6f8e07aa32c0afb28086cb100f7caa59858ee3b9adab8b4dd8f2bdadfcaf3b73882ae6a5c226cfc5e19191ca6a0","ssdeep":"","tlshash":"a8b092a602fe430016c640c480b72ba8ea83303899700a095ca50908b6018617aa20c5","size":111,"data":"","first_seen":"2026-04-17T17:16:20.307596Z","last_seen":"2026-04-24T07:11:58.312605Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"68c5e4245e1e96bdcd6347883bd6e1f0","sha1":"f498bbc551066e9e743ca2b4c9c20eb2bdf2c0bb","sha256":"2c152d1fb0d70f7897299c2354f13f9be5767654381ace214ab8cf77302556e2","sha512":"8120d468b073c758d35b4ca370bd36a878104f133588371fa1802184644349297953d34e3b920a2a2c35df3173572b7e71198742f9bcf79317b4f0bd319c5fd1","ssdeep":"","tlshash":"27a024734444001533415504f4055704d03144c0fcc17103f4f00d44371134c7307f04","size":81,"data":"","first_seen":"2026-03-09T14:56:50.654399Z","last_seen":"2026-04-24T07:11:58.313316Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3f21d90f96bce236e1e781c27bca5c0f","sha1":"11d921da4ff3c3676c52a092aa02e4f084c0c274","sha256":"23debae1bc59a2e7718dfe84118d02c338beaa5e351812195db60183c753c9c8","sha512":"b5eb090d321b2c4235c35019ce7c504c36f42c0cf4476ca37133fc3938a6660b565da8dfd44156deed8e143f6b0b3983883c907dcd4e6971a602a77e388427a5","ssdeep":"","tlshash":"52800080c382080ab00f822800e08200022a008088000fbc202a30a00e08080283b088","size":28,"data":"","first_seen":"2025-04-19T18:03:23.247869Z","last_seen":"2026-04-24T07:11:58.314059Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"233b6075c63b29feec4375ea42c4d987","sha1":"ebff9bdbb576734c050110900550ae2671a913a0","sha256":"d883a5ac6e2cfbd5b82188690910c671cd6736d5c95d1057fb2623c9d0336657","sha512":"29c38bd99cc2e5d54e4f0f3781057893ad1d4f2616dc8433b235e5ce72aa533162ad418d156249c131fc479f7878b77490412e1fdfd688d8085de14593e4a728","ssdeep":"","tlshash":"ddc02b750049a82a020f6193c023870d6131045c5dc750447cb10f1592187544102186","size":140,"data":"","first_seen":"2026-04-10T16:24:49.226759Z","last_seen":"2026-04-24T07:11:58.314791Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4a211e6dfb6833eb2a8af5c8af1c548b","sha1":"718ef711a674ada991a66d42fd61d67d2e5bb670","sha256":"251ee39c63b5dc7560ea9485e7554a326a8d2f3a4ead4a95d9c4d69bdf3c3ffc","sha512":"2ce93626eb454c4b11b586a73476b1de57ed28078249acef65a2dc896451da72a8f6769d75ce04588ff35cfd4f2faecec7d832e6d11da7614dc649f849a1a623","ssdeep":"","tlshash":"cfc02b472a80c13402511181b1b5214cc925a2c1e9a14091f36c100a47710989544808","size":136,"data":"","first_seen":"2026-04-17T17:16:20.058618Z","last_seen":"2026-04-24T07:11:58.315604Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"18bad4db4ac711b9ca986d21da9d6712","sha1":"606dd03097d694557b9388148a395511aff93272","sha256":"4be9126347f9420b2ba2d824df4199fd336ea31bd712a4aae6fa7ad63f349d3b","sha512":"8e48f4c4ee5c507a97429b842a25bb868e66d69950672271a8a0d67e16bc04f409d138f6dff47cd49fc9f0db8812be19f2a7ce086a4d891b352e4d0d30b6c7a3","ssdeep":"","tlshash":"54c0805ab0f287d5055355d7d4a5df81b5a2b154c4f55c31fcdc5c11531646c6413055","size":183,"data":"","first_seen":"2026-04-17T17:16:20.134323Z","last_seen":"2026-04-24T07:11:58.316314Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"95d36ebe56e640e8bc29f1df01ad0585","sha1":"38a3482cfafdb39112b0ec67c94da33b87656960","sha256":"cf2fa570731533606ce9fca984478a6324c28bd410aee7ac16a12761ff78a68c","sha512":"11f86f94e36ab23189512c504089a5806184cd6b6c27c69c9a8605390c687a0b997afe6e5506f097c22839f8f259d61661f378513c328ab1dffeca47d88c5710","ssdeep":"","tlshash":"e4b09216613c216983aa3297a6896b29367246998ba3482151e08a52b38bcb910498ce","size":107,"data":"","first_seen":"2026-04-17T17:16:20.285372Z","last_seen":"2026-04-24T07:11:58.317072Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9dee51e7ccfc759e96d2af630919e488","sha1":"ac545ec1e05add42e3a7d243579294ba01647e0f","sha256":"6822d021153b39e6d21a30b373ecdf8e8cb7bed4c41d573fbd36bd7f6f72de68","sha512":"18c4895a84035ea588eacd1b1603b5affbc0f2e3b7eb1031bb4d033a1403885c2fdc1977a7cb5884cee30885def6a3740e88f755f81124653b9c249697383851","ssdeep":"","tlshash":"21a022aec3a2c00b8203fc2020e3380cc0023082c802202ac308288ba0b02b2f002fc8","size":73,"data":"","first_seen":"2026-04-24T07:11:58.317853Z","last_seen":"2026-04-24T07:11:58.317853Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0bd637db5c867668194013ae432a2428","sha1":"da1f2d02aebed04779dad0d3b3544f71a8407b4e","sha256":"f0050a08efe48d57225b65876d31bf8beabc8ebbe58a934d44890f21bd767825","sha512":"da5cf69b6565b137f4aed6ebce95a112106ba96a9cc698e778ce1df0bbd25fd12cebc5b5dc064176bb412c44c7a6bd712fd4a0868e51e00d82880f5f070dbc51","ssdeep":"","tlshash":"36b012d50239da00340241a0cbf426c4bc92303407714c040bfc88c9df41c615caa284","size":91,"data":"","first_seen":"2026-03-09T14:56:50.656207Z","last_seen":"2026-04-24T07:11:58.319939Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b363b9d37440109c7ed6930aa09745b3","sha1":"1ab9ebc8ff228b0b48080327b4cf80d216adf78a","sha256":"0fd63e74ba67d0d751df6f02556a4236cec217e21920b0221bee8cdf30724379","sha512":"56e561c251574bf7987cc6cb750040302152a8dcd562f0b29892e9046eef398e6f72bb514391fb8875802c0cb9dccbaea18d8817ee65675de197da2543ec4da2","ssdeep":"","tlshash":"61c09b51d9455a6527831194e006a68e6551559da88d2103e6604a4c059a718531d24d","size":132,"data":"","first_seen":"2026-04-19T08:47:00.801813Z","last_seen":"2026-04-24T07:11:58.332787Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d13182be91137a4cac0454c3b335646c","sha1":"b98105474d9390fe4dff789116dd7451a3437a61","sha256":"0e7cee4d8fba3cdc94e7d7a20e945f6cdae80a22eed8391097249ef3c1400e69","sha512":"dd37b969bc5a6f0c8deee3221e9fd56239b5f47b35e1d6345b55e9d3267078ab3814c3e0e3c84e7c5013e466f945a4a994b98b6f5754b28d4a76635b4bbfb638","ssdeep":"","tlshash":"94c02283820808b32b823008c00ea30cb02b8808bea2320be2e00c8808a0388e30a20e","size":130,"data":"","first_seen":"2026-03-09T14:56:50.559032Z","last_seen":"2026-04-24T07:11:58.341258Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f6b15ba7a3bc1e456b8e72af5177cd5","sha1":"5d53f2b74952890aae7de9abfebd309a2a43141f","sha256":"db99e6357e1f06d3c1962eaf6e7697ddf7c6ff762a7be05d5a9d849f66b112af","sha512":"6926a82ebae6eaa3157f25ccde851616af930264c4f20c9ed9fcbdd1446ad3bdff02da720f9432d51c0d4778d91f1b9e2a0ebfd4d3e31078df9c1cf9f2458861","ssdeep":"","tlshash":"04b012d70239d8005c96d7e0c1f10c04b882303e17346c0c0acf9000df01c605ca2095","size":103,"data":"","first_seen":"2026-03-09T14:56:50.467934Z","last_seen":"2026-04-24T07:11:58.34261Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"64c1cf9bfca6cc38355c9b5f249d6525","sha1":"00a6bf08e268da29b08b33693619f894fb325aed","sha256":"ef8395b5d47aa59e224aab8591b8747ac0f38d67e8abe7faa3f8ab29abd143e7","sha512":"93bb8972ea94698eddb2efec877a921e596c5650c50923743e1013854ba5251c863f8be6f1895c139a2b025721d2e505c9442a2d583b9fccdd3c5070521d5ce4","ssdeep":"","tlshash":"06600000000000cc0000c0300030003c300f0000330300003c3030c0030f30000303c0","size":14,"data":"","first_seen":"2023-03-07T13:20:02Z","last_seen":"2026-04-24T07:11:58.344114Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1ef0bca0c8fe511a919ad12472e6c67f","sha1":"1911560857da79f62a8b26817eeda52fa07cefc7","sha256":"5e4117ea8905b4866062cf8ae840cc520d1cd0403399e0b7342ea8485ef9a37d","sha512":"f5865ed71fdcfac8f9dffa7c6df8cfb15ff3955f9d454c58060d9247b52960c3537d1c7de007e13cc8a95c16f702fd216c4f85b20c1cdae2ab1857d47694fd10","ssdeep":"","tlshash":"7350000c00030000300000000000330000000003033c0c0000330c30c0000000000000","size":8,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T10:02:32.857788Z","times_seen":9086,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8d3f407e96d1d2972ffbe6409fb981c8","sha1":"3873e2b8e41e317178e44be94d9d11243cb52d19","sha256":"76d9f93ee02f97098b066212b23239e564419a7f3a0c0a59553d84a9b06b6548","sha512":"17840d8aaa36a6848115d1a8d43f3fe5d096be2621722af4580c88dce045121681b14d2b4c62bbece9da72c60a86864dfe25f6f5d91d27dc476454dd817215bb","ssdeep":"","tlshash":"1eb012598950d76502434a9850b2b4fccd92a0d4e449c0d8b87d4f09e3fc1b7d348401","size":108,"data":"","first_seen":"2026-04-24T07:11:58.346943Z","last_seen":"2026-04-24T07:11:58.346943Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4d300df88994a470935692ee1385ea6a","sha1":"170f49f3cc01956a4bd314ce0ede8718be85015c","sha256":"3b1d5971387b06d8289fb2453a9e52afe5bb9346a107aad751ff61fa915d0145","sha512":"665494f0f1c0c33457d9da33564a898bb0ebcbf26caa938b722c2248054a46376cfda42d8ab22d75a566bd8dea036eeff2bd29704e6bf13df0a98b92db47c574","ssdeep":"","tlshash":"53a0220c00c023e8020b8ef332002ee0a02c3228c003cc20fe2c83308f3c0beb082300","size":86,"data":"","first_seen":"2026-04-17T17:16:20.188943Z","last_seen":"2026-04-24T07:11:58.3507Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"68934f8e1aa0adfa011e04f656affabe","sha1":"93de9a5de3147943defdfcd9681144ecd6bc04d0","sha256":"deb0013326dfa4c68742153df73e065283665e37052e9da8bcbf22b9877ba9d5","sha512":"bd12f4a139c75c5aa8cb8c6a7fce3702d263f39c67d93070e2d66efcab52826a2e85746271f11aa535f3c951355e16e5eec83a2d99e25962b5947ff339e19351","ssdeep":"","tlshash":"e670003200c00022020a8080002022a22000a200c80300a080a0030802c0a0220a0200","size":21,"data":"","first_seen":"2023-03-07T01:11:44Z","last_seen":"2026-04-24T07:11:58.352196Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"06df2ac302d82e18421a49f0c4211544","sha1":"2f954c1a126e95a99202867f7f6e41c6ce57d4fc","sha256":"02ad88114c2431ab1692fc79b546fd2765b612b801dc711a3adf1b52d2d48479","sha512":"636e136c3fb985c0067a6a92ba10b97a187a63edda40fdd2fc7bbfab5d5c3d076eeb2d4840d1e58c7673f8e5c6f4656b5eafa1051b6dbcf9fb94a5fe92c422cb","ssdeep":"","tlshash":"b4b012b25454181a13411084d0415709c01244c42dc23002e8f10a84412574c1226248","size":89,"data":"","first_seen":"2026-04-10T16:24:49.241131Z","last_seen":"2026-04-24T07:11:58.353513Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a6db184e5abc31b195c3d7a8041cee9","sha1":"e12f8bebe692cca2fb51df2a7edde24a00fce7c2","sha256":"c86e3b2491b3c889fd54f64f332df2d97d5a4182196e8931ca414ccc2cc2f7a8","sha512":"6e9d53aa6686111e2a0654c1c0b8968d9a47586ff25268b8218d63f529312135d0231df800a009c5bd5778ff0621fda20aa4be7893acb049b046e3b913b20e16","ssdeep":"","tlshash":"08c080714485655d1157856bc056bd156c311a4c5c9354417fbd0e679564218e50038c","size":179,"data":"","first_seen":"2026-03-09T14:56:50.608933Z","last_seen":"2026-04-24T07:11:58.354685Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cd3707183b3452da4ab9cd761ffdde0a","sha1":"08b61eff838cf67aff8b3086768b154b9c9fc71f","sha256":"a5085ddb73e57c6305ea0b2fdf9d28f8b2ca5dfbcda07f727e8ca540e0639b99","sha512":"2d9b55f6513498cf802deae1aaff0460afd3ff82d8669eb6d1e5d0e8c6a19dae3c8cbc24588b7dc094cad77a677e30802b513b3fc254fdac896c2da4b432363d","ssdeep":"","tlshash":"8ac08071c5495a5e258702e3d003954f347151edec5b1143e1614f195598604731d2cd","size":173,"data":"","first_seen":"2026-04-19T08:47:00.88698Z","last_seen":"2026-04-24T07:11:58.355948Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"65610cc2c080e35bf3b6e198f9557af7","sha1":"080b14985f868a6c3d75f1a809989133a2861773","sha256":"8c3eedd54af609e6c15b99f6422acc0f554682a62f5fd9486664bccf3bcfe7cd","sha512":"80d00d7770c827eb1000eccfe62624847251991676c729139ede8ddfdc10bbb28745f711994be2038185dc9548f5ffca4429a45916f4c336ee6e5ed36355c045","ssdeep":"","tlshash":"12b01208408013d2810e0cb32108119014640804c0c3d450f11d4210978919050c3264","size":87,"data":"","first_seen":"2026-04-17T17:16:20.077757Z","last_seen":"2026-04-24T07:11:58.358077Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a15f8bf108d6ec3b9b08bda1b400fc88","sha1":"0f601ff4fb0b9ce8a89aa543a589567e743aa1b3","sha256":"7fb0d4f5dd6ed58e63195ba8ca14245741c480a26f7aa81e1126bf2cfd8711d8","sha512":"d504e9708c920e6dd93a35feec01d4d88854fbb931f236f8f50089e2eb45a20356134b34b6ab3e7ce47e5403e0985aa5fa5677b1a8c8f4d8d7861391b20153a7","ssdeep":"","tlshash":"33c02b31d6b87801d0c4c183f200ecc61043a40707398d05ebd130103414c143a9810e","size":141,"data":"","first_seen":"2026-04-17T17:16:20.056553Z","last_seen":"2026-04-24T07:11:58.359349Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9aa8d9d69946dde37dfe8002c3fa8c6f","sha1":"e82322c47ff749935abfc44ae5b96c5981b0137c","sha256":"1342503306672bb3fc35175ac86153dd6a7df01610a2654456bcf5c1258754b6","sha512":"7444fd5f51b21825d3dd2416df149c05f6e0567ee1190bb3fe187884572b3eeb6719fc503ec3d6b7c63cda4068d8f03c287c4a15b6ddc0f0f3eaf0d68df6676f","ssdeep":"","tlshash":"f4c02b71d61cb401b0c9c2cff104fec69003a403ce2cc418efd030192204c6c391010e","size":152,"data":"","first_seen":"2026-04-17T17:16:20.26407Z","last_seen":"2026-04-24T07:11:58.360165Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8cd03c2da7b97e107ce990e50b6886cf","sha1":"fb1c2d66bbf94a08a5bda7f06316c022ca66cfa7","sha256":"5b63e5b2097fc6906601e85e381d998a7db971aca73c9213dc2b107ccab734d4","sha512":"d7570a5c0ebebf2e0e2e8e0d65b56b16a5b648e59c5dcc7a4c7a01b139d4c4dd886ab5d639c85d13ffec9d53560b72a925e011ceb589639b8073b27658ec58db","ssdeep":"","tlshash":"e15000000c00c000000000000030c00c000000000000c00000c0000000000c00c00000","size":8,"data":"","first_seen":"2023-03-07T01:02:05Z","last_seen":"2026-04-24T07:11:58.361155Z","times_seen":4447,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"767936d13058582bb87396ab3a501990","sha1":"b358540e103dccf0d29f1d1507ba0dce694acba4","sha256":"b88b312e0f9cf6bd7f5c82dc87364dc8093a16b1f7b1e39313b314d212f767f8","sha512":"d26e678dc310476f24d46f5fec208d303cabbd09216ff89537cc368b74717df3c688c1fe0c0da6dd7128c3906fe7412830f96eb47fd0d3ffd7d250a1753238b5","ssdeep":"","tlshash":"b3b0921d023b68a81e0742c083f20424f1cb283a06666c358e8d890d9b228a968f2288","size":113,"data":"","first_seen":"2026-03-29T19:22:26.355721Z","last_seen":"2026-04-24T07:11:58.362104Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ef054765b291879329b1814c2a61e6e3","sha1":"7f6b3a800089badad3d9791343ef2fbcf32271de","sha256":"7681f551e91f891fa8988f41eb7adccf9fa9de61d337d05632bf6275b26f5c70","sha512":"32bbf626a7b0cf37a6d2f8d7fcc097913f818d2e7a2f3cfe5c06fc4bb491c34f441587488871f46229c3456aa22a91e98d9c2ae700393c07af99a71e6ebf1fe1","ssdeep":"","tlshash":"b9400000000300003000000000003000000000000300000000330030c0000000000000","size":7,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T09:02:21.208562Z","times_seen":4685,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"afa8fb9828045da746ab3dd67ccfbc8a","sha1":"d40dba6f0b7fc226a0bb25cd590e93901242066f","sha256":"48ba73ad39d4148d73d383188e429f0a0b913bb81fc72ba884cb0174087d6728","sha512":"9caeb0c2c049fe149f565ba77941141cc68d8ca6d95141c7e2b09df45ef3f0c7617b76d4deb5e3ca85a5e06a7377fba5af9ea3d9d3fa84bb0be7d9448c977239","ssdeep":"","tlshash":"a6a0110a008022b8020b8ea322802a800028a838828aca28ba8c8220030c0e800833a8","size":85,"data":"","first_seen":"2026-04-17T17:16:20.241162Z","last_seen":"2026-04-24T07:11:58.363957Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"342777183630b13888ed386c83691b1a","sha1":"724234194d3c25984d72c41936e5ebbfb85772ea","sha256":"b826c94897dcb85f3ed7fb67d3e49cfc3c84d174aa10a3215e1c1362c63c37f5","sha512":"3b08cb182ca52f0fb5542e4686b22954ee4291582aa75e1fa4024e9c7f9ca0ad3c48a2644b82782f5cb3fb3856a252c9fec6c88ab1fff77c47d88721e0893f4a","ssdeep":"","tlshash":"b1b01216713c326a83eb31d3e5816b243e71179d8f73592162e08762b38bc7580898cf","size":107,"data":"","first_seen":"2026-04-17T17:16:20.136515Z","last_seen":"2026-04-24T07:11:58.371002Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"23c24bcfd56bb398ac6b782b6b7dfc14","sha1":"b4f6e073eb49ee0fcc91af16789c70c2c023fcdc","sha256":"100cc43848e6ca742ca75107822be41144284769feaa78da762e33d8fff448bd","sha512":"f55a69ea005cc935db36f582a5e221467316f873c76a8fc0d8efc57317c14e7d262e89eb37e8213f4a4953065eded3a4b03fefc0c24e4041fbe1bd3c91893b78","ssdeep":"","tlshash":"cb8000008820a0c82c3f8208c0a8ca3e0883322830b0c8e28088a03882e00228a082c0","size":31,"data":"","first_seen":"2026-03-26T09:59:46.617183Z","last_seen":"2026-04-24T07:11:58.380961Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d10a9755a5990aa63bcb4f2cabf7c6c3","sha1":"30a5af080daaf5d0a3b61e34053542c644d74321","sha256":"433753651741da444cfbabc6e347215ec4cbaa9b5bfa6d5e79054b2b4e67d1e6","sha512":"fa9c5c79cb99b91f77d76faadc6617321c767de8c42903e433415c1c0938895ca07434cc8583006b2375a55ba5018c8d734212b836edc849dde4ed613adc9f13","ssdeep":"","tlshash":"5ab002526c909064579a44b71074c516755415546515d0069d98ec5d6590fd21c145e4","size":87,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.389202Z","times_seen":221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0d6cb677851a1eb3aed432b71ffa1bb7","sha1":"f1da9e926ef0d61f470efb3362f501f11092b7d1","sha256":"af68bc20c03a811e79ad9b9e109b8c6b881f68aa478c4d7951d5e58ae60d703c","sha512":"769abcb7c97e81094410f1cb9a031f5aae909b18a17bc212db97814c549b4543bb1040673cfb6b5fc0d2e9e92015d706bfbc77a9d9a753fad7c37cae4390deb3","ssdeep":"","tlshash":"6a7000020200022c2880002c00c0000800088002230a08c00220008022a82c080280a0","size":19,"data":"","first_seen":"2025-04-19T18:03:23.285016Z","last_seen":"2026-04-24T07:11:58.402159Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"84dcfca0bcaad9b795a24198ec82455d","sha1":"1a37401493c755caed54362b81d158500a6901ef","sha256":"909c7b76df337bc0485a6f2221b46c8c682eb53494dfaf671b53b5c20e4f21ff","sha512":"a79a0cf71a49b058344a63245438501b66ce61b3af7419ece08b500eea6e229eadf938bc78ab137b41a4c7c91e636d1010774b43f3c2fb19fccb5131072337c0","ssdeep":"","tlshash":"3eb09bb5c0545c5f114605d3c0565b0a947159c89d975441d9f30f96956454861212d9","size":128,"data":"","first_seen":"2026-04-10T16:24:49.103253Z","last_seen":"2026-04-24T07:11:58.407487Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"660f5bde54c0cf6c88c336a33074f451","sha1":"66644a2afcb2dd2fbcbafa9573c2382a7c1908db","sha256":"e2f8ba213f012d3981ea4423c6f51dadd70f9ff540dfb551f21e33f8969e0f2b","sha512":"cf81d27e6320ce5d254d4c20ceacfd716d621c9e055cbd79c77e9dfa0df69fce2b924de9595f12c927b55e7b70b02fddc28c95eb076f945729fa64f64ec4380d","ssdeep":"","tlshash":"c4a0228800c033ec822f0cb33a002ec000ec3008e083e8a0f20ec320230c0be0082300","size":80,"data":"","first_seen":"2026-04-24T07:11:58.409592Z","last_seen":"2026-04-24T07:11:58.409592Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4fb469c3c2287002ddf7699aac9a6086","sha1":"8657cb020a740725e4747665cda08bbe3fbb7a58","sha256":"0112fb9faa2610305282437a732caf4bdac899f749c5a3423736f1c3eb0e5f08","sha512":"5c38d5be862f3e92443bfa522444f70a4083fa3007d4b92553339b9ae436707284b1640d04c66bd440aac38caf03186fe8e4c7d950167d1291a0f8ff3e1c624d","ssdeep":"","tlshash":"f8a01296806a52248d0175005041901cc022219688409e21c2014c8c4060162500e448","size":86,"data":"","first_seen":"2026-04-17T17:16:20.206628Z","last_seen":"2026-04-24T07:11:58.413885Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"25fd605ee40bdd0a71a77842a1cc2cfe","sha1":"015359278397ef742dd780280cc92a4d2af4d2b5","sha256":"40e37a449ad470744b03d55a0d68855108c24c92dc9ddd649b24fafb41ef564b","sha512":"4c90a3adeb90add2902eebd24b2698ffae8bde80f293f50b2e260b46f0f99634adad010e6480b09efcdee3ac2922bdec07a01717a779852f7c4fd4daf0ae5611","ssdeep":"","tlshash":"0db012b39ccc695107476485c00d9b0ea066ac0868853046f2b40988567976dd30e604","size":116,"data":"","first_seen":"2026-04-24T07:11:58.415339Z","last_seen":"2026-04-24T07:11:58.415339Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"039c4ee3df3e7aa67dbead69ed15b54b","sha1":"cb1bf43427874128c2a75caf6479617a13070b00","sha256":"a956a746cf80438792bb5841e3a85ebb6b23737348ff715abe04bf983e53db40","sha512":"738da434f43e1dead91304e28b984ec0afec3d997db6e9d226b435081c0630388612f8cb7043a9cee71852af8ff8417d2e8cfe1348bc7d123710c6810586a2a5","ssdeep":"","tlshash":"fcc02bb344c9603f028744d3c103be48003114586d1770c2b8794f909362a08600538f","size":142,"data":"","first_seen":"2026-04-24T07:11:58.417932Z","last_seen":"2026-04-24T07:11:58.417932Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3068306f1230e042541c0c577e79ca1d","sha1":"cd4ca9397b5de083b8b400bf810ac559d7286942","sha256":"9c370fbe57d1d10503c7d54daa245e263e252b0f99413b957c46bd68ab1850ec","sha512":"ef783f21b5b0dcc11bf3d62ff3eae75b1e6a747dee9ea4528c939f36c105927474ff6066a4a9199bf66fab4ac448e2411a462c3a294f89cb355d35a8a517b511","ssdeep":"","tlshash":"fd600000000000000000000003300c0c0f00c30000000000300c03c00fc3c00cc03000","size":14,"data":"","first_seen":"2023-03-07T01:16:29Z","last_seen":"2026-04-24T10:41:54.590331Z","times_seen":2651,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1c3376641359a7b3bea4e67bbc31ccb1","sha1":"5ddbf6dc1fae021fcddd45258ab6d0bef8a1f25b","sha256":"dc1510315c3c078564c1a384ffa368ca96d30dd99ca540a531d60007ecc3a771","sha512":"377b808d094dbbe2399b17d81d89d29994bb5945cf5ca2567d52d9650c09c876b933ec971cde20081d45eedca4fe35ebd013275adda729300699b834a0dc2586","ssdeep":"","tlshash":"0da0220080c023eb030b0ca332082af03020a008c003cc30f22ec322038c0e82083380","size":77,"data":"","first_seen":"2026-04-17T17:16:20.178103Z","last_seen":"2026-04-24T07:11:58.421047Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"48137894da7aa9081ed6680467843e4f","sha1":"5a5bee53034963054f9169da55cd1ebb70f80078","sha256":"85487695dfaecbfe187b2f5d7c32a7c35474f1601e6be07d53ea626f42a5e079","sha512":"e142380421c1b0a3449038f8a8b4a30094ac82707807ce0c08c663c46c30175847e6b531cb5d3211de353b545ab001cd3e2ac189038b89a698c84ecc55df5259","ssdeep":"","tlshash":"5dc0800511182c5ec625b706ed454ccd107051679b336508671cd769e195476c8ac3c4","size":161,"data":"","first_seen":"2026-04-17T17:16:20.250044Z","last_seen":"2026-04-24T07:11:58.42196Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5c4721fd05fd7d63ea009a86b2f0c960","sha1":"26a3e2e365a3da02de600e895f06dfa217a936f4","sha256":"987da2ad14c2ad0aa76df304f348d56b549633ab2321d701501f6f4fb504a836","sha512":"35b06b47edeecf59292032326462486603ecb66f7b793605573acbcef7ada7fa8144020623af3a8ac6f5077a48360dd54aa30b3d4ee44213bade85d3ddba97c8","ssdeep":"","tlshash":"456000000000800e8800000a00000000832c020c2882802020a800002020028aa830ca","size":16,"data":"","first_seen":"2025-04-19T18:03:23.241045Z","last_seen":"2026-04-24T07:11:58.422712Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e3b00e3fecfca034f4dab439d0e67e89","sha1":"561344402f05bc3b4ddb21ee5189a259b9b6ffcd","sha256":"22a21008fa6c0675f29b5572c0af7e711e86acc67444e1f9168d59162c9c8d31","sha512":"ed3ac3351dd1d0fd160e7965e8a121dffc7deaf9da1a0feedd844b74eab3be69df5040c03d761bff3718651bf4a9a0c738d2110199374b508830f087162ffb81","ssdeep":"","tlshash":"34c02bb50059506d018a104bc0038fcda13235cc6e871001b0f20f34db1428801013c4","size":135,"data":"","first_seen":"2026-03-09T14:56:50.754622Z","last_seen":"2026-04-24T07:11:58.423494Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8ff104bb6958414926d3780706e8b508","sha1":"866df9f5c97c1915fb032c34dc10b9bed9541dba","sha256":"68dc3865c7b8d2eb89f65c77749d28d57537c7d28967639fe997fefe4a7f3365","sha512":"fedcb23ee778378c47e49ccf084d54ad9491eda41390eee19fc62e75509900e6e81a512050c1231f41ee801ee01f24d5ce4088b1ff89d39ef834e9f8550922ab","ssdeep":"","tlshash":"b580002038c2b022388f80c028080a823e220000ba0b82003fac03b003038028822000","size":32,"data":"","first_seen":"2026-04-17T17:16:20.213374Z","last_seen":"2026-04-24T07:11:58.424277Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"201f2ab576aa585ed5dc5c2c83a40552","sha1":"decbf78e1fbfb628adea66678987ae507feae220","sha256":"5f05334b2d6d73a5c8a1a4f3aa8ba80cc5b4d174ac01d885f78d32db0781909a","sha512":"eb1b0cf5bf40583954a0f6a62c08a24eaa3bea564776d8e1d1f0bc8aff594cb5e738da1c0dc25a227f98ff3570b1c8e093eab8ccc819ba599ca4632594f04174","ssdeep":"","tlshash":"33b01275713c367983eb31b7e9856b20367107998bb3883052f09352b38bc7500498ce","size":107,"data":"","first_seen":"2026-04-17T17:16:20.060449Z","last_seen":"2026-04-24T07:11:58.425019Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"950948a93a239dc5f8c2bb55ce556a7b","sha1":"3a23e0d76093ce038eda41e22c194410cf1eba4a","sha256":"625829d7aa5899a4a2d39c1c0b94a87c8616650d1b1087b1cbf0537626a1bee7","sha512":"05d4c44c1dba41529e0df6c74cbc5cc0b50b442093143c72f0304069cba294476fc0544c53f6566b30ebf8fb84b9c5a6765a085a75e6a03571e4716485d0672f","ssdeep":"","tlshash":"1390027291a4684e15008190d0916219c84600954c921916ccd202c6501c561513265d","size":51,"data":"","first_seen":"2026-04-17T17:16:20.251878Z","last_seen":"2026-04-24T07:11:58.426091Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1bf788fc88079014b13b868b219e1cd2","sha1":"8abdc066bef662ea65b0367275fcf594c4a798b4","sha256":"ea17d9b4482d6a81cf2ff02140e7426a26808d4ef5509f0efa1fc5f27bac7134","sha512":"0161a2e4cb6e0af2ec6042e2329e429035fc2793c476bbbe7ece736652e1fdf68066c25a85e9491c1b54306ce189caf50eee8e2cdcbf7314b7bd56d6a0ab06ae","ssdeep":"","tlshash":"1b800033022e2efc0200a30a0cf8883b23b2a208c00880a00aa0a0a882b2a0083803c0","size":34,"data":"","first_seen":"2023-04-25T18:15:15Z","last_seen":"2026-04-24T07:11:58.426859Z","times_seen":168,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b5f7be10f5dd296c7d655e7be0783e54","sha1":"08b9fba97faad21d4b6d561c195fc7f513e2e1ef","sha256":"fb8a23a6fd670e7e54c654a7a0a4ee330a7209ad1d61375811f76cbb320c2cc5","sha512":"0f42e8bc6c63d98220eec499594df53370c0484e79fc97680368998ebda33dc3e8c2325864b8d89e55e6e5d31c87cde576a097c8e0c6798dae9e9de25fd12d37","ssdeep":"","tlshash":"04c08c97805faa294a572a93c0828e0d503a34e8ae8a985086668e5892b4698610a2c9","size":165,"data":"","first_seen":"2026-04-17T17:16:20.139429Z","last_seen":"2026-04-24T07:11:58.42806Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2bca36dee1315d912acc35c8a4cc1d26","sha1":"859ebf5e650852fb64eaf1e948a54e4a6272e1e7","sha256":"27588ac52f3432698860d36c2626dca307a7743445e42ecadedadf11a8065554","sha512":"54760a6edd0b2791bc1abc0f7f88b90a9cc7853db4cc78d210541ec15eb26e600ab5a39e39532e045db248eebd7365233bbc592b3844697fbf99931756c0c283","ssdeep":"","tlshash":"3dc08ce361a4e1c72a43c0f0f03f5e58d073709c4a3bc6400a9a0400fa0bcb38b65140","size":169,"data":"","first_seen":"2026-04-17T17:16:20.166464Z","last_seen":"2026-04-24T07:11:58.428889Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ffdafc667ec69300899a36a0f22d6909","sha1":"92975b3d3d0668db4a7a05f898c0ab17fa7e20cd","sha256":"b6d96690b39052bcde4667fd13c932cb98b1611c1b7444876ae2b5c8f764f85f","sha512":"f99825258c8e78cb469fc63db6574e1c7ced255ce25f8e42a67f655783631bff6013431f2a5f4396636148369a0b7e4a85ca15bed96357f25f54f06174d31507","ssdeep":"","tlshash":"f8b012958039580c54ce4184c3f12e25b9be30371d356c0f4acc9811df11d7054af094","size":101,"data":"","first_seen":"2026-03-09T14:56:50.553483Z","last_seen":"2026-04-24T07:11:58.429703Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c2ea926f793de598c6655cd64db5e019","sha1":"aa1205ba17c01a51e92fbfeff30fb8058bed7841","sha256":"9f9e72f5b6f1926c1fbdf25848a8ad55cd2451e66e4953740000e5e80d7b96e4","sha512":"1986abba57d2ccf932e18791a350e0cdbc6776ec8a55645cc1f3eac19d82b67273e494166769d3b200359daf9c8cbdf41a6f27a3f0a3165be9181f1f58d14f3d","ssdeep":"","tlshash":"fab01297656a662613829844d6125f08d0f78a45a889a802e6b04e8c52f63a9121e269","size":116,"data":"","first_seen":"2026-03-09T14:56:50.498656Z","last_seen":"2026-04-24T07:11:58.430478Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"92985e81930ec20747722d2601b5c1f9","sha1":"29d95bc4e64d67283e8ab52fd332f83ad1d97b66","sha256":"130e03b04972b2f81879f53439ee2f97a7ed666479d288c4f99cb03bac9855f6","sha512":"3f8e8c83343efb052fa6feba4cd61aa197221b6c3ae104633010d871513d060071af8cefa9cefd0d8389ec2f692592273709b236aec214fe6335d54d82d23a13","ssdeep":"","tlshash":"ff70000a23080820b008082032022ba32000080300000030000080000088032020030c","size":18,"data":"","first_seen":"2023-07-27T03:27:51Z","last_seen":"2026-04-24T07:11:58.431265Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a35edf454d537852cfbf71f48d29606e","sha1":"ab270d43cc23d6cf2716a32c8bce358aa208e6c8","sha256":"dfc5e0cbaf9281a07f8be75d6c65bffd5c8333b09284a0d0213fc3ab75f0fef6","sha512":"e5717fed5dde8046af5bf6ba7f447b1269c6e74be24b9cee5368f9c42dc5839ac057a9dcbfea2f1fad5c184026a8d6857e3e8da1d54c81253fcd3952e5198f76","ssdeep":"","tlshash":"2c70003e0300802202a20088800e0e82b2200083c803200a02a2030283038800320002","size":25,"data":"","first_seen":"2023-03-09T23:10:13Z","last_seen":"2026-04-24T07:11:58.432052Z","times_seen":889,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"88a4d22277985a601e2aef710505c87f","sha1":"464c8723a981ad1740cef634a63b213592a8825b","sha256":"f03743c6865073bf3deac730060212cffe91421356eec36e8fd44d0dbba55450","sha512":"d33f241f2d9a807ce1d047b16996568e16fbcc2355c88615aa2d6fb748e63769d7d24559c89ee1795e22bbc2608555eb62fa90b347607291172d75511f40f5d4","ssdeep":"","tlshash":"cfc080b34145715e0157855bc062ae166871255cac9310017fbd0e65a57471cd50138d","size":184,"data":"","first_seen":"2026-03-09T14:56:50.578577Z","last_seen":"2026-04-24T07:11:58.432885Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b7b7fd840af210d377b3c5b475c3be36","sha1":"2f86c3afca25f7ba6f29027865ad0b4fb4a1614e","sha256":"4ce1836bcaf41cfaa22c2b030a15f26cc217702da34b21d21b050f998e617ff3","sha512":"d7dbdbb4f0fc1a1130650be0c7e233110336c529f486d6e781ee670de52c51d998843756ed51b6193e4b34d11c14d12069773128270f6cb476fb87d65aaaeb7d","ssdeep":"","tlshash":"d4b02b788044401d004a44a3c042ce06007128c8dc4b404164f10e00ab1014c1001689","size":128,"data":"","first_seen":"2026-03-09T14:56:50.470074Z","last_seen":"2026-04-24T07:11:58.433637Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d5ea85f724670ded8fd9eccadd7b9a41","sha1":"ea9b10d84d06df54ceab85e0e621d1b468b8ece9","sha256":"8a50fe15bae0341a7188ff60f2c567e7024b2fb737b592ecad89e6c8fd0e95b7","sha512":"c02807212411b86089c44e97470bd5641a4ee18515d992c31964b3f36ea20c116055568c5c2585778e3ca4f9f9c91ea922bcf8143bc283594b4ea63c413c4985","ssdeep":"","tlshash":"09a022be80e2003f3e0303aa023083efc803c232c303800ca203b2a8a083c20028c00c","size":73,"data":"","first_seen":"2026-04-17T17:16:20.153255Z","last_seen":"2026-04-24T07:11:58.434367Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ae01b47511224dcc9c5e32a59440622a","sha1":"3572c47161d1da91bdedf2605cf2abf0ada7b8d1","sha256":"195ef35dd682b46874328145f1a7d2efd969aa65e38ae57747c1cbecc5fc1b43","sha512":"9520936cbd94337b44a55606042d232e77ae5c20a38c16b3f52f890169283c0420b181f692766431f5d04e5d688cc74950602482c5140b93c10375c93c6558c2","ssdeep":"","tlshash":"eab02203032008b30880a280c00e302c30ab0080fa330a0eb2ec08000be80eae30800e","size":115,"data":"","first_seen":"2026-04-17T17:16:20.118678Z","last_seen":"2026-04-24T07:11:58.435126Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b740cb76d44e58605628fb29671fc80f","sha1":"700830919a1c844be4ff2a00d630851bb407bad1","sha256":"7f09aad2fd950313fbe8f69be8e1d2371f0088df621a9e42955381c299e5afdd","sha512":"053be1274ad5023672e30d528f9e9e436eabe9fa93ffb7519605c3a384d45559326a5235a28495f8421ee725b696133602c26fdd7206586ac918cb6dafff31b1","ssdeep":"","tlshash":"62c0809ab1a182d91593b3c3c97d9f48f690724485e415027cfdcfb1533581cd5010d2","size":183,"data":"","first_seen":"2026-04-17T17:16:20.291753Z","last_seen":"2026-04-24T07:11:58.435864Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f563da8b8bc33b50669632ec8c0a14f7","sha1":"3ed7b0f432fb56d3065c265cc1e3e3b5fbb95125","sha256":"eae74c191dc211acae555334da52d6ddd38fc5e243827f1b964e201fc0011215","sha512":"278daa7f37d4c8125b200d16f0966ffa93274cc461d16f8f2661db7acdd08d05662af19da8490baf2141194eac6df8b671864c6e681e6ce7819c178f0239fc67","ssdeep":"","tlshash":"6ba022b38cc8b0880e03c082000cab0ee8ba28088c002a0ec2a80088203c0bbc00be08","size":78,"data":"","first_seen":"2026-04-24T07:11:58.436641Z","last_seen":"2026-04-24T07:11:58.436641Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"587cb9bab157a66d60ac61fdfd8e8f91","sha1":"4585979efb8e6829580880f91203942f88bbcee7","sha256":"5fc65b60678bb3ec22a7956737be24b2648bba378c0738fec0c23b35ab0d3e59","sha512":"2bf1d6dcf5ea3babebd98367454d950229e10d9f3d16a0c7071f91b0db52af6eb50cbb2c542c5fee8d3df40a473668c7a769ed04cc25a2587dfb0792a7551e16","ssdeep":"","tlshash":"f3c080f3a7d8e1056440c147e740ddcf3053f516072b4816bfe47459a555c252a755cd","size":191,"data":"","first_seen":"2026-04-24T07:11:58.438546Z","last_seen":"2026-04-24T07:11:58.438546Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"dce90644e99c1ccddcd8c63432f88b5e","sha1":"73a7d8b33df6f7b744cb2834ac96fddd2bef9cb1","sha256":"1a3fd94c1ffb2fa2fc603ff9ee00c0f46209441a443b4868593c3465261b6a10","sha512":"606ed15f461efafa169d6c7ec0a1a001778bfd8a31d7d3983f8eac2cd5d67a7f860b51d604d55fbb350bdd8c364efab0ace517817d660aef222a50b7238edf09","ssdeep":"","tlshash":"d0c04c67d61e85013e8f9acec4a7bad8dd42b059cd5ca89a54d53208a241df59701068","size":151,"data":"","first_seen":"2026-04-17T17:16:20.142441Z","last_seen":"2026-04-24T07:11:58.440396Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e00adb9fee0f614c5fd3e51dacc72b3e","sha1":"3056f4cb9c3ac8d0b6b9ed913edfb769b5c55b1b","sha256":"432e32e8688b600efc125b4ee89ab4f13be2d6cee0775fce3a338fb149231819","sha512":"89811491c3a4eb888a0ca02f26cac312501150d93707ae5513f7f3bc51168d5d1c305ab2eeeda650f869e417e76e2f3dc0128deaf9c5727710eb23dc48e984ee","ssdeep":"","tlshash":"82b012aa001dc4691b0500849c12ef1da4c360464d31144845ef8891a00bc8c6c25698","size":97,"data":"","first_seen":"2026-04-10T16:24:49.286354Z","last_seen":"2026-04-24T07:11:58.441185Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0d514cf60e0b4ac7e72f7544d826534b","sha1":"9e20f20095898a6c35c2c143929a70e828136245","sha256":"37fa0355aadd8444779b44618748fe784e8bd1c9b87c9255d40467d355d8fc8b","sha512":"df07a40edf8d480625e5fe153e68d4e1bc819d7fe533342fee45562afcc5706c7a233f7983ab8584afb6544fc65af7d49e6128963c97e541987d5714fa7d9853","ssdeep":"","tlshash":"50a024714444001133c5d414f0034704d0114cc074c17003f0f00d44173134c5307f0c","size":81,"data":"","first_seen":"2026-03-09T14:56:50.433847Z","last_seen":"2026-04-24T07:11:58.441905Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"16d801ac24b0096041cb52024afd1d03","sha1":"783167b24d284111e99498c0f2a43ebc36dc3490","sha256":"1efa699baa995deaee8cbb0baa45dd89ed12f83fc54ed60bd1076cdfa21ec4fc","sha512":"75f8c3c3d6fefc7ae29a5638ab0126a16071caad6d67c37d4ab27e727d2fa87a678499ca65515e5b935920a6d88ddf78b56147c621226b557df9b8dce596fac9","ssdeep":"","tlshash":"05a012724444132213811048c0415749c14284c469876002e0b00d4815213580206905","size":83,"data":"","first_seen":"2026-03-09T14:56:50.671161Z","last_seen":"2026-04-24T07:11:58.442751Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cbb184dd8e05c9709e5dcaedaa0495cf","sha1":"c2b7df6201fdd3362399091f0a29550df3505b6a","sha256":"d10b36aa74a59bcf4a88185837f658afaf3646eff2bb16c3928d0e9335e945d2","sha512":"9220b9865a97d2eb9cad34271703f7c8e61cbe63a7a87d2aa3783f23669f14184eacda9a446f6c2f37e25426ec89542fdc9d8186fb5a8845e29896f920f9f1e3","ssdeep":"","tlshash":"c700000000000000c00000300000000000000003000000000000000000000000000000","size":1,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T10:02:32.852316Z","times_seen":5274,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6dd05821d7c081f980f332c0bcc24471","sha1":"93ca69138ec9a31000e748e8cf5dd5ef66ddbc24","sha256":"085202f8748f63b98aec723f21b21482de962723007be14af173c2dc786e3eca","sha512":"d359d14848e9758483f6c48e53fd0341df95d853012ac0796a6f3cdfc5cd7df4bffc2f2fc48b9370c4ef150c26569eb83ce6cd6a09ac83c5188b577ed815f52c","ssdeep":"","tlshash":"ff800400d345500d3107c31c00f1431c003dc004fd51073c711711d131150744013554","size":36,"data":"","first_seen":"2025-04-19T18:03:23.287117Z","last_seen":"2026-04-24T07:11:58.444355Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5699efa8baec0d878fe0352c8f4459e4","sha1":"6d8034172151bdee29854ef6c14e54ee9c8f4800","sha256":"e7b286c67c32b068f92d90913d03cf4234ab11230586aa1d8fa4f5265903bacb","sha512":"95bbe6d468e7bc0b2f64eab2e57777cd077c315e424f37f84e3259b03a02fcf06e929fba86f77142dfd1ea7f66ccfcdbf0a2c313dca3e975145b6d9ecaf5c0fa","ssdeep":"","tlshash":"f8b01261ae419e79254342f03023b0ee799121eee45e4243f6ac560947cd66ad71c18d","size":117,"data":"","first_seen":"2026-04-19T08:47:00.87189Z","last_seen":"2026-04-24T07:11:58.445089Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4e814d8c89aa595c04ccd3601a5af991","sha1":"bdb3a4647a97b8ee0493d71c0d9dcd2c71188658","sha256":"0ce94f4e973d7ac8b5a09b905254f2d8af409f10d1eead0f7db2bf152310da9b","sha512":"a6482ee16bc97eb9f0b09e76aef2ceb060d11ac1ca36e6f7955e27c3c99b62deac0ff25a7988d10f9f2d28222e89b2a3a18b63accb9786cbbd5fcd2455f5ab03","ssdeep":"","tlshash":"54c0800511182c5ed625a306e8454ccd107091579b33a404771cd769e194476c8ad7c4","size":161,"data":"","first_seen":"2026-04-17T17:16:20.107695Z","last_seen":"2026-04-24T07:11:58.446831Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ac6fbd04bfa8e27aeaa50ae617f7612f","sha1":"b91606951a672700dcb4d4adf12c94ba55d80db5","sha256":"905c3dfa093492e8363d3f4cea3a4584ac57a10753bc8570fe20b8464dc7b002","sha512":"0ce37403a0fc15b3c0b6a3d9cbb6592157d55b8b22ed9910103ccf3315f1405f5c1f1cbc27167bdc1b8c4860f979a36e69c91a278094c91cac13cd6510d6bded","ssdeep":"","tlshash":"797000208a20e082822000a2230038000200b0232000a020cac02a08800000038202c2","size":20,"data":"","first_seen":"2025-04-19T18:03:23.256805Z","last_seen":"2026-04-24T07:11:58.447554Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bcb6e4a80e1beed973a56e89741c7bad","sha1":"228b4b6bc6b5f0a4e7ffec12e9b7649aeaaff8b3","sha256":"11d701fa222e7cc22597a001a7bf0ee2da6323b9ef941641c44eea5fd7f1b414","sha512":"31c1d7ab5f05b36f752d0d1f6ea4c3b1aa33c5f94a1cd245b3f4a8ad9d39273e887debdaf9d9c673b6e330cf54206c104f88a71914a4b15a20cbd30fa3818211","ssdeep":"","tlshash":"d1700080000aa280000b882200a2820000300288ec33c88002aa0a80c2282082202208","size":24,"data":"","first_seen":"2023-05-27T00:35:28Z","last_seen":"2026-04-24T07:11:58.448245Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"24c876bee763e7cc47eed8ed1a3d1e10","sha1":"2562e635a0c2e30b3e35825b39ebcadaa6f6e201","sha256":"cb10f322a4a4c677eea4aac29c4b6b3d9f914df098dca3fe492e61f6b18089a7","sha512":"6a84d2edca3040aa6484df4e6f34ab787795815c684dc74bb3c85662268a657b0f81224c6afb5d655c1669b93d4945d354f1091b65388c1adbddc72b2a318b79","ssdeep":"","tlshash":"38c0c08784c4d13d02931183d0a7470c8837d2c4fea310c2f2711f8d45b0044200466c","size":187,"data":"","first_seen":"2026-04-17T17:16:20.204074Z","last_seen":"2026-04-24T07:11:58.449044Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6ea31d2e57d49563eb188de20dfe89a5","sha1":"219b5c091c3c1fc78151a1aac0745ba486fcc28b","sha256":"1601f4c5329d69455c61087d81c6d9697f86533d6bf0b8e7f369bba96900b03a","sha512":"34e9e600312a91525a2933391839d7ebc39cc48bda171bda3cc3ce86ab44afa5fa71f73fa82f6d9a63ad848e3579db1793d53814f809503dc59ca6ef7fc8c46e","ssdeep":"","tlshash":"b4b0125d5b21c4224143a9b021e3385a91213080e0020054b26c6803d3b41a6e540580","size":96,"data":"","first_seen":"2026-04-24T07:11:58.449822Z","last_seen":"2026-04-24T07:11:58.449822Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"aa2f9d4c070432c1372b4d8c4db8ae6c","sha1":"692a3d2080ae7fef1e4e828825d690b5d28a896e","sha256":"b6c0d80371b5f628a5f857c5859c5baa5e01288e88e88c3cdd46d03f71cd960f","sha512":"38b09be704b87014ed64de20d0937d72a87a3713056b569734e2e0bfe9498927ddec9a09d7f6a1a41e04a4421ffda293a35b61e4124b2b4c7baab0f6e8c83778","ssdeep":"","tlshash":"cdc0800515182c5ec525a306e8458ccd147151579b336504671cd769f294476c8ad3c4","size":161,"data":"","first_seen":"2026-04-17T17:16:20.286838Z","last_seen":"2026-04-24T07:11:58.451647Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8c72559f77d13022a9f882908a508766","sha1":"8f74d2fef9fe5cfe1cb64e08ce12f14f451f4561","sha256":"feb0ac37ac4b14457f820c8c6cceddb5584acec1162883f36bd6736cff2361b9","sha512":"b33fc28ae1c4060b191279c62d5c7cf11d6c5dec94e3fad6f0b766da4dbfd707adfc572bdcf8fa15f411e4a7dcdc484a91c0a96ea9f19461252f52dce09ae00a","ssdeep":"","tlshash":"3590020046990c4530a071c12e0bbe44721310241c6040003ac07420703288787050c0","size":45,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.452535Z","times_seen":223,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"00e3ecd1172f0f580f4517761e6f714c","sha1":"4e490bf31736dcf83287c87c07e32a16640639b9","sha256":"234c1c0026ca3577209571820e70e730a90898a0d18df0077fc00de1a9c01f86","sha512":"e91ccc7acdf931a3dafcc17d1f6ea05cf7bec0d6e260f2008ffcb058cdd392c54f0221e08ffdf9ee4f977b762b708d68bfd4aa9693c2a28adce864bded5072c4","ssdeep":"","tlshash":"908004500d5d3dfd4510c0173c74dd55f1d51c050033005305104574c3511414140504","size":36,"data":"","first_seen":"2023-03-12T22:44:59Z","last_seen":"2026-04-24T07:11:58.453283Z","times_seen":979,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8501e9183da1b9a337bcaf7dd4d85fd2","sha1":"2214f2a2e09b616fb4464d851f890385b03fb87c","sha256":"e6fcc868256d9b1990a4a880d04819e404677089c41b66a72ee9046d512675c7","sha512":"06e2de9a05e144d3c1c5061ce98d3a862b90f841f114eea4303fd737c30ec2e4099833255efb74941cba87af393c5a4f5ec172c5edfb3f501e7769e4a880b603","ssdeep":"","tlshash":"a5900222128625b9401899158cb80635765f182841144118095195518195108a595204","size":49,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.454287Z","times_seen":221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7e4b360176c1f018291c82629bbf1a13","sha1":"428c3101fba7bdf69b736a4487fb40b52592e859","sha256":"46a94afc8b1e47830fac460e34ad957f4227907f2c22df0ee2d46f07cf7e9e74","sha512":"7913c1479d62899d335ab35bac90b928d79bda78e9948a427b4f65fcf539254b6f4c17a2d46df4407be00db4866e66a7bd37cce21995ed5dc101d34f9b2bc9cb","ssdeep":"","tlshash":"02c08caa36348152094b0080c6fbac7cf0633429c8f0e44a06a3066ce132e128c270cf","size":161,"data":"","first_seen":"2026-03-15T00:15:25.197377Z","last_seen":"2026-04-24T07:11:58.455118Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"586f5271dead3b274bb4a75ea32f5557","sha1":"ab586ba01324a8434917c7d84449d20a28d7499c","sha256":"157b72ab4f249f8a0faacf43c0e39a57ea28065b1441f6b6bb47dc43e92edab9","sha512":"d259b1efd5d2e0f43cec884271ca1efbddf61913a936c0399f9f3a1b2302170a1d37dee2daf388c237ba4deecd1878433704b843ca5a549b60d48cefe5196523","ssdeep":"","tlshash":"7fa02471444400153341d504f003470cd0114cc074c17003f0f00d44073134c5307f44","size":81,"data":"","first_seen":"2026-03-09T14:56:50.451718Z","last_seen":"2026-04-24T07:11:58.457567Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f9ed45bcf30fcde6ca1cd2e29f6a15bd","sha1":"10ba641ae7a229400c4bf664c93a630e81873c2b","sha256":"1d8307ceacc4bee4e4857251203cdd665f3ad2be1507d23e3824575a6b3fff5a","sha512":"93a91bdaeafae2def7e7a3b330a5605da80515ea5e2c0fc2da519a980b0739ad9053e42aae0b70f98fc0d8b9e6df0f7a7aefa270a5e613ac42b8161c7a905054","ssdeep":"","tlshash":"d8a0220c00c0a3ec820f0cf332003ef000283008c083c828f20fc3202b0c0ac328238c","size":83,"data":"","first_seen":"2026-04-17T17:16:20.257325Z","last_seen":"2026-04-24T07:11:58.458493Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0ee6d2cb952d988dd42d8ac8702bd1fe","sha1":"98156802f11c6f39ed37c25d79f373f36a57ff48","sha256":"f7726bd21917027cf739ef6504bdf69baf61214f97066cb238bb9a3c0f29a100","sha512":"e7e969218bcd7bd3d5a4360ae2b73ad71c5f74fcc9a8f663988a234d362640043a8b880a1829e6bd1625bb589a4d3352ca7a98010565689e5113d507756e2f6e","ssdeep":"","tlshash":"3ba022a8b00f2b2ba3832f3ecb3c0088300b082cc0c00fa0802b0c288020028c00b20e","size":70,"data":"","first_seen":"2023-03-26T05:32:57Z","last_seen":"2026-04-24T07:11:58.459281Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b9a798aed08df79a5142affa318c3497","sha1":"0c3b60ab45672b031ce7ef792359922ae4d7f640","sha256":"6c9656210a0202719c1cc3f33bba512135c26bb8d970d2350552e75d257631ca","sha512":"a094593f54d9acd033ffb950be55c9a2277573291e492fee4fa1977ef3ae0b096e7aaea27f2cad0bd262e680c8be662007a713c3ab6254250e88dde6255e90bc","ssdeep":"","tlshash":"c55000000c00c000000000000030f00c000000000000c00000c0000000003c00c00c00","size":9,"data":"","first_seen":"2023-03-07T01:02:04Z","last_seen":"2026-04-24T07:11:58.460117Z","times_seen":10284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com/uploads/2026-04/69e49567d24d5.gif","fqdn":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","domain":"xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 06:58:08 GMT","end":"Tue, 30 Jun 2026 06:58:07 GMT"},"fingerprint":{"sha1":"7D:C3:15:8E:38:13:A2:CE:96:50:54:0A:F7:50:7D:2E:7C:86:DA:A2","sha256":"D6:C1:5E:B7:93:1D:3A:05:24:9E:1E:70:AF:13:5A:DD:5E:63:14:20:5B:D5:A1:01:21:47:F3:90:AD:7E:4D:CE"}}},"request":{"raw":"GET /uploads/2026-04/69e49567d24d5.gif HTTP/1.1\r\nHost: xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":930,"timings":{"blocked":-1,"dns":428,"connect":252,"send":0,"wait":0,"receive":0,"ssl":254},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"p.sda1.dev/31/ead68cfa71309b22e0c232c836bae241/%E7%AC%AC%E4%B8%80960x80.gif","fqdn":"p.sda1.dev","domain":"sda1.dev","tld":"dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sda1.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Apr 2026 22:59:20 GMT","end":"Sat, 18 Jul 2026 23:57:56 GMT"},"fingerprint":{"sha1":"88:EB:CB:C6:A9:04:14:AB:8F:B3:18:73:3F:85:B6:88:D5:16:82:7A","sha256":"6D:03:2A:B9:9C:8B:EE:0D:E9:A9:4C:BA:41:27:05:08:41:D3:35:36:17:D1:5F:AF:C1:89:F2:20:61:38:04:19"}}},"request":{"raw":"GET /31/ead68cfa71309b22e0c232c836bae241/%E7%AC%AC%E4%B8%80960x80.gif HTTP/1.1\r\nHost: p.sda1.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-type: image/gif\r\ncontent-length: 142465\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 70969\r\ncache-control: max-age=691200, immutable\r\nlast-modified: Wed, 22 Apr 2026 04:44:52 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BgqD4%2B8R4wXqQxCHSSNSkVIF%2FfPa7gMt0pQUoq%2BeG%2Bw4XrSHYTenqCPd76D62eDSqhNvSJnNI%2F%2FZ5Qe3jLdTuget536cWJiNgu8z66oCGm83E96BFYkcW75JH0jRt6ajH8iK9vo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-ray: 9f134b341d6e5689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":142465,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"eca85a190675ba39ea63fb5475bee1bc","sha1":"2a3c67982c556f331164ed63f39c50d5e7443695","sha256":"de3caad387182f08b09bdfe9708dc65ac2d68a6800e20ced90fce18ae1f5bd51","sha512":"93f9611ce676686fd0ea268fb41dbb9db531786be267a8402b0b59a0410c28da7fa9f810a0ba90e6c96c0f8128c24dbb204eaf533d18a059717d69d81bae95d9","ssdeep":"3072:t+qvvKTxJQfAi7ev3uJ5qqe5L6ALV/Y0YO0oevA0yiDw1fxxvKCDJfCo:t/v03uyqAL6AZnYvlAQgfxNlDh","tlshash":"29d322f1d59f024165b88b4caab41b3b1688bdecc643d788c94c5e1ca98528f783bb84","first_seen":"2026-04-10T16:24:49.036784Z","last_seen":"2026-04-24T07:11:58.104404Z","times_seen":3,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/%E9%98%BF%E5%A4%A95401-1.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.865Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/%E9%98%BF%E5%A4%A95401-1.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-17820\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96288,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"6c37a48d4245345180e6a8dbaf5968f0","sha1":"2cd60b5d4422801e8557c9964c3da5e1469a2459","sha256":"6feb4272fe4ad59127d5fa55ab63ca949150b52e8f955d4da9dea569785cda12","sha512":"e0c8468b99ce9333b5558eb6253c5c1609fe6112cb388ad3c5b96b4d392430df41f478de595574924adb98cb6812d9a7e342395ee379dcb142eaf487dab6b8cf","ssdeep":"1536:NIHmEiA6cjU3m51wpYqep9rqVMN+qWt+uhXQWNl9dnjr4iQp5xpx/v2oT9JlwO4O:mHmAjImH+evrqV2Wt7lb/Mp5jhBT9JlF","tlshash":"1d931207e54620c71d39bed5317103952af89dd79d73a5fef14cba603e2d8a88834ea2","first_seen":"2025-08-20T14:59:30.617534Z","last_seen":"2026-04-24T07:11:58.106456Z","times_seen":70,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":200,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:22.537Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 850 \r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:22 GMT\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 6498\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"850","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6498,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (6483)","md5":"5f153a80a00be0b372d1a5ea7084567f","sha1":"9e05f872971532c52b8c7dde513a1b921c789c66","sha256":"9a3acc307582b58b631de142762085bfda644f5747c4c162fee18d6057fb6af5","sha512":"cbd7cd50466897a78f92c6ac29b7348877daac4665821f2a2b1f3b3a3e42164f9bc65dd28b01797a69108aacee8e86a0835fca856a3459b1c87c3f0df151f0ec","ssdeep":"96:pWteYbXT/+6/a1/07mzn/2GR577z7pUez4cIXeWKNSc4TMRrLwKEa5mAPeEa5mNY:udj/+6ymQ/rR577zlLWigT4M2xU5vh","tlshash":"47d19787127d0d9a82df5c6818772a8f371fe44d765c888db7e0c5e84c689cb9819fb2","first_seen":"2026-04-24T07:11:58.11016Z","last_seen":"2026-04-24T07:11:58.11016Z","times_seen":1,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":97,"dns":1,"connect":98,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"172.18.0.16","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:23.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/tailwindcss@2.2.19/dist/tailwind.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 2.2.19\r\nx-jsd-version-type: version\r\netag: W/\"2cc503-cyTPK4s7rX9aC3Y3NNaHIxjV1fQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Fri, 24 Apr 2026 07:11:23 GMT\r\nage: 603604\r\nx-served-by: cache-fra-etou8220049-FRA, cache-hel1410026-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 255702\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2934019,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fd1515a3d70a9d3d1efe23553fb559ab","sha1":"56977de783ee69a0dbd14635c5a34fa3946b2252","sha256":"9209ca41f0f277ebe6b6e87354dc667081a638b83945f4531807bf06046227c7","sha512":"d3f9747c4e662b5dc6bf2e4e88b68425f82c89cc01c4a088574bcae8fa6c9896052b26355c2a1d93f4b6e8a5a4e589378f004c8d33299a0a53e0e5e63731c78b","ssdeep":"24576:TNmEvSBlsi1KhVzbweQgx+oaiM8eMkEcnxnF/DlZKmTKvxg4hahhDAeYYL24qC0s:TNmEvSBlsi1KhV6xnF/DlZKmTKvxg4hc","tlshash":"31255f3cabb1253baca7a1e9e145fdacd50762d8ed3005e7bc9221019be13f7c947264","first_seen":"2025-07-26T19:06:20.805876Z","last_seen":"2026-04-24T08:02:42.872885Z","times_seen":3175,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":31,"dns":49,"connect":13,"send":0,"wait":16,"receive":47,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:25.362Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/kniew.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 9838\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-266e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9838,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tj/n5vxi33om5vgs.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.286Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tj/n5vxi33om5vgs.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 940\r\nConnection: keep-alive\r\nLast-Modified: Wed, 15 Apr 2026 02:52:01 GMT\r\nETag: \"69defd51-3ac\"\r\ncl-cache-status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":940,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"e2c9e271072dc082722f1ff10da8b266","sha1":"0583efa5c132e10911ca2fc5fe66b03ec4609c32","sha256":"4465c4efe266d3ce1db60180989f3bbbb6238b60804810b40db100e488611a86","sha512":"12d233eb903125e677ebe44d6f69da24e3f91701f181eba394b73f28bd27b6121144696e6558dcfdaf3c15f8ece85ae7983058350295c8d62d7eb51caf651cbe","ssdeep":"","tlshash":"e811e0a08b797b76961845b67cf9cbfc3ffe9438fc12e260999f483414e39680c84a44","first_seen":"2026-03-26T09:59:46.515616Z","last_seen":"2026-04-24T07:11:58.114741Z","times_seen":7,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":1,"connect":94,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"p.sda1.dev/31/19c39b66327c5d53861ac3ca45603281/%E7%AC%AC%E4%B8%80200~200.gif","fqdn":"p.sda1.dev","domain":"sda1.dev","tld":"dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sda1.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Apr 2026 22:59:20 GMT","end":"Sat, 18 Jul 2026 23:57:56 GMT"},"fingerprint":{"sha1":"88:EB:CB:C6:A9:04:14:AB:8F:B3:18:73:3F:85:B6:88:D5:16:82:7A","sha256":"6D:03:2A:B9:9C:8B:EE:0D:E9:A9:4C:BA:41:27:05:08:41:D3:35:36:17:D1:5F:AF:C1:89:F2:20:61:38:04:19"}}},"request":{"raw":"GET /31/19c39b66327c5d53861ac3ca45603281/%E7%AC%AC%E4%B8%80200~200.gif HTTP/1.1\r\nHost: p.sda1.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:27 GMT\r\ncontent-type: image/gif\r\ncontent-length: 79916\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\naccess-control-allow-origin: *\r\nage: 184188\r\ncache-control: max-age=691200, immutable\r\nlast-modified: Wed, 22 Apr 2026 03:51:44 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R5LtwNOfuY8bhX%2FcWn5mhf1err3d8cbqjAbiuh93swO3ogZ95X7wF6VliQqZhEtkjgbh%2BWEzhYPVBV8sJPR%2FCt1MYQZITTaiS8NXOzDzs4tjPtPKVFBkJuQ81vxGZ0GWMUY5kwQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-ray: 9f134b33fd2d5689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79916,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"6b2204705f9306f873845ac87b5f1920","sha1":"5b31de5d6842817001cd27a784ef1d764f241fde","sha256":"2b65825b2fd5229321538fe500a91ea5edd1e66318bfcd5add25e50022bab5e9","sha512":"56aa8ba6d4b860c3e9aec8700b8e21c8a1fcdc020812bf19f872369b0dc732aab82e69c4cce4ec4e917efd24220b6ff13043cb89ae0502b7b656b05c1891f1c8","ssdeep":"1536:ccDbMTdcLpUBerPOlupx2ficBmK+7UcRE4kt212q:cPmUaQuHcB5+YcRENts","tlshash":"6b731205772dab792f97cc3f5539921183c310fec2e886fe49a816776d482992ac44af","first_seen":"2026-02-28T12:28:15.971832Z","last_seen":"2026-04-24T07:11:58.116948Z","times_seen":61,"resource_available":false,"data":null}},"time_used":6533,"timings":{"blocked":38,"dns":20,"connect":1,"send":0,"wait":2280,"receive":4167,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/x.jpg","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.237Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/x.jpg HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:26 GMT\r\nContent-Type: image/jpeg\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-23ce\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9166,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x360, components 3","md5":"43ae14560cdbc69ce960a28002f04309","sha1":"4dc694c2754882f840c77807016676732c38138b","sha256":"af0e248de25efb22e6edd4e1453e686154b00ce5039f94dceb2684a332ddad0e","sha512":"65fd41ba96eaf20d113d58bba86a8035133713e2af2a2d9c524eadad94b7d75be8df1f0ef89737516c841392cf4a4115a42247f910873ca7f3bbc390126f351b","ssdeep":"96:emURf3/MnlvzqqLCnOaj2DgNN/PD3g3FnWqzY/+/L32CfroQYPxG4J8SylchAEok:Wyl2qTQpw3FWX+/L324EQ8xtJ8Sec2kb","tlshash":"e4129d11f79b9694e9cc853e682d338835c098c10aa8e259dee37671b8f85b1a34c327","first_seen":"2023-04-06T19:21:03Z","last_seen":"2026-04-24T07:11:58.117725Z","times_seen":2679,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN015UwZJH1rGgfvpHhKW_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN015UwZJH1rGgfvpHhKW_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 102959\r\ndate: Sat, 14 Feb 2026 15:57:59 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: a3b5839517710846797636256e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2webp\r\ncache-control: max-age=31536000\r\nvia: ens-cache25.l2de4[0,0,200-0,H], ens-cache27.l2de4[1,0], ens-cache8.se2[0,0,200-0,H], ens-cache7.se2[5,0]\r\naccess-control-allow-origin: *\r\nage: 5930006\r\nali-swift-global-savetime: 1771084679\r\nx-cache: HIT TCP_HIT dirn:6:335729579\r\nx-swift-savetime: Tue, 31 Mar 2026 14:32:17 GMT\r\nx-swift-cachetime: 27653142\r\nback_uri: /imgextra/i2/O1CN015UwZJH1rGgfvpHhKW_!!2216598935604-1-fleamarket.gif_.webp\r\nvary: Accept\r\ns-rt: 5\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9b17770146857451683e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":102959,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"22e5a52afd4aecde3a46a5f99c04ca73","sha1":"3848314f4ef9ebb4ffe549be8f372f89afeca179","sha256":"815cb3918fa803c37099ed2aaf03eaf23d47243d6d8241e34e85042faf99d078","sha512":"0359d212966b29a8efc7761388baa33d8f5bd123df0c55fbca487db10fbea640f14fa6baaa782e7cc2c6959fd572db98bb81ad25d7cc858239562aedb50e9a8a","ssdeep":"1536:JfmPx6XwOiXQ2xHXaVklCZKZMu27Sy5/12eE5Sy5/v35zrlPqPdZtI1gvVoDn9rE:NM3K2PZJyyAyJsZBvMhXLV3L9Ut3L9UQ","tlshash":"a7a302a296258061ae251f76f3fd4c5ee0f1863076e9615f2c94caeae1e407cb2d17cc","first_seen":"2026-02-15T17:30:40.484627Z","last_seen":"2026-04-24T07:11:58.118455Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2055,"timings":{"blocked":1011,"dns":995,"connect":7,"send":0,"wait":12,"receive":12,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"picsum.photos/1200/600?random=1","fqdn":"picsum.photos","domain":"picsum.photos","tld":"photos"},"ip":{"addr":"104.26.5.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"picsum.photos","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 01 Mar 2026 00:56:50 GMT","end":"Sat, 30 May 2026 01:56:48 GMT"},"fingerprint":{"sha1":"12:C1:58:6D:9A:D6:EE:F1:45:73:0E:CF:A5:2C:78:CD:50:FB:F2:31","sha256":"C8:18:9D:59:02:60:3D:4A:15:F6:FA:B6:E0:FF:DE:5A:A3:7C:53:17:D0:00:C4:21:D6:40:EF:2A:A2:2B:BA:CF"}}},"request":{"raw":"GET /1200/600?random=1 HTTP/1.1\r\nHost: picsum.photos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-length: 0\r\nlocation: https://fastly.picsum.photos/id/14/1200/600.jpg?hmac=s1Ia9YF_AUb9vOFH9TcPXgdU9bsMHUm1zo_ipHGbgTE\r\nserver: cloudflare\r\ncache-control: private, no-cache, no-store, must-revalidate\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15552000\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6hDW6UQYr0lGFzKT8LkevQzOwGqu%2FRBubOlsSVt8eu%2Bk8CYv0PGzx5rwbinMx9tAIKiXe7Ul0HyT2rN5VSg8ibwsSpTnnRcNhvLw7pJDu1E6Y%2FiB2cCySMqKC0kvTj0%3D\"}]}\r\ncf-ray: 9f134b342e835699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":113460,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":22,"connect":1,"send":0,"wait":59,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/0117-960-80-3.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.838Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/0117-960-80-3.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-1f84d\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":129101,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"a21eb7ea773e68a20638d6e067f320dd","sha1":"be3d3aac19f6e81162a9b46afa73036b1e2ff0a0","sha256":"2f32f1d0b447260400cda1b35376e358af906721e0b87d3e3e18484e7ec3adde","sha512":"4ddd8e913e4a10dd7c7cc5b8f88c30b9d6cbeef7f43b5526030652e0c1164d7e0409b4909747590d7ef62b6cc918e4e40c44bfe9dd31873e89f9cb80adcbf86c","ssdeep":"3072:b1Tf54F/DOBjIlU6flBxnjIlU6flBxnjIlU6flBxnjIlU6flBxnjIlYHn83X53:b1TfQaWl7V0l7V0l7V0l7V0lBZ3","tlshash":"97c3f2f3d8e9cd0124999bb5a86774fa8cd75cd334d8c0dc9c4bbed81b2246221992d7","first_seen":"2025-08-20T14:59:30.605392Z","last_seen":"2026-04-24T07:11:58.119121Z","times_seen":69,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":447,"dns":0,"connect":0,"send":0,"wait":99,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:25.036Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/kniew.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 9838\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-266e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9838,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":233,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/tc350-69c8f30124cb0.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.752Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/tc350-69c8f30124cb0.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-1f27b\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":127611,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"3df88ec19c4516389c16454f7e6d5a3f","sha1":"0b0b93e9999d17c8426ce28d9d1e3b94cd83f932","sha256":"f3199a37abc9a18ec7e22d3b333eb3fcbb25d7b69aa6b66f57a4beb784c5edc9","sha512":"bee9ff7d2d6d37c86e3527a7efb235bd854be4c163c5e976f384195e2b3cab1ecfcde18203c870c0fa7fc8ab6b02544ff51fdafbf102276c97991b1a12980e8c","ssdeep":"1536:4k1QBB+55UeGy2ALnMlgi5aqDgs5D24Uac+y2ALxAynXWg5DLRZZW67EFgy2ALB3:gG5V2AjAT5tXo4w2AlpzLZIKst2A1o0","tlshash":"bcc3020c90562d078f57ec6f5c471f6a2b65ac508e02ed21e4063752a9a8fb5fcb23db","first_seen":"2026-03-29T19:22:26.331606Z","last_seen":"2026-04-24T07:11:58.120671Z","times_seen":5,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/FP-yc-960x80-15-14.gif.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.828Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/FP-yc-960x80-15-14.gif.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-57020\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":356384,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"79302d3ba6b7dcf6428c09d58a93927f","sha1":"635820dd2b4ef070f6187bd61a810d709c54b5f3","sha256":"ea11a38fb60831e979a398471ac9356f3f066799c8b9ce3592e360713ede180a","sha512":"2fc0aac258d6756457721586e1f4333dc73a541cf3f561bdc38497748f5e9eaefa4f969d9bd867ae3c24249165402b1434c97a288897bf94d4eb670c3faab3a1","ssdeep":"6144:YyLLsVAtwqN9TeC4cH9yJnFz9FEOJ25KBL7i5t7M9jeola+5M3kB/xbzPXJLKpc2:VHRt9TeBy9w73oPYeZ+Kk3bXJLyc2VF","tlshash":"f874237ee517fa5bfb8260882fccf6920b2012e64ea4f43cd112d5ecf9947468274587","first_seen":"2026-01-03T17:57:36.744229Z","last_seen":"2026-04-24T07:11:58.121423Z","times_seen":112,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":509,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://www.www-robinhood.halhsc.com/","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.161","port":80,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:27.167Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://www.www-robinhood.halhsc.com/ HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Fri, 24 Apr 2026 07:11:27 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":840,"timings":{"blocked":0,"dns":286,"connect":269,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:23.657Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":130811,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (528)","md5":"c1c3a82eb63e32acc7e9ec05e00e4e30","sha1":"50b46c4b6454cd72eed8edddc1271b696e27bfd0","sha256":"715097ad365cf4e5cf80a38c06f70c6eeb98f526eb0c986b737112bd40ac45b7","sha512":"2ea0e41b8d45631de88b0f6afc7c948bdab03e1aefc0eecbd61f7cf85851cbf2a15325ff7f03c45382cdb42afa1cda38e74838ff434d100b9415cc10b1bc39cc","ssdeep":"1536:t1a2fXKzzzzzUO7EbW0T78zzzzzMCPmX2kHL2OY+RYF4o7HTxW5YVP:t1a2f6","tlshash":"cbd3797781f0017e80dfa795e568eb3a5a63eb52c25be240f5ec0ca14b4bd97c88721d","first_seen":"2026-04-24T07:11:58.122157Z","last_seen":"2026-04-24T07:11:58.122157Z","times_seen":1,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":99,"receive":24,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"172.18.0.16","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:23.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:23 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 15248\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"620188b3-3b90\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 454476\r\nexpires: Wed, 14 Apr 2027 07:11:23 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TtExj34Xwow%2FlZtI%2FYHVTxOVp0jnvBNTqQkqG6Ag4JMVEUOw0xbF1yeVIU5ej2iKvbVRhIYuO%2Ftfg97V%2Fajiilf1pkZ4u%2F9yZoO0843OzvQpP4m2cqEd6OjRDSK1WtTELjdw%2BXnp\"}]}\r\ncf-ray: 9f134b2e296756a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89220,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65317)","md5":"dfb8fc36e102730fddf78b5494eb0035","sha1":"b513d9a39af2ee145f12c1ba03f9982960c47029","sha256":"8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e","sha512":"f6eb006b5d0844ed078689e9c80215a63af294fbe80f088f52229d5a4e6ddcfca8958d5c39de03484d066beae2e00b93ae83d1e5a42f5d4f710baa8e3e7cc57a","ssdeep":"1536:iUMVM6MVMkMVM9MVMNMVMispxd1zJJ29Nll3IV7UHsR+z:Dd1NY95IV7UMR+z","tlshash":"8a93a9e9e04c05d56732c44baf99b37ca5b6f73cd5810da9f02f580c19d26a822c6f7a","first_seen":"2023-04-06T16:57:15Z","last_seen":"2026-04-24T10:42:17.255093Z","times_seen":9433,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":15,"receive":3,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.776Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/kniew.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 9838\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-266e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9838,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.meituan.net/content/04baacace0cf76197172b16d0131f278180548.gif","fqdn":"img.meituan.net","domain":"meituan.net","tld":"net"},"ip":{"addr":"138.113.181.188","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meituan.net","organization":"北京三快科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 03 Jun 2025 10:52:10 GMT","end":"Sat, 27 Jun 2026 07:00:02 GMT"},"fingerprint":{"sha1":"0C:29:B8:8B:74:6A:6C:C5:4B:6B:8C:7E:F5:C5:E8:A7:B1:26:B8:CB","sha256":"40:B3:D3:3A:FB:0A:FF:94:27:86:35:5E:B7:62:00:AE:DE:30:88:34:15:60:5F:60:9F:C0:E2:9D:2E:BB:5C:83"}}},"request":{"raw":"GET /content/04baacace0cf76197172b16d0131f278180548.gif HTTP/1.1\r\nHost: img.meituan.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 80782\r\nserver: openresty\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,OPTIONS,HEAD\r\naccess-control-allow-private-network: true\r\ncache-control: max-age=5184000\r\nm-traceid: 8du6svghrk8wwiale86s\r\nlast-modified: Sun, 14 Jun 2026 07:48:04 +0000\r\ntiming-allow-origin: *\r\nx-via: 1.1 PS-SJW-01t418:4 (Cdn Cache Server V2.0), 1.1 PS-000-01cZq86:10 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1hb199:14 (Cdn Cache Server V2.0), 0.0 PS-ARN-01C8L93:0 (Cdn Cache Server V2.0)\r\nx-response-cache: edge_hit\r\nage: 1\r\nx-cache: HIT from cache.51cdn.com\r\nx-ws-request-id: 69eb179c_PS-ARN-01C8L93_30790-64286\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":80782,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f70f853b9ed281a21eff67aa75a6246b","sha1":"a48ee4f23352e182f57886861c9b3822571f82fd","sha256":"b2267d22ca187bf9b7a663173f3aec0aa917f8833b74360854c028f6ad0356f1","sha512":"2b3d6517b756373c18d9165721ee69c05c8dfabf83787771c84af89b1c8e064b82d2d4609f573fae1329443ccb10f1e40eb173c6492c3cc18b56533addef67aa","ssdeep":"1536:zUGdDdLrnN9fvuMqWkjYxNVoS2Dp9UI2RDNu7YN1TBrWan7/6z8Xf:zUGNdLDjHyom/DjURJukB7yzu","tlshash":"2e830298d07e4693ca0320b04cf7780696704666461593877d4e797eb13fd02af8e6df","first_seen":"2026-04-17T17:16:19.996875Z","last_seen":"2026-04-24T07:11:58.124977Z","times_seen":3,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":110,"dns":80,"connect":7,"send":0,"wait":27,"receive":2,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/yls150.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/yls150.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:26 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-505fe\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329214,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"685ad11408b0ce2226a5d8feac161768","sha1":"5e5ab6c37de8101580523f814c5146cf09254db7","sha256":"b849dc82d9c73aa81300cc377687f480045758a4a0fb188ea828fbda366bf49a","sha512":"b1393cff158fd73a76eaf5c8db27f3310192bc64e0898a3846adb3e1b6759449a60d00d5f687ea807480fbda267a2e30d2bd48f948b515ce99a3238976e0657e","ssdeep":"6144:gSLs/P5DocmOIi5WttV8OywKAqrBobhtEjhyifk+bQ7yF5eB:grX+TOIIWttzsAHl2HcNuFYB","tlshash":"5864d025e8e90819ed6ffa2e2bef86f58741521435475b752c813de2b72c3fd80e0a58","first_seen":"2026-02-14T06:58:44.593051Z","last_seen":"2026-04-24T07:11:58.12581Z","times_seen":12,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.tj66789.com/matomo.js","fqdn":"www.tj66789.com","domain":"tj66789.com","tld":"com"},"ip":{"addr":"137.175.104.129","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.243Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: www.tj66789.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:26 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Wed, 04 Mar 2026 22:31:57 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69a8b2dd-10988\"\r\nExpires: Fri, 24 Apr 2026 19:11:26 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67976,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-24T10:16:13.485277Z","times_seen":2254,"resource_available":true,"data":null}},"time_used":618,"timings":{"blocked":-1,"dns":90,"connect":180,"send":0,"wait":175,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.tj66789.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/4647-960x80--1.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.839Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/4647-960x80--1.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-193b4\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103348,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"aaae9a6cd42197a5dd887b7084cc65ea","sha1":"fd03c3758fe3a4d23731ac7305bdda9ed4c13804","sha256":"0524871e5d7a9fdf31ee345254414eb1236051ba7fcaa411068a515220fc797f","sha512":"c609068240e286f8dee2c9310524e319f8e3a7801f242ddda47bd8a9b97b06565f75ba33cf593e8e13e1068b6142e5f34ec8e61c86c66d4cdb22b2f89f21707a","ssdeep":"1536:V/Fot2xZpl3bjw/3xZpl3bjw/3xZpl3bjw/3xZpnqIbAzsLFw/GPNg2K2NLLwT01:foYM/rM/rM/VqjXGlg2KQeKQeKQeKQI","tlshash":"04a3e11f532012f929323bf4317e885aee5fb3c67aad98619d6fd8e2d18112c2478573","first_seen":"2025-08-20T14:59:30.642436Z","last_seen":"2026-04-24T07:11:58.128606Z","times_seen":70,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":454,"dns":0,"connect":0,"send":0,"wait":97,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.tj66789.com/matomo.php?action_name=%E6%88%90%E4%BA%BA%E8%89%B2%E7%AB%99%2C%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81%E5%9C%A8%E7%BA%BF%E8%A7%86%E9%A2%91%2C%E9%AB%98%E6%B8%85%E6%97%A0%E7%A0%81%E7%9C%8B%E7%89%87AK88AV\u0026idsite=1\u0026rec=1\u0026r=005835\u0026h=7\u0026m=11\u0026s=26\u0026url=http%3A%2F%2Fwww.www-robinhood.halhsc.com%2F\u0026_id=b3b30a737ec346c4\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=Ty9w9p\u0026pf_net=0\u0026pf_srv=99\u0026pf_tfr=24\u0026pf_dm1=2182\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"www.tj66789.com","domain":"tj66789.com","tld":"com"},"ip":{"addr":"137.175.104.129","port":80,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.851Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /matomo.php?action_name=%E6%88%90%E4%BA%BA%E8%89%B2%E7%AB%99%2C%E4%B9%85%E4%B9%85%E7%BB%BC%E5%90%88%E7%B2%BE%E5%93%81%E5%9C%A8%E7%BA%BF%E8%A7%86%E9%A2%91%2C%E9%AB%98%E6%B8%85%E6%97%A0%E7%A0%81%E7%9C%8B%E7%89%87AK88AV\u0026idsite=1\u0026rec=1\u0026r=005835\u0026h=7\u0026m=11\u0026s=26\u0026url=http%3A%2F%2Fwww.www-robinhood.halhsc.com%2F\u0026_id=b3b30a737ec346c4\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=Ty9w9p\u0026pf_net=0\u0026pf_srv=99\u0026pf_tfr=24\u0026pf_dm1=2182\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: www.tj66789.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: http://www.www-robinhood.halhsc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 204 No Response\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:27 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: http://www.www-robinhood.halhsc.com\r\nAccess-Control-Allow-Credentials: true\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Response","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.tj66789.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.www-robinhood.halhsc.com/","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:21.947Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":356,"timings":{"blocked":356,"dns":0,"connect":98,"send":0,"wait":0,"receive":0,"ssl":119},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:22Z","timestamp":1777014682,"ip_dst":{"addr":"172.18.0.16","port":36558,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-24T07:11:22.954654+0000\",\"flow_id\":1440077160525625,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"158.69.254.108\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":36558,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"www.www-robinhood.halhsc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":850,\"length\":6498},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":6498,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1337,\"bytes_toclient\":8637,\"start\":\"2026-04-24T07:11:22.536377+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/51sp960.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.834Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/51sp960.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-a048d\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":656525,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"486e0a5e537de850506144443b421b84","sha1":"10b1b1f51aa3887fe364d21a32fb1294d98ed8af","sha256":"3c49ac9942e7e0e247c95db241ef6f4fd2345eba4c8e5772a1b884ded691cb1c","sha512":"8efdff318244bf985109a577a04994a9f06abcc8fbf93c6beb56cdf337202b60834b1a19c23652f094a7b27fc4edf47f245a64dd1dd8f3f874f47196673cabcd","ssdeep":"12288:ZvrAEC7wrsq3efxSx1RHsGX7rLfUD/qPrhUdjB0wHRKUzi8Wd:tnCcbOtw7rLU/ihUdjBBRBOL","tlshash":"62d423a0e1d20ed52c0db8cd8944816ad159384da4cc9b11a6edf9f6d3d47fd629f0bc","first_seen":"2025-12-13T14:20:17.331984Z","last_seen":"2026-04-24T07:11:58.130475Z","times_seen":35,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":162,"dns":0,"connect":0,"send":0,"wait":95,"receive":479,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/favicon.ico","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:29.009Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849; _pk_id.1.0603=b3b30a737ec346c4.1777014687.; _pk_ses.1.0603=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:29 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Apr 2026 01:30:22 GMT\r\nETag: \"69e03bae-d48\"\r\ncl-cache-status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3400,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 85 x 83, 8-bit/color RGBA, non-interlaced","md5":"2811f354689408f7c7ee36a1c22c4d1a","sha1":"223c9c7341fe9919504bc0193c2dcc785fb5a065","sha256":"a8bfee495eecd30fb85696959319720dfb2217ce9b379bc464902ac23dbc7620","sha512":"875ac3c425fdaa72c6f8fdd0d4dfb4ba5dafbdf0ba84678acdd835436ecb4736a910388a81999e5af0897488d52c20c1a3dc40ca9d8d6ef2fe5a314013953747","ssdeep":"","tlshash":"36614b82af840281dd35f7e7c4eea55aaf260c44afc1bb97bccb3419543464a0957553","first_seen":"2026-02-24T10:26:52.577449Z","last_seen":"2026-04-24T07:11:58.132864Z","times_seen":21,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/pj2w66lpovygsylp.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.278Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/pj2w66lpovygsylp.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 8089\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:29:50 GMT\r\nETag: \"69e9d87e-1f99\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8089,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/FP-ycda-200x200-20-18.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.764Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/FP-ycda-200x200-20-18.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-f79fa\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1014266,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"291a98dbff1320dd65f92679eaac0598","sha1":"4f922d7663f0da05b7191b1e6c284e8e13e0a209","sha256":"17ec2eea93f318fa3e264951f900b72f68fff732f3fb95985a971e5944ce07d3","sha512":"6d9322e06fe1960136e00f4a9ecb75a201b2b74bdfa551d7cc7bb669e2ae832b5dcb7cd8ea3d60baf12720b663f87a46170f437c9274a314160b98427a66399a","ssdeep":"24576:qLh1hDY2/9kJAsnV17JOBaO0fT4i0RWxWyqW1z:a7hD99kisVFVfMJWxWyv","tlshash":"0625339ed52ec82bb33aa46976b86e5d945800ff5c1b6d248589bdfc3b3327c32c5181","first_seen":"2026-01-03T17:57:36.701343Z","last_seen":"2026-04-24T07:11:58.133786Z","times_seen":111,"resource_available":false,"data":null}},"time_used":664,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":563,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.meituan.net/content/70c14cb1592dc6b308b6d2466b21529c325351.gif","fqdn":"img.meituan.net","domain":"meituan.net","tld":"net"},"ip":{"addr":"138.113.181.188","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meituan.net","organization":"北京三快科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 03 Jun 2025 10:52:10 GMT","end":"Sat, 27 Jun 2026 07:00:02 GMT"},"fingerprint":{"sha1":"0C:29:B8:8B:74:6A:6C:C5:4B:6B:8C:7E:F5:C5:E8:A7:B1:26:B8:CB","sha256":"40:B3:D3:3A:FB:0A:FF:94:27:86:35:5E:B7:62:00:AE:DE:30:88:34:15:60:5F:60:9F:C0:E2:9D:2E:BB:5C:83"}}},"request":{"raw":"GET /content/70c14cb1592dc6b308b6d2466b21529c325351.gif HTTP/1.1\r\nHost: img.meituan.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 131994\r\nserver: openresty\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,OPTIONS,HEAD\r\naccess-control-allow-private-network: true\r\ncache-control: max-age=5184000\r\nm-traceid: j2ldmxj3djv7cpnkdkif\r\nlast-modified: Sun, 14 Jun 2026 08:37:39 +0000\r\ntiming-allow-origin: *\r\nx-via: 1.1 PS-SJW-0191816:1 (Cdn Cache Server V2.0), 1.1 PSxgHK5pg201:8 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1hb199:19 (Cdn Cache Server V2.0), 0.0 PS-ARN-01C8L93:0 (Cdn Cache Server V2.0)\r\nx-response-cache: edge_hit\r\nage: 1\r\nx-cache: HIT from cache.51cdn.com\r\nx-ws-request-id: 69eb179c_PS-ARN-01C8L93_30790-64287\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131994,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"520303c5cf5e4fda5e2fb87ee43a71e5","sha1":"813d876e98485486400f79b7623615ac2fa66d6f","sha256":"db90fccd5fe6657a71a59741d2348a85986b9ee5b3de8772143afafaf5a2ed16","sha512":"90f6ca188af3ae1719317949477dc73ad1587735a22801da3d37f58bbcd3c38ad614f619120d73d6547247d87d48a776f34c358ffe310ba92cd9af8d3da2e3de","ssdeep":"3072:hyxx2/jxOpUt4P2gqv2KQQGkLoM00JpQ7ToGWvWx8Se2ZH1:hsx2bxOat4P27OKVGpGpcTM2ll1","tlshash":"fdd312b17dd30485e6d19a2a0261b06643c43addaeec7449e02bac5380e553bd3fbf92","first_seen":"2026-04-17T17:16:20.022592Z","last_seen":"2026-04-24T07:11:58.134864Z","times_seen":3,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":37,"dns":0,"connect":0,"send":0,"wait":10,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/0117-960-80-1.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.837Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/0117-960-80-1.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-1cf79\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118649,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"1a9aedc99b3a608bf9c1fe9d3a9950db","sha1":"16c12cb7890bc9fd2f749f5d7812becb42ae210a","sha256":"5961305b3fe98c4a8ab7653f085025bb23df8262f51524e696367c974e163715","sha512":"5a624cf3930a3b7b815a7bfafeaca6a9508ca1c657305bcc2f6222b76b7c7aa9fde5fd0dc8e08c1cb422fc4724e9a864458503cf00b02031cda578ee304ef2c1","ssdeep":"3072:8TSydN9p9rwuQ7cmZ+n7cmZ+n7cmZ+n7cmZ+n7cmljNGveHZOH42ZOH42ZOH42ZY:fy9lQhZihZihZihZihK2E42E42E42E4Y","tlshash":"3ac3e1fed3b75d05687dd2343d0c1bc8f77a68c23c79f76a69b66841001b826a846b1b","first_seen":"2025-08-20T14:59:30.627274Z","last_seen":"2026-04-24T07:11:58.135919Z","times_seen":69,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":261,"dns":0,"connect":0,"send":0,"wait":97,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hervo.top/images/69b2e3ef5359ed27b91bf9a7.gif","fqdn":"www.hervo.top","domain":"hervo.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hervo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Mar 2026 11:20:08 GMT","end":"Sat, 06 Jun 2026 12:20:02 GMT"},"fingerprint":{"sha1":"F5:06:7B:D4:D2:DC:BA:F8:28:3B:21:10:8A:CD:A1:01:B7:C6:9F:3B","sha256":"59:53:F2:D4:A9:67:65:96:A6:C8:20:8E:DC:46:D1:C0:2C:18:3D:82:55:5B:24:7A:A6:4F:2A:5E:46:6B:C5:CB"}}},"request":{"raw":"GET /images/69b2e3ef5359ed27b91bf9a7.gif HTTP/1.1\r\nHost: www.hervo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 77320\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nlast-modified: Thu, 12 Mar 2026 16:03:59 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KUhzA2HQhTH7hRtc7P5vPRNtSLHPTzt3MC3Lq6BJmDs7H1EFdWxItEngvCrGOavYAOVQ3GW9N4Hmf50ejWF%2BXtKMNJtqBH0u%2FteSm2PL%2Bd5oQ9mRxec14yPcSDv%2FfL4c\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f134b376a2049c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77320,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"07bd66b799d65ffcd729ef166f94b58a","sha1":"9e25ef085e77f2aac16408d0fd0bd9d6bb257801","sha256":"ea0b2e1d6a1eb3045e8a7af01e0912e3764803034fcaef7a1734f38266b9ef88","sha512":"d0bb8addb52dcc0507b76c28043a17596a217a62711a3ff172923d6f63ed0adb82fc91667a523b5afa734ef3ca337023d666c5df0820623c0d77e320ea29842c","ssdeep":"1536:TULa1HmiOkmm6TFT8HFaUf4e1EFw8QAa5z81jMC1FcKMwVQ4tA:ALa1GLdeaUQe1Ww8QedMlKMwNtA","tlshash":"4b7302a20dd0aec2ced4182654f80a6d50c1eb4e036f59fb79c421b6716bb4cdbf1da6","first_seen":"2026-04-10T16:24:49.044178Z","last_seen":"2026-04-24T07:11:58.138277Z","times_seen":4,"resource_available":false,"data":null}},"time_used":658,"timings":{"blocked":51,"dns":440,"connect":3,"send":0,"wait":137,"receive":3,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.hervo.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.erpweb.eu.org/imgs/2026/04/746a8970b47996c8.gif","fqdn":"img.erpweb.eu.org","domain":"erpweb.eu.org","tld":"eu.org"},"ip":{"addr":"104.21.92.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erpweb.eu.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Mar 2026 07:35:52 GMT","end":"Wed, 03 Jun 2026 08:31:48 GMT"},"fingerprint":{"sha1":"88:83:8A:D0:C6:D6:C6:F0:12:B5:94:BD:BE:40:5C:9F:A5:8D:EF:38","sha256":"58:DD:6B:B2:8B:C7:99:8D:7C:22:8D:11:03:3F:0E:EF:60:61:6E:69:1E:71:8C:C1:32:C4:9F:EC:EB:2D:38:F9"}}},"request":{"raw":"GET /imgs/2026/04/746a8970b47996c8.gif HTTP/1.1\r\nHost: img.erpweb.eu.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-type: image/gif\r\ncontent-length: 91765\r\nlast-modified: Wed, 22 Apr 2026 05:11:32 GMT\r\netag: \"16675-6500590a72693\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nage: 70970\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\naccess-control-max-age: 86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q2D9AZx0rR6l9f8saVEccss7GmELL8ViMNH%2FyRw7NqwCnDna1JQTjYGplN%2BJEAuFiPBrk0yHrXJsBOkS9vknOmb%2FPDQTPZRJMbh3b9dPTEZ4KYGg%2B50M1Y6ZRDW2leMLeAmvGQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-methods: GET,HEAD,POST,OPTIONS\r\naccess-control-allow-origin: *\r\ncf-ray: 9f134b350bfeb4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":91765,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"d1204926746a8970b47996c8943a0ec8","sha1":"12e1d3aa9b249a57e1d12d01e6b2057dfb342267","sha256":"e715b6ab0640d9eae6f7359d87b050b3a9260518bc734156d8348ee285e372c3","sha512":"be90d6dd061cfc0954ccc3baa6212b6b227ce9db9b49a5f3926c78a54d7efc9c41b08f0a84038d68aac1887ad2c2556d4b5f1662c77e9f7725763f92f371621d","ssdeep":"1536:5kIwEvMXzgnjgsfkb2NavAdlfi3IX+gc6aMS34sP2uZzaJOEYNLvMGE/:5oESzmjgsftcAdlfiYczMS340NzM9UE/","tlshash":"ac9312eb94662724efbf9e215d8f12820910e5c51f0c19f2289eccbbf015657a22c65f","first_seen":"2026-04-24T07:11:58.139208Z","last_seen":"2026-04-24T07:11:58.139208Z","times_seen":1,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":109,"dns":0,"connect":1,"send":0,"wait":9,"receive":3,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastly.picsum.photos/id/14/1200/600.jpg?hmac=s1Ia9YF_AUb9vOFH9TcPXgdU9bsMHUm1zo_ipHGbgTE","fqdn":"fastly.picsum.photos","domain":"picsum.photos","tld":"photos"},"ip":{"addr":"151.101.1.91","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fastly.picsum.photos","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 06:42:45 GMT","end":"Mon, 08 Jun 2026 06:42:44 GMT"},"fingerprint":{"sha1":"02:E1:D8:F7:3C:5B:F4:D4:60:C6:79:58:3B:BE:0D:27:01:67:CB:E1","sha256":"8E:C7:B3:94:18:FC:5E:64:D3:8F:48:07:0E:4E:5E:67:D9:31:C8:E0:7D:29:97:AE:4E:E2:3F:74:3C:E2:F7:95"}}},"request":{"raw":"GET /id/14/1200/600.jpg?hmac=s1Ia9YF_AUb9vOFH9TcPXgdU9bsMHUm1zo_ipHGbgTE HTTP/1.1\r\nHost: fastly.picsum.photos\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: image/jpeg\r\ncache-control: public, max-age=2592000, stale-while-revalidate=60, stale-if-error=43200, immutable\r\ncontent-disposition: inline; filename=\"14-1200x600.jpg\"\r\npicsum-id: 14\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Fri, 24 Apr 2026 07:11:25 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410027-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1777014685.074855,VS0,VE90\r\nvary: Origin\r\ncontent-length: 113460\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":113460,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 1200x600, components 3","md5":"726e3efa6e149ad9b01cd63cbed13119","sha1":"5ff3b3fc64998cd6e1ba983fc6c7f057a73196e3","sha256":"7d2ccd7020104e315a3a3135650705564e4649e40bcd434a6f2a76304a4f7b10","sha512":"618e9ffe510f8b1e43090cb30fa17977e0f75b1525c1b99a81d629ae9ddf63b73a7506f3fe6e31e29f96d2335ca3072fda647be11d89ae99ae003db54915575d","ssdeep":"3072:GtHLa6ZEC7biIEgsymIYaizzoRaRepDQFnAk/n2:69jbypy9YaizkRBonAY2","tlshash":"4eb3129d63a207cbcb8c22b1883c41e1e41799113a79acd427cec500956eefcd98f6db","first_seen":"2026-04-24T07:11:58.141494Z","last_seen":"2026-04-24T07:11:58.141494Z","times_seen":1,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":40,"dns":26,"connect":13,"send":0,"wait":107,"receive":28,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/tc960-69c8f2e69aa7f.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.818Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/tc960-69c8f2e69aa7f.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-b0e0\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45280,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"300bb933a383b70785e84f4f0e91b75d","sha1":"ccc95500c9bc8c53fbfd7c55778b7a253649ec68","sha256":"f2a4293416e5f400fa8a2a800f9a444ba925eed4a146f294cbed6e75c444012a","sha512":"6b79bccff6c5e626ab932edc2a128b2a8344e724317f36f8ac95ec670bae1d7f2dc8567909987949d18f50ecbda4412123de68104ecb9dd736c99773d055d1df","ssdeep":"768:c3OQOksD7vdCVXjkziESL8jSt5scYdvzTz2QtLeRhSzKtDDh5F0Qm3PMSr/hcMtU:c+nksv0TcdSAHcertCR4Gt/h5MOMtjNm","tlshash":"9a1302ad7e065769308879d4888eea2b5c6bd5d379ba93737a0c01a705c013e7087ef6","first_seen":"2025-10-10T12:29:40.264531Z","last_seen":"2026-04-24T07:11:58.143788Z","times_seen":6,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":194,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/injvowq.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:23.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/injvowq.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 8780\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-224c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8780,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Non-ISO extended-ASCII text, with no line terminators","md5":"bd51afbcaf9cba0be8e7b43c54579bc6","sha1":"71c01a21ccf5f6c02aba73e32039fcab7f181398","sha256":"be7e2e3697d896a7f11612d2acd9cc8dd150d46bb5e0872753cf6492a8b99d42","sha512":"4dd92bf316318feffba77424ac9ad59cf10714461be1d3dc760bba2ec27c386512eef677844f85bf47c37897d198f7e0ef376ccf5c9d69388b1e4f65197c0092","ssdeep":"","tlshash":"ef400000000000000000000c0300000000c00c00030000c0c000000030000000000c00","first_seen":"2025-04-16T20:34:05.250763Z","last_seen":"2026-04-24T07:45:19.834946Z","times_seen":347,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":1,"dns":1,"connect":100,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hervo.top/images/69c16e65d48c26315ef393bb.gif","fqdn":"www.hervo.top","domain":"hervo.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hervo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Mar 2026 11:20:08 GMT","end":"Sat, 06 Jun 2026 12:20:02 GMT"},"fingerprint":{"sha1":"F5:06:7B:D4:D2:DC:BA:F8:28:3B:21:10:8A:CD:A1:01:B7:C6:9F:3B","sha256":"59:53:F2:D4:A9:67:65:96:A6:C8:20:8E:DC:46:D1:C0:2C:18:3D:82:55:5B:24:7A:A6:4F:2A:5E:46:6B:C5:CB"}}},"request":{"raw":"GET /images/69c16e65d48c26315ef393bb.gif HTTP/1.1\r\nHost: www.hervo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 35898\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nlast-modified: Mon, 23 Mar 2026 16:46:29 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=otF7K0uZBiTzFUb9tjARj%2FDsIrrdEiEvG5AswgJFW%2FazVhavK92LP5h6EvclUix2PM9Y%2B7RATH%2BSVKhdKf9uypNIHpSC5JEVg5%2FkvJvYfDYIPLOtkKerN8tXQiGqQjqW\"}]}\r\nserver: cloudflare\r\ncf-ray: 9f134b376a2c49c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35898,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"c795a52b2e6582df409e056ed030eed3","sha1":"b0a1469f91be2fef65d49a5a1bfe7eefceff7f90","sha256":"877bda69cb7d42dc7b7ca265e08601a16e5bf9f988a0d726b079931ed142393a","sha512":"19187c2a9b7fd172e88d109a526e18c6a95406c50c4f90be576394a5454dbce535210894b94325663ccb466b8a0e795938238640da56532e5322a6976476244a","ssdeep":"768:mJ9NhanN+inmuYgLXwQjngcYJqexYyGK+oUCbovHFbdOpoRB:+IN+inmTgjpng/ZvlUkoT","tlshash":"f8f2f147f0559be0a7685a07e4ceab1e4a2bbc051ef19c70f390951bbac50b0897f968","first_seen":"2026-04-10T16:24:49.053444Z","last_seen":"2026-04-24T07:11:58.147542Z","times_seen":4,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":551,"connect":1,"send":0,"wait":142,"receive":2,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.hervo.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/favicon.ico","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:22.861Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:22 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3400\r\nConnection: keep-alive\r\nLast-Modified: Thu, 16 Apr 2026 01:30:22 GMT\r\nETag: \"69e03bae-d48\"\r\ncl-cache-status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3400,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 85 x 83, 8-bit/color RGBA, non-interlaced","md5":"2811f354689408f7c7ee36a1c22c4d1a","sha1":"223c9c7341fe9919504bc0193c2dcc785fb5a065","sha256":"a8bfee495eecd30fb85696959319720dfb2217ce9b379bc464902ac23dbc7620","sha512":"875ac3c425fdaa72c6f8fdd0d4dfb4ba5dafbdf0ba84678acdd835436ecb4736a910388a81999e5af0897488d52c20c1a3dc40ca9d8d6ef2fe5a314013953747","ssdeep":"","tlshash":"36614b82af840281dd35f7e7c4eea55aaf260c44afc1bb97bccb3419543464a0957553","first_seen":"2026-02-24T10:26:52.577449Z","last_seen":"2026-04-24T07:11:58.132864Z","times_seen":21,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/jrgq.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.280Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/jrgq.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78483,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (779), with LF, NEL line terminators","md5":"027e7797bb5391e7a28607cfed12f6ae","sha1":"d10d28ab6d6aebd54ec074318638fe0b4b7449a4","sha256":"11e6b1cff8c8e9533577f17a0194b4a73965da5433874f00e260e62a646cddfa","sha512":"4e03e6cacc1a2b0751e57cafd2b7fde21e7126ed75ef1faa28e38a9682d70d3092d5acf32ef7af061ee795ffa1ff1d9d24dc9abbdf4b1f2a2a7f5b41d0c8d2f7","ssdeep":"768:jt9HSivKR9+aL/AKaE89FaL/AKas8NXaL/AKa6doa7FXTuyLuohPl/kF7aL/AKak:rhJc865UCP","tlshash":"ed735a37d1f0027a818ebe55a5e4ab3e5b53eb43c10ae64cb5ed08b5c79be46c90321d","first_seen":"2026-04-24T07:11:58.148402Z","last_seen":"2026-04-24T07:11:58.148402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://www.www-robinhood.halhsc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:24 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 126828\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"620188b3-1ef6c\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 603334\r\nexpires: Wed, 14 Apr 2027 07:11:24 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RqMBi1XPg0ULun5%2BRnxUkQCJp64qj9ZUILY5e27eWGkcJhsi%2F8OiY2DzWTLvhIpPCVZLsOwcRv4EL27KRkxXrDVZag3tjI%2BrtvJcLf14AQ%2F4djRTsQy%2Fc3aBlMUPf6nYvUIUMvHE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: 9f134b33bb0356a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":126828,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 126828, version 768.256","md5":"297973a488f688271dd223d542ba2697","sha1":"ed99d812e4c88826335f93acede3fad85c90fb54","sha256":"1b099f88c06ed0869872561c157f0ec9cbe133a0939d9ece4ee1e1f54bd4683d","sha512":"83c802972d9fee9dd7e3c0de42d8636c504e65ff20e43406bb446cc95a16acaa21789a03f0e2006148abfe47100bbd0c66aa4cf98f11e9b0220f1dcdb5204f46","ssdeep":"3072:caEaIjBfXHk79vCMuMZhQqmiutWxJfU52qiAx+SMfd:caEaIf3kxa5aaVMaHAScd","tlshash":"9dc3120ef3299411c6f0af104c63d6d627617389ffd548c767993e768aac9e70c28ea0","first_seen":"2023-04-10T14:50:44Z","last_seen":"2026-04-24T10:21:11.685016Z","times_seen":8087,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":22,"dns":1,"connect":0,"send":0,"wait":7,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com/uploads/2026-04/69e495c91a764.gif","fqdn":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","domain":"xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 06:58:08 GMT","end":"Tue, 30 Jun 2026 06:58:07 GMT"},"fingerprint":{"sha1":"7D:C3:15:8E:38:13:A2:CE:96:50:54:0A:F7:50:7D:2E:7C:86:DA:A2","sha256":"D6:C1:5E:B7:93:1D:3A:05:24:9E:1E:70:AF:13:5A:DD:5E:63:14:20:5B:D5:A1:01:21:47:F3:90:AD:7E:4D:CE"}}},"request":{"raw":"GET /uploads/2026-04/69e495c91a764.gif HTTP/1.1\r\nHost: xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":1251,"timings":{"blocked":990,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"xs.xn--ihqqcy9q5b94cnjt0p04e3n8ads2cr9hs47e.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.227Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Fri, 24 Apr 2026 07:11:27 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-24T10:15:49.54675Z","times_seen":21863,"resource_available":true,"data":null}},"time_used":963,"timings":{"blocked":-1,"dns":444,"connect":258,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/kniew.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:23.947Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/kniew.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 9838\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-266e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9838,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":-1,"dns":1,"connect":101,"send":0,"wait":232,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/css/scrolling-footer.css","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.278Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/scrolling-footer.css HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: text/css\r\nContent-Length: 986\r\nConnection: keep-alive\r\nLast-Modified: Thu, 09 Apr 2026 03:17:27 GMT\r\nETag: \"69d71a47-3da\"\r\nExpires: Fri, 24 Apr 2026 17:52:23 GMT\r\nCache-Control: max-age=43200\r\ncl-cache-status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":986,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"b8e690e0ab6011a72001c1f20b7474c7","sha1":"7b6e1e93fe0637fda671828f61ea72eeea130c9f","sha256":"d573fee7e7e9bbaf057034b21a838971fe7da247430e68bd6ec24bb2978042b0","sha512":"5b592c29d3654ac4a153eba2003b81d956bd58643cc2d9192f9c6e8f3422abd6a25813165d7d3196de6ce77ce0714eede07241317409b944ab508d119ccda3df","ssdeep":"","tlshash":"8211dc089da31085f117d2689bbb33012320c41be72bcdbcbe4c6291ef8495846c2b98","first_seen":"2026-04-17T05:27:45.749322Z","last_seen":"2026-04-24T07:11:58.152456Z","times_seen":4,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/tuku/0117-960-80-2.gif","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:24.837Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tuku/0117-960-80-2.gif HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:25 GMT\r\nContent-Type: image/gif\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 30 Mar 2026 11:06:31 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69ca5937-34923\"\r\nExpires: Sun, 24 May 2026 05:57:14 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\ncl-cache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":215331,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"e5b14c1a18eeea80aaa961f210e161ad","sha1":"f4ff150153590b5709e28a6c3f17e658ab5e5145","sha256":"0354bbd3857f1c5606b8af50c18c906b54fb877af3bc14251b20bb3558a10494","sha512":"1f665a1294f6cfc1683a919baf4d8e70ec2b051ee58e490f94c60cc273df0ee9b89718b703feb47eef161ca8bbc05723ff57737ff9aea1c10423e0663f49f61e","ssdeep":"6144:GrvsStsStsStsStsSndKi7Dz0qc7Dz0qc7Dz0qc7Dz0qc7Dz0hvq2ljZ2CljZ2CO:a777xvOvOvOvOuFvvvvE","tlshash":"5f24f1917065a17656518ce1acff41ad1cb93876da87fd02b3390bb58d12f0e8f8c2ad","first_seen":"2025-08-20T14:59:30.576191Z","last_seen":"2026-04-24T07:11:58.153271Z","times_seen":70,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":294,"dns":0,"connect":0,"send":0,"wait":98,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-brands-400.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:26.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://www.www-robinhood.halhsc.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:26 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 104544\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"620188b3-19860\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 604964\r\nexpires: Wed, 14 Apr 2027 07:11:26 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ywxi5WkA72076lqCi4%2FMsnUviCB3kbzxNgMflcxihmGIbDC5h0kv%2FTBPff5MXaXM3yVi2K6D22BqDq4oNvF54%2BM9HUrz%2FWlXRcMtUqMeEQ44sWUChLgh11KXDkTxSLyaxglt0MFF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: 9f134b3cbc9556a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":104544,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 104544, version 768.256","md5":"a9afdb72826cde196ddf29eb8f9d0f8f","sha1":"69fc982ace0b9fdd2cfa68c6628bcaad00f407fd","sha256":"29bc44694c394921d1f00271128a2e4cd8293516216e24eac07a73fa821fc1f5","sha512":"91414027bbd6fc01d2ee035d519530d017f34f9c8b9150a2e4a45386e3cfee2f4ecd07ab8f658b426e965536be75b3c6b396e8e65ab4fa33031779d3b0873dcd","ssdeep":"3072:V3ZSTBmqhFEpJTbnHMg1FZTRB/CClfbzXcW0FC3y0ew:ZZWBXwpFbsg1FZTRBbFMlFCDew","tlshash":"85a3128faa6fa70a2a1c79c5341418acf3102fd5c51e0be01474d9fff2385aa57685d6","first_seen":"2023-04-07T13:45:16Z","last_seen":"2026-04-24T10:21:11.666347Z","times_seen":4085,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.www-robinhood.halhsc.com/js/ljbeqrq.script","fqdn":"www.www-robinhood.halhsc.com","domain":"halhsc.com","tld":"com"},"ip":{"addr":"158.69.254.108","port":80,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.www-robinhood.halhsc.com/","date":"2026-04-24T07:11:23.899Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/ljbeqrq.script HTTP/1.1\r\nHost: www.www-robinhood.halhsc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.www-robinhood.halhsc.com/\r\nCookie: cdndefend_js_cookie=D0974A67B35391025F8135ED2DC29FBD51870C6E849\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 9535\r\nConnection: keep-alive\r\nLast-Modified: Thu, 23 Apr 2026 08:19:33 GMT\r\nETag: \"69e9d615-253f\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9535,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Non-ISO extended-ASCII text, with no line terminators","md5":"bd51afbcaf9cba0be8e7b43c54579bc6","sha1":"71c01a21ccf5f6c02aba73e32039fcab7f181398","sha256":"be7e2e3697d896a7f11612d2acd9cc8dd150d46bb5e0872753cf6492a8b99d42","sha512":"4dd92bf316318feffba77424ac9ad59cf10714461be1d3dc760bba2ec27c386512eef677844f85bf47c37897d198f7e0ef376ccf5c9d69388b1e4f65197c0092","ssdeep":"","tlshash":"ef400000000000000000000c0300000000c00c00030000c0c000000030000000000c00","first_seen":"2025-04-16T20:34:05.250763Z","last_seen":"2026-04-24T07:45:19.834946Z","times_seen":347,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.www-robinhood.halhsc.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-24","alert":"Phishing Block","trigger":"www.www-robinhood.halhsc.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}