{"report_id":"a5a19566-0174-43a4-a9de-00409b55c1e7","version":6,"status":"done","tags":["microsoft","phishing","suspicious"],"date":"2026-04-25T00:07:21Z","url":{"schema":"http","addr":"secureactivitysett726411.li","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":0,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"final":{"url":{"schema":"https","addr":"secureactivitysett726411.li/","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"title":"Sign in to your Microsoft account","dom":{"size":25974,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"02307c9ec9a048b5e6c93392a6699479","sha1":"7ef8f241b6489084c8bb4c921cdc1b53e2cd5fd7","sha256":"98500eb472cd268d1ea22b187678a39f915e0fe71815a02d7955d4170a214104","sha512":"725e2cb3cbcfb17afa0c9d61ebbdaa7009c0d04e060c750a0aa80b56f5cab3e12d0787c262a3f5131bbd9809c9b78f6ac3e5e4a4d3bd6cc0c42721d3393813e6","ssdeep":"384:I9y3nrn/OzMzizwakzFztRWkaXvBgamV+43X+JSEKLsb:I9ybn/O78EKLsb","tlshash":"3bc2555b25f704626597e4e927e7574a3a61d003e807ca193fec878c8fc7e84a8637c9","dom_hash":"domhash01d0df14b95e72209763e160242b5a48","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"secureactivitysett726411.li","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":0,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-30T00:07:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"secureactivitysett726411.li/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"free.freeipapi.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-11-04","domain_rank":541048,"first_seen":"2025-06-26T07:24:28.444666Z","last_seen":"2026-04-19T18:49:16.129729Z","alert_count":0,"request_count":1,"received_data":1201,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.4.8","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"secureactivitysett726411.li","ip":{"addr":"82.221.136.24","port":443,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-25T00:07:21.200832Z","last_seen":"2026-04-25T00:07:21.200832Z","alert_count":10,"request_count":2,"received_data":28878,"sent_data":957,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-19T22:33:42.593215Z","alert_count":0,"request_count":2,"received_data":254172,"sent_data":1043,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"secureactivitysett726411.li/","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":443,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"introduction_type":"scriptElement","is_inline":true,"md5":"92af0aa724baa1e5e98be55abaf8b3cc","sha1":"5455bd6f1da256aa19c77a91dc28a7ca6d32bd70","sha256":"322c6a17a092aff3ec11f56719d4ea44d899d70f6f4c5641446763bf5dc12b6d","sha512":"55651648626e82e19865527e9bded098aea57ddd2056fbe74ebf3d9913e5574a344b20463ff9f3ba6578466650e09d555c23836e1c3ad71135c8386d7fcc25a5","ssdeep":"","tlshash":"34c0923bce3711a36a4045e34b4f201a22ba6c2fb841c9ca724c92594f8b421c8960ce","size":147,"data":"","first_seen":"2026-04-25T00:07:25.829377Z","last_seen":"2026-04-25T01:46:02.620862Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secureactivitysett726411.li/","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":443,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"introduction_type":"scriptElement","is_inline":true,"md5":"c443cd67b578e9946026b9e4cb758337","sha1":"5286e7ea9c5f06e05b2bf7286a1d1e8a6184feef","sha256":"2cb0df56c37bc097744bff3a67e984b9773bb47e42c20d8e795623356e677c79","sha512":"3e64361db00d924708728de9c84845936e96de17201cfdcd6830f33769c61c80bef0f2b016cc58821aed6d21679e2b8a8fa75148b5dfffc6cd4b3553718c2aa7","ssdeep":"96:82oaloqaRZvnBq9B4mV+03qqKO+hPEFtHwU9W+CYkjLXUIpXaCcK9FNL128Us2T:8kaXvBgamV+43X+J0tQu5CX/Xny8pUs0","tlshash":"6112ecaf35bb18744bafb0fb53dba244383060073849dd653d9c8a594fa2e847473ac9","size":9566,"data":"","first_seen":"2026-04-25T00:07:25.83129Z","last_seen":"2026-04-25T01:46:02.621443Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"secureactivitysett726411.li/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"free.freeipapi.com/api/json","fqdn":"free.freeipapi.com","domain":"freeipapi.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://secureactivitysett726411.li/","date":"2026-04-25T00:07:00.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"freeipapi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 11:56:41 GMT","end":"Wed, 17 Jun 2026 12:54:21 GMT"},"fingerprint":{"sha1":"3C:8C:62:E5:C6:9D:A6:0F:92:A4:2A:0F:91:1A:3C:DA:BF:06:5B:66","sha256":"B3:46:DD:68:66:CD:A1:BB:00:55:6C:5D:0D:61:52:D4:E7:FD:C2:E7:B8:77:34:77:3C:9F:44:BF:25:C5:A9:9B"}}},"request":{"raw":"GET /api/json HTTP/1.1\r\nHost: free.freeipapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://secureactivitysett726411.li/\r\nOrigin: https://secureactivitysett726411.li\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 00:07:00 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, private\r\nx-powered-by: PHP/8.4.8\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 58\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oaiLRiflXGBkh%2BYBlD%2FjyatHi74PD7xuJdmevLrqzYiTRYPc6GQ5jQzW2VVv3iRnHBY0WnKfDSR%2FtnbMQqSDECKimJpsUlB7fJDXUucTDZ4NNAfCFBr1ipetvKCe%2FWe32EQY1eI%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9f191ae2ec031ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.4.8","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":435,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bbea69244fa413e2331089d82e95b48d","sha1":"03c3a3a9caf4a1e274b706d31bb56994a63d4a2d","sha256":"b45532681e6837389d55bf83aed94b848de7a5ff1a5d8c1e7a7d962c558c7f20","sha512":"10ade129dbe40f15dccefbbacc4021b7f3773749ba074c6ca3191a41b3bfd57a1c84bef9f026d05d62f2cb5789cfb597e950af502b182742d0b4bc93cbe0ef86","ssdeep":"","tlshash":"fde0234d1d0cfd54bf398349c60d6eb708396000c04ec4518b7d8d35cbc47e8501000a","first_seen":"2026-01-06T03:31:02.11748Z","last_seen":"2026-04-25T12:37:36.379811Z","times_seen":32,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":71,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secureactivitysett726411.li/","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":443,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-25T00:06:59.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.secureactivitysett726411.li","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 15:45:28 GMT","end":"Thu, 23 Jul 2026 15:45:27 GMT"},"fingerprint":{"sha1":"F7:B7:A5:54:DA:E3:95:9B:53:63:C4:9E:B5:DD:97:A5:82:21:94:33","sha256":"9C:B2:ED:11:51:0D:B6:04:BB:BB:77:5F:78:06:35:AA:AF:A0:74:5D:1D:38:46:8F:44:A1:67:77:A6:F5:48:48"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: secureactivitysett726411.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Wed, 22 Apr 2026 11:41:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4566\r\ndate: Sat, 25 Apr 2026 00:06:58 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":26959,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"4cb3dd10e1a48c15c1b17373be7a3023","sha1":"7a5dce3715fe84aab23c025aa6396646b4f481b0","sha256":"64a53171a3da54030b20090048f069a183f75737b541324579190f067c106672","sha512":"a6cc59721fb19b46f37a3ddc6e4728ab8be421b4db82d31215165417ace0b3539320cb13f33623872b980f38505ec14dfd5f5041fe8d982222f0cd471fd4b616","ssdeep":"384:o9c7wJxzKzblLzPz0slG+k7SZ0jzagiTEZltsIUasK:o9dp0IUasK","tlshash":"3cc2401ba09504626577e2e9afa38b4efb614053d64382193eec938a4fb7c44d463fcd","first_seen":"2026-04-25T00:07:25.824085Z","last_seen":"2026-04-25T01:46:02.617643Z","times_seen":3,"resource_available":true,"data":null}},"time_used":602,"timings":{"blocked":258,"dns":85,"connect":79,"send":0,"wait":86,"receive":0,"ssl":91},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"secureactivitysett726411.li/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://secureactivitysett726411.li/","date":"2026-04-25T00:07:00.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secureactivitysett726411.li/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 00:07:00 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18752\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6421d693-4940\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 285906\r\nexpires: Thu, 15 Apr 2027 00:07:00 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iQ%2FRebdQGBbeDI8JgYrJyVRJzbGK4T6b5dgl1ho1GYoi%2FZuXd3yv4AN61I33kh8kCf75mqBVj%2FIhttsCLnsRoade4emJUC8ZGhI1vblFUUaR9TGwWYv9ffnDLDLdvMku6KRc12ZO\"}]}\r\ncf-ray: 9f191ae1f9a7569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-04-30T14:48:20.943708Z","times_seen":45953,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":8,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://secureactivitysett726411.li/","date":"2026-04-25T00:07:00.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://secureactivitysett726411.li\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 25 Apr 2026 00:07:00 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 150124\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"6421d693-24a6c\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 254256\r\nexpires: Thu, 15 Apr 2027 00:07:00 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0M2Don37wpKOq99YkrbkxXCtmBqshpi8A8TVarpRSVJcf6sR%2Baym8kte3bNxcjeGapivESZ0NaGr%2BfcI3fWA8YqVStETZzAwHGzy%2BSt%2BbUfTAc3qj1FPnlQschci3Sc72Z%2FaPRu4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: 9f191ae28bd356b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150124,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 150124, version 772.256","md5":"c64278386c2bbb5e293e11b94ca2f6d1","sha1":"6b99aa650bd12a36caa14e0127435d8f4cd3ba73","sha256":"7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880","sha512":"0ccdc1515510d902c0b4a48b863c48bad86e1f766b1f9c890a64e28d91ee7c6d488241c531fc094d15b29c211da71e092587a987e24ee8e67ef8ea99c284e821","ssdeep":"3072:7sCbk7w0ZXdkN6iMjif3Lr7x7wAtf+D7gDk1feXDLnurWHqrNIuv5n0:7sCbkFZXdC7MaLr9w2mIY1feXXurWyNW","tlshash":"28e3123cf2c6d486735f5aeadb79636894fd0a2e74ecc67d26b982112048f828174d1d","first_seen":"2023-04-09T20:30:06Z","last_seen":"2026-04-30T14:48:20.951573Z","times_seen":33695,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":15,"dns":1,"connect":0,"send":0,"wait":7,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secureactivitysett726411.li/favicon.ico","fqdn":"secureactivitysett726411.li","domain":"secureactivitysett726411.li","tld":"li"},"ip":{"addr":"82.221.136.24","port":443,"asn":50613,"as":"Advania Island ehf","country":"Iceland","country_code":"IS"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://secureactivitysett726411.li/","date":"2026-04-25T00:07:00.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.secureactivitysett726411.li","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 24 Apr 2026 15:45:28 GMT","end":"Thu, 23 Jul 2026 15:45:27 GMT"},"fingerprint":{"sha1":"F7:B7:A5:54:DA:E3:95:9B:53:63:C4:9E:B5:DD:97:A5:82:21:94:33","sha256":"9C:B2:ED:11:51:0D:B6:04:BB:BB:77:5F:78:06:35:AA:AF:A0:74:5D:1D:38:46:8F:44:A1:67:77:A6:F5:48:48"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: secureactivitysett726411.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secureactivitysett726411.li/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Sat, 25 Apr 2026 00:06:59 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-04-30T14:33:50.600536Z","times_seen":122227,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"secureactivitysett726411.li","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}