{"report_id":"a862ef68-0bd3-4d71-b5a6-f07f356765ef","version":6,"status":"done","tags":[],"date":"2026-05-28T15:55:04Z","url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":0,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"title":"dashboard-axosbank.com/login/","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":0,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-02T15:55:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-28T15:54:38Z","timestamp":1779983678,"ip_dst":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51792,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-05-28T15:54:38.616503+0000\",\"flow_id\":1969126092196106,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":51792,\"dest_ip\":\"172.67.74.152\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2026-05-28T15:54:38.608522+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"dashboard-axosbank.com","ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"domain_registered":"2026-05-07","domain_rank":0,"first_seen":"2026-05-28T15:55:05.433364Z","last_seen":"2026-05-28T15:55:05.433364Z","alert_count":6,"request_count":3,"received_data":3230212,"sent_data":1474,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.30.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.ipify.org","ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-05-25T13:19:56.122118Z","alert_count":0,"request_count":1,"received_data":269,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"introduction_type":"eventHandler","is_inline":false,"md5":"6cf8e36b44ccbbc263bd445fdf4493db","sha1":"7d37acc7430af6ab2e394910832cfaae5f7875a6","sha256":"321c0119b024ac6d046c5c7faaf37015cee36fa841cd528a4813e235ff1e4050","sha512":"f696f7e38c4b0b700d77a22f6340e1fd82df0b3ae8abd49d8691c504248bf86a9fce78d66f1f7ed8d7734392f2c9500fa816fc36e65beccd3229df3032026cff","ssdeep":"","tlshash":"9f600000030c0000000cc0c00000cc0c0000cc333000c0c30030033c00cc0ccc00333f","size":15,"data":"","first_seen":"2025-09-26T18:47:46.226288Z","last_seen":"2026-05-28T15:55:09.378649Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"53182466ddba072e5f6b8d0d9d655417","sha1":"e341cf575484a89d90092c574a1ce14b88ab0eab","sha256":"e0ade97da03808f7401f60d4b951ab082c52e18905d62bfca303e97a5da08b5b","sha512":"51b45218d568160f0cf2a51b920fd78266f8bbadb3332d84b242cbb9c1f7a31a6149e7f44ff96ad906f22020c559bf063b39164f036c8bdbc03b9506c5dea266","ssdeep":"","tlshash":"ef113826122632653c8eb0ee59b6dc4d7a7f100be90960a0b59ed08d7930b5544f76dc","size":957,"data":"","first_seen":"2023-03-07T13:09:46Z","last_seen":"2026-05-28T15:55:09.379736Z","times_seen":330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"477877a05c03a47df86d92c6b87fd216","sha1":"6b368e58d45ff5d2cf112e3a649db1f263fdeeed","sha256":"59a47ae7df8413edaaf8861e27203b864ad62f2a63c4cb3234836b300a89ce50","sha512":"af9b146868af85c79af6cb20d5ddaa726527a83041c7ecb61262da35efea9de80fa709de68ec40f950948e2de9c8ee45e7613292ac2e939748a8b4727d173d63","ssdeep":"192:wQstbPxZ8Mx++nlAdndBUBkeQy4FNQawyiZ9cr//h+Qyo3TDZQy4uoVQy4tPs3:w59/ABdBUBkeQFNQaQ9crUQFTDZQu6QW","tlshash":"2e0252582ab719210367b0fd6bcf64043531c01b2885de597fbc82482fd9e659ab2bde","size":8251,"data":"","first_seen":"2026-05-28T15:55:09.380303Z","last_seen":"2026-05-28T15:55:09.380303Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"introduction_type":"eventHandler","is_inline":false,"md5":"836b48367bf546ab7d07d857966245bc","sha1":"77615434a310188eb93044cb4e8e224902c7a90b","sha256":"d44cdf008545b08492d524ef9cc8635c9cab226fd44ff58d17279d9748ee410e","sha512":"39f74c3d16946c728f868ceb07e9a47b1404bd3b0b2811c3b51b3d674d9a05ac56bb3e28002a3f48b83c4b6e1393e2a2d376805922804ee32c53ec812a6b85f9","ssdeep":"","tlshash":"e780000023b30c0f0cc3c88f0ac8cc02030ac003f300c003c003c00c20c00c0c000033","size":38,"data":"","first_seen":"2025-09-26T18:47:46.216601Z","last_seen":"2026-05-28T15:55:09.381036Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"9ad21133d8b541fa42273100bdafd57a","sha1":"8f28652f265feb3eeac34c11f3976247c56c56be","sha256":"96ecde49a127399f774392903fbb01e4ffa2554b751b5286b0c2249d12993758","sha512":"0db92b1e038f83742cd7d943bb82fcf2d5cea69bdac8fa047b9966a47f7a6018cde6d2fea24fe35ed0fd9f268800a4b9734ffeef47d0869f0455500615964a15","ssdeep":"","tlshash":"f1f0ace60cb709314b9bf0f903afb10a2157a00f35eedc4abb5c86440f853358821b89","size":651,"data":"","first_seen":"2026-05-28T15:55:09.381845Z","last_seen":"2026-05-28T15:55:09.381845Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dashboard-axosbank.com/login/","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-28T15:54:37.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dashboard-axosbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 19:51:18 GMT","end":"Wed, 05 Aug 2026 19:51:17 GMT"},"fingerprint":{"sha1":"CC:5C:B1:88:B8:FE:AE:A3:08:EE:AF:78:EE:CA:52:35:53:0F:26:26","sha256":"97:A6:36:7A:97:7B:0F:09:DB:4E:56:C5:2A:1A:73:12:46:33:96:4B:E7:71:F9:5A:B6:B4:62:44:67:93:C0:8E"}}},"request":{"raw":"GET /login/ HTTP/1.1\r\nHost: dashboard-axosbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.30.0\r\nDate: Thu, 28 May 2026 15:54:37 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Fri, 20 Mar 2026 17:57:28 GMT\r\nETag: \"3145af-64d786b11b200-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.30.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3229103,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (56085)","md5":"bf79b7ce3e36e10a15a825b4287a8739","sha1":"be37ae60d779b4bae80265297895804f525a36b5","sha256":"fd2006bd34e4c8ec4cfa5e473a08366884ea877aa234c255b8fb28a1490333b5","sha512":"513e97b1c2e79426f9fa5f6ed8fcad19bdd718c3ac494f5b4c47dadbdf327cfaf35c95f6e3468fd0577d68c092f35adb72fa289d2054b8137739641ef295e5bd","ssdeep":"12288:UwJ0xjWSwJ0xjWyVyvShBUreW52fWVW5AnVyvU0B0reWq2fWVW5AZVyvA+BYreWL:UC0ASC0AqaNEeW5Ac6uEeW5AsGf","tlshash":"c625e064084b104725438cda338e7775fe2ea2536180d2b97bfc7b52afead6152353ac","first_seen":"2026-05-28T15:55:09.371592Z","last_seen":"2026-05-28T15:55:09.371592Z","times_seen":1,"resource_available":true,"data":null}},"time_used":402,"timings":{"blocked":90,"dns":33,"connect":27,"send":0,"wait":54,"receive":164,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/assets/svg/icons/navigation.svg","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://dashboard-axosbank.com/login/","date":"2026-05-28T15:54:38.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dashboard-axosbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 19:51:18 GMT","end":"Wed, 05 Aug 2026 19:51:17 GMT"},"fingerprint":{"sha1":"CC:5C:B1:88:B8:FE:AE:A3:08:EE:AF:78:EE:CA:52:35:53:0F:26:26","sha256":"97:A6:36:7A:97:7B:0F:09:DB:4E:56:C5:2A:1A:73:12:46:33:96:4B:E7:71:F9:5A:B6:B4:62:44:67:93:C0:8E"}}},"request":{"raw":"GET /assets/svg/icons/navigation.svg HTTP/1.1\r\nHost: dashboard-axosbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dashboard-axosbank.com/login/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.30.0\r\nDate: Thu, 28 May 2026 15:54:38 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 285\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.30.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":285,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"df08a8f7eb72bed6e511b37eb9fb5b90","sha1":"10d330fec7fa7c45f72cb28493f9f2b696a43867","sha256":"28a18b3ddb3d6998da139c5fb2934c1532842bd7a22f10924bb860f438afd9a1","sha512":"8c7af1a13ecbbd50567b7bd582dc6308cc7adeecd6936172911d51c2b7cb285ff09c04c7a3e44d3508fb661fd9848f6e05d14284b1dc372afb5d658b786e9463","ssdeep":"","tlshash":"03d02b9e5043639b4821255079c126c226cd12e6b47a86e82dc6e48752e863ece9ea8d","first_seen":"2026-05-28T15:55:09.37439Z","last_seen":"2026-05-28T15:59:00.972468Z","times_seen":2,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/?format=json","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"172.67.74.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dashboard-axosbank.com/login/","date":"2026-05-28T15:54:38.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Apr 2026 21:16:17 GMT","end":"Tue, 28 Jul 2026 22:16:15 GMT"},"fingerprint":{"sha1":"6D:CC:48:D6:E1:8C:50:0D:7C:B9:13:15:F0:18:E0:73:56:59:60:F7","sha256":"00:FD:76:18:CB:8D:B6:5A:4C:B7:0A:37:77:28:B1:01:5C:3D:6A:E4:2D:06:02:C1:9D:B8:6B:F8:6F:F8:31:77"}}},"request":{"raw":"GET /?format=json HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dashboard-axosbank.com/\r\nOrigin: https://dashboard-axosbank.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 May 2026 15:54:38 GMT\r\ncontent-type: application/json\r\ncontent-length: 21\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a02e70676c4649c5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d69c71af0f191e9a72db6153f8018d1","sha1":"f67c5f2887bc05654b47f76e9621e53a4091aed1","sha256":"5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65","sha512":"fdf43a8f3d843fe9008949d6709c8e2a5cd640f6101522319745f0a829f21dc8f4bd4d70ff3e2f6e1fd53ca0d2dd872bf3588c593a403071102ab28763cbdba5","ssdeep":"","tlshash":"b8700022000000208c80800eca0a032223a0000ac20a00088e800b2288a0b380282032","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-05-28T18:43:34.175439Z","times_seen":91854,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":32,"dns":12,"connect":1,"send":0,"wait":109,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dashboard-axosbank.com/ch-b","fqdn":"dashboard-axosbank.com","domain":"dashboard-axosbank.com","tld":"com"},"ip":{"addr":"87.251.64.170","port":443,"asn":197414,"as":"Xhost Internet Solutions Lp","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dashboard-axosbank.com/login/","date":"2026-05-28T15:54:38.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dashboard-axosbank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 May 2026 19:51:18 GMT","end":"Wed, 05 Aug 2026 19:51:17 GMT"},"fingerprint":{"sha1":"CC:5C:B1:88:B8:FE:AE:A3:08:EE:AF:78:EE:CA:52:35:53:0F:26:26","sha256":"97:A6:36:7A:97:7B:0F:09:DB:4E:56:C5:2A:1A:73:12:46:33:96:4B:E7:71:F9:5A:B6:B4:62:44:67:93:C0:8E"}}},"request":{"raw":"POST /ch-b HTTP/1.1\r\nHost: dashboard-axosbank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dashboard-axosbank.com/login/\r\nContent-Type: application/json\r\nContent-Length: 21\r\nOrigin: https://dashboard-axosbank.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 502 Bad Gateway\r\nServer: nginx/1.30.0\r\nDate: Thu, 28 May 2026 15:54:38 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 157\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":[{"name":"Nginx:1.30.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"778b31de73b35832d58ca6b153ddf40a","sha1":"0142b28a9a0e7c6ce2a58ca6f323496a08420d62","sha256":"72444b31b76c215d135d0a1206c9dfa4ddc0d63f17e148296c56e8ed7330207b","sha512":"e3058a3a03053f011ae9e01f39e4aa1bca5d7966b674a20eccc1744e36837cebe0f657b87e3b8894fa88ba1202e53cd9fe1ba704cbb70da6ed50d830562b5ae0","ssdeep":"","tlshash":"a2c08c35a6023c1ce8f7767d10c36280c290c920039809024084890b31c31898acf3a2","first_seen":"2026-04-19T21:42:22.799064Z","last_seen":"2026-05-28T15:55:09.377339Z","times_seen":2,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"dashboard-axosbank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}