{"report_id":"ab89d0c1-388d-486b-b75a-7ffa98f98e7e","version":6,"status":"done","tags":[],"date":"2025-12-30T23:12:11Z","url":{"schema":"http","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"title":"R | アイラッシュサロンアール(Eyelash Salon R)","dom":{"size":15341,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (491)","md5":"f7b005d9b3d1be36bb25f39fe826c2ed","sha1":"781f8b4be3155d4a1dff50437984107c1e3e8096","sha256":"7ebebaa2bf277b2d7fbfe21baf059aa925658c6c713b161137f576a54db01c9f","sha512":"744d4cc660d8921e49ee00d4ed768d3c906a3c25808744e01ffdb6b2de84165539f04cb3238ba6189ff96f7170026e0a5d7f9f0f29c25170a711392bddf7d93e","ssdeep":"384:cfXAxHRDg/sOg6tuwFqZh2ypZDetioTYSDm08Ge5ODwWyVhvb:cfwxHR14YwFqZh5ZDetieYSDm08GeAD6","tlshash":"316297bd855a1427437390d0a8313716e2968909c70b69e4b3fcd2fdb7caf84e65236b","dom_hash":"domhash278a1b98781762e96b90f197281589b6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-03T23:12:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"r-salon.net","ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2024-08-24","domain_rank":0,"first_seen":"2025-12-30T23:12:12.507275Z","last_seen":"2025-12-30T23:12:12.507276Z","alert_count":32,"request_count":16,"received_data":5363910,"sent_data":7415,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Jetpack","description":"Jetpack is a popular WordPress plugin created by Automattic, the people behind WordPress.com.","website":"https://jetpack.com","common_platform_enumeration":"","icon":"Jetpack.svg","categories":["WordPress plugins"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":18268,"sent_data":484,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":3,"received_data":118449,"sent_data":1676,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nishikawafarm.sakura.ne.jp","ip":{"addr":"49.212.180.222","port":443,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2017-07-21","domain_rank":0,"first_seen":"2025-12-30T23:12:12.503299Z","last_seen":"2025-12-30T23:12:12.503299Z","alert_count":0,"request_count":1,"received_data":121,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"r-salon.net/wp-content/plugins/jetpack/modules/photon/photon_ver-20130122.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ebf262a3bd6659305ed1cd08b828f24d","sha1":"a76456f4a34d1933dd8ac3c641326bdc2cd77153","sha256":"d69c56b90a05a4691b64ffe7d195cbe61fe294a99cf66462bbe68a1f6b197409","sha512":"53005e712465c829356fb8585a1fcbce2816d148007aa770ffadd562beeb124fbbabffa7dfd4303ac4ed352fadd47098a3a8048e1601f1c182aec8f73ec50b1f","ssdeep":"","tlshash":"014122f8ab6c26358c7730f8641ff08c2b6e84b19693105fb92ce5c969e150c15f5eac","size":2100,"data":"","first_seen":"2025-12-24T09:41:30.585119Z","last_seen":"2025-12-30T23:12:17.204484Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/js/devicepx-jetpack_ver-201620.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a0f2137a1bc0ca0a8ddb109bcbc699d0","sha1":"65cda0f5ad14a382a1411cccd5666a991c8558bb","sha256":"4e64a66734fb408879862d300482b70940eaeba7d5bf2c65bc0c16aa17eabb0b","sha512":"46266920003e36088a3e1418034ef328a938733ebb239ef802a8b35bc200e9e8e2bde474c6d8c885ee529e10fe6cc40d8d061600705019bdc0078ddfa8f71824","ssdeep":"192:MssqFagarars1PgrCcucy9EycM9c5qgYRcg8Q847wLnDnr/5Bp5/Hk/gl:j1IaUfcucy9hcM9cgRck840LDb5Bp5PN","tlshash":"5f3286ba239f32b7de9331b6465f5b0c3e3b45514b0baa61c124d0d6396890758bfe28","size":11094,"data":"","first_seen":"2025-12-30T23:12:17.212514Z","last_seen":"2025-12-30T23:12:17.212514Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/js/gprofiles_ver-2016Mayaa.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ebb1763048d709a87d143dc305b1c25a","sha1":"a158ee3ccd6ca9b1629a21c8454d38f2f561a1b1","sha256":"b51498afd232e04005f2c105d4e011dafa0cdb302e10ea112e5ba0e7764277b4","sha512":"08823d97166af8b027d2f49d7a33a648d32f0aee52e0ac565473b7e2e9cc97f46d399e77be0762a0df40ac609d4a44b4ed4e2c5204a10869a287ff26085f38b7","ssdeep":"384:jk4/QwzTmD2gakhgtM7Bj2/zjVYNP79V8+gs:jkRwQ2gNcMtZVZ","tlshash":"77a2e729a25682b742337cd8e06f73956126d955eb5a0048ff7d4ccc55a28fc31f3e1a","size":21377,"data":"","first_seen":"2025-12-21T19:00:15.841747Z","last_seen":"2026-04-08T21:59:42.887934Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d77da3c7eb06c88002d0a71f5871b32d","sha1":"4bc85e9a6d37969174c7683858d8b3e135391e24","sha256":"598ae4650a5f41a182576c1295a6d4c2439c16437d9e8a5f992cee5fa9cb1668","sha512":"490e6f400e33d6b763dc85ac6bcb0e82fa47b43ac6009145d6912baa436939afeae19878505750d1984488dd8ceb0a634ca0647b2180d487c925543c5428ca3e","ssdeep":"","tlshash":"519002144098298272e01465b764549297c64649455a4c11798cd647ae6300684f5398","size":57,"data":"","first_seen":"2023-03-07T12:05:01Z","last_seen":"2026-06-07T03:37:19.149768Z","times_seen":4668,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b4cfa2493fa085f16ae2dc7283f2617e","sha1":"cbc8670d1e424721b87a1c861c647baf18e00daa","sha256":"2b5c890403957b18e707822b07c641253ebfcd910108532a916c0cbe995d5324","sha512":"080bbcc60fc3c212a55d618e1ea5d31fafa47ae5c321d9185dbb5d851eed94bdb94d1489c6bd3423043e23425ce152914e31f2b1d81cbff5c982215ead3709f9","ssdeep":"","tlshash":"8ac01261467c723eb350356e252ea55ab5d11515de59444129b1744c763b7ca0192640","size":178,"data":"","first_seen":"2025-12-30T23:12:17.2229Z","last_seen":"2025-12-30T23:12:17.2229Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/PHOTO029.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/PHOTO029.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:50:56 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2160190\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2160190,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=14, manufacturer=PENTAX             , model=PENTAX K-50        , orientation=upper-left, xresolution=222, yresolution=230, resolutionunit=2, software=K-50 Ver. 1.00         , datetime=2015:05:05 17:24:47], baseline, precision 8, 4436x2938, components 3","md5":"9d27e4fa40a0bed5ec3f27c6243f75eb","sha1":"689e7226ec07207d4a3dad17e77344447c084ed0","sha256":"67be7891c80fa2f8635d40adbc7dda3bc48d182b6ef9aae88da3a11f37ce046b","sha512":"efd3e94c34604a01576971e8cc11d2b35358733cc33ab666e2d6e93711c54ea4fcf76ed221c18ddadc187259d0658804bede91e6ba118de25d79584cce0197cc","ssdeep":"24576:QhFR3kySba71D/XloRM8wciKCtOeAqoRU9mU:Q3kK1bXmymlCTDoRe/","tlshash":"2225236f640c09abd7604a7a7c176b8a1a154e3c60d29bed11373ec6f93d970cc892bd","first_seen":"2025-12-30T23:12:17.202292Z","last_seen":"2025-12-30T23:12:17.202292Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":623,"receive":836,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans%3Aregular%2Citalic%2C700%26subset%3Dlatin%2C","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Open+Sans%3Aregular%2Citalic%2C700%26subset%3Dlatin%2C HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 30 Dec 2025 23:11:49 GMT\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17582,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"d123dff08d437b413f27e4b88c1613e0","sha1":"943b6eee9904787567482824578e8aac1c409c54","sha256":"da4ce783b9435bb29687cd37663e182d72ad250009630bc15656154ba6c3b90e","sha512":"18c4658b0336446bb040ba0bd83416c0f226f7ce2d987f62c2960c5ba5d4d17e561dd7e2291a5e5e9239bbe0579041c7f3b7dcb35f59ce91e40dc685a5f75fed","ssdeep":"192:+oWOo7oco/5oHo+qvo60bqGIwV49o8oPoohCAAN21/rqbnbqGIwV4Razq4CZZE2Q:+POmxG+CvxoqY49bjVjXqY4nU8qY4Z","tlshash":"53823ca10417145062431de233de3e30ee0f92657084d0766bfe9b9beedada963b435d","first_seen":"2025-09-18T18:23:22.13527Z","last_seen":"2026-06-10T01:26:45.033849Z","times_seen":1079,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":89,"dns":5,"connect":7,"send":0,"wait":20,"receive":0,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/plugins/jetpack/modules/photon/photon_ver-20130122.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /wp-content/plugins/jetpack/modules/photon/photon_ver-20130122.js HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 07 Dec 2025 14:52:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 781\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2100,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"ebf262a3bd6659305ed1cd08b828f24d","sha1":"a76456f4a34d1933dd8ac3c641326bdc2cd77153","sha256":"d69c56b90a05a4691b64ffe7d195cbe61fe294a99cf66462bbe68a1f6b197409","sha512":"53005e712465c829356fb8585a1fcbce2816d148007aa770ffadd562beeb124fbbabffa7dfd4303ac4ed352fadd47098a3a8048e1601f1c182aec8f73ec50b1f","ssdeep":"","tlshash":"014122f8ab6c26358c7730f8641ff08c2b6e84b19693105fb92ce5c969e150c15f5eac","first_seen":"2025-12-24T09:41:30.585119Z","last_seen":"2025-12-30T23:12:17.204484Z","times_seen":3,"resource_available":true,"data":null}},"time_used":997,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":976,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T23:11:48.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Sun, 07 Dec 2025 14:58:22 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3915\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Jetpack","description":"Jetpack is a popular WordPress plugin created by Automattic, the people behind WordPress.com.","website":"https://jetpack.com","common_platform_enumeration":"","icon":"Jetpack.svg","categories":["WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15547,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (491)","md5":"14b4aa26e5e9cd3ea0f1d6e72721e3bb","sha1":"1ca1f5164e9b7a71e643bff85a75124a53102d03","sha256":"aa0cc5fa3083eaaf4652eef6049ef58d13072b4743aeed5ca6a36508cd135cdf","sha512":"21040bebde4d2feb2dd4311a6c43bc88b7a768922237463e534d3e17bb8870f735c0d96e191021ad331478b99f67d7c6755d5493dc7c9c6af5b955f8fa2155e0","ssdeep":"384:AehAxHRDg/sOg6GuwFqZhBypZmeIipTYdDj08Ge5ODwWyVhRp:AeCxHR14rwFqZhaZmeIixYdDj08GeADu","tlshash":"e26297bd855a1427437390d0a8313717e2968909c70b69e473fcd2fdbbc6f84e65236a","first_seen":"2025-12-30T23:12:17.205967Z","last_seen":"2025-12-30T23:12:17.205967Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1254,"timings":{"blocked":547,"dns":10,"connect":157,"send":0,"wait":160,"receive":0,"ssl":376},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/06/door1.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/06/door1.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:50:52 GMT\r\naccept-ranges: bytes\r\ncontent-length: 220126\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":220126,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1024x640, components 3","md5":"a22afb03fa3b7bbd371f728b259ffa46","sha1":"47e3f1e4e6f5c13a39f3d3697a1924684d21b725","sha256":"e66fd608e2c448bc3d45abe185e03c727aaa611b7064508436a5b5e7ae115fb5","sha512":"d577dea121edccc2a99695420228753a378fe397d72ca274a3359eb937c3014474526a8d3e289c4c4970aa8791c23fda2441d4b0fc522e465f3835660b82bb13","ssdeep":"6144:34hw3NsH/QdInP3j6kmNAdseMaFcUxbh0o2NAwU6:34hw3NA/QdIEQQgc9","tlshash":"8424122debcbe68c479340af037ea9b1766194c2b64cfbc7420f74881da5f161916a35","first_seen":"2025-12-30T23:12:17.207168Z","last_seen":"2025-12-30T23:12:17.207168Z","times_seen":1,"resource_available":false,"data":null}},"time_used":972,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":659,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/no12-%E3%82%B3%E3%83%94%E3%83%BC.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/no12-%E3%82%B3%E3%83%94%E3%83%BC.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:51:00 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2458773\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2458773,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=14, manufacturer=PENTAX             , model=PENTAX K-50        , orientation=upper-left, xresolution=222, yresolution=230, resolutionunit=2, software=K-50 Ver. 1.00         , datetime=2015:05:05 18:09:13], baseline, precision 8, 4682x3101, components 3","md5":"268a04acb1bba2efd3946a52d63b0413","sha1":"60b477e6ffdf3ce0175b919bdd97f918400ca7d2","sha256":"36e38ca1a49fa9a14b01e6a0ca5463e12f961d1c1003dde81b0d1dfe02cffe64","sha512":"3e75251fbee2a45731911a1c0f50b8cf12cf8acdbcb41d338df1e759e5735800a2935de23308d8214e97a7646be167bb43a9ad01995d475a2f433199c7ef66a7","ssdeep":"24576:I46fe4v3zUOE5QMm6931EGhOHKvYrJudc6o/JL7OdFJWhbbl:QP7Uhxm6PEGkrJud4HOUt","tlshash":"332533d34a352976de80c178a27329a1e910ec249dcdb78a23a135b7b8f07f9d5cd185","first_seen":"2025-12-30T23:12:17.208267Z","last_seen":"2025-12-30T23:12:17.208267Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":622,"receive":878,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/08.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/08.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:51:14 GMT\r\naccept-ranges: bytes\r\ncontent-length: 94589\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":94589,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1800x1192, components 3","md5":"3947cf678b692d1ae0e4f10ec83c5c76","sha1":"88eb86caedac969dcf5c45cb16956f98517e4d7a","sha256":"68fb69ad01c798595c4b547b7293ef465c0066c8e88182fea130ab64c4215eea","sha512":"55208aa82097c58d91d5fd8e0a304c72f5753e9e8daae18226bb9a635ac571fdb32f0c66b7d16779bd15438f8e69aa97dcef7ce7a849a0107fce39356b9d35e9","ssdeep":"1536:LZviOC4cKxlOCDvA9H8V+gnnApJiyVO6RqPKUIenxcDmvjrFipg:lqGx5vUH8V+gnSJiyJRyKBeHfp","tlshash":"c7937c70f783d3850f232b99e83d3e730fa510d662da1a1747632d602488b76d72b62e","first_seen":"2025-12-30T23:12:17.209222Z","last_seen":"2025-12-30T23:12:17.209222Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1087,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":775,"receive":312,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/02.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/02.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:51:08 GMT\r\naccept-ranges: bytes\r\ncontent-length: 79685\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":79685,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1800x1192, components 3","md5":"129769dda2e60da92aedbd3532ea9387","sha1":"7c84aae5422398a176c9dc2291c1453423ac88ad","sha256":"447b15f15f9b4887de473804d0850032b75fe52c3f3ee8bf2145f37eb3d8c4b6","sha512":"060a5b3a220a0361a9054273be5f74af9f00b3950f5731baf62d4da1c7b04e96ddf55bc933e2b1eb2579d453f6977dd6fe1cd80313d2aefa9f0669f02f304670","ssdeep":"768:2QUafLzN6f9F727dHXAnq08iRxRQYioyD3ctryADIkJD48N14Zu/ih5tCI6sfAhD:2Oerawnq0LxaYiVmryiJDpe5GIJAhD","tlshash":"a87315b4f7c3eb9203533aada03d7eb31b6614c525d40a4782536d622499f35e20b67f","first_seen":"2025-12-30T23:12:17.210309Z","last_seen":"2025-12-30T23:12:17.210309Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1004,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":776,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/plugins/jetpack/css/jetpack_ver-3.7.2.css","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /wp-content/plugins/jetpack/css/jetpack_ver-3.7.2.css HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 07 Dec 2025 14:50:26 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 9371\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":55131,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55034)","md5":"65e6d7d474d3fc337f49d1b982d5e9d3","sha1":"7f02aee4b583dfcef6db79fccd1669df75461c7d","sha256":"7326dbff7330502ec9e1d184dc65ae3a8e5d50f75899bd2492151ff10571c636","sha512":"74b13b979fcc20958a3ba3b373554ac292ebc937188ef585d675ae4f759594fb3f60cfc88b113e782566a9ba6769b051cd80b2fef28244cf44c476518c9fcc28","ssdeep":"768:SMDrGSm2YQo/Wqj7oz7nzYDMQM/TdMIGgZPPBsF41H:99qj7oz7nz9F/H","tlshash":"25336371f2880159ea23c739a896b3e835ac9551c3011eddf5e7b26c8fc57ea502eb4c","first_seen":"2025-12-30T23:12:17.211427Z","last_seen":"2025-12-30T23:12:17.211427Z","times_seen":1,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/js/devicepx-jetpack_ver-201620.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /wp-content/js/devicepx-jetpack_ver-201620.js HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 07 Dec 2025 14:52:06 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3134\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":11094,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2788)","md5":"a0f2137a1bc0ca0a8ddb109bcbc699d0","sha1":"65cda0f5ad14a382a1411cccd5666a991c8558bb","sha256":"4e64a66734fb408879862d300482b70940eaeba7d5bf2c65bc0c16aa17eabb0b","sha512":"46266920003e36088a3e1418034ef328a938733ebb239ef802a8b35bc200e9e8e2bde474c6d8c885ee529e10fe6cc40d8d061600705019bdc0078ddfa8f71824","ssdeep":"192:MssqFagarars1PgrCcucy9EycM9c5qgYRcg8Q847wLnDnr/5Bp5/Hk/gl:j1IaUfcucy9hcM9cgRck840LDb5Bp5PN","tlshash":"5f3286ba239f32b7de9331b6465f5b0c3e3b45514b0baa61c124d0d6396890758bfe28","first_seen":"2025-12-30T23:12:17.212514Z","last_seen":"2025-12-30T23:12:17.212514Z","times_seen":1,"resource_available":true,"data":null}},"time_used":995,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":994,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://r-salon.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Dec 2025 09:55:49 GMT\r\nexpires: Fri, 25 Dec 2026 09:55:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 479761\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-10T02:17:21.873805Z","times_seen":282364,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":64,"dns":4,"connect":7,"send":0,"wait":8,"receive":10,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/r-salon.net/wp-content/uploads/2015/10/cropped-R-1_fit-192-192.png","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:51.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /r-salon.net/wp-content/uploads/2015/10/cropped-R-1_fit-192-192.png HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 07 Dec 2025 14:51:24 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2832\r\ndate: Tue, 30 Dec 2025 23:11:51 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2832,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"2a3451033d43fd9840b2d86393227113","sha1":"6353f45576bfac6c507ca9c20ec4ec70b05936ba","sha256":"e19df7b90d68a7c45973e494ed35dd7d807276b87066d55992ff8215a06d8c24","sha512":"54287c65272645fce73edeef0967d8bc8e9180af0e11d9e6a9ae4d218e8eaac354606d9347a4b44ca5bb384be0ff5196299c028aeb00e3272b45a1d3ac91419f","ssdeep":"","tlshash":"ab510ae47f43ac424b94216adb49929dfebdb4ae3915fd5615403c81f0186b162848f3","first_seen":"2025-12-30T23:12:17.214284Z","last_seen":"2025-12-30T23:12:17.214284Z","times_seen":1,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/cache/head-cleaner/css/f697bfe36379602aeb067be7dfb54679.css","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /wp-content/cache/head-cleaner/css/f697bfe36379602aeb067be7dfb54679.css HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 07 Dec 2025 14:48:26 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2462\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10862,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (751)","md5":"1719a8019e1310f8bb000adde32e208b","sha1":"4820acf623546537a2d83311e638036d568c5dbf","sha256":"8db92a7f379fd56f7b51e1c6facc98efef8376097e16cacff72313a7a3d4d03c","sha512":"8487fd4030658d7a6725e90d932b81dbf63e948b487445abc4999042273e251f8a7f0549d838d5a5cd6d5c44c4566c46744f06b2ecf5f86a6a132a43a31a1e2d","ssdeep":"192:dhaLjCOpEGbzl9RTutfulIgH0As+rctL95rm9chtsa3/eVWqg6SKoeLy8m9BMXL5:aJ1ENgKFEnfm9Bwie","tlshash":"da22642be2961b05ae239578b05eb9b93f8c56d0d2010bbcbd36b97b43c56cc5277207","first_seen":"2025-12-30T23:12:17.215283Z","last_seen":"2025-12-30T23:12:17.215283Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/04.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/04.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:51:16 GMT\r\naccept-ranges: bytes\r\ncontent-length: 100506\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":100506,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1800x1192, components 3","md5":"c09d6745166b05cbb9ad7f6f589eb50f","sha1":"68f6d2dda808edc8cbb795274be3d070779b6a19","sha256":"733365ffb735b3d61c9fcee657527a49ece33549bb83a88588f462fe33d12d52","sha512":"363ff4135946ac5dea3ddf8b08bb492dbe922a28380a47495d07380bd369cf4b19e12494313f841076a19685d608888ee94fe930b107d82019db18653a7910aa","ssdeep":"3072:nlKXC5NJCj+ob11pMDRGDWsP9KCmNhzX9:nlyyE+ox1peBswRbzt","tlshash":"7ca32974fbc3d3820b132a99a47d3d370fa901c562c91e174a636c51a488f7ae75b63e","first_seen":"2025-12-30T23:12:17.21637Z","last_seen":"2025-12-30T23:12:17.21637Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1090,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":776,"receive":314,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/js/gprofiles_ver-2016Mayaa.js","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /js/gprofiles_ver-2016Mayaa.js HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 07 Dec 2025 14:52:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6554\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":21377,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (20655)","md5":"ebb1763048d709a87d143dc305b1c25a","sha1":"a158ee3ccd6ca9b1629a21c8454d38f2f561a1b1","sha256":"b51498afd232e04005f2c105d4e011dafa0cdb302e10ea112e5ba0e7764277b4","sha512":"08823d97166af8b027d2f49d7a33a648d32f0aee52e0ac565473b7e2e9cc97f46d399e77be0762a0df40ac609d4a44b4ed4e2c5204a10869a287ff26085f38b7","ssdeep":"384:jk4/QwzTmD2gakhgtM7Bj2/zjVYNP79V8+gs:jkRwQ2gNcMtZVZ","tlshash":"77a2e729a25682b742337cd8e06f73956126d955eb5a0048ff7d4ccc55a28fc31f3e1a","first_seen":"2025-12-21T19:00:15.841747Z","last_seen":"2026-04-08T21:59:42.887934Z","times_seen":5,"resource_available":true,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":995,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/opensans/v44/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://r-salon.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 19304\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 27 Dec 2025 10:42:57 GMT\r\nexpires: Sun, 27 Dec 2026 10:42:57 GMT\r\ncache-control: public, max-age=31536000\r\nage: 304133\r\nlast-modified: Mon, 15 Sep 2025 16:31:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19304,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 19304, version 1.0","md5":"1ab20c159c8cf68283eae05c7d8a25aa","sha1":"f8c87ecaf523138096f926201df2379633e3505a","sha256":"3b50909a098195a8a3fda73fe29c260724e6f9ca624dd750cb8af7cb0c9198e2","sha512":"68db4f537178b380c45d209276432fc46fe13c6f0250486cfbed71d8ccf894f9650d90aad4648f6d376408476bb52a7ca62fd2ca2f1276c50dfcc6091a28ad98","ssdeep":"384:+/NZ1h0ruzwahfbbCPpzmfttzNyVitnDOpUtmiy4TxVcmuoWn7FYgZV/sc:wQuzwaQP0HNyVi9DOpimiydJk+5","tlshash":"5082cf855d4fc1b6dd8260a6e58c684068ba2a1235593ee783fbe4cadf3f919a1014ac","first_seen":"2025-09-17T02:13:44.663193Z","last_seen":"2026-06-10T02:27:15.677891Z","times_seen":8070,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":120,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":104},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://r-salon.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Dec 2025 09:55:49 GMT\r\nexpires: Fri, 25 Dec 2026 09:55:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 479761\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-10T02:17:21.873805Z","times_seen":282364,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":123,"dns":0,"connect":20,"send":0,"wait":8,"receive":5,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nishikawafarm.sakura.ne.jp/R/wp-content/themes/optimizer/assets/images/welcome_textbg.jpg","fqdn":"nishikawafarm.sakura.ne.jp","domain":"sakura.ne.jp","tld":"ne.jp"},"ip":{"addr":"49.212.180.222","port":443,"asn":9371,"as":"SAKURA Internet Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:50.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P521","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.sakura.ne.jp","organization":""},"issuer":{"commonName":"Gehirn Managed Certification Authority - RSA DV","organization":"Gehirn Inc."},"validity":{"start":"Tue, 29 Apr 2025 00:00:00 GMT","end":"Tue, 19 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9F:37:6D:4A:9E:89:2D:28:E9:50:1D:06:AA:42:36:A7:76:88:1C:66","sha256":"E6:62:C1:CD:AA:19:AC:86:EB:A1:65:C0:7F:00:8F:7D:C2:76:F4:CC:2A:28:42:A6:2F:AC:F8:68:F1:05:F2:7C"}}},"request":{"raw":"GET /R/wp-content/themes/optimizer/assets/images/welcome_textbg.jpg HTTP/1.1\r\nHost: nishikawafarm.sakura.ne.jp\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\nserver: nginx\r\ndate: Tue, 30 Dec 2025 23:11:51 GMT\r\ncontent-type: text/html\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":2524,"timings":{"blocked":1130,"dns":246,"connect":261,"send":0,"wait":262,"receive":1,"ssl":619},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons_ver-3.1.css","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons_ver-3.1.css HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 07 Dec 2025 14:49:08 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 15947\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":28198,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18732)","md5":"229a363bb5b82d21d98ee0f3245407db","sha1":"33adc039717346d8aa6d8198233ab1d9c1c5144d","sha256":"da8abba0a8d589defa39faa9f928cb8475b5fa2492c037144f1ded6e4b48474b","sha512":"50a0a228cde47983f86d9d0af79cb352bdd65042b1dfe1b7b23295e7f6f52c2e15b69d87664d54a8929f21ce4e3e54a9585d86d06b10455fd02f70f399a995e7","ssdeep":"384:v6H21lHT+RERegeG2NKJtO3EdEMQvujSE2mJzJ0u39ZwhJfSqnh:v6W1lcNGZQ3MJjS/mJF39IJ1h","tlshash":"fac2a8b6d50d14a0671aea943347f7001758712e9890ece6f44a2c9de7e5a3cc3e27dd","first_seen":"2025-12-30T23:12:17.219094Z","last_seen":"2025-12-30T23:12:17.219094Z","times_seen":1,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/R/wp-content/uploads/2015/05/11.jpg","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:49.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /R/wp-content/uploads/2015/05/11.jpg HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:49 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 07 Dec 2025 14:51:04 GMT\r\naccept-ranges: bytes\r\ncontent-length: 97038\r\ndate: Tue, 30 Dec 2025 23:11:49 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":97038,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1800x1192, components 3","md5":"08fe434dfc296bd258f0ec028a2f52c0","sha1":"676079d22b86f5c56c9aff32233e04de58b13866","sha256":"8fc74b3dccc9734691015b5ab432238b1dfe75a32545bd7407ca1207e507d357","sha512":"d63a3dc4354d45bff3531bad31a63cdac384aa25fcae244155fcb570c60928b9f6e9f764b040ae33856996767d39c6690ef031ed5c8551f2ecffec4d52a7cb03","ssdeep":"1536:L3O/DEC3t6Wkh9JySisem7esa+w8aLLEvBbZ2yD745qlLopza:zObx3nkdin+/GnQ745qipza","tlshash":"9d93b375f7c3e7820b532a9da43d3d730b9400c162d90e178a636d61a498f76e71ba3e","first_seen":"2025-12-30T23:12:17.220212Z","last_seen":"2025-12-30T23:12:17.220212Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1024,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":776,"receive":248,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r-salon.net/r-salon.net/wp-content/uploads/2015/10/cropped-R-1_fit-32-32.png","fqdn":"r-salon.net","domain":"r-salon.net","tld":"net"},"ip":{"addr":"162.254.39.237","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r-salon.net/","date":"2025-12-30T23:11:51.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"r-salon.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Mon, 07 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"28:D1:1B:8F:0C:56:13:42:13:39:CE:B5:B3:C1:38:12:6E:07:AE:86","sha256":"2E:91:8F:61:A9:47:5F:62:69:85:6B:9E:ED:EA:1A:4A:EE:0C:9B:59:58:88:8F:45:AF:91:01:57:81:AB:F7:4D"}}},"request":{"raw":"GET /r-salon.net/wp-content/uploads/2015/10/cropped-R-1_fit-32-32.png HTTP/1.1\r\nHost: r-salon.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r-salon.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Tue, 06 Jan 2026 23:11:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 07 Dec 2025 14:51:22 GMT\r\naccept-ranges: bytes\r\ncontent-length: 741\r\ndate: Tue, 30 Dec 2025 23:11:51 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":741,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"a0c9ebe035e2bf554eb0ffa7fc8018d6","sha1":"ee06d904795302ac1aa9d36c142a3327bd747353","sha256":"6d642b3fe7f13bed26596f804e30b68d93e1dd89d13142196d1d7b5b1286d4b7","sha512":"34328c1d061992405179cd73812972ee0fda771a051c8b28ba9fd7d3e6c1ab3bc7499093110e0acba8f7f270c9ebf777456cd8376b5feb46f5f03e293790a7d8","ssdeep":"","tlshash":"ec0165d3df844d734ccd094a87735628edf049570f6ede98463838096a4430c7023113","first_seen":"2025-12-30T23:12:17.221292Z","last_seen":"2025-12-30T23:12:17.221292Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"r-salon.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}