{"report_id":"b58b3bce-8b84-4aa7-bb4c-7524c4a273df","version":6,"status":"done","tags":[],"date":"2026-03-02T13:13:28Z","url":{"schema":"http","addr":"northtbk.com.metrotcb.com","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":0,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"final":{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"title":"North Trust BankPersonal Banking | Bank accounts, credit cards, home loans | North Trust BankBancorp","dom":{"size":42909,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (27697)","md5":"dd1ea7660ea803c0df825641a41a016a","sha1":"8e824f1e9367a7e2b4c35a6a935bbc0f28baa556","sha256":"ccdf2446a58d3420f82931821f2fae79da7d88316f942cb304d56d249295e646","sha512":"009828000ca8f325dd06a123f2f13479d97574b564e594fbe52350255deefb75a89f3677f8b95d09e64f433001815da2d1b3ada9f4015275a2f35ff19a937959","ssdeep":"768:4j08FYTbfsTO+LDGBPKHs9TvfqaSQXOQqGMWYW1:4j08FYTbfsTO+LDCPKHshqa/XOl6r1","tlshash":"0e1395176780462c9c5392a8f399a54ea32df684ef6359eef7c63410c2d93ff088b456","dom_hash":"domhasha09e2b964037d2360f8d1ddedad10bc0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"northtbk.com.metrotcb.com","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":0,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-06T13:13:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"northtbk.com.metrotcb.com","ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"domain_registered":"2025-04-17","domain_rank":0,"first_seen":"2026-03-02T07:54:48.984642Z","last_seen":"2026-03-02T07:54:48.984642Z","alert_count":150,"request_count":50,"received_data":4496831,"sent_data":61188,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:2.1.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"widget-v3.smartsuppcdn.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2018-11-20","domain_rank":532262,"first_seen":"2022-10-03T13:48:45Z","last_seen":"2026-02-26T02:34:39.487604Z","alert_count":0,"request_count":3,"received_data":324405,"sent_data":1405,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"websocket-visitors.smartsupp.com","ip":{"addr":"3.124.102.202","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2012-08-25","domain_rank":411464,"first_seen":"2021-07-12T07:42:32Z","last_seen":"2026-02-26T02:34:39.210115Z","alert_count":0,"request_count":1,"received_data":224,"sent_data":614,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":6234,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"translations.smartsuppcdn.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2018-11-20","domain_rank":560346,"first_seen":"2022-11-04T22:28:35Z","last_seen":"2026-02-26T03:48:10.0381Z","alert_count":0,"request_count":1,"received_data":7667,"sent_data":510,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"bootstrap.smartsuppchat.com","ip":{"addr":"3.74.133.176","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2014-02-02","domain_rank":425291,"first_seen":"2018-01-29T06:10:36Z","last_seen":"2026-02-25T21:56:58.023327Z","alert_count":0,"request_count":1,"received_data":1556,"sent_data":543,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":1,"received_data":22719,"sent_data":577,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.smartsuppchat.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2014-02-02","domain_rank":491650,"first_seen":"2017-01-30T05:24:57Z","last_seen":"2026-02-25T21:56:58.031302Z","alert_count":0,"request_count":1,"received_data":18556,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"Function","is_inline":false,"md5":"1c862db5f2555377c2dc1e62ed7b3981","sha1":"c29e6dc25c08a70995127ec13ded6f80d9a36174","sha256":"27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac","sha512":"31143265b96385ef4b575b72591775139057dff85891be61591e3d55259b6d1dc95d86a0feec40c801d38e64278cfbe50c3c2a16757f986ad40f716935bf2bb2","ssdeep":"","tlshash":"2580008a208820008aa323a0002b2c8800a000b028808c808080e8a20ca2030220baac","size":26,"data":"","first_seen":"2023-04-11T21:13:06Z","last_seen":"2026-06-09T02:17:28.891188Z","times_seen":332053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/head.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"a836530b44d4d96189fee07a39383110","sha1":"330875db4a20ce1d9aa5bc4217afbcd53ee5b670","sha256":"7e0ee04476f5061129447ee3836fbab9804392998b4ac121e75be1e40e9d9534","sha512":"9a65fc3e6a4ad388f40ff68c4efdedaf158d4e6415d919308230f78b37b8dd5cf44c0cc78fea3727278e2de20ef30001186de4b57c49e87733b9b1bd81762746","ssdeep":"96:uYZ33DUL0iljABqS7gwHJHAfAJPCdugcyVhBOz0/hQ03eLY6m1cc6y2mSUVxSAF:uoIS89EUcyG0/hQkemucD2IzXF","tlshash":"a9d1d79676d3b672c39b24b5727f400b7038899976598808d0b8e4e87e34db8423ff2c","size":6201,"data":"","first_seen":"2025-05-05T16:23:25.282269Z","last_seen":"2026-03-29T04:40:20.660971Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"418dcda964ccdc7904160d2aef7492e8","sha1":"678feb876b7c81b64460b1a35e091110d3b0733d","sha256":"a8587f9656e99f631886fa5e888effb10896ae91eddd0ff459aeef9fbd178fe3","sha512":"15ecb9627b4133e5e62bcc33e9cefe06b665f873762539cfe48e6e1c4bb7867b33779687387f78bfba5ba7ea9b1232a46a48ecce1f55c633519eb80ac2f36ab2","ssdeep":"","tlshash":"ae21e1a9c878cc9b0d1d206023ae7846a0225a57db1ced11398f9f0c1f1e60f81b96ef","size":1417,"data":"","first_seen":"2024-04-19T06:18:26Z","last_seen":"2026-03-29T04:40:20.698075Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ad7826d360a96e3b0262fb6036972eb","sha1":"3afe86a2dedca6b8663dca0939eff559c83ed893","sha256":"14fa30e448dec5cfb55fae3a870dc0bbb8acf237691761043cb9e89a557a292f","sha512":"a4b778f21b85784d22a793d6d206957f1b65579d271eeccfd5af17fe316dbfa15bae82618230cb128a1727fbcd958e9201b1b5bac9b15d6b59058527c5821f93","ssdeep":"","tlshash":"fbb09b15ac34661831381554d531d2f978b4654df4e2d15954794b1d35107491905c10","size":121,"data":"","first_seen":"2024-04-19T06:18:26Z","last_seen":"2026-03-29T04:40:20.698595Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/script.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3dc6c146380b797bbdaa90c3b0650cf4","sha1":"bac4eb80b67519b6f4da68a18982a817a7094303","sha256":"67f064f5f912ebb5191b02c6d57443a80a29e0a617d299c98956971f0136f8cb","sha512":"7035cfcc27c89c0f4a3d766bb38572645ede1126e6767e005f3ff8c0cbb8443c01d3c4078122bbf494481cebd9629deaade7d962eb4b6b9f6c454ba5a690f34b","ssdeep":"1536:jco/k7kvpnsx5Ko6lVX5pZPwzxHTMQC+8suxkEmn7nBikXOORv57D:jcfKo6PZLUnBiQdF","tlshash":"37831a4d767131aa92ab31b510bf520ba0335875f8095c98b5b9c8e92ebcdc86137f3d","size":82284,"data":"","first_seen":"2025-05-05T16:23:25.22677Z","last_seen":"2026-03-29T04:40:20.681574Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/assets.adobedtm.com/aaa86c73d744/13dc1503367a/launch-a9f690185f63.min.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe86e9ff96c4abdcf74150c115f34a04","sha1":"d2ca4edbc1708a0a9d2e86c331c8928d7015e4e6","sha256":"9bb41df62b95fafde8c7c379c5ac9752b3f8aee3fd4396b5a55801e0bd5ab41a","sha512":"969a59daac80892191049fd46eeab0e4e5bf6c5d77b9f210e0856ecad959a390f080282fb4a5b26440ab0d3d9dd48c566e8dbe30c03d9d662f3512f94629ecf6","ssdeep":"3072:6UQiMt7ZIkUum3Xuju5qsK1zOrKhvfYeqOcilLtxnm3KwpIK1+a7+J:TTdum3XMu5qR1zOe5qOjlm3Kw2N","tlshash":"707428deb295f0a9179731b5906f110bf23a3845688cc010f59ae8d93db869e9233f7d","size":362241,"data":"","first_seen":"2025-05-05T16:23:25.280965Z","last_seen":"2026-03-29T04:40:20.663077Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"57057c6357845339c43db04702ea426f","sha1":"8a2c2b330ee1f495c9c6340eaf37387a43c62f9b","sha256":"ced1cb9813bf0db9d19221f977505d9f7ae8a431ff7d6a765f6461837584b51a","sha512":"9f7e35e64867c30f6072fec9362035722eed61f0ab1b5937c65c6b51395219c18fb3590237e3a740c7e5458f563de7487723bd78acf26e4c77c89f4a98af2b01","ssdeep":"","tlshash":"b55168646762808368eb23836f5eb11915b9f167cb4acc09770f5b144f86e79b90c6f3","size":2942,"data":"","first_seen":"2024-08-20T03:51:21.615328Z","last_seen":"2026-03-29T04:40:20.699094Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-calculator.min.7faf47997fb031ef64315975334ce420.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"19ebc0fd5f0f0e88e764dba2a57429cc","sha1":"37ffc85d5840608afec028faceebe9e6c1aa8a29","sha256":"6bd80fb4a167ede8f0e9f5072c80fc50c2ab9ec978fd6f7b0e1fefabf1e1eb98","sha512":"7410f6b6618332753217475cbbd77027bfdc6da9ba3dae52a5b2bd6722a4fc032bc458740294bd0c60b7ecfba5db20123b8cf75f04c94cc5aaedc509f3a4dd39","ssdeep":"6144:qG06IJQ1utYyNuPIZspZimW/IXKJkGB6blu1RnQvZcYVyjON3zRAJlt5IBhmCHCk:qUcFqS2KJ16BuGpRMeBt","tlshash":"82253b84b962781546b72071483f140f72f97969d48ce480f2b2c9e87eb899d91bbf3d","size":968365,"data":"","first_seen":"2025-05-05T16:23:25.257094Z","last_seen":"2026-03-29T04:40:20.666366Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"c4cc200d428ad0bc226a605f08309d6b","sha1":"8ee05844bea8306da820f834d06e069371bfb3cf","sha256":"a695b556ffaa49572cfbfa488f5657bcc8822e8c87c82751aad0cc78af5f43dc","sha512":"f79e308bd130ac31da8596b6d8d19a66fb31edd1aabd96ae4837b4de8b72dfe4fbe4fdc89d521282a8f3607e6ce4a684410a70cd385a2463d3a6f38738d37d11","ssdeep":"","tlshash":"9f70000e83002000008822eaab8088a000000220880228020b0208002c8008000aa020","size":24,"data":"","first_seen":"2023-03-07T01:24:14Z","last_seen":"2026-06-09T02:39:35.103557Z","times_seen":5811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/plugins.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f2470653a9f9f90b980c1ee4a13338a","sha1":"dca0fae936df34c2ec425ba367c4a8a27ce32ac8","sha256":"1d052ee5b78b7e6946eb8a2bdb808c43e3676ff2a85cd67f5dff3f0ce15151ab","sha512":"27430f516e6999adc704cbdb20e78263fa9fddc7b80cffd937986e028e7532ef0a45e3c3073fe5a8fe905a95491a660e1cf4c76e0517bd2d3443c998ce8929d5","ssdeep":"3072:6hoWF+IT3DU1omsSI5fBl5ImmuNDugGMctehyfAuhS0RqPmSpDXIkwJl2Wct:6hXzU1ocI5fBl5IHjhS0RzSMmWct","tlshash":"e7141988b341322246e720f6501f410bb2bb96b5f5198ca8b1e5c6e56dbcd4c11ebfbd","size":199455,"data":"","first_seen":"2024-04-19T06:18:26Z","last_seen":"2026-03-29T04:40:20.650699Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"Function","is_inline":false,"md5":"6ea90cc7031750ea079b6b9ef51f16f6","sha1":"f2f29618874ab0d2382eaca44fdca26a897855c1","sha256":"adbf27ad4dfc8bd081b97b016316f3284b46755fc34fdef52858d6abcca56c52","sha512":"7ad9db95803d9ea6438fb6b47d4be021e114d8ae55cf6251d3365193e088e4a62e5ccdc251577938258bec6fdf1ef14bef8233d58e9464cf53a5dc46d0cf7462","ssdeep":"","tlshash":"279002d8f5c27406537312d5755b18a950357424281d4a8041109458286e434719d57c","size":57,"data":"","first_seen":"2024-04-19T06:18:26Z","last_seen":"2026-03-29T04:40:20.695835Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-footer/js/ibcommon.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"c10b25b7694dfec167b047ce138b5b5d","sha1":"a15b2b7c3a6f1bd750aa13740ddaa42f96669f10","sha256":"e245fd8d55dfa05b23589740eacd2c27dec42e183aee42722e33afb9a803cee2","sha512":"6ef587b30f5dcb5f59d09b34a50b90f912352919c2989bd9810f5d62d57513dfea61a09378bdcdaaae03fa6f2552ce11595c5ec726ab91d6c8b28b31e998ac29","ssdeep":"192:VCxN3o4TgVIfZXSkusMbBPnTe+GdvcZz+JLLVEhymP+QmxvX7XAaNnUILMIJYvYW:VCzVgVIfZ1ub54d4cnvxrX9N7LMIs","tlshash":"8922a49df7c9332a99381691551e1095baad4131188ccc4eec1ee2f43f9082ee57fead","size":10721,"data":"","first_seen":"2025-05-05T16:23:25.274134Z","last_seen":"2026-03-29T04:40:20.664942Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e5dfdb02d4cfef3289e3e30277c9510","sha1":"ee8ec4acd273f1ad0466a86fb4874d2d0b70cf1d","sha256":"b7d2dddeedc8025f53b6f4acf647493483ffa39926ae7a51014f91a374c7772b","sha512":"881b652abcdd6eec2245323fd0b083310e72dde4098dec88c0a80c237955efc29e687a161217cb38824c339af93fae0b184412fa804d612f885b0a40988da689","ssdeep":"","tlshash":"e5d012989cff120466a62f5f96793690d18573ab8875c984fc55cd34df7a302404a9b1","size":282,"data":"","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.700332Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.smartsuppchat.com/loader.js?","fqdn":"www.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a4d5607cdbc76688d37ad6311610a058","sha1":"534adf5ac8c28e88b13d1549add0d84a57a52c61","sha256":"7c209ce50b76600257f47c0a47333504478e9c89793713cc7d113bbb688c3eda","sha512":"3ee08aedbe06d4a8181f362bcf9694d164f36309b70f048d42079989f139915e340515f56a6f84e3bb24d4e027cceee7c2c32a710f58ddbaaa5a5a662ccd3300","ssdeep":"384:wBWbE0rIcvqSI/aQ/UpIxN5BWbEgl/ET/xzy2A3wBV+:wAxka0/scT/xzy2A3wBV+","tlshash":"f682b6cc7691b16543ab61b4843f620ff1376929740d8821b965eae13c78d8ed037fb8","size":18052,"data":"","first_seen":"2026-01-16T11:03:53.240781Z","last_seen":"2026-04-19T18:18:50.439045Z","times_seen":4264,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/main-c5ThC_K-.js","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fcd469aa001be1dfd30d0962c705391c","sha1":"87b8c021a1232a7ba7cd2d482113782215313b9f","sha256":"df06e0821c7c9aaa47dc040afcefc59ff8743c8beec02bed3ce656cfa9163020","sha512":"1c344e4bea46a7c81544ced75a2c75c38aa64ad7ddf395c1a0beb293373d339fbb4aea0b0b13864028be791060a40eb12d557d01c7e13169264712b416f91304","ssdeep":"6144:AsJU8SN+jtxjR/ZgQub5/rLmPh+WVcq9kNp:AwU8SN1b5/rL+HV3up","tlshash":"5e544ad47295b43443a700e5507f2006b23e5c29a809c068f6adddf67db99c9a2b7fbc","size":283561,"data":"","first_seen":"2026-03-02T08:25:26.037318Z","last_seen":"2026-03-10T05:00:21.849653Z","times_seen":431,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"5fb398ff3afbaf2e9d23f03940e747a7","sha1":"d7d3806950ecbaef2f174cb0aa3dcc3ecc08ce04","sha256":"9862d3b1c28200c26647a062ff50006c1a6d8e91a7ea8f5228cc44dbbbcfed65","sha512":"f557cba51ad16053d233f06e4721b80ee9d914e30cd418a1c15dae40877a23049b7cf69931b161f6f087dc7216e2fc0239738c31327870094b47c6bb5d6ca470","ssdeep":"","tlshash":"a3e0227d2c34409557a250b4c1fae22c3e1ab0604465d957a89a8c6d68f1bcaad41a98","size":418,"data":"","first_seen":"2026-03-02T07:55:13.460614Z","last_seen":"2026-03-02T13:13:34.554838Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-06-09T02:09:57.766059Z","times_seen":18817,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/css/style.css HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 47990\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":379568,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"01f879753b4fe7fa26ca1467868edb48","sha1":"f421e1655fecc3c84f0f05388356fb2747a03cf5","sha256":"7302d9e576b81d4aed324a42f0c29ecb0fd710417845270b329ad6fe81648bb2","sha512":"0405ce3ff7275d0f774154c14047632a405612b32cc3939c9ed26cc2126e5e87a35f0b6ff8af7f4d126e64b97c1cf0a6bc8e6f996691063b434fd9e771f9d395","ssdeep":"6144:JD+0dw0iXL1s8Nln+nImnfzI3OAMKMVZ4:JD+0dw0iXL1s8Nln7mnfzI3OAMxVZ4","tlshash":"f984b651e11538ad527bc43ff2c47a86f728e562e3260eebf555a00dc2cf64e212be49","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.690051Z","times_seen":24,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 28817\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-06-09T02:09:57.766059Z","times_seen":18817,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/awards/fast-track-saver-awards-2021.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/awards/fast-track-saver-awards-2021.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 74773\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":74773,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced","md5":"c3a2644d526bba0b5ad95ef559b05c2e","sha1":"85006be63bbab62f812105bb521e6c902a0c3e56","sha256":"9efb079154a86771db0e97c02c8822d7d65d183f16fcd203d406ef2be75af91c","sha512":"1ff6b3c0b9899b481e98dacfaf943be044ce4c5c65257d4fc9d15d33733e6a33b015d1f2e0d1af479baea074e783e122a1b9a417e11a32d51eb84efa4ba43030","ssdeep":"1536:fpYdti/uDLfJ5Dwz8I97xtm89r+p0CGnTsZFzxVgf6+s/sMw+YMMXR:fpLmjBUvm89rQ0CGnK1z9+S1u","tlshash":"d07302aee4d5ca3c6b1f2629184344fc9df745724098bb86465c6a74cdff4274a2c1bc","first_seen":"2024-08-20T03:51:21.584791Z","last_seen":"2026-03-29T04:40:20.675129Z","times_seen":23,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":227,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/content-header/young-couple-home.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/content-header/young-couple-home.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:58 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 117542\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":117542,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1600x530, components 3","md5":"f8dd9a1267957a2dc2482e3e460aa946","sha1":"5da757599720b08eccbb6864f17773c03b563ae9","sha256":"50006c9e417e91d17de6b173f9d5bee43d10452ccab061ce076efdb0a1963bd5","sha512":"7085071a03c3c5eb728f7e8e3bc124f8751e4c991c4b7399ed64ad32c41462b430cfce5e3a4bebb8367eb2ed3195412463e616cddb4efad24625f91d606978c6","ssdeep":"3072:j/dWa+EwVo5dys6fJMK7uJ0e/Rzg5nUysAy:L0MSoTys6fJMKkjResh","tlshash":"4ab312ae89792361f9274c9463d74f8d381c74a74691e8c9c8ef2493fda12302be646c","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.673295Z","times_seen":16,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":75,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/main-c5ThC_K-.js","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 15 Jan 2026 06:54:02 GMT","end":"Wed, 15 Apr 2026 06:54:01 GMT"},"fingerprint":{"sha1":"02:18:EB:88:15:84:86:93:22:4A:F0:99:0A:1A:DA:F8:ED:54:F0:09","sha256":"25:3A:01:58:46:1C:69:99:5F:71:B3:05:79:0C:92:FA:E6:AB:B4:80:5B:F1:06:58:1B:AF:DE:8E:96:30:BF:F8"}}},"request":{"raw":"GET /assets/main-c5ThC_K-.js HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:01 GMT\r\ncontent-type: application/javascript\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000, public, immutable\r\netag: W/\"69a543fc-453a9\"\r\nexpires: Tue, 02 Mar 2027 08:04:17 GMT\r\nlast-modified: Mon, 02 Mar 2026 08:02:04 GMT\r\nx-77-nzt: EwwBuUwJGwH3Q0gAAAwBuUwKCQH3GQAAAAwBw7WvBgG3AAAAAA\r\nx-77-nzt-ray: fdb541231595c206dd8ca5695e177029\r\nx-77-cache: HIT\r\nx-77-age: 18499\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":283561,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28071)","md5":"fcd469aa001be1dfd30d0962c705391c","sha1":"87b8c021a1232a7ba7cd2d482113782215313b9f","sha256":"df06e0821c7c9aaa47dc040afcefc59ff8743c8beec02bed3ce656cfa9163020","sha512":"1c344e4bea46a7c81544ced75a2c75c38aa64ad7ddf395c1a0beb293373d339fbb4aea0b0b13864028be791060a40eb12d557d01c7e13169264712b416f91304","ssdeep":"6144:AsJU8SN+jtxjR/ZgQub5/rLmPh+WVcq9kNp:AwU8SN1b5/rL+HV3up","tlshash":"5e544ad47295b43443a700e5507f2006b23e5c29a809c068f6adddf67db99c9a2b7fbc","first_seen":"2026-03-02T08:25:26.037318Z","last_seen":"2026-03-10T05:00:21.849653Z","times_seen":431,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-footer/js/ibcommon.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-footer/js/ibcommon.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3089\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10721,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"c10b25b7694dfec167b047ce138b5b5d","sha1":"a15b2b7c3a6f1bd750aa13740ddaa42f96669f10","sha256":"e245fd8d55dfa05b23589740eacd2c27dec42e183aee42722e33afb9a803cee2","sha512":"6ef587b30f5dcb5f59d09b34a50b90f912352919c2989bd9810f5d62d57513dfea61a09378bdcdaaae03fa6f2552ce11595c5ec726ab91d6c8b28b31e998ac29","ssdeep":"192:VCxN3o4TgVIfZXSkusMbBPnTe+GdvcZz+JLLVEhymP+QmxvX7XAaNnUILMIJYvYW:VCzVgVIfZ1ub54d4cnvxrX9N7LMIs","tlshash":"8922a49df7c9332a99381691551e1095baad4131188ccc4eec1ee2f43f9082ee57fead","first_seen":"2025-05-05T16:23:25.274134Z","last_seen":"2026-03-29T04:40:20.664942Z","times_seen":22,"resource_available":true,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditaregularitalic-webfont.woff","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditaregularitalic-webfont.woff HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T13:12:59.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; expires=Sun, 24-May-2026 21:12:57 GMT; Max-Age=7200000; path=/; samesite=lax; secure\nnorthtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D; expires=Sun, 24-May-2026 21:12:57 GMT; Max-Age=7200000; path=/; httponly; samesite=lax; secure\r\ncontent-length: 14943\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:2.1.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":113177,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (506), with CRLF line terminators","md5":"daaa5cbaa3ab7a63e3907899dc134042","sha1":"8d0c681c8ed0dc8c00920ab076f831c40fcaf5e4","sha256":"f5b92952ebbb4c925dae459573e0a9e9d2cc4ccde4c1adcc495a848fb7453b98","sha512":"c13c0493e5b7467d7965acd688df1e3646a5446ad8da8a3509d2b1cd8adf83e6c2d3dad532fad55f5e34f0fb3debaa8619c0f6bd585d7787c485d249b14c9029","ssdeep":"768:HNsXmvloy28j2i4e7p2iz9tYtfDoYl50w8pWpS:HJSy28aiv7MiBtsfDoW50wXS","tlshash":"93b3202129c1203b16b393e96970ab99fea5c143d74b4a8432fd275b6ff2f01dc13995","first_seen":"2026-03-02T07:55:13.427179Z","last_seen":"2026-03-02T13:13:34.508126Z","times_seen":3,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":188,"dns":64,"connect":59,"send":0,"wait":207,"receive":1,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/ready-to-apply-wht.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/ready-to-apply-wht.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 849\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"57daec5f97de5bb56ca3a0b410abcbd5","sha1":"e319690536c9f5bfd9a585e18fe50a067f04526e","sha256":"deaed5b2417396001edb862549efd7d154ea6a11fbf42b8613f26aee5ea39a80","sha512":"3cd23d31ed75cc4d2c98a57cd185a783eacd5c8605d9f7afbb1927cf4153223fb01ea2ba92ebdc77935128114e52c333698d46617b9ce290f271a92f1bbc7cf8","ssdeep":"96:tObffqC8UJB8ZIyGstjUPZjsqjx9cjFkZ:YrfqC8UJBEIyGstjUPZjsqjx9cjmZ","tlshash":"55a1f226230d7d3eb5224a64e3557372123910b3699c77b8f6732135d50d2cdb93b8e9","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.670346Z","times_seen":24,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/hero-header/myboq-hero-header-titmus-1.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/hero-header/myboq-hero-header-titmus-1.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:58 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 290090\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":290090,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1600x530, components 3","md5":"597ee5df6d8016a0268ccdae61d88c8e","sha1":"a0d59eefb546290e458c826df5fc76d2a1c69c04","sha256":"f611426eb22540e285ebfd14349b618f96eaca2dd994fb5151d67ae447605794","sha512":"ba220d3373e3fbffd0e211c9228808e286c93cb9c343ae269f2923e490c2d3c67f6f9afdd3dd369da9f76554b094ee31ccb45b97991804331122b48d348b94da","ssdeep":"6144:r3ppo0jlcBJYjsBFQRlnhXcDOLLw9njNq/1FKlwhrpoVr2EgF/aerRF:Xo0ZcBXEDrw3q9FKySRAprX","tlshash":"745413769d678b2dee49233ce7a79b8e6803173a302591fcc528190f5366784f91d8f8","first_seen":"2025-05-05T16:23:25.217783Z","last_seen":"2026-03-29T04:40:20.689545Z","times_seen":22,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditaregularitalic-webfont.woff2","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditaregularitalic-webfont.woff2 HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditamedium-webfont.woff","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditamedium-webfont.woff HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/cards/visa-cc-platinum.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/cards/visa-cc-platinum.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 40150\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":40150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 275 x 179, 8-bit colormap, non-interlaced","md5":"4e0c0ad00e3a96332f2825b4f99bc785","sha1":"2ff95e037e8e064eb5be1c74aaa31063cd42eb1d","sha256":"b13b36cc99e2f68a69a0d93ee1b0a564e6fbdf63a3afbcbd34fecf08b3368a70","sha512":"e8a3cecd8e21d1bc9e1ad767b6b3365687b8b2cd2334335390bc4f0b238740cc68a8e0b5431e3faba6a2188e5bcdaaf49db6d7d383dfc106bcb7c33184518cc6","ssdeep":"768:EXbTJwXY5wWwV4vaw/Gf7HfCUedCtA9MLiWwTtVgQsguKOWR6JljMm:gpz5LwVNf7qlCtNlwTL+ocWm","tlshash":"6d03f1370e74812db9cb63aa549f462e3630fc10db06a2634c4979887e3b277b3bd056","first_seen":"2024-08-20T03:51:21.587449Z","last_seen":"2026-03-29T04:40:20.677585Z","times_seen":23,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":227,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/blog-images/BOQ000204%20BOQ%20What%20is%20home%20loan%20equity_blog_1100x500_FA.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/blog-images/BOQ000204%20BOQ%20What%20is%20home%20loan%20equity_blog_1100x500_FA.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 335059\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":335059,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1100x500, components 3","md5":"48cf94b6e81b6674081f7ad485d4415b","sha1":"2aa8019ebe376e0509451426f3d531ad9a546a52","sha256":"46378790a66d1791469da275294f0145011eae96cdd7954462bfda49600a9ac9","sha512":"e74eaaa35f8c1e3e50dade9f9c300806334e55131e40b32cbefe2bf1be6e953f9561d563320c820480cbaaba40539473037887933a93e0e1edce23d34baf11ea","ssdeep":"6144:x/6dRef2h4BywoVxF8hS7JmnypSiE6peyrDmM6KhlUX3I2jgELEg04gEXFMrmAMg:x/ygA4BylzYnypSIpeYmCQdghgXTiR","tlshash":"0864225818a31216f87e9b396b276fd772c2373f1188e69f0a29735a17c5387180b0b9","first_seen":"2024-08-20T03:51:21.592607Z","last_seen":"2026-03-29T04:40:20.670965Z","times_seen":23,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":289,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-contact-mail.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-contact-mail.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 500\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":896,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6d642c87ac9ea68a82792cd5beadcfb1","sha1":"4d9a326def7a354a8cd851b2834bbc8abb459cd4","sha256":"7f363c447b281ab9590ad8944a003348290f6a55d07063bff65918b3e2a67ccc","sha512":"f20a7f1dbf9e77621125a9e1bbd80eea6b5392927fd43cd7fc2ccfa2804ff81a8dae7c07d156920e2907979a8ebad4cbf193820efa14a6e8034921401f0c0199","ssdeep":"","tlshash":"ad11000a0705ceeeac244210a76410c373a4e46bd5ace4d8f69f387bd6ac0f0534db99","first_seen":"2023-07-01T23:38:31Z","last_seen":"2026-03-29T04:40:20.661933Z","times_seen":25,"resource_available":false,"data":null}},"time_used":408,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":408,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditabold-webfont.woff2","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditabold-webfont.woff2 HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/assets/style-CNhvSpp0.css","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 15 Jan 2026 06:54:02 GMT","end":"Wed, 15 Apr 2026 06:54:01 GMT"},"fingerprint":{"sha1":"02:18:EB:88:15:84:86:93:22:4A:F0:99:0A:1A:DA:F8:ED:54:F0:09","sha256":"25:3A:01:58:46:1C:69:99:5F:71:B3:05:79:0C:92:FA:E6:AB:B4:80:5B:F1:06:58:1B:AF:DE:8E:96:30:BF:F8"}}},"request":{"raw":"GET /assets/style-CNhvSpp0.css HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:01 GMT\r\ncontent-type: text/css\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000, public, immutable\r\netag: W/\"6994310c-919a\"\r\nexpires: Wed, 17 Feb 2027 09:18:37 GMT\r\nlast-modified: Tue, 17 Feb 2026 09:12:44 GMT\r\nx-77-nzt: EwwBuUwJGwH3ZFoRAAwBuUwKEwH3DAAAAAwBWd59LgG3AAAAAA\r\nx-77-nzt-ray: fdb541231595c206dd8ca5690fbf7d29\r\nx-77-cache: HIT\r\nx-77-age: 1137252\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":37274,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (37273)","md5":"0bf3fa4ae16e33ecf6bae9c7a91c24ef","sha1":"d4c8266daeb1f4b825d4db90f13765f82224b9bd","sha256":"05085b4c6bb66159589e884f0cfe7dc68c3e5953fd10d34941036a47809faeb0","sha512":"9b3769c86553af1f03838f99420120ae72f4284719508d29e96a425f968a885f8fc17f322861e575d209b55245481ad74b230576d7746d1f8ba3a3b950000c5c","ssdeep":"768:E8Ch4TcCWYtomXFDxrnSJPHs24vq+ggFgZ:E804TcCWYtdXjuPF4t2Z","tlshash":"d7f2975daad5093cec33c166e3f8e58c9229f5d1df321a9af6433a048ac27bf1987514","first_seen":"2026-02-17T09:27:34.886834Z","last_seen":"2026-03-10T05:00:21.922479Z","times_seen":1217,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"websocket-visitors.smartsupp.com/socket/?EIO=3\u0026transport=websocket","fqdn":"websocket-visitors.smartsupp.com","domain":"smartsupp.com","tld":"com"},"ip":{"addr":"3.124.102.202","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.smartsupp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 25 Jul 2025 00:00:00 GMT","end":"Sat, 22 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:57:04:01:81:87:91:69:91:5F:FB:F3:51:3F:C3:50:59:25:59:2D","sha256":"D8:0F:70:51:28:C9:4C:A6:5A:C3:91:80:AC:41:82:E2:B2:73:5A:0B:A4:07:51:81:EC:03:09:9E:87:4F:81:F7"}}},"request":{"raw":"GET /socket/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: websocket-visitors.smartsupp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://northtbk.com.metrotcb.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: t0Mf7k+mMXX6JXo4t6gbww==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Mon, 02 Mar 2026 13:13:02 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: z4KmQHCdnGUG3OPI4BCIpSTOmGY=\r\nSec-WebSocket-Version: 13\r\nWebSocket-Server: uWebSockets\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-09T02:17:27.838118Z","times_seen":16256306,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":89,"connect":109,"send":0,"wait":26,"receive":0,"ssl":117},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-calculator.min.d3adcca67f748f0777fee2456fb3ef9e.css","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-calculator.min.d3adcca67f748f0777fee2456fb3ef9e.css HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 158639\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":296930,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17761)","md5":"d90de62bbb0bfed6246a8ce0720bba3d","sha1":"09b6a7025a14b970826af7fbdd38c0c342744093","sha256":"589ab8efe297f884d367b79251ce1ec99edbf418e79fd769267445d43c4697e5","sha512":"364a0a99b68c1bda71b7178a0e5261bc899e82de19518cf3c3c3ea29cb91a565ae6eb90a509465a7b6c2286c9f0444e514a26e93b627ee0079001b372a80af66","ssdeep":"6144:aeQd7ilOZyxXQPWYvnTFm6vTfTeBRasdQZGP1VZjw:bI7i+yxgPWYvn5TbfTeBRasCZGP1VK","tlshash":"88546c21be322524b8bb621ef55d355c2e949223c95f3bfcb410ec17e6ce49123a3d69","first_seen":"2025-05-05T16:23:25.289953Z","last_seen":"2026-03-29T04:40:20.668627Z","times_seen":15,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/img/icons/favicon.ico","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/img/icons/favicon.ico HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:58 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 8940\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":34494,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"1942c58f7e8694ae96388fba3c889666","sha1":"189f1641f9a5a858494ae340e45b9069b4daf93f","sha256":"915576844a72a6054635df559e96c6576d900e3787d61bde88c78e518aa1f575","sha512":"512a142ec776be6c13f46a4c4f2e1424346e00de3e72990117bace4b04affec1ffa685cfa96972db0b6bf99f56e958b0afde522774022eb8a5a4102f0b32214c","ssdeep":"384:f+D9JUER4MuuS286TuVlMcRHhMvFkDD+xY+UrFxjr4SHH:mrUI6uWVl5HhMvSWxY+UZxzH","tlshash":"d5f2fee6e6f9a012f2a80d32f10ed03531577858489b37dd2cfd9a7af4718db4d990a8","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.66547Z","times_seen":24,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/head.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/js/head.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2625\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6201,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (5111)","md5":"a836530b44d4d96189fee07a39383110","sha1":"330875db4a20ce1d9aa5bc4217afbcd53ee5b670","sha256":"7e0ee04476f5061129447ee3836fbab9804392998b4ac121e75be1e40e9d9534","sha512":"9a65fc3e6a4ad388f40ff68c4efdedaf158d4e6415d919308230f78b37b8dd5cf44c0cc78fea3727278e2de20ef30001186de4b57c49e87733b9b1bd81762746","ssdeep":"96:uYZ33DUL0iljABqS7gwHJHAfAJPCdugcyVhBOz0/hQ03eLY6m1cc6y2mSUVxSAF:uoIS89EUcyG0/hQkemucD2IzXF","tlshash":"a9d1d79676d3b672c39b24b5727f400b7038899976598808d0b8e4e87e34db8423ff2c","first_seen":"2025-05-05T16:23:25.282269Z","last_seen":"2026-03-29T04:40:20.660971Z","times_seen":22,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-contact-phone.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-contact-phone.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 615\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1172,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7461911a7c0a8f477e138d3f1f77778b","sha1":"2557c782ab30a053b4a3196232f642a9a32c8574","sha256":"3c08236b12c985ec4ef8d5b4ab8f05277693ded02a07c61839ad6ebc50172c7c","sha512":"90ce0b4336816a9dce1fd565ca4a25ac1c22e4d92776c456af94dc4431f2210d9b9f7e721dd2e586a6bb18952e28d96469362c50e3d13b1a5ceb3b6f4405ab9c","ssdeep":"","tlshash":"7721ce0f0341c6eeba5c0019daac1586a7b0dd97a0b4f0c0e6ab2859e04d4d9c6ddbfc","first_seen":"2023-07-01T23:38:31Z","last_seen":"2026-03-29T04:40:20.694562Z","times_seen":25,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/plugins.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/js/plugins.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 56905\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":199455,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32027)","md5":"9f2470653a9f9f90b980c1ee4a13338a","sha1":"dca0fae936df34c2ec425ba367c4a8a27ce32ac8","sha256":"1d052ee5b78b7e6946eb8a2bdb808c43e3676ff2a85cd67f5dff3f0ce15151ab","sha512":"27430f516e6999adc704cbdb20e78263fa9fddc7b80cffd937986e028e7532ef0a45e3c3073fe5a8fe905a95491a660e1cf4c76e0517bd2d3443c998ce8929d5","ssdeep":"3072:6hoWF+IT3DU1omsSI5fBl5ImmuNDugGMctehyfAuhS0RqPmSpDXIkwJl2Wct:6hXzU1ocI5fBl5IHjhS0RzSMmWct","tlshash":"e7141988b341322246e720f6501f410bb2bb96b5f5198ca8b1e5c6e56dbcd4c11ebfbd","first_seen":"2024-04-19T06:18:26Z","last_seen":"2026-03-29T04:40:20.650699Z","times_seen":24,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 413\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":954,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"dda50f87ad292f0589082b64ea9fe11d","sha1":"dc56a774a8186ce7a66e2af2097945f8a1284a82","sha256":"da8b70192ef425562c4bf30a45166624c46f9215cfcb87766e92f07f5fd3b5a0","sha512":"ab2f3b97d24146870ddf750cb0403a50a540290747cbfb4bdb5659a8743efd37364a36a36628249c5f6eb80e7a4800898581d5d4d639ae50974d47d0056cf79f","ssdeep":"","tlshash":"a311007b18491bae1310c2a2b014b32dc0dfaf5a6f42e490e4b315b6bad5ac9c53d499","first_seen":"2026-03-02T07:55:13.403132Z","last_seen":"2026-03-02T13:13:34.521114Z","times_seen":2,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/chat.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/chat.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 318\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":632,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aa16016814759b497a7cd19b785947bc","sha1":"a5fa22ca90df67561974bca8b7f2544db31c54c7","sha256":"53a1193e6e5cbf350b69d22fe70529b8e2ce4a4705c482c1caa049acadd9a122","sha512":"1778d3bbba0f8afa78a41a88e122bd4f9a43220c3108960b2e2c9649758747411a6810b870a10fcf2252ec5abb78af1e1f2541a639dec1329c25d0ff72c10a6d","ssdeep":"","tlshash":"bff0283ec326dd7e901b836cc356b70770a23dc1b6aa57bcd6d665350c068a39521945","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.68598Z","times_seen":24,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-boq.min.d41d8cd98f00b204e9800998ecf8427e.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-boq.min.d41d8cd98f00b204e9800998ecf8427e.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-09T02:17:27.838118Z","times_seen":16256306,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditabold-webfont.woff","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditabold-webfont.woff HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translations.smartsuppcdn.com/api/v1/widget/translations/lang/en/defaults","fqdn":"translations.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1087630013.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 06:53:02 GMT","end":"Tue, 14 Apr 2026 06:53:01 GMT"},"fingerprint":{"sha1":"7E:EF:00:8F:D6:2A:E3:14:6D:3F:6B:EC:B9:8F:1A:76:B8:61:A9:77","sha256":"B6:34:A4:A4:5B:9F:9C:14:2D:21:86:24:65:1A:DD:99:08:D7:4A:A5:CE:0D:88:31:29:C9:6F:A5:41:A5:2A:65"}}},"request":{"raw":"GET /api/v1/widget/translations/lang/en/defaults HTTP/1.1\r\nHost: translations.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://northtbk.com.metrotcb.com/\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: max-age=600\r\nx-response-time: 0ms\r\nx-version: 328a2bb6fa0144f5d85400b5b12df9bcac88a3e9\r\nx-77-nzt: EwwBuUwJGwH3PgAAAAwBuUwKEwGzWQIAAAwBw7WvFwG2WQIAAA\r\nx-77-nzt-ray: fdb541230dd91a0fdd8ca5697a23a833\r\nx-77-cache: HIT\r\nx-77-age: 62\r\nvary: Origin, Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":7171,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e73fb26e61b7779ac37a909aa465da53","sha1":"f1aa800d8470d6f52b8f1a919951d96b8c2bac85","sha256":"99edc223afd1cef944e2059f41beadcacc433ce17f52855cdf7803d197268431","sha512":"0df22279f76ba298db9c864b8853738968705515f880586293dd22fd7b4caf87cab05e9aee3dd37c350a490ba4ba1f51011b28dbdf7afc065840020a3641a624","ssdeep":"192:P4lkA+UC1IY8pZbXF/UQq29yg4zPYfXhIIdeD/F:Al3GKYKZrJA2Yg48fXPdeD/F","tlshash":"c7e1b74f9a144eb987c6438276cfb84675bc807352509d3afd8cc8b842697cda3e3b94","first_seen":"2026-01-13T09:38:59.141589Z","last_seen":"2026-03-04T07:11:45.044045Z","times_seen":1814,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":49,"dns":21,"connect":8,"send":0,"wait":18,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/branch.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/branch.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1461\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1461,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 67, 8-bit/color RGBA, non-interlaced","md5":"6b09e6b1bc77b83d3d36948c1fa0b578","sha1":"807cb54dc46efe1c640640ad9478397771c85a2c","sha256":"a29334661a002a1b47ace6a58d34f2427df2707e77e10f3281f1212fca17164c","sha512":"9c2ce5deb27a4d668ec8b5837e10704055d57738be6c83884b48969eb9ddb3eaac18f9480173d8d64ea6cd99b2b8d109efc226a3234b939cf8ad18e301132f73","ssdeep":"","tlshash":"7131ecda236a8fd4a2ac5bdd45007459500279dc56c0de1404cf799bcf32efe48eb35a","first_seen":"2024-08-20T03:51:21.589421Z","last_seen":"2026-03-29T04:40:20.68317Z","times_seen":23,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css?family=Roboto HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 02 Mar 2026 13:13:00 GMT\r\ndate: Mon, 02 Mar 2026 13:13:00 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5548,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"2f4913b2d4249ba3d87180173c5f9121","sha1":"9bf4027becc81e05db16739d9ea242b37105cd4f","sha256":"ae14e6cdbd03f18a4fa37ba5b905bd7e39ae0162d519ca372985aa209e8c42b2","sha512":"0d96229362f39ed14d6e1f353b1f85a53442f419241cecb63d338d97176202941e8166d253b8a306dd1a6f64ee07f3c5ef40bf48574336c00f2da780a2fd62ac","ssdeep":"96:1OEMNslOEMN3FZKOEMNTOEMNoTOEMNEy+aZjzBrgOEMNfubqGIFuV4yOEMN3ROEi:cNssNzNWNoWNEq5N2bqGIwV4DNINCyNX","tlshash":"dfb11d910417044097835ce227ce7e35fe1f92006185d0b5ebfc9b6bedebda652a836e","first_seen":"2026-02-19T23:02:43.131523Z","last_seen":"2026-06-09T02:04:18.453796Z","times_seen":9026,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":124,"dns":1,"connect":20,"send":0,"wait":35,"receive":0,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-contact-location.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-contact-location.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 497\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e07b886b698685163e4e3416a1c1519b","sha1":"7f46ef4c643ab90a645a40efd005b7a9ec88e601","sha256":"20a78ba7975ba82a6f0f57050e83f8631327240061fd280bc52ce7a25189aeaf","sha512":"3eb6b572a28a13c5902ace45ea2765ed3ebc6f60a1d67648f428f11c6a9f94ddfa434f9d08c087acd6982f6f62f7f2220f8535c62c0dde0fe0be527c26251160","ssdeep":"","tlshash":"2c11004a439acbfe58d1c30983b910c263746c9ae0a0a8dc76bf3cbad19c89421456e5","first_seen":"2023-07-01T23:38:31Z","last_seen":"2026-03-29T04:40:20.6811Z","times_seen":25,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditamedium-webfont.woff2","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditamedium-webfont.woff2 HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bootstrap.smartsuppchat.com/widget/bd0d7e2d5e6ea65a81fcf7d432d05ed23f2596f9.json","fqdn":"bootstrap.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"3.74.133.176","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.smartsuppchat.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 02 Dec 2025 00:00:00 GMT","end":"Wed, 30 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:47:26:FC:2D:4B:14:19:23:BC:B7:70:14:DA:60:A6:21:B0:1E:81","sha256":"0D:5E:FD:70:25:9E:DE:DD:47:CF:0C:58:1C:08:A2:A1:05:AC:A6:7E:0C:43:6F:50:E7:49:E0:A1:60:D0:0E:0F"}}},"request":{"raw":"GET /widget/bd0d7e2d5e6ea65a81fcf7d432d05ed23f2596f9.json HTTP/1.1\r\nHost: bootstrap.smartsuppchat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-version: 8f78827c99f8a70d2cd46ee881b468733ffd9813\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: private, max-age=0, must-revalidate\r\nx-hit: redis\r\netag: \"4ae-Jt95KB4lhLcE8+iQwCNZPCueNIE\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1198,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"4f18805e17e4c1e8e9e07a360e4a69d2","sha1":"26df79281e2584b704f3e890c023593c2b9e3481","sha256":"6281c13b7e0567048cb6d2f22a76664459e11449f8de893a5852cbd5b5f202f9","sha512":"367418c85fe832ff0d1c662bcc9c08160f6bd9e7fa17da26c06a5620f111a62eee9ab949fb41b9cdad283bca566c40db697449e3c99b7fc3865936d14c504043","ssdeep":"","tlshash":"9421686d4a6822fd5245c7d6c5047a076bbcdcb371043e7eea0d0a4e70db2e5223646b","first_seen":"2025-07-17T12:46:19.667078Z","last_seen":"2026-06-09T00:08:35.613299Z","times_seen":5254,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":81,"dns":12,"connect":21,"send":0,"wait":25,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-boq.min.d41d8cd98f00b204e9800998ecf8427e.css","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-boq.min.d41d8cd98f00b204e9800998ecf8427e.css HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-length: 0\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-09T02:17:27.838118Z","times_seen":16256306,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/computer-laptop.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/computer-laptop.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 326\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":616,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"de0e1aa8d669a0bc1136b1c77ced16ee","sha1":"7fc0c049347f820168712e1030dc31f3977e0c18","sha256":"9987a50414c00c6175853f58bfa7447cb9ef9146dd3e41aaf1515017e1496cdd","sha512":"1a57b3e6bd9e005df8397b8b05474569f545db47aa05dbd543a397a2f938581a0364b2f4ec8d63e537c85e336fb0d54c80f2301e1217426ba60b62ed95b69e37","ssdeep":"","tlshash":"c6f0783e83445e77e02742f0c3a8f19271dbf455b56806a8c7e173760dc6ea345315a5","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.687955Z","times_seen":24,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/blog-images/blog-header-images/Conveyancer_vs_Solicitor_couple-with-professional-deciding.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/blog-images/blog-header-images/Conveyancer_vs_Solicitor_couple-with-professional-deciding.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 72463\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":72463,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1100x500, components 3","md5":"24d97d1f872c5b64fb9aa95418e7b543","sha1":"d987df5d67ca104515b26e7c3b49c5aecc478843","sha256":"46fa51bdfd3209a75a9409ffd13e160bc65254aeb7342791d68aaa57df838de4","sha512":"4104c0226753c1cecf1f359f956fea820375e619580d80c2501ffb2dfba033c2dc977d8ecd3992d9b128190581cfeeaab5ebb759937f5edba03189ab5ac8eeea","ssdeep":"1536:gjqnazrpKTapUlali1UL+/ZmYPa30+JW0Bohj4va1P59HTVSx:gjqMpKT2Ulad+Q/W3sa1P59xSx","tlshash":"a1630189fb347a16dca49a2e9ef40ecd6fba7e5c4e0077b538949dd360333450e1062a","first_seen":"2025-05-05T16:23:25.225299Z","last_seen":"2026-03-29T04:40:20.686803Z","times_seen":22,"resource_available":false,"data":null}},"time_used":363,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/blog-images/economicupdate-100523-thebudget-header-banner-image.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/blog-images/economicupdate-100523-thebudget-header-banner-image.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 310964\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":310964,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1100x500, components 3","md5":"b15e428db7b0e2d566414b7cf5af2764","sha1":"441fd49f2cb5fad42d4abcf53a63c748fd83b22d","sha256":"96e94a3c973bb2e83226769ba571a3ce74475afe3913461fa7d5d2104deb17ed","sha512":"ffbb8435088dad58441dc75ab15b9bf161e9d82ab8b39556f2efc1f82e65f122abf86906ad5c81924c20422c4bedaef7de8ff5530a32fec53200096e4faba04f","ssdeep":"6144:spW/a0o1g/c3uJGiVkHdC9oxW0ZfYS61K4x1Bn1Bt2X6kNkV:QEWgYiVk9C9oxlH6N1hbwkV","tlshash":"0264231c8e6397aaf6cca63dce7249dc74a47b3b43d9b01e97496c597e8010bb4cc858","first_seen":"2024-08-20T03:51:21.595735Z","last_seen":"2026-03-29T04:40:20.688532Z","times_seen":23,"resource_available":false,"data":null}},"time_used":414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/js/script.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/js/script.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 23576\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":82284,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32016)","md5":"3dc6c146380b797bbdaa90c3b0650cf4","sha1":"bac4eb80b67519b6f4da68a18982a817a7094303","sha256":"67f064f5f912ebb5191b02c6d57443a80a29e0a617d299c98956971f0136f8cb","sha512":"7035cfcc27c89c0f4a3d766bb38572645ede1126e6767e005f3ff8c0cbb8443c01d3c4078122bbf494481cebd9629deaade7d962eb4b6b9f6c454ba5a690f34b","ssdeep":"1536:jco/k7kvpnsx5Ko6lVX5pZPwzxHTMQC+8suxkEmn7nBikXOORv57D:jcfKo6PZLUnBiQdF","tlshash":"37831a4d767131aa92ab31b510bf520ba0335875f8095c98b5b9c8e92ebcdc86137f3d","first_seen":"2025-05-05T16:23:25.22677Z","last_seen":"2026-03-29T04:40:20.681574Z","times_seen":22,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":286,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-hand-dollar.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-hand-dollar.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 370\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1171,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2304c1697106aad6d61bcd9d0e428f81","sha1":"1153f90a03b6612a5b7877f471c29556f0d2cc76","sha256":"20a43fc6242f0ec19130a9a1c675977cc2ca0884b4d32330fbff9e471552f0c2","sha512":"260eb829e0e64c191b437780a648078e9e262f389473de27222ce976cb8f8b09ae1c9a5c4f5376fd6ba80f663bc337c9ebbf4c5303a30fb05b0c7bae8a3952ef","ssdeep":"","tlshash":"8921d819234a2c3dfd23463de7a93236506b05e52ead37248c331572a2046efb93f9d8","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.649751Z","times_seen":24,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/awards/home-loan-awards-2021-transparent.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/awards/home-loan-awards-2021-transparent.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 73823\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":73823,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced","md5":"dad0ccec2dae802461d41c733124dcab","sha1":"9fd37519e8a0b879e4cd13befd2fb9a0e53fb0db","sha256":"6f0ef398eacac8b16d76169ef294ed9ded6641f9b3f1bc341ac53ba10918c15e","sha512":"ca57dee4808f0300a931f9bf6514c311394fe651e77bc339e4c67f00af81d96637d93b026b12a3714caadaf856606bf0662156303c8a33208f47d8563d862089","ssdeep":"1536:khE+xRCOK69TMdUJqA/enuTfx0zXi+RxIrHyAyzeI9zaTuq:r+xRHK69YiJGnuNa2SA1Uz4J","tlshash":"c17301bcb36530499ecaac617fe009e4ae253d4092f5d1d6c36e70dd93318b643d60a6","first_seen":"2024-08-20T03:51:21.593226Z","last_seen":"2026-03-29T04:40:20.664025Z","times_seen":23,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-dollar-scope.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-dollar-scope.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 269\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1083,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4444c63e2eb3416f9741d3a2dfcbf548","sha1":"29b6587279c749d678c3a1da6ec01eb50bae2d9d","sha256":"2fe40c54f77768fe5094eca8628b2f0c58c1f342d4d7daa6cf0cf0597c956e19","sha512":"8c0bd71fed282015f4e2897548e51daecc4fa59904ef8659635d328d4a5a56d15290dee4342c1351d7f6611e037c361e9ac2e65b9899224802b580abdd136dce","ssdeep":"","tlshash":"8c11935a230c3d3ef8374479e3253676127a12e22a4db634983241f1a20678fb17fdd8","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.684052Z","times_seen":24,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-calculator.min.7faf47997fb031ef64315975334ce420.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-calculator.min.7faf47997fb031ef64315975334ce420.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 230995\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":968365,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (569)","md5":"19ebc0fd5f0f0e88e764dba2a57429cc","sha1":"37ffc85d5840608afec028faceebe9e6c1aa8a29","sha256":"6bd80fb4a167ede8f0e9f5072c80fc50c2ab9ec978fd6f7b0e1fefabf1e1eb98","sha512":"7410f6b6618332753217475cbbd77027bfdc6da9ba3dae52a5b2bd6722a4fc032bc458740294bd0c60b7ecfba5db20123b8cf75f04c94cc5aaedc509f3a4dd39","ssdeep":"6144:qG06IJQ1utYyNuPIZspZimW/IXKJkGB6blu1RnQvZcYVyjON3zRAJlt5IBhmCHCk:qUcFqS2KJ16BuGpRMeBt","tlshash":"82253b84b962781546b72071483f140f72f97969d48ce480f2b2c9e87eb899d91bbf3d","first_seen":"2025-05-05T16:23:25.257094Z","last_seen":"2026-03-29T04:40:20.666366Z","times_seen":22,"resource_available":true,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":428,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditaregular-webfont.woff","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditaregular-webfont.woff HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/libs/img/logo-dark.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /libs/img/logo-dark.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-length: 12544\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12544,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 217 x 71, 8-bit/color RGBA, interlaced","md5":"035c16302721960624d5cef3af26a92a","sha1":"ec85c50d4a7b7830a5cead9b74d4f6181961a1ae","sha256":"ccdd200c95696d7a0f0eb4bffacfbfe98882b4c105696cb1d34646f5b1a5685f","sha512":"4a4010b50e90927a2472f126cccf570f98d02f7f89282358b5b8deeeac0ae80797a12f3cb06243719eacd839505468aa82a1639c6ad79bf2eea526fd0eeed5bc","ssdeep":"384:KygHTpu4VSPDoGUHxriXroFzUNRu+Zs2DPs5O:K/EPDCHxriX8BUTZs2DkM","tlshash":"b242bf9381f807aaa0763a73eb8e51db91eb53414a22556db4c9c0e215e76f06f885c4","first_seen":"2026-03-02T07:55:13.443731Z","last_seen":"2026-03-02T17:05:49.796036Z","times_seen":5,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/img/svgs/svgs.css","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/img/svgs/svgs.css HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 7380\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":60753,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2241)","md5":"d34716d27fe5b8da12c9a00c600365e0","sha1":"3c6053b2a5aa77e2b32e6735b058e6115c7bcb5f","sha256":"cbc6f0d8a366daa7dc6d5fc497b458864dc7173d8c34d9e713e730bf52a7ff39","sha512":"56b712f2fc7f9602db6cebede8e80fd7acc276401d498f784ced8bf60aa2bc3a1bd524b7a91c51e425c83a6f2e5701eb65346f51ce85d003a0319e24042808ef","ssdeep":"768:3npvFhlyXqgtB1ZHnS01H062gNqc2gNqsNJ7O:vyagtB1ZHnhy","tlshash":"5c53fd7c61712b4dbc3bc027cb1936099028fdcbe954ac2edfaa7124eb4466df0a4665","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.651973Z","times_seen":24,"resource_available":false,"data":null}},"time_used":440,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":297,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/roboto/v51/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 21884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 27 Feb 2026 08:31:41 GMT\r\nexpires: Sat, 27 Feb 2027 08:31:41 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:41 GMT\r\ncontent-type: font/woff2\r\nage: 276079\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 21884, version 1.0","md5":"4279528ce0e7dc28919e6f8ce5f0eaa5","sha1":"a0bec563643727d81bf21d0acec08227d9269da4","sha256":"425c0713a8176f92273d378599c7eac57de7fafabd4bd0ed457b70eb8f80d371","sha512":"2b6a62ea544e93669893bac8bb8a5233d55cda9c3b293add6f312808cdf5127822446a516b66656cdae7409c5938ad1ff4fe0a1ba48e52134e141d6a78100507","ssdeep":"384:74kazv9DMAYqVNsLRxmVN7UX3oC4JjImMex3viFG5Bt7/br6CfY/lC7:7fazv9DM2Q+I3oC4JjPb30G5rtfY/87","tlshash":"0aa2e187b3eaa46d5787b931fa0a1900b8fe73f65d27da6484e087c9a1456c48c3dd3c","first_seen":"2026-02-19T22:29:10.595811Z","last_seen":"2026-06-09T02:09:57.705413Z","times_seen":19580,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":135,"dns":1,"connect":20,"send":0,"wait":22,"receive":6,"ssl":111},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/assets.adobedtm.com/aaa86c73d744/13dc1503367a/launch-a9f690185f63.min.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /assets.adobedtm.com/aaa86c73d744/13dc1503367a/launch-a9f690185f63.min.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 97625\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":362241,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32762)","md5":"fe86e9ff96c4abdcf74150c115f34a04","sha1":"d2ca4edbc1708a0a9d2e86c331c8928d7015e4e6","sha256":"9bb41df62b95fafde8c7c379c5ac9752b3f8aee3fd4396b5a55801e0bd5ab41a","sha512":"969a59daac80892191049fd46eeab0e4e5bf6c5d77b9f210e0856ecad959a390f080282fb4a5b26440ab0d3d9dd48c566e8dbe30c03d9d662f3512f94629ecf6","ssdeep":"3072:6UQiMt7ZIkUum3Xuju5qsK1zOrKhvfYeqOcilLtxnm3KwpIK1+a7+J:TTdum3XMu5qR1zOe5qOjlm3Kw2N","tlshash":"707428deb295f0a9179731b5906f110bf23a3845688cc010f59ae8d93db869e9233f7d","first_seen":"2025-05-05T16:23:25.280965Z","last_seen":"2026-03-29T04:40:20.663077Z","times_seen":22,"resource_available":true,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/marvel-b2-cdn.bc0a.com/marvel.js","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /marvel-b2-cdn.bc0a.com/marvel.js HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2967\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8776,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (8776), with no line terminators","md5":"240d477eecbfa75b510f7c1f02e86900","sha1":"673428ca2114b03abcd8c7eb307a00bf1a482da4","sha256":"69f52ce15fa069d42265c15ff8ef081bce3330b00a15da087f77a6d0736b2f11","sha512":"b94c240e5d29d7c9663e009651c76246a578a60516944288c52ab43b35724b2eae78c8882b4d5189715a0a47282655649e4d80e2e6a06064c16134d2d9c773ea","ssdeep":"192:BqtYsSYbMs/MVbOWhZANmCIHE2VDOs5FviChwQuWtR7qFgPm6TLJJ4Dco5rJBMaI:AtYsSLs/MVbOWhxhE2Rt5FHhwQuWtc6H","tlshash":"d30283ef738937337f9610d8d8c40c84c0743766560ac9a3aa69d4b3715df641abe94a","first_seen":"2025-05-05T16:23:25.2707Z","last_seen":"2026-03-29T04:40:20.654088Z","times_seen":22,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/hero-header/simple-saver-ariane-pineapple-header.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/hero-header/simple-saver-ariane-pineapple-header.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:58 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 85643\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":85643,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1600 x 300, 8-bit colormap, non-interlaced","md5":"d58bbaaef6c6dda701946605d03af9ae","sha1":"1a3542fb04c0bc567d4b25917baedad6e3560701","sha256":"afd2986dd5b4f8d801621987439fbefdea91970032621d498a66837257f2380f","sha512":"d7c72c21746a11df55c784ac1346e3a20a1a3fdfceefaab0d64c0d8481e862d8c3e3ebb1df0dc1fd839c7d8608020deb4bebe4ddcdf32c1ad5fdcf99ed800504","ssdeep":"1536:ok0aW1gO2YOH73hXxjUGa73f2QmU7eRXsV4x/JzTr:6DwLhXxI5PJKRXsV4x/JTr","tlshash":"968312a17c03569580a8e4eacc1ebe56743e4879c5bac513f211c9c49bfce90b4e295f","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.682143Z","times_seen":24,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/img/icons/apple-touch-icon.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/img/icons/apple-touch-icon.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:58 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3478\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3478,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced","md5":"e32b69f59c0494f624ef755b714ae85d","sha1":"a6a0d094c490f302a3c7c9d28bf3ec630e06e0e6","sha256":"42821f22b54a2d24c294801deaa2b7858f45075b34d9e05fdc884ba30e155e91","sha512":"d60e2c60a113c3995c920cbba65c99dc33909e9b139672604df2dc43a005dbf6ae20ff3679d9927cbfdce906dc48aa18298e14c54c6243d6ad94c500f92d1a37","ssdeep":"","tlshash":"8d715bb72ef310caae86a7f513acb7abd31f744842fc5ed9992031d64064385aa180a1","first_seen":"2023-07-01T23:38:32Z","last_seen":"2026-03-29T04:40:20.656372Z","times_seen":25,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.ie.css","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/css/style.ie.css HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 48161\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":379804,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4ce25e559b2de536199d8c8aa0d00a03","sha1":"26e1a38a8babc103bc0a12feba80c02454111aa1","sha256":"21bdc06651508f45209e4ac23837830ef78d0083f37641c2f7b3f0e5a52f64a3","sha512":"c9e5f5f454849ad21ade7f54264bbe54b13daadc25aa20069dd884dae66a7c89d893a245477e568198f3ddd46d0f5f43407f9c8e758e67da764ed23198a1f2cd","ssdeep":"6144:fZF7Jdw0iXL1Z8gln+nHkbfsI3OA4Gr624:fZF7Jdw0iXL1Z8glnskbfsI3OA4A624","tlshash":"4184b651e11538ad527bc43ff2c47a86f728e562e3260eebf555a00dc2cf64e212be49","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.647197Z","times_seen":24,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-bank2.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-bank2.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 344\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2293,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4e1948e7fe326f9b6edb66296e60398e","sha1":"fe43891ab129de7795b774ebb23cbb583d573352","sha256":"87a0c921bdcbf3540067df9b1eca16001573043462e197ea09ea0fb0ee4cf288","sha512":"6c7fa47044e075d8a79d55cf6e99e87aa6fdfe1cdba244b5e76b2a46b62dabbeea9f07fbc453939518d2ad05b982ce4e6f6df3ee535ffe3f696979f458b6bf19","ssdeep":"","tlshash":"5f41721a270ebd3ef923443de764727a016e12e25ace76348d3211b266597cfa53f4c8","first_seen":"2024-04-19T06:18:28Z","last_seen":"2026-03-29T04:40:20.680364Z","times_seen":24,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":341,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/icon-percentage.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/icon-percentage.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1336\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1336,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced","md5":"1e006de53e9aebc0f426392fee7bc877","sha1":"22c3005332439db237f6c62f410df8e2c7caff33","sha256":"d5cb74f80a039438059e6e77831924fd66c2896da18ba7807ac808802dac7951","sha512":"6bc9afc5166bc28c493de9df19c7d71e53c926eed46f09fd0b2dde72ff8f1696b016b6abc29b3f15c23608e53a88ba07c00b43b2bb5b5627c9470cd905c71efc","ssdeep":"","tlshash":"c2212b0d99900612d3777a6184f80b10b4379d88fa886e05f36f6df78ed431700819cf","first_seen":"2023-07-01T23:38:31Z","last_seen":"2026-03-29T04:40:20.678329Z","times_seen":24,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/icons/calculator-1.svg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/icons/calculator-1.svg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 357\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1027,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"890248817a972979acdfdb58662c6a55","sha1":"8a235a7d29f9e751c2d1db4a811600bccca065a0","sha256":"76200b72100b8ad2ee44fa38c1fe06698b5dbd6d1c631eb4e04978a5ddef8b27","sha512":"98eda1046a404419d61784e43a3c682df44d28c3d757be6f5911fe9d19c22c46d1af7d125c744e580f7f04bc7a6008b71e51c2ca1a6221b97e04a35db61ac8ed","ssdeep":"","tlshash":"5e11227f7f0ebeb3e11370fbf690629760cf66fad28051ba84a126210712cd34636156","first_seen":"2024-04-19T06:18:27Z","last_seen":"2026-03-29T04:40:20.693482Z","times_seen":24,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/img/icons/apple-touch-icon.png","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/img/icons/apple-touch-icon.png HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 29 Apr 2025 22:02:36 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3478\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3478,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced","md5":"e32b69f59c0494f624ef755b714ae85d","sha1":"a6a0d094c490f302a3c7c9d28bf3ec630e06e0e6","sha256":"42821f22b54a2d24c294801deaa2b7858f45075b34d9e05fdc884ba30e155e91","sha512":"d60e2c60a113c3995c920cbba65c99dc33909e9b139672604df2dc43a005dbf6ae20ff3679d9927cbfdce906dc48aa18298e14c54c6243d6ad94c500f92d1a37","ssdeep":"","tlshash":"8d715bb72ef310caae86a7f513acb7abd31f744842fc5ed9992031d64064385aa180a1","first_seen":"2023-07-01T23:38:32Z","last_seen":"2026-03-29T04:40:20.656372Z","times_seen":25,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/fonts/gorditaregular-webfont.woff2","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /etc/designs/boq/clientlib-site/assets/fonts/gorditaregular-webfont.woff2 HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/etc/designs/boq/clientlib-site/assets/css/style.css\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncache-control: no-cache, private\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1005\r\ndate: Mon, 02 Mar 2026 13:12:58 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1005,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"4eb8e690503a44d4fbcbc98bc126b2a1","sha1":"b1c5611057f413cdaec36ff22d9340dc82652c12","sha256":"c9a925062c1d34e25cddeaa0f8a137813fc12afd95b1dd93a5b2a08ddb4d0ae7","sha512":"93670f35d8a8ce9d08bfd45ecac7ccabc1bf4c1d3d0a630530057843c2460b401d0f0a5bb7cc1542511349b9bde5a1a53e640a67854ba585fe078ef618eed3bd","ssdeep":"","tlshash":"2911147f18091aae231082a1b514736dc0dfaf5f6f42e490f47316b5bac0ac5c53d46d","first_seen":"2026-03-02T07:55:13.396044Z","last_seen":"2026-03-02T13:13:34.506987Z","times_seen":2,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":150,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"northtbk.com.metrotcb.com/content/dam/boq/images/managers/jimboomba-om-aaron-todd-859x600.jpg","fqdn":"northtbk.com.metrotcb.com","domain":"metrotcb.com","tld":"com"},"ip":{"addr":"217.197.98.50","port":443,"asn":211611,"as":"Exim Host SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:12:59.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.com.metrotcb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 12:23:25 GMT","end":"Fri, 29 May 2026 12:23:24 GMT"},"fingerprint":{"sha1":"2B:8F:7C:DE:6D:8C:27:98:D6:63:63:36:9A:23:D5:72:F6:1D:29:89","sha256":"09:3E:7A:71:BA:60:5F:E6:FE:29:5F:3F:EE:B9:10:B6:BD:4A:FA:ED:32:4D:C3:7D:45:5E:8E:50:B7:BE:77:8E"}}},"request":{"raw":"GET /content/dam/boq/images/managers/jimboomba-om-aaron-todd-859x600.jpg HTTP/1.1\r\nHost: northtbk.com.metrotcb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nCookie: XSRF-TOKEN=eyJpdiI6IlVDck1WdnN4cW52ZVJHdFQrQ3pWS0E9PSIsInZhbHVlIjoiOEZydU5teTI5NHZOdGE5Uk5XelVvcmNadDZOb044NmRuTEVOeUdDM1A2OEUvK1R5S2tRVkhDcTBZZ1hxY0FjZnZhclVMRU5BbC9GdWorcWpaTW5NWWttaStMY001NTlyUVFVcDI0bTNVVzg2YytkTm85azR6cEtkR0VoUTMwbE0iLCJtYWMiOiJjMWYzNjc3ZjcyNDhiNzUxM2I3MTNiYmE1YjMwZTc2ZjU4ZjlhZjZhZDU4OWI2Y2IwYzBiZGExMzBiODFhNTg3IiwidGFnIjoiIn0%3D; northtbk_session=eyJpdiI6InlJYkFvcGdhQXN4NVVaN3ZQUFlZa3c9PSIsInZhbHVlIjoibVc1d2RUTW1lVVlCVDJCOGJKOUlTWHM4aDZjWm1wTFBmK0FkOXE4SXpIb05vQURxQUVoa1hDekFDdjdUY3RDSUxaRi9XaDByOCtwVmFRRnlRa2JaL2RnOUcvdDFUaUpQNjFQSEpvN282MGc2T1lYN205cEZvZDBuOHI5Q0xNMHUiLCJtYWMiOiJhMThmNjY0NTc1MDU5NTMyZWJiMTdhMmNhMTQ4NDFmMzZkOGM0MzNiNzEzNGNjMWU1Nzg5Y2VjOGRlYTgwN2E4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 09 Mar 2026 13:12:57 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 29 Apr 2025 22:02:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 49210\r\ndate: Mon, 02 Mar 2026 13:12:57 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":49210,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 859x600, components 3","md5":"6454d7c260dcef830e61c08ee527520f","sha1":"6e26e61f27525f5da1b0ca5df7b257b56243e4e7","sha256":"b754a12d31f3c210a2e2099150c5d91d359c5d8ae6934408f7bd0e2cf67a2021","sha512":"24245a573f95abd68fd51c81fa4902c00146f77ea12fdbbc0f92144f31a402c82e2500605afd7868572493d0c0671df5738081b8ab2875be35ec1c2001783b53","ssdeep":"1536:XUjO7ihPpbJYyMGRTqDtGyHoEPt/NUZjIy0:EpsMTqDYyIetlujB0","tlshash":"f62302afe18e5b50ecdc7c9344d3e22ad0e6ea2cda445dde9c6c34ab53210b4291f715","first_seen":"2024-08-20T03:51:21.589989Z","last_seen":"2026-03-29T04:40:20.679184Z","times_seen":23,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":234,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-02","alert":"Phishing Block","trigger":"northtbk.com.metrotcb.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"northtbk.com.metrotcb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.smartsuppchat.com/loader.js?","fqdn":"www.smartsuppchat.com","domain":"smartsuppchat.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:00.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1161431244.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 15 Jan 2026 06:55:02 GMT","end":"Wed, 15 Apr 2026 06:55:01 GMT"},"fingerprint":{"sha1":"D6:AF:CD:AE:04:C9:18:A9:86:FD:53:08:D9:99:99:9B:9D:A8:58:29","sha256":"66:75:58:C3:A9:29:2F:14:30:FB:BE:32:2C:1C:9B:D1:A4:E6:58:D5:9F:33:F7:16:C3:0B:F7:A4:6C:49:F2:B5"}}},"request":{"raw":"GET /loader.js? HTTP/1.1\r\nHost: www.smartsuppchat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:00 GMT\r\ncontent-type: application/javascript\r\ncache-control: max-age=300, public, s-maxage=60\r\netag: W/\"6969e151-4684\"\r\nexpires: Mon, 02 Mar 2026 13:17:32 GMT\r\nlast-modified: Fri, 16 Jan 2026 06:57:21 GMT\r\nx-77-nzt: EwwBuUwJGwH3HAAAAAwBuUwKCQH3AAAAAAwBJRPCNAG3AAAAAA\r\nx-77-nzt-ray: fdb54123b5944fe7dc8ca569ea912735\r\nx-77-cache: HIT\r\nx-77-age: 28\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":18052,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (17979)","md5":"a4d5607cdbc76688d37ad6311610a058","sha1":"534adf5ac8c28e88b13d1549add0d84a57a52c61","sha256":"7c209ce50b76600257f47c0a47333504478e9c89793713cc7d113bbb688c3eda","sha512":"3ee08aedbe06d4a8181f362bcf9694d164f36309b70f048d42079989f139915e340515f56a6f84e3bb24d4e027cceee7c2c32a710f58ddbaaa5a5a662ccd3300","ssdeep":"384:wBWbE0rIcvqSI/aQ/UpIxN5BWbEgl/ET/xzy2A3wBV+:wAxka0/scT/xzy2A3wBV+","tlshash":"f682b6cc7691b16543ab61b4843f620ff1376929740d8821b965eae13c78d8ed037fb8","first_seen":"2026-01-16T11:03:53.240781Z","last_seen":"2026-04-19T18:18:50.439045Z","times_seen":4264,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":61,"dns":31,"connect":7,"send":0,"wait":8,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget-v3.smartsuppcdn.com/manifest.json","fqdn":"widget-v3.smartsuppcdn.com","domain":"smartsuppcdn.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://northtbk.com.metrotcb.com/","date":"2026-03-02T13:13:01.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1857279285.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 15 Jan 2026 06:54:02 GMT","end":"Wed, 15 Apr 2026 06:54:01 GMT"},"fingerprint":{"sha1":"02:18:EB:88:15:84:86:93:22:4A:F0:99:0A:1A:DA:F8:ED:54:F0:09","sha256":"25:3A:01:58:46:1C:69:99:5F:71:B3:05:79:0C:92:FA:E6:AB:B4:80:5B:F1:06:58:1B:AF:DE:8E:96:30:BF:F8"}}},"request":{"raw":"GET /manifest.json HTTP/1.1\r\nHost: widget-v3.smartsuppcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nOrigin: https://northtbk.com.metrotcb.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://northtbk.com.metrotcb.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 13:13:01 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, public, s-maxage=60\r\netag: W/\"69a543fc-7b0\"\r\nexpires: Mon, 02 Mar 2026 08:09:17 GMT\r\nlast-modified: Mon, 02 Mar 2026 08:02:04 GMT\r\nx-77-nzt: EwwBuUwJGwH3KQAAAAwBuUwKCQH3AAAAAAwBw7WvAgG3AAAAAA\r\nx-77-nzt-ray: fdb541231595c206dd8ca56958703e27\r\nx-77-cache: HIT\r\nx-77-age: 41\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":1968,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"28ee61d71d429e47c8cfbc01f8ffcea9","sha1":"42d5fd8d5dee0f75e30f24d7b996ce60aaf32121","sha256":"e705b4ee1f5ffe1bcaf198567bc2d83d370fc56a50c6181c86ed04ef68f6c1f1","sha512":"d6a25a596f05e6ef34374672b7f12995e03a0be9bc9e7dd0dcecf3bf50deb5e1c968aa2bbe36d8e597263995f70b51005f4c4a8d60cbfa90f8efe3444d91ae35","ssdeep":"","tlshash":"ea412493c4f80d531b9c662bb89449814d90c3c7e88a3d1d366d8a7f2f4ceb911e6b6d","first_seen":"2026-03-02T08:25:26.032575Z","last_seen":"2026-03-10T05:00:21.827354Z","times_seen":430,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":62,"dns":37,"connect":7,"send":0,"wait":7,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}