{"report_id":"c07a91f6-ac9c-4cb5-83e5-964f12d0dd56","version":0,"status":"done","tags":["suspicious"],"date":"2026-06-25T00:23:14Z","url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"title":"Webmail Sign-in","dom":{"size":11604,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1880)","md5":"0843047e3ba975d2d0bb08ca2cb5c6d2","sha1":"a3b3d759f68fd23b567c1e1b7a5d85d4517d2ed8","sha256":"be56356a92ae83c18fa1521af4ba94b8af0d95a54b5507e0ff3694bc2d9d7b49","sha512":"9925c002c1f27e36ddd76de20e92b025435580c53fb72ec6f1d14351ebe3c677448aace0d62bf922a9ca459305156d4dda1154586a55c84133dee6b81dcb2997","ssdeep":"192:U7Uq6jfD9jTZLox1JJyE4+KJAM7R0eyiGXrisLiZi4jb2UO4UWOA+:UAZX0eyi0riyiZi4jDUW8","tlshash":"a032e862abfa043d3293d0b931f5a7847e31c107ef41495a78ad29a54fcee8648777c8","dom_hash":"domhashf0ccc2aacbe5c8dc942072db78920320","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-30T00:23:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-25","alert":"Detects file containing Telegram Bot API","trigger":"smartconsulate.com/wp-includes/talibansource.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"smartconsulate.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-21T22:46:13.623663Z","alert_count":0,"request_count":4,"received_data":492043,"sent_data":2053,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"t0.gstatic.com","ip":{"addr":"142.250.178.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-06T20:22:05Z","last_seen":"2026-06-20T10:09:49.007856Z","alert_count":0,"request_count":1,"received_data":1665,"sent_data":590,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-21T22:22:12.048317Z","alert_count":0,"request_count":1,"received_data":4275,"sent_data":531,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-21T22:19:08.810882Z","alert_count":0,"request_count":1,"received_data":8696,"sent_data":556,"comment":"","tags":null,"fingerprints":null},{"fqdn":"smartconsulate.com","ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"domain_registered":"2020-10-04","domain_rank":0,"first_seen":"2026-06-01T16:53:58.242099Z","last_seen":"2026-06-01T16:53:58.242099Z","alert_count":12,"request_count":3,"received_data":111865,"sent_data":1404,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Bootstrap:5.3.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","size":80421,"data":"","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-06-26T18:40:26.242767Z","times_seen":16877,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"927302db3199f3e144ada21d30c57c5a","sha1":"393c577d1c3d665efa94ced6f84a3be31078072e","sha256":"72c087c0954067a5f823612bebd13c621840a2c587bafac5a87c23020ca1db8b","sha512":"c11dffbf5cf43a332e606b66d683a6f4220a356008829a9602a38198965cec2a4cf2a1bc7ac3558d1287088bd9a9b71c01ca8d2c5f58ba25febd44b9a9c437e0","ssdeep":"","tlshash":"4d6163e3b78f29791bdb7666313893d8793582157d811493a42d1c3d44daf9288ffa80","size":3398,"data":"","first_seen":"2026-06-25T00:23:15.581909Z","last_seen":"2026-06-25T01:19:12.01429Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-25","alert":"Detects file containing Telegram Bot API","trigger":"smartconsulate.com/wp-includes/talibansource.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"b22ee83b8b814fa3b7416bd0ac1266b7","sha1":"1c075c786e429ec3d1ff5f18c4af0ea031cdc5c1","sha256":"3e8e6073a2feee5345986b9c3ccc3b40683a18c3da6ba3051e686b0abd055591","sha512":"0f98748445ce3ea62a1d41b0248b5007312ea3693163391414707038da4c8ff7e1b43b1b1892faf819205ad6929006350eb2cd3be66205313e8a6611f38b4b47","ssdeep":"","tlshash":"f431bb7779f304302af7d0aa275b3b853e3490071905ea4d3e6d87814fd9d849a636dc","size":1575,"data":"","first_seen":"2026-06-07T23:21:07.255097Z","last_seen":"2026-06-26T14:05:55.837239Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","size":80421,"data":"","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-06-26T18:40:26.242767Z","times_seen":16877,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"927302db3199f3e144ada21d30c57c5a","sha1":"393c577d1c3d665efa94ced6f84a3be31078072e","sha256":"72c087c0954067a5f823612bebd13c621840a2c587bafac5a87c23020ca1db8b","sha512":"c11dffbf5cf43a332e606b66d683a6f4220a356008829a9602a38198965cec2a4cf2a1bc7ac3558d1287088bd9a9b71c01ca8d2c5f58ba25febd44b9a9c437e0","ssdeep":"","tlshash":"4d6163e3b78f29791bdb7666313893d8793582157d811493a42d1c3d44daf9288ffa80","size":3398,"data":"","first_seen":"2026-06-25T00:23:15.581909Z","last_seen":"2026-06-25T01:19:12.01429Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-25","alert":"Detects file containing Telegram Bot API","trigger":"smartconsulate.com/wp-includes/talibansource.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"b22ee83b8b814fa3b7416bd0ac1266b7","sha1":"1c075c786e429ec3d1ff5f18c4af0ea031cdc5c1","sha256":"3e8e6073a2feee5345986b9c3ccc3b40683a18c3da6ba3051e686b0abd055591","sha512":"0f98748445ce3ea62a1d41b0248b5007312ea3693163391414707038da4c8ff7e1b43b1b1892faf819205ad6929006350eb2cd3be66205313e8a6611f38b4b47","ssdeep":"","tlshash":"f431bb7779f304302af7d0aa275b3b853e3490071905ea4d3e6d87814fd9d849a636dc","size":1575,"data":"","first_seen":"2026-06-07T23:21:07.255097Z","last_seen":"2026-06-26T14:05:55.837239Z","times_seen":45,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"warn","text":"No 'eta' parameter found in the URL.","filename":"http://smartconsulate.com/wp-includes/talibansource.html","line_number":0,"column_number":0},{"level":"error","text":"Error fetching IP address:NetworkError when attempting to fetch resource.","filename":"http://smartconsulate.com/wp-includes/talibansource.html","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"http","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T00:22:52.431Z","timestamp":1782346972431,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /wp-includes/talibansource.html HTTP/1.1\r\nHost: smartconsulate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-WS-Origin: available\r\nX-WS-RateLimit-Limit: 1000\r\nX-WS-RateLimit-Remaining: 999\r\nDate: Thu, 25 Jun 2026 00:22:57 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 01 Jun 2026 05:02:05 GMT\r\nETag: W/\"2e49-6532a1887fab8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Bootstrap:5.3.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":11849,"size_decoded":4654,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1880), with CRLF line terminators","md5":"cc98468b711acb236407f649c2e1b689","sha1":"34b242fd1314dd2e573472cdacf5e94343d532e1","sha256":"7d13acb0e9dfd13f893e4632a5c507460dc66b8614ef0766fb1b8da58a403831","sha512":"d51f534788105de5ae8034f43a5a45a4d681ede3a30e737beb846dcf97646d91f62e5f6e01ff4c026d05baf12e7bf9d07301430ffe6542fbb8e69a0765b38720","ssdeep":"192:f72q6mE94jTZLox1JJx4FWUSR2zu70eminZOKizLiTiT4BdlhwTXih:fyPR0emicKi3iTiT40TXw","tlshash":"6232c7627689043d66b3c2a931b5ab44ff36c107ef41015a34ad26a70ffbe414977bc8","first_seen":"2026-06-01T16:54:01.778322Z","last_seen":"2026-06-25T01:19:12.002623Z","times_seen":3,"resource_available":true,"data":null}},"time_used":5477,"timings":{"blocked":-1,"dns":3,"connect":32,"send":0,"wait":5442,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-25","alert":"Detects file containing Telegram Bot API","trigger":"smartconsulate.com/wp-includes/talibansource.html","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"smartconsulate.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:58.038Z","timestamp":1782346978038,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 25 Jun 2026 00:22:58 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 12865\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.10.5\r\nx-jsd-version-type: version\r\netag: W/\"16e26-p4ONiiDb2g7p5MHLfx+DLOmvHBE\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230072-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1903763\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZErOZZfXpQNNp4I2lJySLJnMvLGuJ8JXyouy0P8dX9n2vobW1hzE5rVW%2FjDv94Fv5rPL3gEZ97drZoSs5Oe9qbyGWOeTPc%2FQ8X03TNhgs7nqQaVp%2BjqqeUACNgR3j2C7Byg%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a10fd224dc0456be-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":93734,"size_decoded":13968,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"8f4b242830ec54686815617e7b5a5b1b","sha1":"a7838d8a20dbda0ee9e4c1cb7f1f832ce9af1c11","sha256":"d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e","sha512":"d326210b288c07ee973a2b38aaf580e3690f90a6f9e3eb8c68e85bb2d6ba9be690edc64e9b98731113eb4649249e5a44768c550b062e8bec8cd2345ace90c5b8","ssdeep":"768:Rqnm8OAL1Mzocm4KyH2CJwZwmij34k4RDlWIbWPVUMW:gOocm4FJwZ5ijINRDlIib","tlshash":"5493fdba914f05f9d341e4d92743674693aaba3ce1813c7ad342399ee3c16188ad73dc","first_seen":"2023-05-09T04:19:23Z","last_seen":"2026-06-26T14:05:55.833752Z","times_seen":8063,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":6,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"smartconsulate.com/favicon.ico","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"217.160.0.160","port":80,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:59.416Z","timestamp":1782346979416,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: smartconsulate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/wp-includes/talibansource.html\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-WS-Origin: available\r\nX-WS-RateLimit-Limit: 1000\r\nX-WS-RateLimit-Remaining: 999\r\nDate: Thu, 25 Jun 2026 00:23:04 GMT\r\nServer: Apache\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":99413,"size_decoded":6581,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (414)","md5":"588dfc8a55d43960789c326c16ea4ea9","sha1":"d4548d90f759fc43d2004c7c10abd3a91bcbca38","sha256":"b4c23f609416a9022b3ca3ff10d0496380747bc976d61b19860a5a3b76893beb","sha512":"84ebf3d0a5284e56bc87e88fe16a2da97bec5bb15b1be35e6b3b4f7900cdd65f5683d0fe69723aa2de50432b17eca6172614d352629f6fa244ecee67034754c4","ssdeep":"3072:O1xDzffVPc2cRcUcKc0cHcJcCcychnchYcDcKclcHcXc2c9cAcKcbczcucZcDcvD:O1xDzffVP1EFrvO8v/wLkpw6AJytbuAI","tlshash":"27a311221dc011e411474ee4aaff2d15aff80a2783421496be9d57728fe28db516bbcf","first_seen":"2026-06-25T00:23:15.573094Z","last_seen":"2026-06-25T01:19:12.011636Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6093,"timings":{"blocked":5015,"dns":0,"connect":0,"send":0,"wait":1078,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"smartconsulate.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t0.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=zoho.com\u0026size=16","fqdn":"t0.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:59.517Z","timestamp":1782346979517,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:09 GMT","end":"Mon, 31 Aug 2026 08:38:08 GMT"},"fingerprint":{"sha1":"AD:F1:0B:84:58:92:40:26:B7:10:85:A1:EA:3E:80:1E:FD:E6:A8:F3","sha256":"8F:94:50:CA:96:9B:D0:F9:09:5A:E2:3D:DC:C3:5D:F5:E0:80:CB:17:17:30:2C:CF:86:BD:FB:8B:1B:0B:6D:DE"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://zoho.com\u0026size=16 HTTP/1.1\r\nHost: t0.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://smartconsulate.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccept-ranges: bytes\r\ncontent-location: https://www.zohowebstatic.com/sites/zweb/images/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 806\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 02:02:43 GMT\r\nexpires: Thu, 25 Jun 2026 02:02:43 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Tue, 30 Jan 2024 13:11:29 GMT\r\ncontent-type: image/png\r\nage: 598821\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":806,"size_decoded":1665,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"a27acb7ca0f152c8735d591f6b6818cb","sha1":"ca661e02e59c0473d4327708eac3b1a933424992","sha256":"6a4fa3f52662e1b853613cbdb0543fffdcc3ea2eb87da41e42d2a3c1d9a797ef","sha512":"3e2ce896e297020e5fdbfd3b38949269a4edd8e55f8402bb6abd182c4b55034ac7b5734034a83705d2a37300e66cb2355198a969e1476c53aff1c0ec059a277c","ssdeep":"","tlshash":"910186f7a3181cf4c598593b654142e1dc2ac2051888861886add237cd12e0ea4f34e4","first_seen":"2025-01-28T04:53:43.292172Z","last_seen":"2026-06-25T23:55:50.598461Z","times_seen":1173,"resource_available":false,"data":null}},"time_used":4976,"timings":{"blocked":4913,"dns":1,"connect":15,"send":0,"wait":16,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:23:04.488Z","timestamp":1782346984488,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:23:04 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 23984\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.0\r\nx-jsd-version-type: version\r\netag: W/\"13a25-1yL6mYLaiqSN+IJRuxiX8Twds7k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230081-FRA, cache-ber1080025-BER\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 1723022\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bt9bIBrCsPSDSk9fj%2FgXSXBYsku1GzOVrByaf%2Bdi6B2OQs9i10cIAwNR13Q0JD7JgBoguBdvl%2FB2yhOvxWu0CamQHu5DoWvARMcAajWH2wOw7akPL%2BmCdhDRGwmK87QUYPs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a10fd24d0dc00b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":80421,"size_decoded":25156,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-06-26T18:40:26.242767Z","times_seen":16877,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"smartconsulate.com/wp-includes/talibansource.html","fqdn":"smartconsulate.com","domain":"smartconsulate.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T00:22:46.968Z","timestamp":1782346966968,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /wp-includes/talibansource.html HTTP/1.1\r\nHost: smartconsulate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-26T18:34:35.465578Z","times_seen":16739792,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-25","alert":"Phishing Block","trigger":"smartconsulate.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"smartconsulate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:58.033Z","timestamp":1782346978033,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Thu, 25 Jun 2026 00:23:04 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 33205\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.0\r\nx-jsd-version-type: version\r\netag: W/\"38dd2-sjFlHg/Wi72HWBifvTZCxGLTT6Y\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220046-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=2,i=?0\r\nage: 3706484\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZCoQMOH%2F1dXOyaAm3Tf0NvOpI90kJrLQd8aKfdsGBsQQzf7IPwuolq%2BmIm%2BTZ1ZDyZPSlifEpZ%2Fuc%2FJ4cjNf0KK0cFSsZVNr2RNn23fVF2ap5O7r8I7%2FMFU0QobjOXx%2BDXY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a10fd24cbd820b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":232914,"size_decoded":34340,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"fe7fdfec700d100dc745dc64d3600cb2","sha1":"b231651e0fd68bbd8758189fbd3642c462d34fa6","sha256":"7f1d37f0d90b6385354c2ac10e2bb91563c46bd7a266ed351222ebcac8496c2a","sha512":"b7819649564ed5e0bc04cdf7f5777b529870e6cd7b6bcead219223f2a4718672ae6fa5a8ca19ebc5e08831e02a04f81d646942706d8fad98cc73e5abefcfb95e","ssdeep":"1536:VYutjsbf98fOdBfvO5wlP7Qy9A374298wsY/ElV6V6pz600I41r:ntj898fo298uI6V6pz600I41r","tlshash":"383481d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-06-26T17:04:22.820012Z","times_seen":24116,"resource_available":false,"data":null}},"time_used":6408,"timings":{"blocked":-1,"dns":2,"connect":2,"send":0,"wait":8,"receive":3,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:wght@400;500;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:58.042Z","timestamp":1782346978042,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:10 GMT","end":"Mon, 31 Aug 2026 08:38:09 GMT"},"fingerprint":{"sha1":"8A:2F:DC:6F:C0:09:07:D3:E5:9C:B7:EE:C2:C4:63:DC:59:36:B5:1B","sha256":"64:7C:E4:55:AB:5C:58:7E:89:F1:19:3B:95:DB:7B:4B:E6:75:42:2C:0C:51:2E:66:85:F5:BB:51:58:08:39:19"}}},"request":{"raw":"GET /css2?family=Poppins:wght@400;500;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 25 Jun 2026 00:22:58 GMT\r\ndate: Thu, 25 Jun 2026 00:22:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3591,"size_decoded":1203,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"ee4653ac811790d672a3082a7eb6c915","sha1":"1741b80e814f47375c3ccfd2be651012f6124072","sha256":"032c63714d918d354fd85cafb6d2fb6f345624496e801de1771a5e7eef28afbc","sha512":"a30d1d413f4ca08ae73c5f76c4d42446ddde3f12816b25653c547c7971e2f945567d9b8e018887ed0a70fbbb4a77e20363baaa243b68fb8d4c5c245db00d3c16","ssdeep":"","tlshash":"af719bd1087be114ab831cc123cf7d36ee1e9255b810e5786bfd0c98adabc654362b2d","first_seen":"2025-09-17T00:33:35.353854Z","last_seen":"2026-06-26T16:03:37.404305Z","times_seen":6115,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":2,"connect":15,"send":0,"wait":32,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:22:58.044Z","timestamp":1782346978044,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://smartconsulate.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 25 Jun 2026 00:22:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 23984\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.0\r\nx-jsd-version-type: version\r\netag: W/\"13a25-1yL6mYLaiqSN+IJRuxiX8Twds7k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230081-FRA, cache-ber1080025-BER\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1723016\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NFLnuwOAVkvBimtvjCMhxOne50Fhs2PovTUsG9Zo7YyDJIZwq%2BsN%2Brp7rQyVn6P0Pczrxu9rJv1yFEVIsf3ewzkqnhMfldb%2FhNjvabtP3SnKyCUWCkVdaQAcjuwqT1N3PCM%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a10fd224dc0556be-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":80421,"size_decoded":25127,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-06-26T18:40:26.242767Z","times_seen":16877,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":6,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://smartconsulate.com/wp-includes/talibansource.html","date":"2026-06-25T00:23:04.475Z","timestamp":1782346984475,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:09 GMT","end":"Mon, 31 Aug 2026 08:38:08 GMT"},"fingerprint":{"sha1":"AD:F1:0B:84:58:92:40:26:B7:10:85:A1:EA:3E:80:1E:FD:E6:A8:F3","sha256":"8F:94:50:CA:96:9B:D0:F9:09:5A:E2:3D:DC:C3:5D:F5:E0:80:CB:17:17:30:2C:CF:86:BD:FB:8B:1B:0B:6D:DE"}}},"request":{"raw":"GET /s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: http://smartconsulate.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 02:57:02 GMT\r\nexpires: Fri, 18 Jun 2027 02:57:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 595562\r\nlast-modified: Mon, 15 Sep 2025 16:34:42 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":7884,"size_decoded":8696,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-06-26T18:33:35.330382Z","times_seen":364199,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":2,"connect":30,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}