{"report_id":"c2b9a261-4bbb-4e52-9bbf-a1b27da23c51","version":6,"status":"done","tags":["bankid","authentication"],"date":"2026-03-18T10:44:09Z","url":{"schema":"http","addr":"mail.info-signere-digitilsynet.com","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":0,"asn":0,"as":"","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"title":"BankID","dom":{"size":40206,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1741)","md5":"71019a5b2c9d40e7f6bbebf079badc21","sha1":"8857c389f3e86532d892354a8cca50a4ff820940","sha256":"585074093c3ca4f5f272e5ddf2fe92ea89542f4be80d309d701b7f23c03923d3","sha512":"7a6c2703a2998d28612b1f73293844757c9ac6679e8a81afbc96bd0a4592724bd5c5ef454f57c97814f979792d43956870d7fec08e64eabc13a60bdbb0a4472f","ssdeep":"384:RaM0nwpJS3WEzonaojswc+1I97NL2RgzwpZS3GEsKwpJS3WEu5w:8wpICEdpzwpIwp/5w","tlshash":"d903a6e6b2f891c16453c7a69d7b64362e2730b79a44c64432bc1fe0ef49cec8d47998","dom_hash":"domhash19af06fd50ec2ab6f44c11ca34a604f5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mail.info-signere-digitilsynet.com","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":0,"asn":0,"as":"","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T10:44:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":2,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T10:43:47Z","timestamp":1773830627,"ip_dst":{"addr":"Client IP","port":52492,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-03-18T10:43:47.593197+0000\",\"flow_id\":1495548446375807,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"193.24.123.124\",\"src_port\":443,\"dest_ip\":\"172.18.0.3\",\"dest_port\":52492,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-03-18T10:43:47.524159+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"summary":[{"fqdn":"mail.info-signere-digitilsynet.com","ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"domain_registered":"2026-03-08","domain_rank":0,"first_seen":"2026-03-09T07:06:02.852111Z","last_seen":"2026-03-16T07:06:08.956342Z","alert_count":78,"request_count":13,"received_data":740787,"sent_data":7950,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cleave.js","description":"JavaScript library for formatting input text content when you are typing.","website":"https://nosir.github.io/cleave.js/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery.validate2.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"863868cafb5a4e14057bb31c8ca0ad1a","sha1":"458f111a9d54e33a38521d8bf1eee94803926c50","sha256":"9888bf5fe2d7fd016045a14ae3269ba1782a9756eaf38e11721212f2506d5730","sha512":"8b4957159fb8295aa4c2cf626f06ebdc91963e3b491a8510c26978d56a97a6e95ff03c747a25c44192266553789b76568e63e3cf8d96405e6f90e9ab7b9d7504","ssdeep":"768:QOwVbmh4BvF1vI/V8c6UO17/p9bVgXM0em4HVDkgs230XXXxI9YbM23GGK1t6QSy:Ubmh4BvFxI/V8c6N17/p9bVgXMr31m2x","tlshash":"c1035388378f005f4e8933baa87e518deafdc0759101a07db8de14a465f8da853e5fb4","size":41271,"data":"","first_seen":"2025-02-16T23:44:47.74872Z","last_seen":"2026-04-02T06:23:41.151348Z","times_seen":3636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/cleave.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"57e2edc1bdc89c92a9f36f722eb42324","sha1":"4613d910f8dbacbb97ca60259840c4b77ebaac12","sha256":"8c19df008761d9cc188b1afd83fe87b2be79965d0141f04e76626ca4896fcdd2","sha512":"6e6f82197db746bf465826288e1945cd1df535b9c86a399824890c0798964724d99056239376bd72ec297fd0cdc24d24f208b37a7bc8e4b8aa569c1864fb1e94","ssdeep":"384:yYp7yiq/ApivD5RIjdMVV6qsPHzdhPQzOmSKt4ZIfUugRdEWS+1igMr:yqOIHHZBYjbNqEWegMr","tlshash":"e592b65976aab57503fb306f544b5004a63b6c68688a4181f621e083ec3efc7a1a7f67","size":21134,"data":"","first_seen":"2025-02-16T23:44:47.676345Z","last_seen":"2026-04-02T06:23:41.151958Z","times_seen":3612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"33595d14e912e483af4d7e2bc2ce2773","sha1":"005a8661917b97255909862c8ed3f59f14d15e26","sha256":"73b9198a74d5e58ac45ca6f68e1aae2232d345c5747f13a064f46ec6c62bc685","sha512":"7ebf0a50782438a2e12c5828cee013bd56449c3e660c24d5c1af3eb687db374efd277566f0aebe19542d5575c13d641862cd01ceb44f1e94eab31c4dff219cad","ssdeep":"","tlshash":"759000288a3380202000800a8a8880002a00003b00808028300c00c02f8280a22e02c3","size":42,"data":"","first_seen":"2025-02-16T23:44:47.751217Z","last_seen":"2026-04-02T06:23:41.160551Z","times_seen":3614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"a05ec3da1c3c5c1c36ea45a48f46113f","sha1":"5af9394ef12f91a8cf46bc052ed15a851759f832","sha256":"e7bc5bf79f8535cb3db862574f1ab060a04d6f9cac62fefcbe46bce2ab9ea984","sha512":"45c37be63a7b109adff72414cd686557a2940e4191f965b376f57ac9f03c6ee424059c61ad1f35c80ad7a556d7a48d6a97aa63a315a741f083668afe25cbe371","ssdeep":"96:UBChxRjuzE0ary7yEvimwRjuzE0aryZ5y49SLiT:UqiyuiRs5yCSLiT","tlshash":"6af1625bb2f1ca9111b75777a9bf25407937087b1419de8078bc3ed8df888adca4aa04","size":7559,"data":"","first_seen":"2026-02-28T21:24:29.549577Z","last_seen":"2026-04-02T06:23:41.161075Z","times_seen":3425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ac898daf1837381b1264cdb792319ba","sha1":"532496df4622a43699ee57b612180a21aedad065","sha256":"84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff","sha512":"f76767b86456a59400e0c01aca45bb8048870d3c3f345024020bdc7395e95a7dcf429a014781d1d386eef45830a8b454c51bfc1f94ea71f03d81fdfabc0186d0","ssdeep":"6144:nCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbM5AeQz:npbxFbPuhY89RJjHe3bM57Qz","tlshash":"6044c4d9734f115f4ba233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","size":272153,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-04T14:05:49.000465Z","times_seen":4848,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery-ui.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","size":255084,"data":"","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-06-08T22:14:38.498868Z","times_seen":29567,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/script.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9badf8d7e86bbc77b73c44cb2ec6e6d","sha1":"f0ee9bba5b51a925f7286553dff2f423e11d223e","sha256":"c2bf5955f581a7b23299e80fc1c24d4dae89218358bb04f2ac63fff3048012eb","sha512":"d34ea86f71f1e33f03a64e54e30f370efb0388ae2e1d2d8c57b52990def8a1177ade516b1483e8799fd722e04cc0286c1a34f74fb60b5da94b54c4efc296e7c2","ssdeep":"","tlshash":"ff51126929132a744277ab39970fc048ee71451726059255b8cc44f13fb3f74b2e6edd","size":2675,"data":"","first_seen":"2025-08-26T07:16:25.277937Z","last_seen":"2026-04-02T06:23:41.155378Z","times_seen":3450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/realtime.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"580f35e0841bbf3541df48ccdc59e188","sha1":"036eddf802f5b3edd2dfa4260e12044239780c0b","sha256":"5b5c81dd022b063e686ee6691a6b06e12b2a9a909b4c85ec591856cd11a1d564","sha512":"2f2dc3e2d10f7125b8058360c8951918d5c489dee36b784d1c43a27b4550287eaafdea39953ddab4281738661ac5079571d028e46f6f08c9195dfa14542153ac","ssdeep":"192:HTWvhTydlTgXZTAy/TQ8vZTPmOWT5E9TTcwENTf4WKT1h9Tv0pTPmdrz/:HiJ27UpEiThrOFu/rENL4xpXru7WX","tlshash":"0a12204b6d9744758eb7a3b961f2e30ffc2562232992a3c63e9c02504f3d8991192fd8","size":9591,"data":"","first_seen":"2026-02-28T21:24:29.524657Z","last_seen":"2026-04-02T06:23:41.145302Z","times_seen":3425,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/additional-methods.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936628b76ec2b247a939d678faa0828","sha1":"71a2a5f94ceb732a307ccf86ba765d416f870bf0","sha256":"20797d15c703dc90580b4a49c83baaebe51eed191d43d927fa28b52210ba65f4","sha512":"ae7c87f016a75799b6f6138c192c1ef22697c75fd44156df336db87225f715dd57cca5ea5f06b66050b70343facf24d154761dab27d9e446c29ca440d122f6ef","ssdeep":"192:QcrK7fJSXhbKk9sjs280QenUjWDDB+PpVv5ZBqr+UiKsvyc1cXOk+OUZppUU7zrZ:QcrK7fJSoyo7rQeapRkrTOKc1c7Ts","tlshash":"6982964c6f46a181afa13ce80cebd18e55f5faf0e0490d9da5c042c27ee5fc521e2e1a","size":17804,"data":"","first_seen":"2023-05-26T21:21:44Z","last_seen":"2026-04-02T06:23:41.143158Z","times_seen":3650,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T10:43:48.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5 HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 6238\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cleave.js","description":"JavaScript library for formatting input text content when you are typing.","website":"https://nosir.github.io/cleave.js/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]}],"data":{"size":40185,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1741)","md5":"ba5cd24ccfb6476ff013b16c3bf593b2","sha1":"b45279dc292f1de02e2a18e2e19c14a4af09b731","sha256":"3d4a80a2f3e54aa000929b03de09bef4b01b52f09477df480de4fab99867dbb8","sha512":"47f3d0910afce2f2c7da44a6f68f35b7110ec7e2a074b8d1280cc147cf242ca0aee393bb7ae9ac757c4915a22a6325365a227e00e3027d0a05e87c950b40c2aa","ssdeep":"384:1aM0nwpJS3WESonaojsVO+1I9KwL2RgzwpZS3GEsKwpJS3WEu5O:4wpbLadpzwpIwp/5O","tlshash":"f003a6e6b2f891c16453c7a69d7b64362e2730b79a44c64472bc1fe0ef45cec8d83998","first_seen":"2026-03-18T10:44:10.630672Z","last_seen":"2026-03-18T10:44:10.630672Z","times_seen":1,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/assets/oidc-client.css","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/assets/oidc-client.css HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 25 Mar 2026 10:43:48 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 25 May 2025 01:04:48 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6057\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":35571,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35571), with no line terminators","md5":"4038453b05ddd8f1a9d7f7a122b70142","sha1":"fd8fed00c1302832f88e8d5352425da320c79fb9","sha256":"30e36504d49aad07726dda3f5d227a0d912c40c19b9fbef1cf93e34659d499da","sha512":"e2d46bf80188ffad4c4cf69bd9e4cafa249d5f236aeb2181a83ba21dccdc21edf1246352df3bb2e2a2e9eb965a29786fe092d3f30d76f3a72a5a637a6b0dfb97","ssdeep":"384:SExmza6TpMttGtISPBuHqbJpntGqC4EP+ZamTn9B:SExUpMySYDGq7ac","tlshash":"6df298e6e710b2246e378d399bdcad798217f02388111eedb786140b93c3ad7176578b","first_seen":"2025-06-13T17:20:58.688777Z","last_seen":"2026-05-05T13:09:28.917872Z","times_seen":3591,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/jquery.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 74427\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":272153,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"2ac898daf1837381b1264cdb792319ba","sha1":"532496df4622a43699ee57b612180a21aedad065","sha256":"84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff","sha512":"f76767b86456a59400e0c01aca45bb8048870d3c3f345024020bdc7395e95a7dcf429a014781d1d386eef45830a8b454c51bfc1f94ea71f03d81fdfabc0186d0","ssdeep":"6144:nCfa6/j7/KDT1krl+xFbP8s+JgOO/p89lPuY1BHpkYpHeGEbM5AeQz:npbxFbPuhY89RJjHe3bM57Qz","tlshash":"6044c4d9734f115f4ba233aae43b5249ff7dd1b0520551acb58d986c24a081883fafbe","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-04T14:05:49.000465Z","times_seen":4848,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery.validate2.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/jquery.validate2.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:18 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 10239\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":41272,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (511), with CRLF line terminators","md5":"863868cafb5a4e14057bb31c8ca0ad1a","sha1":"458f111a9d54e33a38521d8bf1eee94803926c50","sha256":"9888bf5fe2d7fd016045a14ae3269ba1782a9756eaf38e11721212f2506d5730","sha512":"8b4957159fb8295aa4c2cf626f06ebdc91963e3b491a8510c26978d56a97a6e95ff03c747a25c44192266553789b76568e63e3cf8d96405e6f90e9ab7b9d7504","ssdeep":"768:QOwVbmh4BvF1vI/V8c6UO17/p9bVgXM0em4HVDkgs230XXXxI9YbM23GGK1t6QSy:Ubmh4BvFxI/V8c6N17/p9bVgXMr31m2x","tlshash":"c1035388378f005f4e8933baa87e518deafdc0759101a07db8de14a465f8da853e5fb4","first_seen":"2025-02-16T23:44:47.74872Z","last_seen":"2026-04-02T06:23:41.151348Z","times_seen":3636,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/additional-methods.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/additional-methods.min.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sun, 20 Aug 2023 07:16:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 5154\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17819,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17646), with CRLF line terminators","md5":"b936628b76ec2b247a939d678faa0828","sha1":"71a2a5f94ceb732a307ccf86ba765d416f870bf0","sha256":"20797d15c703dc90580b4a49c83baaebe51eed191d43d927fa28b52210ba65f4","sha512":"ae7c87f016a75799b6f6138c192c1ef22697c75fd44156df336db87225f715dd57cca5ea5f06b66050b70343facf24d154761dab27d9e446c29ca440d122f6ef","ssdeep":"192:QcrK7fJSXhbKk9sjs280QenUjWDDB+PpVv5ZBqr+UiKsvyc1cXOk+OUZppUU7zrZ:QcrK7fJSoyo7rQeapRkrTOKc1c7Ts","tlshash":"6982964c6f46a181afa13ce80cebd18e55f5faf0e0490d9da5c042c27ee5fc521e2e1a","first_seen":"2023-05-26T21:21:44Z","last_seen":"2026-04-02T06:23:41.143158Z","times_seen":3650,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/action.php?type=activity","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/action.php?type=activity HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 54\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":54,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"43629a120200bad018e683c4f092348b","sha1":"bfebed01e2734d7993562233254c1b25e0ceee53","sha256":"a4be1577ef17312382a07b0e4d5e69820254f9af346c0103e77ed1d810f1ef93","sha512":"289ff87bf4d8cc7dcd44ba4476ea7154317542cec895a01ec6fdd44e7432e8b263780dc44cfb6dd75a91fae5b888590c3681f712bb070c5c82eccdd5c63926e6","ssdeep":"","tlshash":"9c90020459d96a5448904a1190047dd8675d3e5344574ba0156c0e1c06940f15525076","first_seen":"2026-03-18T10:44:10.638944Z","last_seen":"2026-03-18T10:44:10.638944Z","times_seen":1,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T10:43:47.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nset-cookie: PHPSESSID=9147200e76a296652753b8e0634bbe25; path=/; secure\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nlocation: Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Wed, 18 Mar 2026 10:43:47 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":40185,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T23:17:23.623528Z","times_seen":16252840,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":150,"dns":5,"connect":69,"send":0,"wait":337,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/jquery-ui.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/jquery-ui.min.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 11 Dec 2023 07:55:14 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 64566\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":255084,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64399)","md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-06-08T22:14:38.498868Z","times_seen":29567,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/cleave.min.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/cleave.min.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Wed, 07 Feb 2024 15:22:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6071\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21134,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (20970)","md5":"57e2edc1bdc89c92a9f36f722eb42324","sha1":"4613d910f8dbacbb97ca60259840c4b77ebaac12","sha256":"8c19df008761d9cc188b1afd83fe87b2be79965d0141f04e76626ca4896fcdd2","sha512":"6e6f82197db746bf465826288e1945cd1df535b9c86a399824890c0798964724d99056239376bd72ec297fd0cdc24d24f208b37a7bc8e4b8aa569c1864fb1e94","ssdeep":"384:yYp7yiq/ApivD5RIjdMVV6qsPHzdhPQzOmSKt4ZIfUugRdEWS+1igMr:yqOIHHZBYjbNqEWegMr","tlshash":"e592b65976aab57503fb306f544b5004a63b6c68688a4181f621e083ec3efc7a1a7f67","first_seen":"2025-02-16T23:44:47.676345Z","last_seen":"2026-04-02T06:23:41.151958Z","times_seen":3612,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/script.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/script.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 26 May 2025 14:00:58 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 908\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2675,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with CRLF line terminators","md5":"f9badf8d7e86bbc77b73c44cb2ec6e6d","sha1":"f0ee9bba5b51a925f7286553dff2f423e11d223e","sha256":"c2bf5955f581a7b23299e80fc1c24d4dae89218358bb04f2ac63fff3048012eb","sha512":"d34ea86f71f1e33f03a64e54e30f370efb0388ae2e1d2d8c57b52990def8a1177ade516b1483e8799fd722e04cc0286c1a34f74fb60b5da94b54c4efc296e7c2","ssdeep":"","tlshash":"ff51126929132a744277ab39970fc048ee71451726059255b8cc44f13fb3f74b2e6edd","first_seen":"2025-08-26T07:16:25.277937Z","last_seen":"2026-04-02T06:23:41.155378Z","times_seen":3450,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/js/realtime.js","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/js/realtime.js HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 26 May 2025 22:17:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 778\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9591,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"580f35e0841bbf3541df48ccdc59e188","sha1":"036eddf802f5b3edd2dfa4260e12044239780c0b","sha256":"5b5c81dd022b063e686ee6691a6b06e12b2a9a909b4c85ec591856cd11a1d564","sha512":"2f2dc3e2d10f7125b8058360c8951918d5c489dee36b784d1c43a27b4550287eaafdea39953ddab4281738661ac5079571d028e46f6f08c9195dfa14542153ac","ssdeep":"192:HTWvhTydlTgXZTAy/TQ8vZTPmOWT5E9TTcwENTf4WKT1h9Tv0pTPmdrz/:HiJ27UpEiThrOFu/rENL4xpXru7WX","tlshash":"0a12204b6d9744758eb7a3b961f2e30ffc2562232992a3c63e9c02504f3d8991192fd8","first_seen":"2026-02-28T21:24:29.524657Z","last_seen":"2026-04-02T06:23:41.145302Z","times_seen":3425,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/favicon.ico","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:48.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Wed, 18 Mar 2026 10:43:48 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-08T23:09:01.73056Z","times_seen":132712,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.info-signere-digitilsynet.com/Client/files/action.php?type=activity","fqdn":"mail.info-signere-digitilsynet.com","domain":"info-signere-digitilsynet.com","tld":"com"},"ip":{"addr":"193.24.123.124","port":443,"asn":0,"as":"","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5","date":"2026-03-18T10:43:58.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpcalendars.info-signere-digitilsynet.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Mar 2026 17:12:40 GMT","end":"Sat, 06 Jun 2026 17:12:39 GMT"},"fingerprint":{"sha1":"D4:DA:CD:AC:F9:3F:29:27:AE:EB:30:BB:99:12:29:B5:E9:2F:09:5C","sha256":"C5:69:28:DC:5D:9C:9E:15:33:75:B6:B9:9F:E6:D1:49:45:9B:8D:35:1A:32:C1:56:1C:8A:2E:8F:73:FB:6F:59"}}},"request":{"raw":"GET /Client/files/action.php?type=activity HTTP/1.1\r\nHost: mail.info-signere-digitilsynet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mail.info-signere-digitilsynet.com/Client/login.php?sessionID=5d284c292ff508ba098c94f633755c8aee07065a00326f6e926846235366c6f5\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=9147200e76a296652753b8e0634bbe25\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 54\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 18 Mar 2026 10:43:58 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":54,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"23225d4974ec1a56224823129f66c6c4","sha1":"dd72ba537977fa2cfe1979d11c3a4d1d1395573f","sha256":"07c434552275e94b0c5be4b1a8bc2b079a8d226ddd67a6d1428fb5d7e80b43b2","sha512":"d80dfabf0ced4765befdf58582ba713d4b8e302fa2f7501015d37240b984c8d4c1dddec2934564f0888354b119d4baef2a39620c2bcb1de164f18125c2dda4cb","ssdeep":"","tlshash":"c390020469d96a544894495190057dd8675d3d5344574be0156c0e1c06940a15415036","first_seen":"2026-03-18T10:44:10.645302Z","last_seen":"2026-03-18T10:44:10.645302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-17","alert":"Phishing Block","trigger":"mail.info-signere-digitilsynet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"mail.info-signere-digitilsynet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - BankID","verdict":"phishing","severity":"medium","comment":"Resource associated with BankID phishing","tags":["bankid","authentication"],"meta":null}]}}]}