{"report_id":"c5dd450b-a86c-4e2d-b33d-30216f520e8a","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-11T12:39:44Z","url":{"schema":"http","addr":"segurestrela.pt/xinfini","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":0,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"final":{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"title":"Xfinity Login","dom":{"size":8398,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c1c191fc13a43f926b6d6b7c0a3af0a5","sha1":"7c4341c4811dcf654a5d041110d502c1f40fe6f4","sha256":"c880e2d713178a1ca76efb68ad76fde2e185aee9cb10095a8f08f1b995f16382","sha512":"2c7ceccb2fa399787bd49e6b6bd17d88fe519d4a4199990b99b67b73f172768b6b5881bc90ab9d33b433c781f3d7e28ce533bf279d6e18cec769fdb83e96e837","ssdeep":"192:BrUIZJ8k+sK54aR+47Ry6w1eaNbSIGxEqwA+iWttYHAxAD9Ik4HIitKGWQFBV6wp:BrUI2/aHb54/cEL3U8+UFixiAidi4K","tlshash":"c902226b30a60552a21394a439a39b0a36a4d503d54bd9747eac4798dfcfe92cdf33cc","dom_hash":"domhashbef011c7bd68f760584a3ba87046e995","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"segurestrela.pt/xinfini","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":0,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-16T12:39:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-11","alert":"Detects file containing Telegram Bot API","trigger":"segurestrela.pt/xinfini/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"segurestrela.pt","ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"domain_registered":"2018-11-09","domain_rank":0,"first_seen":"2026-06-11T12:39:44.476316Z","last_seen":"2026-06-11T12:39:44.476316Z","alert_count":17,"request_count":5,"received_data":220829,"sent_data":2548,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"md5":"f28cba5c16327e9ad53b33c556d2c62b","sha1":"dd4b0eb1eb5d843580b87d7f36679588fa937536","sha256":"c2a8ffcded6e0fd2c72f754d9be5af0ea9f53400300b743dc03e110baf6e319f","sha512":"dee618c18f3d013119becaab79abfe57d9c997da3e7c074e39e1ed761f670f2195a0196b6a1806de3214cc2d55f297cf73566deb6fc8a3a43d13c21c65648f23","size":1884,"token":"8259427774:AAG5QXTVB7ZOj3vLrlD-vnmvelLX74LgSzw","is_revoked":false,"bot":{"token":"8259427774:AAG5QXTVB7ZOj3vLrlD-vnmvelLX74LgSzw","user_id":"8259427774","username":"comsieeeebot","first_name":"comsie","last_name":"","chat":{"chat_id":"7923007606","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":2}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"introduction_type":"scriptElement","is_inline":true,"md5":"f28cba5c16327e9ad53b33c556d2c62b","sha1":"dd4b0eb1eb5d843580b87d7f36679588fa937536","sha256":"c2a8ffcded6e0fd2c72f754d9be5af0ea9f53400300b743dc03e110baf6e319f","sha512":"dee618c18f3d013119becaab79abfe57d9c997da3e7c074e39e1ed761f670f2195a0196b6a1806de3214cc2d55f297cf73566deb6fc8a3a43d13c21c65648f23","ssdeep":"","tlshash":"3241dbeb30ab0834479ba1fa2697a3053439c4072c06d44a7d6c83a95f35e6795b3a8e","size":1884,"data":"","first_seen":"2026-06-11T12:39:47.804059Z","last_seen":"2026-06-11T13:46:31.176415Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-11","alert":"Detects file containing Telegram Bot API","trigger":"segurestrela.pt/xinfini/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"segurestrela.pt/xinfini","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T12:39:20.916Z","timestamp":1781181560916,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.segurestrela.pt","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 16:26:00 GMT","end":"Mon, 10 Aug 2026 16:25:59 GMT"},"fingerprint":{"sha1":"D3:CE:FF:71:6E:5C:C9:04:FA:DA:93:5E:83:F3:EC:A8:73:FB:8D:93","sha256":"DB:42:E5:CC:38:20:67:5C:B1:CA:78:2A:FB:49:47:67:F2:E2:3A:5C:3F:DF:9E:CC:FE:BC:43:B9:40:09:65:0A"}}},"request":{"raw":"GET /xinfini HTTP/1.1\r\nHost: segurestrela.pt\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\nserver: nginx\r\ndate: Thu, 11 Jun 2026 12:39:21 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 280\r\nlocation: https://segurestrela.pt/xinfini/\r\nx-scale: YXBvY2FzQGdpdGh1Yg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-17T17:31:21.532601Z","times_seen":16489423,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":257,"connect":62,"send":0,"wait":75,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T12:39:21.508Z","timestamp":1781181561508,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.segurestrela.pt","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 16:26:00 GMT","end":"Mon, 10 Aug 2026 16:25:59 GMT"},"fingerprint":{"sha1":"D3:CE:FF:71:6E:5C:C9:04:FA:DA:93:5E:83:F3:EC:A8:73:FB:8D:93","sha256":"DB:42:E5:CC:38:20:67:5C:B1:CA:78:2A:FB:49:47:67:F2:E2:3A:5C:3F:DF:9E:CC:FE:BC:43:B9:40:09:65:0A"}}},"request":{"raw":"GET /xinfini/ HTTP/1.1\r\nHost: segurestrela.pt\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 11 Jun 2026 12:39:21 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 09 Jun 2026 10:05:48 GMT\r\nx-scale: YXBvY2FzQGdpdGh1Yg==\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8631,"size_decoded":2822,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"9deed9a64fcc1bb594a6ccf1bc6b758a","sha1":"2252f25cb67669c0b90dee61d22e3c5296667bda","sha256":"4c49ecfedf48e438de133bbd1ad14941f350f4e0844d2765eab2f59178f1d948","sha512":"1de6b0569658fcd8606b14f114db206068fb51be45ac179540b94af43a0c4a5d67b4d66e881d69373fe2d2bf869384276ca037f4b51e033361d34109bdccad26","ssdeep":"192:TIwRoIVoR8eTt3dEsm1sx5T+JucpUxiCwp0UVtmLiqLi1ULimLiX6O:TIwbQncsWwcKxiCZU0isi16iIiqO","tlshash":"0502206620850502a23396b4b9a3d70afaa58113d646d5747dec078adfffe128d73bc8","first_seen":"2026-06-11T12:39:47.801247Z","last_seen":"2026-06-11T13:46:31.172076Z","times_seen":2,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-11","alert":"Detects file containing Telegram Bot API","trigger":"segurestrela.pt/xinfini/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/login-logo.png","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://segurestrela.pt/xinfini/","date":"2026-06-11T12:39:21.861Z","timestamp":1781181561861,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.segurestrela.pt","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 16:26:00 GMT","end":"Mon, 10 Aug 2026 16:25:59 GMT"},"fingerprint":{"sha1":"D3:CE:FF:71:6E:5C:C9:04:FA:DA:93:5E:83:F3:EC:A8:73:FB:8D:93","sha256":"DB:42:E5:CC:38:20:67:5C:B1:CA:78:2A:FB:49:47:67:F2:E2:3A:5C:3F:DF:9E:CC:FE:BC:43:B9:40:09:65:0A"}}},"request":{"raw":"GET /xinfini/login-logo.png HTTP/1.1\r\nHost: segurestrela.pt\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://segurestrela.pt/xinfini/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 11 Jun 2026 12:39:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 3160\r\nlast-modified: Tue, 01 Jul 2025 20:26:44 GMT\r\nx-cache: HIT\r\nx-type: static\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3160,"size_decoded":3392,"mime_type":"image/png","magic":"PNG image data, 177 x 66, 8-bit/color RGBA, non-interlaced","md5":"72f9a786dd4d2248ef7c19918579d400","sha1":"643005a3395e4cfcced2ebeaf4716ba797f6fb5e","sha256":"e11d74aaa1040bea2d76cf714c39ec9f612c6fcaf98f1b62ceecabdf64513deb","sha512":"29512e45674fcf68e2743b965b431ee718041baade7c0c8e4fd838706a60350eaf47a6809b52bb2136c74cf6c2f2a2a3ed882757dab5cdb487b4eb5615c6f0fd","ssdeep":"","tlshash":"bc516cfb2b113cec5ed830f930597388a662cfcd301e68659c066ae539c7cd816e1887","first_seen":"2025-08-17T13:36:40.441168Z","last_seen":"2026-06-14T02:27:53.324473Z","times_seen":46,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"segurestrela.pt/xinfini/image.png","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://segurestrela.pt/xinfini/","date":"2026-06-11T12:39:21.863Z","timestamp":1781181561863,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.segurestrela.pt","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 16:26:00 GMT","end":"Mon, 10 Aug 2026 16:25:59 GMT"},"fingerprint":{"sha1":"D3:CE:FF:71:6E:5C:C9:04:FA:DA:93:5E:83:F3:EC:A8:73:FB:8D:93","sha256":"DB:42:E5:CC:38:20:67:5C:B1:CA:78:2A:FB:49:47:67:F2:E2:3A:5C:3F:DF:9E:CC:FE:BC:43:B9:40:09:65:0A"}}},"request":{"raw":"GET /xinfini/image.png HTTP/1.1\r\nHost: segurestrela.pt\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://segurestrela.pt/xinfini/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 11 Jun 2026 12:39:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 207574\r\nlast-modified: Tue, 01 Jul 2025 20:26:32 GMT\r\nx-cache: HIT\r\nx-type: static\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":207574,"size_decoded":207808,"mime_type":"image/png","magic":"PNG image data, 921 x 812, 8-bit/color RGBA, non-interlaced","md5":"c1e7ee0a6c73babcd516dd427e250011","sha1":"ae4ad375c7739e75b032755f4e23d2f22214cc80","sha256":"d36a29adf5cff78f0d0d7086d8508a9e5377ecec856cc5e833a17c473954c08a","sha512":"9fb451f2c2c044f258ce9d2cc7341bccb055b12c3ce37cc577ddfb66c368d6c24437adc6cefb4a0d83216b7664505ab864b83f08a7e0904fb23c7884a8d78ec7","ssdeep":"3072:DGJKmz/3FdnT3jjUIOJqN0+ewyYbvImNNW33OwceVPto4z+D7wUI9ye1Asz82:qwM7b3esXewyKAmNNJwcSe4i3LMz82","tlshash":"8914124e547b9c06c682cfe02efb88db133581a78e81027ddad075887244879e7bda5f","first_seen":"2025-08-17T13:36:40.436062Z","last_seen":"2026-06-14T02:27:53.325925Z","times_seen":45,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":186,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"segurestrela.pt/favicon.ico","fqdn":"segurestrela.pt","domain":"segurestrela.pt","tld":"pt"},"ip":{"addr":"94.46.168.100","port":443,"asn":24768,"as":"Almouroltec Servicos De Informatica E Internet Lda","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://segurestrela.pt/xinfini/","date":"2026-06-11T12:39:22.045Z","timestamp":1781181562045,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.segurestrela.pt","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 12 May 2026 16:26:00 GMT","end":"Mon, 10 Aug 2026 16:25:59 GMT"},"fingerprint":{"sha1":"D3:CE:FF:71:6E:5C:C9:04:FA:DA:93:5E:83:F3:EC:A8:73:FB:8D:93","sha256":"DB:42:E5:CC:38:20:67:5C:B1:CA:78:2A:FB:49:47:67:F2:E2:3A:5C:3F:DF:9E:CC:FE:BC:43:B9:40:09:65:0A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: segurestrela.pt\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://segurestrela.pt/xinfini/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\nserver: nginx\r\ndate: Thu, 11 Jun 2026 12:39:22 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355,"size_decoded":444,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-17T16:36:05.64728Z","times_seen":40637,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"segurestrela.pt","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"segurestrela.pt","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}